-----Original Message-----hch@xxxxxxxxxxxxx;
From: malware-list-bounces@xxxxxxxxxxxxxxxx [mailto:malware-list-
bounces@xxxxxxxxxxxxxxxx] On Behalf Of Peter Zijlstra
Sent: Friday, August 15, 2008 6:37 AM
To: Helge Hafting
Cc: linux-kernel@xxxxxxxxxxxxxxx; malware-list@xxxxxxxxxxxxxxxx;
andi@xxxxxxxxxxxxxx; viro@xxxxxxxxxxxxxxxxxx;alan@xxxxxxxxxxxxxxxxxxx; Arjan vande Ven
Subject: Re: [malware-list] TALPA - a threat model? well sorta.
On Fri, 2008-08-15 at 12:07 +0200, Helge Hafting wrote:It seems to me that this "scan on file open" business is the
wrong way to do things - because it reduces performance.
If you scan on file open, then your security sw is too late and
getting in the way.
The problem is that you have to account for the cases where the malware
made it onto the system even if you were trying to catch it ahead of
time. For example:
- Administrator turns off or reduces AV protection for some reason for
some period of time. It happens all the time.