Talk:Squatting attack

''The solution has two pieces: a service, which monitors and scans every file when it is opened, and a manual scanner, which scans the file system when a user requests. Under normal conditions the service should scan the system permanently. However, if a user requests a manual scan, the service must stop temporarily to let the manual scanner work, otherwise every file would be scanned twice: by the manual scanner and by the service. To solve this problem the vendor chooses to implement an event based synchronization mechanism, where the service keeps a named event opened and checks it whenever a file is opened. If the event is unset the file is scanned, otherwise it is ignored. The manual scanner, then, to operate, opens the named event, sets it before scanning (disabling the service), scans the file system and resets the event back when finished.''

That seems like a bizarre design. Do anti-virus packages really use this?

There is an obvious alternative: get the service to handle "manual" scanning as well, and send messages to it to start/pause/stop the scan. (The whole idea of a malware detector executing in a user account with no greater privileges than the malware it is trying to detect is bonkers, anyway.) --DavidHopwood 02:58, 5 September 2007 (UTC)