Hi, folks: I have been using this now-called AVG AS since pre AVG era, but never have fully understood how effective its guard is. From what I can gather from here and there, it seems just scan memory and applicatin execution, not a so-called real time scanner we all are accustomed to. And mind you, it is this guard feature separating paid and free version(beside the auto update). That $$$ might not be a big issue, but what does happen when it becomes a thorn in someone's throat. I just wish they can give us a clear mandate of its feature.:isay:

{QUOTE-> From what I can gather from here and there, it seems just scan memory and applicatin execution, not a so-called real time scanner we all are accustomed to. <-QUOTE}
What sort of realtime scanner are you accustomed to? You have to 'do' something to a file for it to be scanned realtime. With an AV that includes writing to or reading from HD. With AVG-AS it just means attempting to open an executable file, and as a starting file enters memory. A trojan can't do much unless you run it, and if you try and run it, it gets scanned.

I'm not counting cookie cleaning, which is a seperate thing.

Hi,folks: TopperID, thank you for the pointer, what I meant a real-time scanner is the kind of feature similiar to Spyware Terminator. Full time ,Real time, no discount and no layback.

Hi there Perma. I totally understand what you're saying. I've been using Ewido Anti-Spyware for less than a year now, and one time when I downloaded a zipped file, neither NOD32 (realtime) or Ewido Anti-Spyware (realtime) or ZoneAlarm Pro (with Anti-Spyware Realtime Protection ON) detected the spyware inside of the file when it was saved to the hard drive. But when I scanned it MANUALLY, Ewido found a trojan inside of it, that's why I'm having the same thoughts as you.

If Ewido really detects spyware/trojans/malware in REALTIME, it should have detected it. It's a good thing I MANUALLY scanned it. If I trusted the REALTIME protection alone, I could have infected my computer with a trojan.

As TopperID said, it will be detected once it gets launched. A trojan sitting on your hard disk and doing nothing is harmless... This mainly because of performance issues as AVG-AS runs as a complementary product to your anti-virus and having two or more scanners scanning all files all the time can really slow down your system too much.

Thanks for the prompt reply Peter. I got your point. AVG/Ewido Anti-Spyware does not detect trojans/malware/spyware as they enter and get saved on your computer ; it just detects/prevents trojans/malware/spyware that are actually on your hard drive from executing.

"A trojan sitting on your hard disk and doing nothing is harmless", but still would you feel safe knowing a malicious program has bypassed all your realtime defenses?

It would be nice though if it would scan all files entering the computer from the internet before landing on the hard drive AND at the same time have a minimal memory imprint (like NOD32). Just a suggestion :)

Hi,folks: From what I can gather from AVG so far, AVG's guard is a defense vehicle of passive approach. It does not scan and is unable to detect any trojan and spyware at the point of entry, rather , waiting these malware to make the first move and hope to stop them there. Mind you, these things can be dormant in your system for years and stay undetected, are you worry? Mimiranda, I notice that you are using Socket Shield, which I believe, uses real time scan at socket level of system, socket is the very first or the most frontier point of entry, I think. Maybe, this type of defense should be on the wishlist of AVG AS.

Hi there Perman. SocketShield attracted my attention because of its unique approach to security. It has protected me significantly from numerous attacks (12 exploits and 597 malicious sites to be exact). It's an additional layer of protection against all the nasty stuff you can accidentally get from the internet. Socket Shield ISN'T a replacement, but an adjunct.

I still believe an anti-spyware/trojan layer is necessary to ensure system security, but the 'passive approach' doesn't seem to be as effective as an 'active approach'. Maybe that's why SpySweeper and Spyware Doctor (though memory intensive according to reviews; haven't tried them yet) get such high ratings and positive reviews.

I would still keep AVG Anti-Spyware for now because it is highly regarded in security forums (and since I have a 1 year subscription) though not as highly rated in mainstream software sites, i.e., PC Magazine or Download.com (as Ewido). I haven't detected a trojan yet since install though despite running in realtime.

To clear up one point, AVs often do NOT scan within archives realtime, and so will not spot a trojan in a .zip file as it is written to HD. That is so with, for example, AntiVir and KAV; indeed KAV cannot be configured to scan within archives realtime. Some, like Norton, will do so; but it is irrelevant really since the trojan can do nothing until you extract it from the archive when it will be scanned. And if you attempt to run it AVG-AS will also scan it as it enters memory, so if it is heavily encrypted to hide its signature from your AV, it can still get picked up by AVG-AS.

Baddies should not lie dormant on your system for a long time, because you can always do a demand scan, configured to look within archives, and that will pick it up. There would be no point in ever doing demand scans if the Guard could do the entire job.

In fact, AVG-AS will scan it even twice:
1) On disk before it executes (using emulation to unpack crypters)
2) In memory short after execution (after crypters have unpacked it)

So if the disk scan will catch it, it won't get executed at all.

Hi,folks: In-time and trustworthy assurance,indeed. I will continue to use this app.:thumb:

Thanks TopperID and peter.ewido for the very informative response. Like Perman, I would still continue to use AVG Anti-Spyware :thumb: