« previous next »
Pages: [1]   Go Down

Author Topic: SOPHOS InterCheck Technology?  (Read 6816 times)

0 Members and 1 Guest are viewing this topic.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
SOPHOS InterCheck Technology?
« on: February 22, 2004, 04:18:15 PM »
InterCheck
technology

In Sophos Anti-Virus, the fast scanning speed of the virus engine is complemented by Sophos?s patented InterCheck technology, which
optimises on-access virus detection by filtering files as they are accessed to determine whether they need scanning for viruses.
InterCheck intercepts any request to access a file and calculates a
checksum, a unique identifier for every file. If the file has not been
modified since the last time it was filtered by InterCheck, a matching checksum will exist and the access is allowed.
If the file has been modified, or if it is new, a copy of the file is sent to the virus engine for scanning. Every time a file changes, the checksum becomes invalid; after the file has been scanned and
providing it is virus-free, a new checksum is created.
If the file is found to contain a virus, InterCheck prevents the file from being opened until it is disinfected by the virus engine. InterCheck also provides centralised messaging of any virus incident anywhere on the network.
InterCheck?s unique approach means that performance overheads are kept to a minimum no matter how the number of viruses grows over the years. This has particular advantages in a multi-user
environment where several hundred users might be accessing the same server-based files.

This is copy&paste from SOPHOS PDF:
http://www.sophos.com/sophos/docs/eng/evaluation_guide.pdf

I was wondering if this InterCheck Technology really makes a big difference? Is checksuming really that faster than checking file?
Logged
Visit my webpage Angry Sheep Blog

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:SOPHOS InterCheck Technology?
« Reply #1 on: February 22, 2004, 04:22:29 PM »
For sure, scanning with avast engine is faster than checksumming. This is because checksumming requires the whole file to be read from the disk, whereas scanning usually touches only certain parts of the file.

BTW avast uses a yet-more-powerful "intercheck" in its XP on-access module: it really doesn't scan files that have not been modified since last scan. It can do it without checksumming, though -- its kernel-mode driver is watching for all file I/O and knows exactly which files have been altered and which not...
« Last Edit: February 22, 2004, 04:23:18 PM by Vlk »
Logged
If at first you don't succeed, then skydiving's not for you.

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:SOPHOS InterCheck Technology?
« Reply #2 on: February 22, 2004, 04:28:53 PM »
Command AntiVirus uses Holo-check (tm) that does the same thing.
and avast scans a lot faster than command
Logged
"People who are really serious about software should make their own hardware." - Alan Kay

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:SOPHOS InterCheck Technology?
« Reply #3 on: February 22, 2004, 04:31:09 PM »
Tricky :) But sometimes i got the feeling like Avast! is checking very slow. And this is only now with Avast! 4 Pro. Home Edition was really fast. I guess i have something configured wrong.
Oh and why is sometimes checking files that are not opened,modified or anything (if i have Show details on performed action enabled)?

I also noticed scanning speed of Avast! which exceeds 30MB/s, this is very good result :D
Logged
Visit my webpage Angry Sheep Blog
Pages: [1]   Go Up
« previous next »