Author Topic: How Much Additional Protection Is Afforded By Checking Executables?  (Read 1719 times)

0 Members and 1 Guest are viewing this topic.

Offline NoelC

  • Poster
  • *
  • Posts: 569
That sounds a bit silly, but let me explain...

Knowing that Avast! checks all files as they are written to the disk, and that a regular scan finds no problems, then it could be said that the data on the disk is relatively safe, no?

How much additional risk is taken on by disabling the checking of executables (or DLLs) run from the disk, since they will have had to be written to the disk as files at some time in the past?

The reason for asking is that the time to check executables does cut into the ultimate speed of computer operations.  It's likely not much - since I believe Avast! keeps tabs on what it's already checked.

Just curious.

-Noel

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6712
  • Trust only what you test yourself!
Re: How Much Additional Protection Is Afforded By Checking Executables?
« Reply #1 on: December 24, 2013, 07:15:12 PM »
By unchecking the DLL's you won't gain that much time wise.
The best way to cut scan times is by using the persistent cache.
Another way is to uncheck the "follow links" during scans.
Instead use the "scan in order stored on disk" option.

As far as the risk factor anytime you fail to scan "any" executable you run the risk
of something really bad happening.

edit: Anytime after you run a scan and access an executable it will be scanned again.
        Not just by the file shield but since it will no longer be in the persistent cache it will be scanned again
        the next time you run a "regular" scan.
« Last Edit: December 24, 2013, 07:18:32 PM by Para-Noid »
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline propheticus

  • Common sense is the best safety feature
  • Sr. Member
  • ****
  • Posts: 202
Re: How Much Additional Protection Is Afforded By Checking Executables?
« Reply #2 on: December 24, 2013, 07:22:02 PM »
Default not all files are scanned. Big files might be skipped or only partially scanned. Some virusses are detected by name or extension and not the content of the file. If all files would be scanned entirely (content) a scan would take ages.
Furthermore, not all packers are extracted/executed while scanning. If a virus was inside a large 7zip file that got skipped while doing a full system scan it would remain undetected when 'scan when executing'  was off. Remote shares or non-default extensions are not scanned in the default full system scan. When a program calls remote sources to execute or renames a .123 extension file (that has not been scanned) to .exe or .bat and executes this, this would otherwise slip the net.

So in my opinion scanning when executing is best left on.

Offline NoelC

  • Poster
  • *
  • Posts: 569
Re: How Much Additional Protection Is Afforded By Checking Executables?
« Reply #3 on: December 24, 2013, 08:27:12 PM »
Thanks.  It's loopholes like "save file as .123 then rename to .exe" that I was looking to hear about.

For what it's worth, comparing software builds with shields on/off, where a lot of executables from Visual Studio are run (compiles, etc.), not too terribly much time is used by Avast!  One example Solution Build run was 25.26 seconds with Shields enabled, 21.87 seconds with them disabled.

The time was well over 30 seconds with Microsoft's Win 8.1 Windows Defender default solution.

-Noel