eEye Digital Security

Would you please explain why AV updates periodically are so much larger than at other times?  Most recent large one is 44+ MB and obviously they continue to grow in size.  I ask because usually your servers time out or provide "unexpected response".  This can happen for days before a full update is achieved.  Thank you.

     Yes, this has definetely been brought up in the past.  Please take a look at this post (and the other two posts I referenced in it).

http://forums.eeye.com/forums/p/903/3865.aspx#3865

As far as I know eEye has been working with Norman slowly to try to make a change on how AV update packages are released.

     As far as the update servers having issues, this has been a problem eEye has been trying to work on.  Originally eEye's servers were only serving business customers (using Blink Professional, etc) before Blink Personal Edition was released.  The demand has grown drastically for updates being delivered to many more customers now.  eEye has attempted to throttle the bandwidth to try to make it equal for every connection that comes in to allow as many of them as possible, but they have had to watch more carefully lately.  I asked a few days ago about it and eEye has told me that they are trying to increase the bandwidth overall, however, they may be forced to go a different route and use
distributed update servers. For that code changes are required (within Blink and the servers themselves) and that takes time.

     I can understand folk's frustrations with wanting to update their AV signatures as fast as possible in Blink, I too have had issues with this in the last few days or so.  Luckily, Blink does not rely completely on signatures to do what it was meant to do in the first place.  This is why I am not completely worried about things being updated every hour on the hour as I would be with a standalone AV program or other security suites that do rely on signatures.

Thanks for addressing my question.  However, of the 2 posts you reference one is from 2007 and the "new" one is thirteen months old - one expects more up to date information these days.

Is there any comment from eEye the vendor of this fine product? 

 Understandable, I don't care for the way Norman does their updates either (personally), but I know eEye has been complaining to them about it.  From my undestanding, and eEye can correct me if I am wrong, this is how the AV updates are applied.  For Example:

Week #1, on Monday, lets say you have a signature database file of 30mb already installed and running in Blink.  Over the course of each day, during that week, more signatures are released in smaller amounts and are applied as you update Blink daily.  At the end of Week #1 or possibly sometime during the next week, Week #2, Norman compiles a new database that has compressed all of the updates that were received during the Week #1 time period in with what you started with (the 30mb database originally) and then pushes that out as a new update.  Included in this big update are any new last minute add-in signatures that they just created but wanted to get out to the public in the meantime.  When the user receives it from eEye, it looks like it is now about 35mb or so in size.  So in essence, I think Norman is recompiling their signature database file each week make it more efficient (and faster) for their Virus scan engine to use and search through.  Granted if your unable to get the new updated 35mb signature file your missing the very final tad bit of signatures Norman released, but you should still have everything up to those signatures already on your system still from all of the incremental updates you accumulated over the last week.  Does that make sense why every week or so you see one large update package that seems to grow?