Question about AV Resident Monitors

I have looked at the settings in Kaspersky's Resident Antivirus Monitor and noticed that a few less settings were unselected than compared with the "full system scan settings." By this I would just imagine that Kaspersky goes over these files the same way it would in a "full system scan" except it just chooses and selects which files to scan. Is this how most other AV resident monitors work (was wondering specifically about DrWeb and NOD32 as I hear they use much less resources compared to that of Kaspersky)? Is any AV Resident Monitor "stronger" compared to any others?

 

I think most AVs monitoring is a little less thorough than the scanner. That is because there is no need to monitor inside archives, and whatever other selections may be available.
The monitor needs to be on top of programs as they execute or open.
A scanner should try to find malware on your computer, whether it is executing or not.
Lately there have been several discussion regarding scanning/monitoring inside packed executables. It's up to you whether or not you want packed files scanned deeply.
KAV suffers from two problems. One is the Control Center is a resource hog and really not necessary. The other is if you choose to monitor packed files, since KAV has such an extensive unpacker, it takes time and resources for it to check packed files while monitoring. It does much better if you monitor only on execution or downloading.
DrWeb is much like KAV, but not quite the resource hog. I have not tried to set its monitoring with the same settings as the scanner, so I don't know how much it would drag my machine down.
NOD32 is a great AV. If I were using it, I would not be the least bit concerned about packed files getting to me. They do have to unpack and run before they can do any damage.
Just make sure you have a great AT to use with NOD32 as it does concentrate on viruses. I do not have a problem with that.

 

To Root from Firefighter!

About everybody's own security, archives scanning has not so much importance, about the web community's security, archives scanning is the only matter that counts!

The question of archives scanning capability is somewhat the same as in real life with HIV positives. You don't feel ill yourselves, but you are infecting others!

Poor archives scanner and iMesh, Kazaa or what ever are together a lethal combination.


"The truth is out there, but it hurts!"

Best regards,
Firefighter!

 

From xor to firefighter !

I dont know what is really your problem. You are only concerning about Archiv packers. Then set up a BATCH file witch does unpack all your ZIP files until the last readme.txt was scanned.
You can do the following trick:

Extract every file as *.exe.... If it is a (true) executable file it will have a exe header. This means the virus scanner knows then it is a exe file. By writing *.exe you force the RTM to scan this file - with or without exe header.
It's as this easy. With this method you can even support more archives than KAV does support. Just find all archiv-unpackers and link them together with a call in the batchfile. Make for each packer a custom unpack.BAT with the commands to unpack all. and after this to rename all files to exe files.

[-xor-]

 

Firefighter: as I responded in your other thread, good detection in the uncompressed files and upon execution is what counts and ultimately prevents infection. An AV that is poor in detection rates will not catch something it won't detect at all whether it's in the archived format or when the file is uncompressed. So even if it appears to do better generally on archives, that will mean nothing if it does not catch the malware in the zip format and then again when the file is unzipped and run.

In contrast, an AV that is among the best in detection rates may not alert on the zip where it is harmless but will more likely catch the malware when it is uncompressed and/or executed, thus preventing infection.

Computers do not get infected by a zip, but at the point the file is unzipped and run. So that's when the detection rates really count in preventing infection.

And for P2P file sharing (and for those engaged in warez and cracks), then an AT is also a must. Not just an AV. And frankly, the user must accept responsibility for their computing practices. If they choose to live on the edge and engage in unsafe practices, they are much more likely to get infected unlike others who practice "safe hex."

 

To Sig from Firefighter!

Of course good in the Wild and Zoo detection rates in resident scanning matters. It's unfortunately so, that many of us have not a such situation, so the best way to prevent infections through P2P or what ever, is to remove viruses from every levels from your PC with a good av-program capable to scan enough archives, and I think there are such kind of programs less than 10.


"The truth is out there, but it hurts"

Best regards,
Firefighter!