Computer Techs are often running anything up to four or five scans on any one system in order to be sure that a system is clean of malware.
Checks may involve one or two virus scans (using different products), also perhaps two or three spyware scans (also using different products) and perhaps one or two other scans, ie, startup scans similar to hijack this etc. Very time consuming as you can imagine.
We are beginning to see the emergance of new indexing systems, namely google and msn deskbars, which will index a system, both in full to begin with and then incremetally afterwards to allow us to quickly and easily find what we are looking for.
I would like to put forth an idea for a Windows Security Indexing system, perhaps part of or tied into the deskbar system that is already part of the MSN toolbar suite or maybe part of Winfs. I'll call this WSI for short.
So the WSI would scan a system as any antivirus/spyware and/or indexing scan would, and index the data accordingly. Now from then on we would require Antivirus & Spyware vendors to integrate this WSI support into their products (although this is not necessary),
allowing us to be able to optionally tap into this index file to allow us to 'quick scan' a system for any malicious files.
You could imagine how quick and easy it would be to perform system scans with numerous products thereafter. They would literally take seconds, and being secure and up to date is as easy as logging onto microsoft.com/security and running a system scan using
the free online scanner (obviously not available at this time) or using the windows update to download a Malicious Software update (to be tied into the WSI - not the same as the current removal tool). Or running your current AV or AntiSpyware products would
no longer take 30 minutes or more.
So as you can see, being able to search for any kind of data very quickly is the current aim of these new search tools, but search isnt the only big thing we're seeing these days, security is right up there too. So with the WSI we should be able to extend this
search facility and take it into new realms of security. Perhaps we wouldnt need 'real time' virus scanners that bog down or cause conflicts on PC's. We're just giving people back the ability to browse the net quickly and safely.
I see... so, for example, you'd keep an index of the MD5 hash of every file on the system... then when a new virus comes out, you could check the index for the MD5 hash of the known viruses, thus saving a full system scan... or if the virus had variable
checksum, you would only need to scan any files that had been introduced or changed since the virus was written...
A good idea. I think the best place for this is the filesystem, rather than the OS.
The feature already exists, it's called
NTFS Change Journal, and it's been available since Windows 2000. The Indexing Service uses the change journal, once it's built a complete index, so it only needs to reindex what's changed.
Anti-virus suppliers have generally failed to make use of this feature.
Start -> Run... ->
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.