Question For You AV Users

Discussion in 'other anti-virus software' started by arran, May 13, 2010.

Thread Status:
Not open for further replies.
  1. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156
    Seen how I not use any AV I haven't tested any.

    Just wondering in general do Anti Virus Programs intercept Malware before the Malware executes and run? are they able to ?
     
    arran, May 13, 2010
    #1
  2. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Yes, generally an AV will intercept malware before it's allowed to run.
     
    shadek, May 13, 2010
    #2
  3. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Mostly yes.

    Many AVs have the option to automatically scan every file "on access" which means that opening or executing the file is suspended during the time that the AV is scanning that file.
     
    bellgamin, May 13, 2010
    #3
  4. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    There is no "in general" about the issue you mention. If the malware is known as signature, gets caught by heuristics, or "the cloud" knows about it and its vector file and there are no other software incompatibilities that will debilitate your AV, then yes your AV will stop it before the malware can harm you.
     
    Last edited: May 13, 2010
    NoIos, May 13, 2010
    #4
  5. Gullible Jones

    Gullible Jones Guest

    Interesting. So is it possible that an AV is, at least in theory, in some ways safer than a HIPS with the anti-execute function turned off?
     
    Gullible Jones, May 13, 2010
    #5
  6. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    I would not use the term "safer". It is just that the AV has the possibility to react earlier - by detecting the malware before the execution. In some cases even before the file gets in your drive for example by using a web/script shield. HIPS or behaviour blockers react on events that are effects of the malware code/vector file executed. This is why often layered security is important.
     
    NoIos, May 13, 2010
    #6
  7. Gullible Jones

    Gullible Jones Guest

    That would mean, though, that most AVs are not terribly vulnerable to Matousec's TOCTOU (or whatever it's called) exploit. Another nail in the coffin of that issue, I guess.
     
    Gullible Jones, May 13, 2010
    #7
  8. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    Considering the way AVs work and if your system is not already compromised yes you are right. But also consider that the main problem of the current generation of the AVs is that they are mainly signature based and this does not allow them to cover you from all the possible malware.
     
    NoIos, May 13, 2010
    #8
  9. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Yeah, most AV's have On Access scanner detect them as soon as read by the OS, but as some people have pointed if no signature or heuristics it won't detect :D

    Anyway, i still trust in "Signature based" AV's. :D
     
    Noob, May 13, 2010
    #9
  10. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    Noob,
    How is panda cloud working with EAM 5? I'm looking for a replacement for MBAM. It doesn't play well with EAM 5. :oops:
     
    kjdemuth, May 13, 2010
    #10
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...