On Sat, 17 Apr 2004 16:58:58 -0400, "Rocket J. Squirrel"

I've been using Norton AntiVirus since 1997 and never once has my computer
been infected. Talk about a string of luck!

That's what you'd expect a good av to do - *prevent* malware from
going active by detecting and killing it beforehand!

As long as your av is already running at the time the malware tries to
run, the av has the upper hand and should manage the problem fine.

When the av fails to detect the malware - usually because it's a new
variant that doesn't match the known detection tests - the opportunity
to stop the malware cold has been lost. If the malware then goes
active, I would not use the same av that has already failed to detect
the malware to chase after it while it's running.

Instead, I might use the "rescue" facility of that av to tackle it
formally. Most Windows-based av have a "rescue' facility that
basically prepares boot and av diskettes for formal scanning, but
obviously two problems come to mind:

1) Your file system may be incompatible with the rescue disks

Rescue disks tends to be DOS-based, and while a DOS mode diskette from
Win95 SR2 or later can read FAT32, they can't read NTFS

2) You can't really trust av disks prepared within infected OS

Many malware will knock down your resident av, or block the ability to
update it - so you should prepare the diskettes on another, clean PC.

Because of (2), it's often more practical to download and use an
arbitrary free DOS-based av, rather than the "rescue" facility of your
installed av, if the clean PC you use doesn't use the same av.



-------------------- ----- ---- --- -- - - - -
Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.
-------------------- ----- ---- --- -- - - - -