Kaspersky or Nod

I too believe that KAV is rather slow scanning archives. Seems to be the big bottleneck.

A FULL scan of my PC takes about 50 hours, which is way too long, but if I set KAV to "Concede resources to othe rapplications", I find that there is little effect on my continuing to work during a scan.

One question to ask is just how often one needs to do a FULL scan?

 

i think once is enough if you keep kav enabled at all times, and the next scans only if your pc gets somehow infected,

 

Once is not enough.

In general, you will not know that your system has been infected until it is too late, and it may be rather expensive to undo the damage.

KAV, etc. cannot provide a signature for a malware until the malware is first discovered.

So, you may have downloaded files for which the signatures do not exist until AFTER you have done the download.

A full scan would be necessary to apply new signatures/heuristics to catch those files.

How often one does a full scan would be determined by how safe you wish to feel and how such a scan affects the performance of other apps.

With KAV, as long as I tell KAV to Concede resources, performance is not significantly affected. And, if I want to speed things up, I can just pause the scan and un-pause when I feel appropriate.

 

kav doesn't have great (as in usefull to detect malware) heuristics, only v7 will have them. also kav releases an update about once/hour, so you suggest scanning once an hour, get real.
also you get instant signature updates, so you don't need to perform a nw scan to apply new signatures, the file anti-virus will get updated instantly, and sine the malware is active (if it's not active then there's no danger), file av will find it, or if you are really paranoic do a startup scan after each update. (that checks for potentially active malware, those programs that load at startup).

also don't forget the proactive defense module, the activity analyzer will detect unkown malware when you start it and give you even the possiblity to rollback changes made.

 

I have not suggested doing a scan after each update.
Nor would I even do any hourly update.

Malware is not activated unless one uses the files containing the malware.
If the malware is not active, there is still a danger.
For example, at some point, a particular application might need to be re-installed. You would be in deep doodoo if at that time, you find the file was infected. One needs to find this out sooner, rather than later.

The PDM is smoke and mirrors.

It is very easy to write software that would use techniques not detected by the PDM.

Each of us is willing to accept different levels of risk by choosing how often we get sifnature/program updates, and how often we do a full scan.

WE each choose our own poison.

 

i'm not talking about the vba macro detection which for some reasons you have issues with (i can think of a few reasons but i'm not saying it outloud), the pdm is harder to bypass then the regular signatures.

if the file anti-virus is active then it will detect the malware on access (when you start the program, load the dll etc.). some of your arguments are really full of...

 

Harder, but not impossible.

Detecting when used is too late in many circumstances.

 

You dont need to do a full scan... just right-click the file and click "scan with Kaspersky Antivirus"

Howard, why are you so paranoid? are "they" after you? are all the malware writers and hackers trying to hack into your PC?
I've personally never had this problem with the scenario you posted above and dont know of anyone who has.

Kaspersky already detects most the malware out there, so after a single update (where an average of 12 (0.00004%) of the total malware detections are added), not rescanning your files puts you at a v.negligible amount of risk compared to when an AV scans constantly or after each update.

Howard, you have a tendency to blow tiny things way out of proportion. You need to start taking things easy and chill out a bit. I know you're interested in how things work, but you need to start reading into it less and just accept that it does work (because it does ). A top-notch AV like Kaspersky will not allow users to be at significant risk because if it did, it'll loose far too much customers, potential customers and get bad press coverage (which it cannot afford to do). Stop worrying and start living... thats my motto

 

Good advise dawgg. Quite a few people could take this advise. Sometimes me included.

 

I think that performing a weekly full scan is more than good enough IMO.

Although it could vary according to your usage or surfing habits..

 

i do a weekly scan set to when no one is using the computer at 12 am on wednesday
lodore

 

While I don't doubt your statement, I cannot conceive of a scan taking 50 hours. I would never do it, or change AVs if I had to let it run that long.

The first scan on my system took about 45 -50 MINUTES and after that it takes from 4 - 9 minutes.

Best,
Jerry

 

my first scan took 3hours for 60gb of data and now takes about 15minutes
lodore

 

I find it very weird. Just did a full in-depth scan with nod32, took me about 5 minutes at most. Last night i did one with Kaspersky and it took 3 hours. The problem as always with KAV is that slowdowns only occurs with big archives. Beside that its good. Im not sure *what* KAV does that nod32 dont while scanning archives.

 

are you sure that nod32 scans very big archives and not just skips them?

 

a question that puzzles me too planet.......

such a fast scan speed, and nod doesnt detect alot of viruses in archives, but gets it upon extraction, so surely, in the av-comparatives tests, there cant be alot, if any viruses in archives, or nod would fail, big time right?

 

Check out the Sorting procedure of the samples; "When we get new samples, we first unarchive them".

 

yep it figures they dont scan/test archive scanning.

 

I don't really see how it is important, seeing as though the malware is harmless until it is extracted

Cheers,

Alphalutra1

 

sure, you may not find it important, but id rather have a scanner than can still scan archives, but then again, ive had my own argument about malware that 'cannot be executed' on here, and my comments on that have basically been laughed at, so same goes here.

 

Suppose its personal preference, I rather know if an archive has a malware in it or not, regardless of whether its active or not (or has the potential to be active or not).

 

if archive scanning aint important, why do all av's do it sooo well, yet nod doesnt.

surely, if nods argument is correct, why does i.e kaspersky need it, with its real-time proactive defense etc etc, if this was the case, they could scrap archive scanning from their product and save resources/scan speed etc etc.

to me, id want to know an archive has got mydoom in before i try and unzip it.

i didnt know nod did this, its put me off a bit, is this why its scanning speed is quick?

 

What I can make up from a German magazine (c't 5/2007) is the following:

Archives that are scanned on demand:

KAV
Windows: ACE/ARJ/CAB/LHA/RAR/ZIP
Unix: BZ2/GZ/TAR/TBZ/TGZ
nested archives: ACE/ARJ/CAB/LHA/RAR/ZIP
self-extracting: ACE/ARJ/LHA/RAR16/RAR32/WINZIP

NOD32
Windows: ARJ/CAB/LHA/RAR/ZIP
Unix: GZ/TAR/TBZ/TGZ
nested archives: ARJ/CAB/LHA/RAR/ZIP
self-extracting: RAR32/WINZIP

Also, KAV seems to scan more nested OLE objects and more types of mail databases.

All of those could account for some difference in scanning speed I think. But I don't know about the importance of archives that NOD doesn't scan.

 

KAV knows 7Z too

there are also other types of archives not just regular ones, for example html help files: chm, hxs, or image formats (ISO/NRG/MDF...)

 

what about......

EXE,COM,DLL,SYS,VXD,OV?,BAT,BIN,DRV,PRG,BOO,SCR,CMD,386,FON,DO?
XL?,WIZ,RTF,CL*,HT*,VB*,JS*,INF,PP?,OBJ,LIB,PIF,HLP,MD?,INI,MBR
IMG,CSC,CPL,MBP,SH,SHB,SHS,SHT*,CHM,REG,XML,PRC,ASP,LSP,MSO,OBD
THE*,NWS,SWF,MPP,OCX,VS*,DVB,CPY,BMP,AR?,ZIP,R??,GZ,Z,TGZ,TAR,TAZ
CAB,LHA,LZH,BZ2,MSG,EML,7Z,TBB

do kaspersky do those, its pretty clear nod does not.

in this thread, i chose nod early on in the posts, but this worries me 'just a little'

i know nod catches them upon extraction, but ive always liked archived scanning and always feel some ease in knowing ive deleted it before ive even tried unzipping it.