Nearly Handheld Anti-virus Protection

from the yawn-but-I-guess-it?s-sort-of-important dept

Mcafee will soon start shipping its own version of a handheld virus protection program(so they say), amusingly enough it isn?t even really for handhelds it?s for the node connection points between a computer (or network) and a handheld. Call me when we get real handheld anti-virus programs, Ha!

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Nearly Handheld Anti-virus Protection”

Subscribe: RSS Leave a comment
Ed II says:


AFAIK, there are no known viruses that propagate through handhelds, so this is pretty stupid. In fact, it seems to me that virus “protection” programs, in general, are completely worthless and a scam propagated on clueless corporate IT departments. Any time there’s a major virus outbreak, McAfee/etc. always have to revise their scanners, and it will always be this way, with the scanners lagging the outbreak. Back in the days when data was exchanged via floppies, it was possible to stay ahead, but not any more.

wonko (user link) says:

Re: Stupid

Perhaps I’m a little biased, because I work for, but you’re not entirely right. One of the most recent virus outbreaks was the Life Stages virus. When Life Stages broke out, it had already been included in McAfee’s antivirus DAT files for several weeks. The only reason it ran rampant was because people had neglected to update their DATs.

Granted, virus companies (McAfee included) always jump at any chance to get mentioned in the press…it’s good publicity! So of course, whenever there’s a big outbreak, McAfee and Norton and all the others immediately send out press releases and release special emergency DAT upgrades. These ‘extra DATs’ as we call them at McAfee are released whether or not our current DATs already have the virus’s signature. This is because when people grab the extra DAT, they come to our website, and while they’re on our website in a paranoid mood they’re very likely to buy other software.

The fact is, most viruses are reported to AVERT Labs (NAI’s virus research laboratory) long before they actually make it into the wild. This gives AVERT time to create a virus signature and toss it over to the McAfee guys who silently throw all the new signatures into the weekly DAT releases. If you’re running VirusScan with the latest DATs, chances are you’re nearly invincible. Even better, if you’re running ActiveShield from, you’ll always be using the latest DATs because it automatically upgrades itself.

Here’s another secret for you, though: All antivirus programs suck. Some just suck less than others. McAfee’s VirusScan engine sucks less than the competition. That’s the only reason anyone should use it. The last actual good virus scanner on the market was F-Prot, and I don’t know what’s happened to them.

wonko (user link) says:

Why a 'real' handheld antivirus program will never

McAfee’s PDA virus protection works on the principle that in order for a virus to infect your PDA, it must first go through a desktop machine. This is true. So McAfee’s PDA virus protection software sits on your desktop machine and scans the connection between your desktop and your PDA. This is currently the most effective and reliable way to provide PDA virus protection.

So…why can’t we have a virus protection program that actually runs on the PDA? Because virus protection programs require huge DAT files full of known virus signatures in order to be effective. These DAT files are way too huge to fit in the meager 4 or 8 megs of RAM on your PDA. Thus, a PDA-based virus scanner would be completely ineffective. Without DAT files, virus scanners are worthless.

Ryan says:

Re: Really?

Hi Other Ryan (AKA Wonko)

I tend to agree that most virus progams tend to suck and are pretty big but I was wondering if you guys are doing any research into modeling anti-virus programs on the human immune system?

I read about a while ago but seems to have disappeared since then, I have a feeling that these programs would be less huge than current antivirus programs (maybe even small enough for PDA’s) and of course much more flexible (just in case people start making viruses for handhelds).

wonko (user link) says:


If we were working on that, I couldn’t tell you….but as far as I know we’re not working on anything like that. 🙂

Then again, I work for, which is a separate company from NAI. NAI owns the McAfee brand, although NAI does not own (despite the fact that, for some odd reason, my paychecks come from NAI). It’s all terribly confusing. Anyway, if you go to you’ll see the stuff I work on…it’s basically web-based versions of all the NAI apps. We take their code, modify it to work as an online app, and sell it to customers on a yearly subscription basis. So all I do really is web work…the actual R&D and VirusScan engine hacking goes on in NAI’s offices in Santa Clara.

The only problem I can see with a virus program that works like the human immune system is that when the immune system encounters a new virus, you’ve already been infected by the time antibodies are produced. So let’s say you’re running McAfee ImmunoProt 5.0, and someone emails you a VBScript virus. Since McAfee ImmunoProt doesn’t use DAT files, it can’t just scan everything looking for malicious code…it has to sit there and wait for malicious code to actually do something malicious. Then, once bad stuff starts happening, ImmunoProt says “Aha! I bet this is a virus!” and halts the code execution. But then you’re stuck. Once again, since there are no DAT files with virus signatures or information, ImmunoProt doesn’t know how to clean the virus from the infected files. Your only option is to delete anything that’s been infected. No fun.

I’ll have to think about this some more. There are various ways to write a virus scanner without using DAT files (anyone remember Microsoft’s old DOS-based scanner?), but none of them are as good (yet) as DAT-based scanning. It sure would be nice not to have to keep downloading a huge update every week!

Mike (profile) says:

Re: Re: hmm...

*cough* If someone funds an idea that comes out of here, think of giving me some equity for “facilitating” the discussion. 🙂 Maybe that could be a business model for Techdirt since everyone keeps insisting I need one (for the record: Techdirt is not trying to make money. It’s just for fun. Why doesn’t anyone understand that?).

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...