How often to run AV system scans?

Discussion in 'other anti-virus software' started by FadeAway, Jul 15, 2007.

Thread Status:
Not open for further replies.
  1. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    I am a fairly safe surfer, so on the rare occasion when I have
    picked up a virus, it has always been in the Internet Temp files,
    the AV flags it instantly, and a simple delete of the file has
    taken care of it.

    Given that that all good AVs's pick up the baddie when it hits the
    hard drive (at least that is my understanding), I have often wondered
    if it is really important to do frequent manual scans with a real time
    AV running. I suppose a scan should be run now and then in the
    event there is a virus hidden in a compressed file, but am not expert
    enough to fully understand how that works among different AVs, and
    whether or not AVs decompress a zipped installer when it is
    downloaded, for example.

    I am seeking to improve my knowledge here, so opinions and comments
    of more experienced and/or expert forum members would be appreciated.


    Thanks.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    I'll not tell you what I do, as it might not suit your needs, but:

    It is wise to scan files you download, especially if they are from friends and such, because this is when your guard is at the lowest. No one has second thoughts about a crack file called gtrs2111.exe. But you might undergo a troy syndrome if some friends sends you a file called latest_trip.pps.

    This is one of the most important things to remember. Scan the files when you are supposedly safe. Sounds kind of contradictory to logic, but that's how it is.

    Now, a golden rule: if you are not sure about the file, don't run it. That's all. As simple as that. No matter what 10 or 50 AV reports tell. And if you trust the file, you might as well skip the scan, because if you are going to run it anyway, why bother with the scan.

    One of the best things to do is check the hash of a file you download and compare to that on the site. If this is vendor's site, plus you have reached the file by normal means (search, forum advice etc), then everything is most likely ok.

    As to the occasional virus in the temp files, I assume you are using IE? In that case, if you switch to a non-MS browser, you will solve yourself the need for any real-time protection, as superior browsers like Firefox or Opera simply do not respond to drive-by crap and such. Your browsing becomes 100% passive, which means you need to do actively execute something.

    Mrk
     
  3. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    I don't do full scans as often as I think I should - I try to do it weekly, and I've been too lazy to set a schedule for it!

    When the AV was first installed, I did a full system scan, but I figure if real-time protection is on anyway, it should be catching anything after that first scan.
     
  4. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    That's not always the case as no AV detects 100%. Not your favorite nor mine. I run a full scheduled scan daily, but that doesn't mean you should.
     
  5. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    weekly for me.
     
  6. vincenzo

    vincenzo Registered Member

    Joined:
    Nov 28, 2005
    Posts:
    151
    This brings up an issue that I have wondered about but never seen mentioned in any of the A/V tests I have read. Is it possible that an A/V will detect some malware in a on-demand scan that it would not detect when that file is requested to be opened or run? It would seem that the automatic background scanning would have the same detection rate as on-demand scans.

    Thanks
     
  7. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    I know that no AV can ever have a 100 per cent detection rate.

    My question was more in terms of whether a typical AV is likely
    to find something on a full system scan that it would not have
    found in real time, assuming it starts with a clean machine. In other
    words, is there something extra that an AV is doing in those weekly
    scans that it has not already done in real time, or in its initial
    install full system scan?
     
  8. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    once a week,

    however, if im bored, i might just sneek one in for the hell of it. :)
     
  9. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Some do, some don't, but that's not so important IMO. A malware in an archive should be detected when the archive contents hit the drive, say when you decompress it. An archived malware is harmless.

    That said, I never use scanning feature. Never - period. It's boring and resource/time-consuming. I completely rely on real-time protection... OK, I admit, I did a scan with SAS free a month ago or so, found some tracking cookies. :) Won't do it again, a waste of time.

    Of course, this post is not advice, it's a confession. :D

    Cheers.
     
  10. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Not necessarily, as it will depend upon the AV used and how the running Guard is setup.

    1. Some AV's, for performance reasons, have a "Smart-mode" setting for the Guard. For example, with Dr Web, this is the only scan mode which can be used for SpIDerGuard. VBA32 and KAV also have this as a setting in the File scan choices. In this mode, it catches only files that are created or updated, files that already exist on the HardDrive and opened or executed are not checked.

    To overcome this potential weakness, regular on-demand scans on full settings are recommended even though Dr Web/VBA32 have "background scanners".

    2. Further, again on performance grounds, a number of AVs do not have archive scanning set as default in the RTM, or if it is, some users may deselect this setting.

    However, if the real-time Monitor scans ALL files and does not slow down performance in this setting, then probably only an occasional on-demand scan is needed together with the use of the context-menu scan with newly downloaded files.
     
  11. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Rarely...
     
  12. The_Duality

    The_Duality Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    276
    Location:
    Liverpool, UK
    Same here. Ill run my AV scanner, plus all my anti-spyware etc on demand scanners once a week, and more often if im bored and I fancy watching a progress bar... :D

    *watches SAS do another run* :ninja:
     
  13. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    ive set a scan to run once a week on wednesday at 12.
    its fine for when i was at college but now im on the computer at that time during that time so sometimes i cancel the scan.
    since getting kaspersky in december ive only had one alert from it.
    it was the webav blocking a zlob trojan when my dad clicked on a link by mistake.
    if someone sends me a link on messenger i first ask if they sent it and what it is.
    secondly i look at the link to see if looks safe.
    thirdly i check it with linkscanner
    http://linkscanner.explabs.com/linkscanner/default.asp
    and if its fine after that i copy and paste the link in to opera with javascript disabled.
    the problem is my dad uses IE7 and refuses to use anything else so IE7 is default browser.
    once i get my own pc i will put opera as default browser and i will never get infected due to my safe surfing.
    lodore
     
  14. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    There are certainly reasons why a demand scan may pick up something on-access scanning misses. Usually this will be because the Guard will be configured to reduce slowdowns (hence no scanning of archives, scanning by extension instead of scanning every file, reduced heuristics etc), however it is theoretically possible for an on-access scan to let something through because it does not have the signature at that time; then, after a sig update, a demand scan may pick up what was missed earlier.

    In the case of an encrypted file, I suppose it is possible for both on-access and demand scanners to miss something - until it unloads into memory when it could be picked up by a memory scan.

    To answer the main question though, on-access scanning is far more important in my opinion, it is not vital for a safe surfer to constantly do demand scans. Once a week is an arbitrary figure, if you have no problems manifesting themselves (in which case you would go into 'safe' mode and scan) once a month or even less would be adequate. I scan about once every 6 weeks these days and even that seems too often!

    Scanning individual files you download, before opening them, would be a sensible precaution though.
     
  15. The_Duality

    The_Duality Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    276
    Location:
    Liverpool, UK
    'Tis the way to be. I would use opera more, but because of my slow wireless I need a decent download accelerator (of which there are plenty for FF).

    (sorry for the off topic)
     
  16. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Personally, I agree with TopperID, Most AVs on access scanners are configured adequately to provide protection for most users, additionally, hdds are mechanical objects designed and made by humans, they WILL fail at some point, why push the issue with needless thrashing of performing an AV scan every day?
     
  17. vincenzo

    vincenzo Registered Member

    Joined:
    Nov 28, 2005
    Posts:
    151
    Why is there a need to right click/scan a downloaded file before it is opened? Wouldn't the same A/V program scan it automatically before allowing it to be opened?

    Thanks
     
  18. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Not all AVs scan archives or compressed files with the default on acccess scanner settings. Personally I think this is not needed but I do understand why some users do this.
     
  19. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The configuration of the Guard may be different from the demand scanner. For example the heuristics of the demand scanner may be set higher, so it might be able to spot something the Guard would let through.

    However you'd have to be unlucky for that to happen, so I can't say it is essential to scan downloaded files, just prudent - but then I suppose it depends what you are downloading!
     
  20. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    Thank you to all for the many thoughtful replies to this thread.
    They have provided more food for thought than anticipated. I was
    aware of the "scan all files" vs. "scan selected file extensions" options,
    but usually just left it at the vendor's default for both on-access
    and on-demand.

    Combining your collective comments with with my personal experience
    on the Net, I am going to cut back full system scans to once a month,
    and let the real time guard handle the rest, if all seems well.

    BTW, in reply to Mrk, I only use IE when I need Flash. I dislike Flash
    ads, so it is not installed in my primary browser, which is FF.

    Thanks again.
     
  21. rookieman

    rookieman Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    409
    I usually runs about 4 a week.I'll try to run those while i'm out shopping for example.:D
     
  22. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
    When i first install a new AV I run a full scan, then at random times when i get really bored (which means usually never).
     
  23. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Seems like a bit much to me, even for a high risk user, but to each his own. If you are not seeing any detections I would reduce the number of scans, but of course it is up to you.
     
  24. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    I usually run a scan daily (if time permits).
    YMMV

    ;)
     
  25. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Once a week here also.
     
Loading...
Thread Status:
Not open for further replies.