dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
13
claudiubotez
join:2009-06-28

claudiubotez to EGeezer

Member

to EGeezer

Re: How an antivirus performs repair---> need expert opinion

"2) Because using file and object journaling to record and back out alterations, creations and deletions of system objects, records, files and programs is a cumbersome complex solution, fraught with failure possibilities like file and program corruption"

The whole WSA program is around 650Kb . If the process is such " a cumbersome complex solution" do you really believe that in 650kb you can fit an AV, Web shield, Firewall, Sandbox, Behavior Blocker, Heuristic module and a cumbersome complex solutionnd such as Journaling????

Mamutu from Emsisoftware, which is ONLY a behavior based malware blocker has 4.18MB only the installer.

I may not be an expert in PC security but I am not stupid either.

Thanks,
Claudiu
KitFox
join:2002-10-09
Denver, CO

KitFox

Member

Absolutely.

Most code these days is bloated. Windows PEs alone are required to have a substantial amount of padding that provides no use.

Take, for example, the code needed to perform an SHA1 hash on a file. I've seen a 200+k exe. The GNU binary ported to Windows is about 30k. There is a 14k exe for it floating around, but it doesn't handle over 2gb files. By comparison, I have PE that does it in 3.6k and UPX compresses down to 2.4k. Plus it makes heavy use of the CPU cache and the stack for security, which also means it chokes primarily on disk operations as the bottleneck. If something that somebody else thinks is small at 14k can be squished down to 2.4k, then yes, a lot can be put into 700k.

For a severe "WT...!?" moment, look up the demo "The Product" by farbrausch. I think www.theproduct.de. Because of the packing technology, a good number of AV programs will flag on it, but if it's the legitimate program, it's safe. Run it, don't hit Esc when they tell you that you may, and you will see a 20+ minute, 3D-rendered AV demo with scenes (not abstract) packed into under 64k.

EGeezer
Premium Member
join:2002-08-04
Midwest

EGeezer to claudiubotez

Premium Member

to claudiubotez
said by claudiubotez:

I may not be an expert in PC security but I am not stupid either.

Thanks,
Claudiu

If you already have your opinion set, no further time needs to be wasted on you and your requests.

My abject apologies for insulting your obviously superior knowledge of journaling and file recovery. I will not deign to insult you with unwanted information again.