understanding internet security

[AngelOfLighT]

i want to understand actions when a virus or spyware is found
quarantine=?
deleted=?
what to do and the best to do

 

[LookinAround]

Actually, best to do both.

1) Quarantine First. Something in quarantine can still be restored if need be. So, for example, if you AV made i mistake when it identified something as a problem you can always restore the changes it made in trying to "heal" the problem.

2) Delete from quarantine after a couple weeks. Once you know your AV didn't cause you problems by putting something in quarantine (i.e. you're pretty sure you won't need to restore and undo whatever it did) then you can delete.

 

[Bobbye]

I don't use Quarantine OR use the Recycle Bin as 'temporary storage'. Once a file goes into either. I delete it or erase it. If you have a current, correctly configured anti-virus program, updating right before the scan, then it should be quarantine> delete.

Some spyware/adware 'finds', on the other hand must be 'proven' first. Most of us have probably had a false reading in a spyware program, something in the system that has been read heuristically and may resemble spyware, but, in fact, is not. Then I encourage the user to verify the process if there is any doubt as to it's classification.

 

[LookinAround]

Antivirus software doesn't just flag based on signature (i.e. an already known virus). They also use heuristics to be predictive and can also have false positives.

So you may delete from quarantine prematurely but is the users choice.