A parameter for optimization

Discussion in 'NOD32 version 2 Forum' started by DARMin, Apr 11, 2005.

Thread Status:
Not open for further replies.
  1. DARMin

    DARMin Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    5
    As noted by a Wilder's member in another thread:
    "A/V's should include the option to "Scan my computer" with only the virus definitions that have been downloaded since they last on demand "Scan my computer". Think how much quicker such a scan would run!"

    This could be an option for the on-demand scanner and for the real-time modules as well.

    P.S. I have been most impressed with NOD's recent performance in the bleeding-edge submissions to Jotti, especially in just how effective the heuristics engine has become.
     
  2. Michaelangelo

    Michaelangelo Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    7
    But surely that would be a very dangerous way to go. Your computer is at risk to all viruses at all times - not just the most recent. Just because I didn' have some one year old virus when I scanned last time doesn't mean I haven't picked it up in the last hour.
     
  3. DARMinHere

    DARMinHere Guest

    It is supposed to couple the act of not scanning files that have already been scanned. It is an extra measure of protection on this technique.
     
  4. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
    maybe I'm missing something...

    So if NOD32 downloaded todays update the on-demand scan would only include Win32/Mytob.AD (if an "option" is slected to do so)? What happens if you accidently download a file that contains Win32/Mytob.B which was included in a definintion weeks ago (the same day as the new update)?
     
  5. ShunterAlhena

    ShunterAlhena Registered Member

    Joined:
    Aug 1, 2004
    Posts:
    134
    Location:
    Szigethalom, Hungary
    As far as I'm concerned he says that Amon somehow flags files that have been scanned and if they're unchanged (thus no modification, no new virus) it doesn't waste resources to scan them again. However if new defs appear, a before-unknown virus could be sighted using these new defs. But why use the old ones again, if they have once found the file clean and it hasn't been modified since?
    A smart idea, I think.

    EDIT: Since the newly downloaded file was NEWLY downloaded it would be scanned with all the sigs. So the virus inside would be catched no matter what updates were released today.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    ShunterAlhena is right. A file would be rescanned even if it has not changed, but an application has attempted to open it for writing.
     
Thread Status:
Not open for further replies.