Is regular scanning necessary?

Discussion in 'NOD32 version 2 Forum' started by fosius, Oct 23, 2005.

Thread Status:
Not open for further replies.
  1. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    I have just one question. Is regular scanning really necessary? AMON is running permanently, IMON configured to Higher Effeciency. Maximum settings are set. I don't see any way malware could get into my computer...Am I wrong?
     
  2. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    AMON runs all the time, thats true - But during that week NOD gets updated.
    So AMON might not catch everything thats already on your pc (because it's an on-access scanner).

    You might have a trojan in your temp internet folder, so I suggest you scan your pc when your not using it by using the schedule feature: Every sunday morning when you enjoy your breakfast or some other time that's best for you :)

    And do not forget that NOD is the fastest scanner out there, so it only takes 5-10 mins of your entire week.
     
  3. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    In my opinion, not really. I do a full scan only if i suspect anything. Otherwise i leave it as it is. No infections so far and i handle infectable files on daily basis...
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Ditto here. Only under suspicion of something.


    snowbound
     
  5. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Good luck with the rootkits, that's all I'll say to those 2 :)
     
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well NOD32 won't do anything against Rootkits either way if it doesn't detect them in the first place (same as majority of other AVs). No dedicated anti-rootkit technology present in it...
     
  7. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Nope, NOD wont' detect them during an on-demand scan, RootkitRevealer will however [for the rootkits that still hides themselfes]. But NOD will detect them on-access.

    Pain in the butt really.
     
    Last edited: Oct 23, 2005
  8. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    Ok, you are right... but... new malware could pass through AMON but later when it is updated, AMON should catch it when system is trying to access it. And don't forget feature which checks startup registry and other important parts of system after updating..
     
  9. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    NOD won't detect rootkits because it's still functioning as an application (unless it's detected by AMON).
    IF any antivirus were to detect rootkits, it would have to function at ring 0 - Which it can't.
     
    Last edited: Oct 23, 2005
  10. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    - And no antivirus do that currently, they cant.
     
  11. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    KAV/KIS 2006 are the first ones that do that regulary (and i know about them). Not sure for any other...
     
  12. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    I think KAV checks for hidden rootkits by checking the NTFS hive and/or the registry just like RootkitRevealer. The problem is that an antivirus still runs like an application, so a rootkit (which can control everything on the pc) can actually tell the antivirus that 'this' file is clean and the AV will move on without detecting anything. The rootkit can also 'unhide', so neither RootkitRevealer or any other software can detect them currently, because they only look for hidden rootkits.. It's pretty spooky :doubt:
     
  13. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    And I know CoolWebSearch is already using the rootkit technology.
    Their spyware is almost impossible to remove - Now they use rootkits...

    Scary
     
Thread Status:
Not open for further replies.