On-access scan on writing only
3 posters
Page 1 of 1
On-access scan on writing only
Short question: do you expect, or is there, a loss of security by configuring an AV on-access scanner to check on writing only?
Avira for example offers to check on
Comments?
Avira for example offers to check on
- reading
- writing
- reading and writing
Comments?
Ruhe- Valued Member
- Posts : 261
Join date : 2010-04-16
Location : Germany
Re: On-access scan on writing only
The most complete protection would be to scan on reading and writing. However, checking on writing only is arguably sufficient since the AV should catch the malware before it does any harm. Scanning on reading has the advantage that malware is detected even before execution.
Re: On-access scan on writing only
Of course.ssj100 wrote:The most complete protection would be to scan on reading and writing.
This and as there are more files read than written scanning on writing only should be lead to a faster system response. And, this mode avoids a re-scan of the same files on every start.ssj100 wrote:However, checking on writing only is arguably sufficient since the AV should catch the malware before it does any harm.
Therefore scanning on writing should only be used on a clean system.ssj100 wrote:Scanning on reading has the advantage that malware is detected even before execution.
Ok, you had the same thoughts like me.
Ruhe- Valued Member
- Posts : 261
Join date : 2010-04-16
Location : Germany
Re: On-access scan on writing only
Yes sounds about right Ruhe. To sum up, back when I used Avira, I set it to "Scan on Writing".
Re: On-access scan on writing only
Ruhe wrote:Short question: do you expect, or is there, a loss of security by configuring an AV on-access scanner to check on writing only?
Configuring an AV scanner to check on writing only you improve scanning speed but there is a loss of security.
Not all malwares write to disk. Let´s take as example a backdoor. When you run the backdoor it will open a port in your computer and it will wait for incoming connections but nothing will be written to disk.
Of course, there are backdoors that write something to disk, but that´s not really required, so the backdoor could be running and the AV would miss it.
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: On-access scan on writing only
@Backdoor: that's a good hint. Thanks.
In the meantime I run Avira with scanning on reading+writing again.
In the meantime I run Avira with scanning on reading+writing again.
Ruhe- Valued Member
- Posts : 261
Join date : 2010-04-16
Location : Germany
Re: On-access scan on writing only
If you care about system resources then the better solution is this:
Main protection layer:
+ Anti-Executable technology preventing that nothing runs without your permission.
+ Sandboxie for a secure browsing.
Additional protection:
+ AV products to scan suspicious files that you must run.
A good solution in this case is Virus Total because you can check with lots of AV engines and it´s not resource consuming as they are not installed in your system.
+ A behavioural analysis tool like Buster Sandbox Analyzer.
Zero day malwares may be undetected by AV products but a behavioural analyzer may detect it.
All the above almost doesn´t consume any system resources.
Main protection layer:
+ Anti-Executable technology preventing that nothing runs without your permission.
+ Sandboxie for a secure browsing.
Additional protection:
+ AV products to scan suspicious files that you must run.
A good solution in this case is Virus Total because you can check with lots of AV engines and it´s not resource consuming as they are not installed in your system.
+ A behavioural analysis tool like Buster Sandbox Analyzer.
Zero day malwares may be undetected by AV products but a behavioural analyzer may detect it.
All the above almost doesn´t consume any system resources.
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: On-access scan on writing only
In fact, I don't have a problem with insufficient system resources or speed, but a system is never fast enough
Intel Core i7 920 (4x 2.66 GHz), Intel X25-M G2 Postville as SSD
Intel Core i7 920 (4x 2.66 GHz), Intel X25-M G2 Postville as SSD
Ruhe- Valued Member
- Posts : 261
Join date : 2010-04-16
Location : Germany
Re: On-access scan on writing only
I have a Core i7 920 too, but mine has 8 cores.
Yes, sometimes is not a problem of resources but more security programs installed don´t necessarily mean more protection. The setup I just commented is more effective than other having Hitman Pro, MBAM, A-Squared, etc, etc, etc.
Yes, sometimes is not a problem of resources but more security programs installed don´t necessarily mean more protection. The setup I just commented is more effective than other having Hitman Pro, MBAM, A-Squared, etc, etc, etc.
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: On-access scan on writing only
Offtopic, but the 920 has 4 cores / 8 threadsBuster_BSA wrote:I have a Core i7 920 too, but mine has 8 cores
Cores and threads go hand in hand. Multi-core processors are single chips that contain two or more distinct processors or execution cores in the same integrated circuit. Multi-threading allows each core to work on two tasks at once, thereby letting you do more things simultaneously, producing faster, more efficient results. Now your computer can keep up with even your heaviest multitasking. Source: http://www.intel.com/consumer/products/processors/corei7-specs.htm#2
Ruhe- Valued Member
- Posts : 261
Join date : 2010-04-16
Location : Germany
Re: On-access scan on writing only
I thought it had 8 cores. Thanks for the correction!
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: On-access scan on writing only
Wow, very good point Buster. I never thought of malware that simply open Ports and never actually write on to the system.
Spot on. That sounds identical to the security setup/approach that I've been practising since late 2009.
With regards to having high-end hardware, I think to some extent it doesn't really make a difference when it comes to noticeable slow-downs on your system. From my experience, if eg. an antivirus program is "heavy", it will always (relatively) slow down your system no matter what hardware you have.
Buster_BSA wrote:Main protection layer:
+ Anti-Executable technology preventing that nothing runs without your permission.
+ Sandboxie for a secure browsing.
Additional protection:
+ AV products to scan suspicious files that you must run.
Spot on. That sounds identical to the security setup/approach that I've been practising since late 2009.
With regards to having high-end hardware, I think to some extent it doesn't really make a difference when it comes to noticeable slow-downs on your system. From my experience, if eg. an antivirus program is "heavy", it will always (relatively) slow down your system no matter what hardware you have.
Similar topics
» Test:HitManPro,Full Scan or Right-Click scan??
» On demand scan: SUA or Administrator Account
» Sandboxie's Start/run access settings
» Buffer overflow exploit writing tutorial
» If pondering whilst writing a post, use an editor
» On demand scan: SUA or Administrator Account
» Sandboxie's Start/run access settings
» Buffer overflow exploit writing tutorial
» If pondering whilst writing a post, use an editor
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|