windows defender detect changes but AVG didn't, wasn't it suppose to ?

Discussion in 'ewido anti-spyware forum' started by great, Feb 6, 2007.

Thread Status:
Not open for further replies.
  1. great

    great Registered Member

    Joined:
    Feb 6, 2007
    Posts:
    2
    I was doing a search for a good resident-shield antispyware software and the AVG anti-spyware was coming on top of many things so i downloaded and install it to give it a try.
    I also use the windows defender and here comes my question/query

    I checked the compatibility list and windows defender is on it so i assume that both are working on different layers of scan or something like that.

    How can i test the AVG resident shield if its actually working ??

    i just installed the new version of nero and windows defender detected several changes (new start-up, new services, new shells) and i click on permit.
    Wasn't AVG suppose also to notify me on those changes o_O is windows defender before avg scans ? when i clicked on permit and the changes committed wasn't AVG suppose to be triggered that changes are made on my system and notify me as well in a form of a second security layer o_O

    Same things applied with different other tests such as change the windows firewall settings, install new programs on the start-up of windows, change of the host file etc.

    I would really appreciate some feedback here cause i think is a great application and I'm in the process of evaluation and finally buy it (for real)

    Thank you.
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    They certainly are different, there's no harm in using both if you wish. WD will monitor certain critical areas of your system, looking for changes, while AVG-AS real-time Guard will scan all executables as you attempt to run them.
    Simple, D/L the eicar virus (a safe test virus) and try and open it:-

    http://www.eicar.org/anti_virus_test_file.htm

    You'll have to disable your AV Guard to do this 'cos AV Guards intervene as soon as a file is written to Hard Drive, while AVG-AS only scans when you attempt to open the file.
    Absolutely not! There is an analysis section which enables you to deal with certain system aspects, but this does not happen real time and is not connected to the Guard.

    Actually it doesn't happen real time with WD either, since this is polling for changes every few seconds and if it finds changes it attemps to reverse them (depending on your response); but of course by then it may be too late. If malware has made the changes it may not allow them to be shifted that easily.

    So WD can tell you you've got a new BHO, for example, but may not be able to remove it. With AVG-AS on the other hand the trojan gets intercepted before it can run (so long as it is in the sig data base) thus the system changes that WD is looking for never get made in the first place! Actually AVG-AS Guard scans starting executables twice, once as they attempt to run, and then again as they enter memory - this latter gives the chance to intercept trojans that have been heavily encrypted to try and hide them from AV sig scanners.

    So you can view AVG-AS Guard as an additional layer of protection after your AV, the AV will always scan first then AVG-AS will give the file a second opinion scan, so if malware passes by one of the scanners hopefully the second will grab it.

    If you wish to use WD as yet another layer of security that is fine, but if I was obliged to choose one or the other I would pick AVG-AS every time.
     
  3. great

    great Registered Member

    Joined:
    Feb 6, 2007
    Posts:
    2
    Thank you TopperID for your useful points.
    I was obviously confused on how AVG was working and how the resident shield is protecting my system. Its a lot clearer now thanks to you.

    kind regards
     
Thread Status:
Not open for further replies.