Scanning network shares sounds like a good idea at first - the scanner needs to be installed only on a single machine and one person can do the scan. To simply remove installers, this is not a bad idea at all, so Spybot-S&D allows to add network shares as well in its Download directories setting.
But scanning for and removing files on other computers can be dangerous as well. Most threats are not only files, but also linked by registry entries - removing just the files would cause the 'cleaned' Windows to produce a lot of errors. But while those messages may be harmless (and remote registry cleaning could at least be added for NT/2000/XP/Vista), there is an even worse
case - some threats need to be removed by using API calls. Removing LSP hijackers by just deleting their file will disable the network access of the cleaned machine, and repairing LSPs by fixing the registry is not fail-safe either.
That is why an anti-spyware tool needs to be run on each machine. We are developing a client/server scanning system that will work in network environments.
|