IS guard effective?

Discussion in 'ewido anti-spyware forum' started by Perman, Oct 10, 2006.

Thread Status:
Not open for further replies.
  1. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: I have been using this now-called AVG AS since pre AVG era, but never have fully understood how effective its guard is. From what I can gather from here and there, it seems just scan memory and applicatin execution, not a so-called real time scanner we all are accustomed to. And mind you, it is this guard feature separating paid and free version(beside the auto update). That $$$ might not be a big issue, but what does happen when it becomes a thorn in someone's throat. I just wish they can give us a clear mandate of its feature.:isay:
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    What sort of realtime scanner are you accustomed to? You have to 'do' something to a file for it to be scanned realtime. With an AV that includes writing to or reading from HD. With AVG-AS it just means attempting to open an executable file, and as a starting file enters memory. A trojan can't do much unless you run it, and if you try and run it, it gets scanned.

    I'm not counting cookie cleaning, which is a seperate thing.
     
  3. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,folks: TopperID, thank you for the pointer, what I meant a real-time scanner is the kind of feature similiar to Spyware Terminator. Full time ,Real time, no discount and no layback.
     
  4. mmiranda

    mmiranda Registered Member

    Joined:
    Oct 10, 2006
    Posts:
    37
    Location:
    NYC, USA
    Hi there Perma. I totally understand what you're saying. I've been using Ewido Anti-Spyware for less than a year now, and one time when I downloaded a zipped file, neither NOD32 (realtime) or Ewido Anti-Spyware (realtime) or ZoneAlarm Pro (with Anti-Spyware Realtime Protection ON) detected the spyware inside of the file when it was saved to the hard drive. But when I scanned it MANUALLY, Ewido found a trojan inside of it, that's why I'm having the same thoughts as you.

    If Ewido really detects spyware/trojans/malware in REALTIME, it should have detected it. It's a good thing I MANUALLY scanned it. If I trusted the REALTIME protection alone, I could have infected my computer with a trojan.
     
  5. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    As TopperID said, it will be detected once it gets launched. A trojan sitting on your hard disk and doing nothing is harmless... This mainly because of performance issues as AVG-AS runs as a complementary product to your anti-virus and having two or more scanners scanning all files all the time can really slow down your system too much.
     
  6. mmiranda

    mmiranda Registered Member

    Joined:
    Oct 10, 2006
    Posts:
    37
    Location:
    NYC, USA
    Thanks for the prompt reply Peter. I got your point. AVG/Ewido Anti-Spyware does not detect trojans/malware/spyware as they enter and get saved on your computer ; it just detects/prevents trojans/malware/spyware that are actually on your hard drive from executing.

    "A trojan sitting on your hard disk and doing nothing is harmless", but still would you feel safe knowing a malicious program has bypassed all your realtime defenses?

    It would be nice though if it would scan all files entering the computer from the internet before landing on the hard drive AND at the same time have a minimal memory imprint (like NOD32). Just a suggestion :)
     
  7. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,folks: From what I can gather from AVG so far, AVG's guard is a defense vehicle of passive approach. It does not scan and is unable to detect any trojan and spyware at the point of entry, rather , waiting these malware to make the first move and hope to stop them there. Mind you, these things can be dormant in your system for years and stay undetected, are you worry? Mimiranda, I notice that you are using Socket Shield, which I believe, uses real time scan at socket level of system, socket is the very first or the most frontier point of entry, I think. Maybe, this type of defense should be on the wishlist of AVG AS.
     
  8. mmiranda

    mmiranda Registered Member

    Joined:
    Oct 10, 2006
    Posts:
    37
    Location:
    NYC, USA
    Hi there Perman. SocketShield attracted my attention because of its unique approach to security. It has protected me significantly from numerous attacks (12 exploits and 597 malicious sites to be exact). It's an additional layer of protection against all the nasty stuff you can accidentally get from the internet. Socket Shield ISN'T a replacement, but an adjunct.

    I still believe an anti-spyware/trojan layer is necessary to ensure system security, but the 'passive approach' doesn't seem to be as effective as an 'active approach'. Maybe that's why SpySweeper and Spyware Doctor (though memory intensive according to reviews; haven't tried them yet) get such high ratings and positive reviews.

    I would still keep AVG Anti-Spyware for now because it is highly regarded in security forums (and since I have a 1 year subscription) though not as highly rated in mainstream software sites, i.e., PC Magazine or Download.com (as Ewido). I haven't detected a trojan yet since install though despite running in realtime.
     
  9. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    To clear up one point, AVs often do NOT scan within archives realtime, and so will not spot a trojan in a .zip file as it is written to HD. That is so with, for example, AntiVir and KAV; indeed KAV cannot be configured to scan within archives realtime. Some, like Norton, will do so; but it is irrelevant really since the trojan can do nothing until you extract it from the archive when it will be scanned. And if you attempt to run it AVG-AS will also scan it as it enters memory, so if it is heavily encrypted to hide its signature from your AV, it can still get picked up by AVG-AS.

    Baddies should not lie dormant on your system for a long time, because you can always do a demand scan, configured to look within archives, and that will pick it up. There would be no point in ever doing demand scans if the Guard could do the entire job.
     
  10. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    In fact, AVG-AS will scan it even twice:
    1) On disk before it executes (using emulation to unpack crypters)
    2) In memory short after execution (after crypters have unpacked it)

    So if the disk scan will catch it, it won't get executed at all.
     
  11. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,folks: In-time and trustworthy assurance,indeed. I will continue to use this app.:thumb:
     
  12. mmiranda

    mmiranda Registered Member

    Joined:
    Oct 10, 2006
    Posts:
    37
    Location:
    NYC, USA
    Thanks TopperID and peter.ewido for the very informative response. Like Perman, I would still continue to use AVG Anti-Spyware :thumb:
     
Thread Status:
Not open for further replies.