|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
 Posted: Wed Jul 26, 2006 6:26 pm |
|
 |
 |
|
|
I see Eugene Kaspersky is becoming concerned that antivirus software may have trouble handling anything over 660 bit encryption. Well, let me tell you, I'm just an ordinary home PC user--not a defense organization or a branch of government.
Therefore, if I get a file that is very strongly encrypted or compressed more than a normal number of times, all I want my antivirus software to do is inform me of this and then suggest that I contact the sender to verify him/her, ask what the file is, and get them to explain why they went to so much trouble. If it does this, my antivirus software has done its job--it doesn't have to consider interdimensional warp possibilities or perform other heroic calculations.
All it has to do is use common sense, and, of course, I have to do the same.
Regards,
|
|
|
|
alch
Site Admin
| Joined: 27 Nov 2005 |
| Posts: 0 |
|
|
|
| Posted: Thu Jul 27, 2006 12:09 am |
|
|
|
|
|
well, my opinion is:
if the file is encrypted then it cannot be automatically executed, that is a user needs to enter a password to decrypt an archive. So if you get a password-protected attachemnt from someone who doesn't usually send encrypted files, and the password is in the same email - don't open it.
Clamwin does not decrypt archives at all.
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Thu Jul 27, 2006 12:27 am |
|
|
|
|
|
What about Clamwin and compressed files? That functionality takes a lot of horsepower also, doesn't it?
Regards,
|
|
|
|
alch
Site Admin
| Joined: 27 Nov 2005 |
| Posts: 0 |
|
|
|
| Posted: Thu Jul 27, 2006 1:25 am |
|
|
|
|
|
it does but with P4 processor you would hardly notice it. Scasnning inside archives is a must.
|
|
|
|
sherpya
| Joined: 22 Mar 2006 |
| Posts: 0 |
| Location: Italy |
|
|
| Posted: Thu Jul 27, 2006 11:03 pm |
|
|
|
|
|
no kaspersky talks about a nasty virus that encrypts users files and then requests a ransom,
if intrested look at https://www.joestewart.org/ https://www.joestewart.org/
they finally cracked the 660bit key iirc, so users can have back encrypted files
nothing to do directly with the av-engine
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Fri Jul 28, 2006 12:39 am |
|
|
|
|
|
Haven't some viruses been encrypted in a file in order to prevent identification by antivirus software? I know they have been zipped or compressed multiple times in order to hide them.
What I'm really wondering is whether or not you can easily identify a heavily encrypted or compressed file. If you can, then antivirus software might not have to go through heroic efforts to decrypt/uncompress it. All it should have to do is inform the user the file is suspect and suggest that the user verify the file with the sender before opening it. That would be something less for the antivirus programmer(s) to worry about.
Regards,
|
|
|
