Real time scanning- what's the best way to go?

Discussion in 'other anti-malware software' started by aigle, Oct 23, 2007.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    From my scanty knowledge of scanners, I guess there are three main ways they implement real time scanning.

    1- HD read/ write scanning( most common used by Antivirus products)
    2- Memory scanning( like Boclean, not sure but I think there are other AS who scan memeory in real time but none of the AVs I think).
    3- Scanning on execution( OA AVplus, not sure but I think there may be AS scanners who use this technique).

    I will not discuss other real time scanning modules ATM( like WebScanner, E-mail, network, IM messenger scanning etc-- Avast:p ).

    My impressions about these techniques:

    - HD read/ write scanning- causes system slow down though vaiable from system to system and product to product

    - Memory scanning- not sure about slow down but sure it takes CPU spikes

    - On Execution scanning- least impact on system

    Prsonally I will prefer my AV/AS to use on-execution real time scanning. That should be OK. It will give a good balance of security and speed. I can complement it with scheduled HD scans to detect any malware that is dormant on mys sytem.

    I wish that all AVs give us an option to use On-Execution scanning in real time rather than traditional HD read/ write scanning.

    What you guys/ gals think of it? Please post your comments. Also I need you to correct me if my understanding for real time scanning is wrong in any way.

    Thanks
     
  2. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    If you want free get Spyware Terminator if you want a pay for one get Superantispyware.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    There is also a fourth option. None. That is my choice. But if I were to go back to one, it would be no.1. That should stop it before it executes. why let it get to memory.

    As to your no. 3 essentially OA AV+ is doing what no. 1 does but only scans something it doesn't know.

    As to impact on system resources, that's my reason for the choice I've made asside from threat assement. The resource load from memory scanners is easy to see, the cpu spike. But they all make a measure of load. NO.1 stuff has to scan each file as it opens. No. 3 stuff has to check to see if it knows the file, make a decision, and then maybe do the scan.

    I think Aigle in the final analysis you have to first do a threat assement, and then try the various products in the categories to see which fits. One product in Category 1, might be better than most in 3 and vice versa.

    Pete
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    To everyone.

    Posting your favorite program is not what OP asked. If you want to mention a product, it should be with further detail as to what, how and why it fits the question.

    Pete
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I think cheater just read thread title, not my post. I never asked for a product. It,s not the purpose of thread at all.
     
    Last edited: Oct 23, 2007
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I don't use scanners anymore.
    I remove any change, malware included, in my system partition during each reboot in less that 2 minuts, which means :
    - removal of any known malware
    - removal of any unknown malware
    - removal of any malware of the future.
    I use FirstDefense-ISR to make that possible, but most ISR-softwares do the same thing, although FDISR offers still more than the rest.

    I still have a few security softwares, which are supposed to stop the execution of malware immediately, like Anti-Executable and DefenseWall. I use these because they don't need any signature updates.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Doesn,t u contadict urself? You are chosing none but if u are adding one, u are going for the extreme choice!

    Also I think on-execution scanning( no.3) doesn,t let something go into memory practically.
    U mean it does scan disk read/write in real time? I never read it before.
    I agree but I was just discussing scanning method in general. Ofcourse there are many other variables that make a product better or worse!
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thread is not about what you use.:) I just wanted to discuss what technique is best for a real time scanner.

    U are using one or not, it,s a different story.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Sorry, I can't handle such discussion due to total lack of knowledge. My experience with AE (= real-time scanner) is, that it slowed down my fast computer. First I thought it was malware, but it was AE. :)
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I am not sure if AE scans disk read/ write or not?
     
Loading...
Thread Status:
Not open for further replies.