[fineman]

Practice safe computing instead of expecting others to do it for you.

What malware 'is" can even be a difficult question. Is a RAT malware, or a way to log people snooping on your computer? Also, new malware is discovered. So it'd have to be a curated collection.

[themeek]

Unfortunately it is more difficult than this.

Even if you practice safe computing it's likely that your information will be compromised - especially in the long term and especially if you are an organization.

That's not to say this practice isn't important. It's just that it's not enough. We need both of these things (and more).

The state of computer security is fundamentally asymmetric.

[fineman]

In the case the pre-screener is honest, having them pre-check the work only saves you downloading a few virus executables at the cost of some work.

If the case the pre-screener isn't honest, it's saved you nothing at all and cost you a lot because you're likely to be less cautious.

Do you remember the tagline (roughly) "Outgoing email scanned and verified by AVG"? That was 100% worthless and actually very counterproductive. Expecting someone to check leaks like that is just as bad.

Scan everything. You've got the same technology they do.

[mikeash]

You're correct but this is not an argument against screening on the distribution end. Not everybody will do this and if you can protect them from problems due to their own lack of screening then you should.

Just because you can avoid problems on one end if you do everything right doesn't mean you shouldn't also try to avoid problems on the other end.

[fineman]

This very specifically is an argument against scanning on the distribution end.

A false sense of security hurts more than deleting STONED.EXE (and likewise, all other malware caught by signature) helps.

Point to a modern virus scanner and also list what you've found in the archive. That gives a good baseline for people to check against without promising to have made anything safe to touch without scanning.