So what? If it's been a long time, and it's now detected, what *harm* is prevented by a scheduled scan that a realtime scan won't also prevent? If the file is never accessed, it's not doing any harm. If it is accessed after it's detectable, it get blocked by the realtime scanner, and it does no harm.
As I explained to ASB, scheduled scan's only benefit under a specific sequence of events is to give notice that "you're screwed". And more often than not, if the AV system hasn't been totally disabled, the realtime scanner will sound off before the next scheduled scan. There is simply NO prevention benefit from scheduled scans, assuming a competent AV system. Carl -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Thursday, October 22, 2009 10:55 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down Error in your logic, here... AV software is *never* perfectly up-to-date on all bits of malware all the time. Something is always missed, and sometimes for a very long time, no matter how good the AV software is. Kurt On Thu, Oct 22, 2009 at 19:52, Carl Houseman <[email protected]> wrote: > Try to employ some logic here. > > Q: Why does a realtime scan not find something? > A: Because the file is never accessed. > > If the answer above is NOT the answer, then the realtime scanner is broken > and that AV product should be abandoned. > > Q: When does a realtime scanner identify malware? > A: When it's accessed by the operating system. > > Q: What does a malware file that's never accessed do to a system? > A: Use up free space on the hard drive. Nothing more. > > Scheduled scans are limited to signature-based identification, and as we all > know, signature detection has largely been defeated of late. The name of the > game is preventing dangerous execution behaviors, and that kind of detection > and prevention is part of realtime detection mechanisms. As realtime > scanners evolve and improve, they will find malware that scheduled scans miss. > > Carl > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Thursday, October 22, 2009 10:31 PM > To: NT System Admin Issues > Subject: Re: User who doesn't like logging off / shutting down > > On Thu, Oct 22, 2009 at 19:21, Carl Houseman <[email protected]> wrote: >> What's the answer to my question? (highlighted below in case you missed it) > > The answer is: I don't know, but the VIPRE realtime scans aren't > catching what the scheduled scans are catching. > >> Here's another: How dangerous is a malware file that resides on a hard >> drive and is never accessed? > > As dangerous as the next click or carriage return, or File/Open operation. > > Kurt > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
