Friday, October 10, 2008

When Once Is Not Enough?

Interesting article by GFI software in IT World about why one virus engine is insufficient in today's world.

A number of security appliances have multiple scan engines. Several years ago, Trend Micro had the "named" scan engine in a 3rd party appliance and Kaspersky's scan engine was so far under the head that it did not appear on data sheets.

An issue not really addressed in the article - would you run the engines in parallel? Does everything get tested by both? Is the testing random between the two (or more engines) with an equal or unequal weighting? Microsoft's acquisition a few years ago (I haven't looked what Microsoft does with respect to this with their product(s)) permitted you to tweak the percentages.

And of course - what is the effect of multiple scan engines on performance?

Go to http://www.itworld.com/software/55605/why-one-virus-engine-not-enough for the complete article.

No comments: