Dear brains, I know you all love your scanners and don't want to ditch them, but forget all that for a brief moment, when you read this thread. After that you may keep your scanners. I also know that frozen snapshots aren't very popular, but I like to squeeze FDISR until no possibilities are left to use by me. Any thoughts would be welcome. I'm not really interested in good comments, I prefer negative comments to prove the idea is total nonsense or partial nonsense, severe disadvantages, whatever. Installation of malware AS/AV/AT/AK-Scanners WITHOUT a real-time shield allow any installation of any malware and it doesn't matter, if you work with a normal snapshot or a frozen snapshot or a system partition without FDISR. Only scanners WITH a real-time shield protect you against installations of malwares. To avoid any conflicts, you can only use ONE scanner WITH a real-time shield and that is of course a disadvantage, because only ONE scanner prevents the installation of malwares. So this scanner better be an advanced+ scanner or you will be even more vulnerable. Execution of malwares If the installation was not prevented, we have 2 possibilities : 1. The malware is activated and starts its evil job. 2. The malware is sleeping and waiting for a trigger. Neither scanners, nor a frozen snapshot will stop this execution. Detection of malwares Once the scanner runs and detects malwares using blacklists/heuristics, we have 3 possibilities : 1. The malware was NOT detected. 2. The malware was detected and reported as a false/positive. 3. The malware was detected and reported as a real malware. A frozen snapshot doesn't detect malwares, it only detects "changes". A frozen snapshot doesn't have false positives. Removal of malwares After detection, the scanner will remove the malwares, usually with user assistance and we have 3 possibilities : 1. The malware is NOT removed, because it wasn't detected. 2. The malware is removed partial and that has been proven. 3. The malware is removed completely. A frozen snapshot however will remove everything, even malwares that bypassed the real-time shield. CONCLUSION 1. A frozen snapshot removes ALL malwares, because it considers them as "changes" and changes are not allowed in a frozen snapshot and removed during the next reboot. So we are talking about a 100% REMOVAL OF MALWARES and scanners don't guarantee that. In other words you don't need scanners anymore to remove malwares. You still need scanners to remove malwares in download objects from an unknown source, but this has nothing to do with this thread. That's another problem. 2. Since the installation of malwares in itself is not dangerous, we have only ONE BIG problem left : EXECUTION of malwares, that needs to be stopped. So a frozen snapshot only needs one or more security softwares that stop the execution of malwares. Keep also in mind ; - that sleeping malwares aren't dangerous YET and they will be removed anyway by the frozen snapshot. - that stopping the execution doesn't need to be 100%, because all malwares will be removed anyway by the frozen snapshot. Having the less-knowledgeable user in mind, I have already 2 possible security softwares to stop the execution of malwares : 1. Anti-Executable. 2. Prevx1.