Author Topic: Can on-demand scan have memory (Read 3226 times)

cimmind · « **on:** February 20, 2009, 10:30:07 PM »

Just read this article at www.maximumpc.com/article/features/protect_your_pc_from_guys_like_this?page=1%2C0, that compares anti-virus software. Refer to the review of Norton 2009 suite. It says that the on-demand scan is superfast because each new scan only scans the files that have changed since the last scan time.

Is it possible for avast too to have such a feature? I am guilty of not performing full system scans frequently enough because of the time period it entails.

Lisandro · « **Reply #1 on:** February 20, 2009, 11:54:18 PM »

This was discussed before. Or it's a security hole in Norton or the on-demand scan won't be faster.
The file could be changed and let the date/time untouched. How they will be sure the file wasn't changed (infected) at all...

DavidR · « **Reply #2 on:** February 21, 2009, 12:49:55 AM »

As Tech mentions whatever, would modify the file could ensure the date and attributes are set back to the original. So it isn't foolproof. I know another scanner that uses a trick of placing some sort of marker in the ads stream of a file (NTFS formatted drives only) and checks that, but that is modifying a file just to show it has been scanned which I feel is a step too far.

So I have no idea how norton goes about this to say if it might be a security hole or not.

cimmind · « **Reply #3 on:** February 21, 2009, 01:51:51 PM »

Tech & David, thanks to you both for the replies. The point is well accepted that a malware may modify the file and manipulate date/time of creation to remain same as original.

I will rephrase my query as follows:
Currently 'QuickScan' option means scanning for all files in a limited/specified locations.

Can there be an additional 'QuickScan' option that scans limited files (those that have changed) across all locations

It goes without saying that in both the types of QuickScans, there is a trade-off between time for scanning and sensitivity of the scan, as compared to a full scan.

FreewheelinFrank · « **Reply #4 on:** February 21, 2009, 02:26:14 PM »

Some AV's have their own method of checking that a file has not been modified and so doesn't need to be checked in subsequent scans, which is probably a bit more sophisticated than some here will admit.

http://www.wilderssecurity.com/showthread.php?t=149725

Lisandro · « **Reply #5 on:** February 21, 2009, 02:52:40 PM »

Quote from: Cimmind on February 21, 2009, 01:51:51 PM

Can there be an additional 'QuickScan' option that scans limited files (those that have changed) across all locations

It could be done. But I think they won't do it. On-demand scanning is not a daily action. Standard Shield (resident) is already scanning that files...

Author Topic: Can on-demand scan have memory (Read 3226 times)

cimmind

Can on-demand scan have memory

Lisandro

Re: Can on-demand scan have memory

DavidR

Re: Can on-demand scan have memory

cimmind

Re: Can on-demand scan have memory

FreewheelinFrank

Re: Can on-demand scan have memory

Lisandro

Re: Can on-demand scan have memory