On Wed, 09 Jul 2008 10:52:47 -0500, Sunny wrote:
On Wed, Jul 9, 2008 at 10:17 AM, Jim Henderson
wrote: Which is great until that backup fails. I don't know how much data you've got, but if I ran two backups of all the computers in my house, I'd probably need a couple of TB drives. I archive my DVDs and CDs and that takes a *lot* of space.
I do not consider ripped DVDs and CD "critical". Unless you are not doing anything unlawful, you still have the original - better than any backup :)
Yes, I agree. My point is that if I were to use a backup procedure, I'd need lots of space.
And, for that matter, such a data is not accessed regulary, and will not suffer if they are placed on a RAID5 volume.
Ah, yes, so now we're up to buying a RAID-5 solution rather than implementing an on-demand virus scanner. I suppose I could also build a multi-million dollar cluster so we don't need on-demand scanning as well. Buy a couple of T1s *for my home* and do an off-site redundant cluster? Where does the silliness end here?
It's good you can afford the time and the hardware to do this. Many home users can't. Do you really think people who are buying OLPC PCs are going to have the resources available to buy another hard drive or two for backup purposes?
Do you really think that OLPC will be able to perform "any" useful work, if it has on-access file scan enabled?
I think it could, if the on-access scanning is implemented properly. I've used on-access scanning on Windows and while it does impact performance, it certainly didn't make the system unusuable. It certainly was more usable than while doing a full system scan for viruses.
It's hard to say, but it seems to me it makes sense to prepare for that possibility - far less sense to have people go "oh crap, it *is* susceptible after all" once the desktop becomes popular enough to be a target.
As mentioned before - the only way an executable may appear on a user's computer, and run therefor, is if the user put it there, and change the execution permission. So, in order to file to appear on the computer - it have to be downloaded (the browser may invoke AV after download), received by email (on demand scan when message arrives), or copied over from another medium - in such a case manual scan will be enough.
That resolves any issue with executable viruses. OK, so how about macro viruses? Users are NOT going to manually scan individual files every time they use them. Do you?
Only the last case may kind of "require" on-access scan, as people are lazy.
Welcome to the world of non-technical users.
And still there is possibility to use another means, like monitoring a directory for changes, and scan on write, not on read.
*Bingo*. There are other means, and there's no reason you couldn't monitor for changes and scan on read (or make it an option to do so).
And if somebody is stupid enough to run an executable out of removable media (usb stick) w/o checking it - you know, one can never "outsmart" the creative stupidity. You can not even prevent any user to delete his own files by "mistake".
Sure, but that doesn't mean that you make it as easy as possible for them to make a mistake that compromises the system.
Anyway, I think that this thread should end already. Obviously the discussion should not happen here, but on a kernel developer's list, as this is the kernel devs that decided to not implement on-access scan in the kernel in the first place.
I could've sworn there was a hook of some sort for file change monitoring. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org