protection level of different scanning methods employed by av/as?

Discussion in 'other anti-virus software' started by thathagat, Jul 6, 2009.

Thread Status:
Not open for further replies.
  1. thathagat

    thathagat Guest

    well....how different is the level of protection,if any that is, provided by an av/as that just performs on execution/on demand scan only as compared to one that perfoms on access/read/write realtime scanning?
     
  2. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    From the day at the night. A complex malware can gets the control of your system, do all that it want to do and disable your only on demand av/as.
     
  3. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    on demand will only happen when you demand it so the circumstances where it might miss something should be easy to imagine.

    on execute will only happen when some action that the scanner recognizes as execution happens. what the scanner (or any other program) recognizes as execution and what actually is execution are 2 different things so the circumstances where 'on execute' scanning will miss something is for those types of execution that the scanner doesn't recognize.

    on access happens whenever the monitored file access api's are used to access files. it will miss things if normal software doesn't use the normal file access api's to access the malicious file (which would be very unusual).
     
  4. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    so it means having on execution scanners like prevx/a2 as main security is fraught with risk vis-i-vis something like avira/avast/nav with their various shields or scanners working overtime?
     
  5. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    on-execute will trigger less than on-access, allowing exotic execution techniques to go by unchecked, but i don't know if that qualifies as 'fraught with risk'.
     
Loading...
Thread Status:
Not open for further replies.