|
|
In the world of anti-virus software I've seen a lot about virus vaults and
have a dumb question.
Why does anyone ever want to store a virus on their computer. I thought the
idea was to get it OFF the computer. (In my view, "It doesn't hurt
anything" isn't an answer.)
JimL
|
|
"JimL" <inkleput[ at ]isp.com> wrote in message
news:a1f$490dd17c$c4db80d$31272[ at ]DIALUPUSA.NET...
[Quoted Text] > In the world of anti-virus software I've seen a lot about virus vaults and
> have a dumb question.
>
> Why does anyone ever want to store a virus on their computer. I thought
> the idea was to get it OFF the computer. (In my view, "It doesn't hurt
> anything" isn't an answer.)
>
> JimL
>
I would only use a virus vault for those instances in which I would like to
send the file to somebody for further investigation.
Jim
|
|
I use "AVG Internet Security"; from the Help file,
"The main purpose of the Virus Vault is to keep any deleted file for a
certain period of time, so that you can make sure you do not need the file
any more. If you find out that the missing file is causing problems, you can
send it to analysis, try to heal it, and restore it to the original
location."
'Hope this helps.
--
Don - Vancouver, USA
"May your shadow be found in happy places." - Native North American
"JimL" <inkleput[ at ]isp.com> wrote in message
news:a1f$490dd17c$c4db80d$31272[ at ]DIALUPUSA.NET...
[Quoted Text] > In the world of anti-virus software I've seen a lot about virus vaults and
> have a dumb question.
>
> Why does anyone ever want to store a virus on their computer. I thought
> the idea was to get it OFF the computer. (In my view, "It doesn't hurt
> anything" isn't an answer.)
>
> JimL
>
|
|
"JimL" <inkleput[ at ]isp.com> wrote in message
news:a1f$490dd17c$c4db80d$31272[ at ]DIALUPUSA.NET...
[Quoted Text] > In the world of anti-virus software I've seen a lot about virus vaults
> and have a dumb question.
>
> Why does anyone ever want to store a virus on their computer. I
> thought the idea was to get it OFF the computer. (In my view, "It
> doesn't hurt anything" isn't an answer.)
Sometimes the flagged file is *not* a virus; that is, it's a false
positive. If this is a file you need, then if you delete it, you don't
have it anymore! If you are absolutely sure the file is malicious, then
you may empty the vault.
|
|
|
[Quoted Text] > "JimL" <inkleput[ at ]isp.com> wrote in message
> news:a1f$490dd17c$c4db80d$31272[ at ]DIALUPUSA.NET...
>> In the world of anti-virus software I've seen a lot about virus
>> vaults and have a dumb question.
>>
>> Why does anyone ever want to store a virus on their computer. I
>> thought the idea was to get it OFF the computer. (In my view, "It
>> doesn't hurt anything" isn't an answer.)
Actually the very first concern is to STOP the damage the virus is
doing. THEN decide what to do with/about it. It's a bit like splitting
hairs, but I explain a bit below.
>
> Sometimes the flagged file is *not* a virus; that is, it's a false
> positive. If this is a file you need, then if you delete it, you don't
> have it anymore! If you are absolutely sure the file is malicious,
> then you may empty the vault.
Good answer, Daave,
It's also possible that some malware is known to be detected as viral,
especially with legacy software. Unfortunately I can't think of an
example of it right now, but those programs always come with notes that
such and such may be detected as a virus, explain why, and advise you to
set your scanner to ignore that particular find ONLY.
Like I said though; legacy software. Anything produced today that
made such a claim would have a tough time selling their products. I
recall this possibilty becuase I used to use it; just can not for the
life of me recall the program! It's not the norm, but it does happen.
Also, sometimes after you catch a virus/malware, and look it up, it
IS sometimes something that's been welded into an application you
consider important. Sometimes, after researching what it is, the user
might decide the lesser of two evils is to let the malware run until he
can get a work-around in place, or at least long enough to get all the
necessary backups done. It's astounds me how few people actually will
not bother with a backup regimen these days.
And then of course, as you said, there is the possibility of a plain
old false positive. Antivirus with heuristic abilities turned on often
catches this sort of thing. Or just plain badly written software that
does things in a dangerous way but not maliciously, such as trying to
mess with something under DEP control (see Help & Support for more on
that).
You want that repository to be there so you can get it back once
you discover it's a false positive or for the other reasons mentioned.
IMO it's better, within reason, for AV software to err of the safe side
than to chance allowing a virus to get by because it erred in the wrong
direction. The repository becomes even more important then.
OTOH, as soon as you're sure the virus removal didn't hurt anything,
it is definitely wise to then go ahead and get rid of it for good. I
usually give it a week or so and then delete them.
And of course, it's a "safe" way to be able to send it in for
analysis in the event it turnd out to be something that's not yet
recognized in the wild as a virus.
And one last work: Never, ever make NOT having such a repository enter
your mind as a plus. It always indicates a less than worthy anti-virus
program which could have a lot of other shortcuts, too.
Just my 2 ¢; sorry 'bout the verbosity,
Twayne
--
Research will always teach you
just how little you actually know
at its conclusion.
|
|
|
[Quoted Text] >JimL" <inkleput[ at ]isp.com> wrote in message
>news:a1f$490dd17c$c4db80d$31272[ at ]DIALUPUSA.NET...
> In the world of anti-virus software I've seen a lot about virus vaults and
> have a dumb question.
>
> Why does anyone ever want to store a virus on their computer. I thought
> the idea was to get it OFF the computer. (In my view, "It doesn't hurt
> anything" isn't an answer.)
No, "It doesn't hurt anything" is not the correct answer. The issue is that
the anti-virus software is not necessarily perfect, and they sometimes give
you false positives. Removing but keeping the file suspected to be a virus
lets you put it back if you later find out that it was a false positive.
|
|
|