Scan on reading vs writing?

Discussion in 'other anti-virus software' started by newbino, Sep 21, 2008.

Thread Status:
Not open for further replies.
  1. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    377
    I am not so clear about the difference between an AV scanning on reading vs writing - anybody can help? BTW yes I've researched this site and Google.

    Here are some threads that are related to the topic:
    https://www.wilderssecurity.com/showthread.php?t=213328
    https://www.wilderssecurity.com/showthread.php?t=200619
    https://www.wilderssecurity.com/showthread.php?p=1262402

    Also, am trialling Avira Premium with LUA+SRP. Which of the two options (reading vs writing) would make more sense with this setup?

    Thanks!
     
  2. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812

    Basic way to look at it.

    Read - When something is already on the Hard Drive and your Hard drive is about to access it. (AKA accessing a already installed program)

    Write - When something is not on your hard drive. and its about to be Stored or Written to the hard drive. (AKA like downloading a File)

    Honestly default is fine. Avira will Webscan downloads. Or when you install something that is on a CD to your computer it will scan that. It also does a quick scan of any file you Execute or open.

    So pretty much default is fine.

    Now for the sandbox. means nothing really gets "Saved" to the hard drive once that is closed. but it does read from the hard drive.

    Basic thing is you wont notice any performance hit with R/Write disabled or enabled. unless your running a P133 Laptop. :p
     
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I thought Avira did both by default anyway.... some don't, like AVG for example, default install scans on Open only. But you can set it for both if you want.

    If you only scan on open, then there is the chance of writing something nasty to your HD which will just sit there till it's executed or opened, then it would get caught. I like to catch it on write myself and try to keep it off the HD.
     
  4. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    A tangential comment: Firefox 3 by default will invoke anti-virus software (if any is installed) to scan downloads before releasing them for use. This behavior can be altered via the about:config setting for browser.download.manager.scanWhenDone as described here.
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi

    With LUA and SRP, I think the write only option of Avira is sufficient.

    I would advise:

    LUA + SRP + ThreatFire (make sure you select creat a restore point before quarantaining) and Avira write only (or Avast write only) is a perfect combo. TF now uses the CPU cycles which the read or on execution scanner normally uses. So with no performance loss you have better security.

    This has been thoroughfully tested on both XP home and Pro (not on Vista because we have Vista64 on gaming rig). No matter what others will comment on this, it is a tested solution.

    Regards Kees
     
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Write also applies to modifications on existing files.
     
  7. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    I concur with Kees statement that with SRP the write functionality is enough. However, I question the value of using Threatfire with LUA since most of the key areas that a behavior blocker monitors, besides the autostart entries in HKCU, are already write protected by default. So If OP wants to minimize the impact, I would skip TF as well.

    /C.
     
Loading...
Thread Status:
Not open for further replies.