protection level of different scanning methods employed by av/as?

well....how different is the level of protection,if any that is, provided by an av/as that just performs on execution/on demand scan only as compared to one that perfoms on access/read/write realtime scanning?

 

From the day at the night. A complex malware can gets the control of your system, do all that it want to do and disable your only on demand av/as.

 

on demand will only happen when you demand it so the circumstances where it might miss something should be easy to imagine.

on execute will only happen when some action that the scanner recognizes as execution happens. what the scanner (or any other program) recognizes as execution and what actually is execution are 2 different things so the circumstances where 'on execute' scanning will miss something is for those types of execution that the scanner doesn't recognize.

on access happens whenever the monitored file access api's are used to access files. it will miss things if normal software doesn't use the normal file access api's to access the malicious file (which would be very unusual).

 

so it means having on execution scanners like prevx/a2 as main security is fraught with risk vis-i-vis something like avira/avast/nav with their various shields or scanners working overtime?

 

on-execute will trigger less than on-access, allowing exotic execution techniques to go by unchecked, but i don't know if that qualifies as 'fraught with risk'.