Well, one reason for the bloat is trying to be able to recognize & handle
the ever-increasing variety of threats. Lots of modern malware comes in
'families' where the base code is more like a payload distributor than
anything else. Then there's the payload itself which may or may not be
malicious. And some threats are designed to evade detection or even lie
dormant for long periods before waking up.

The vendors have been using heuristics for analysis but at best it can only
supplement the traditional pattern-matching that goes on. And while the
signatures work on code families there are also new threats and one-offs to
try & find. McAfee, for instance, has their Global Threat Intelligence
network which does cloud-based malware analysis & rules generation. If an
endpoint sees something that it thinks is behaving like malware but it
doesn't match the known signatures, it sends a copy of the code to McAfee's
cloud where an engine analyzes it. If found to be malicious it generates a
temporary rule & sends it back to the client who gets immediate
protection. The whole thing happens in milliseconds so users don't even
notice. The temp rule is also sent out to all clients who connect going
forward. The auto-generated temp rules are not very efficient so they are
eventually replaced by algorithms coded by the engineers. Those go into
the signature updates.

There's a lot of code that goes into the analysis. And really, it'll never
get smaller unless the vendors pull out detection for older threats. But
there's also a fair bit of code that goes into the AV management component.

Nothing is free from suspicion. Even fonts:
http://technet.microsoft.com/en-us/security/bulletin/ms12-078

BTW, some newer products, especially on the server/network side, do things
like fire up mini-VMs and actually execute email attachments so they can
observe their behavior.

On Wed, Dec 12, 2012 at 8:38 AM, Jerry C. Adams <midrange@xxxxxxxx> wrote:

Thanks to everyone. I guess it is a crap shoot, Sam. As long as I keep my
PC turned on after getting a "clean" Norton instance, it seems to be okay,
but, regardless, seems to be a bloated and slow things down. I guess
they're all getting a bit bloated these days; used to be that A-V software
just did A-V, but now they try to do everything, which is probably
necessary, I guess.

Thanks.

Jerry C. Adams
IBM i Programmer/Analyst
Being told that someone doesn't want to date you because you're such a good
friend, is like being told that you didn't get the job because you're
overqualified.
--
A&K Wholesale
Home Office: 615-832-2730
email: midrange@xxxxxxxx


-----Original Message-----
From: pctech-bounces@xxxxxxxxxxxx [mailto:pctech-bounces@xxxxxxxxxxxx] On
Behalf Of Sam_L
Sent: Tuesday, December 11, 2012 4:48 PM
To: PC Technical Discussion for iSeries Users
Subject: Re: [PCTECH] Internet Security Software

IMHO, it's kind of a crap shoot. I moved from McAfee to Trend Micro's
PCCillin (?) when McAfee got bloated and slow. After two year Trend Micro
was following McAfee so I went with Norton, because I got it free from my
ISP.

I have removed Norton and re-installed it on my home machine to solve a
problem.

I have remove McAfee and reinstalled it on my neighbor's machine to solve a
problem.

We dumped Trend Micro at work about 18 month ago because of server problem
(I'm not the networking guy so can't be more specific,

That said, I run Norton on my desktop at home and Avast on my laptop.

Now I suspect this didn't help you at all, other than to say I have
suffered
the uninstall, reintall pain.

Sam

On 12/11/2012 2:35 PM, Jerry C. Adams wrote:
When I signed up for broadband at home, I got Norton Internet Security
for "free". So, being somewhat frugal (okay, cheap), I installed it.
I occasionally, after a re-boot, get error messages that say I turned
off auto-protect. According to my searches, the "fix" recommended by
Norton
(Symantec) is to remove NIS and re-install it. Well, let's just say
that this seems like a lot of work just to fix the problem.



I used to use Trend Micro's Internet Security on another PC, and never
had issues. They sent me an email to upgrade to their Titanium 2013
for free since my subscription, I guess, had not expired. I'll have
to check with them about that.



But the reason I am writing is to find out if anyone here has had
experiences (good / bad / mediocre) with Titanium. I don't want to go
through a lot of pain again (getting my flu shot today is all that I
think I can handle for a week or so).

--
This is the PC Technical Discussion for iSeries Users (PcTech) mailing list
To post a message email: PcTech@xxxxxxxxxxxx To subscribe, unsubscribe, or
change list options,
visit: http://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/pctech.

--
This is the PC Technical Discussion for iSeries Users (PcTech) mailing list
To post a message email: PcTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/pctech.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.