Question For You AV Users

Discussion in 'other anti-virus software' started by arran, May 13, 2010.

Thread Status:
Not open for further replies.
  1. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Seen how I not use any AV I haven't tested any.

    Just wondering in general do Anti Virus Programs intercept Malware before the Malware executes and run? are they able to ?
     
  2. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Yes, generally an AV will intercept malware before it's allowed to run.
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,650
    Location:
    Hawaii
    Mostly yes.

    Many AVs have the option to automatically scan every file "on access" which means that opening or executing the file is suspended during the time that the AV is scanning that file.
     
  4. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    There is no "in general" about the issue you mention. If the malware is known as signature, gets caught by heuristics, or "the cloud" knows about it and its vector file and there are no other software incompatibilities that will debilitate your AV, then yes your AV will stop it before the malware can harm you.
     
    Last edited: May 13, 2010
  5. Interesting. So is it possible that an AV is, at least in theory, in some ways safer than a HIPS with the anti-execute function turned off?
     
  6. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    I would not use the term "safer". It is just that the AV has the possibility to react earlier - by detecting the malware before the execution. In some cases even before the file gets in your drive for example by using a web/script shield. HIPS or behaviour blockers react on events that are effects of the malware code/vector file executed. This is why often layered security is important.
     
  7. That would mean, though, that most AVs are not terribly vulnerable to Matousec's TOCTOU (or whatever it's called) exploit. Another nail in the coffin of that issue, I guess.
     
  8. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    Considering the way AVs work and if your system is not already compromised yes you are right. But also consider that the main problem of the current generation of the AVs is that they are mainly signature based and this does not allow them to cover you from all the possible malware.
     
  9. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Yeah, most AV's have On Access scanner detect them as soon as read by the OS, but as some people have pointed if no signature or heuristics it won't detect :D

    Anyway, i still trust in "Signature based" AV's. :D
     
  10. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Noob,
    How is panda cloud working with EAM 5? I'm looking for a replacement for MBAM. It doesn't play well with EAM 5. :oops:
     
Loading...
Thread Status:
Not open for further replies.