On-access scan on writing only

View previous topic View next topic Go down

On-access scan on writing only

Post by Ruhe on 15/6/2010, 19:15

Short question: do you expect, or is there, a loss of security by configuring an AV on-access scanner to check on writing only?

Avira for example offers to check on
  • reading
  • writing
  • reading and writing

Comments?
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Re: On-access scan on writing only

Post by ssj100 on 15/6/2010, 19:59

The most complete protection would be to scan on reading and writing. However, checking on writing only is arguably sufficient since the AV should catch the malware before it does any harm. Scanning on reading has the advantage that malware is detected even before execution.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: On-access scan on writing only

Post by Ruhe on 15/6/2010, 23:28

ssj100 wrote:The most complete protection would be to scan on reading and writing.
Of course.
ssj100 wrote:However, checking on writing only is arguably sufficient since the AV should catch the malware before it does any harm.
This and as there are more files read than written scanning on writing only should be lead to a faster system response. And, this mode avoids a re-scan of the same files on every start.
ssj100 wrote:Scanning on reading has the advantage that malware is detected even before execution.
Therefore scanning on writing should only be used on a clean system.

Ok, you had the same thoughts like me.
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Re: On-access scan on writing only

Post by ssj100 on 16/6/2010, 03:13

Yes sounds about right Ruhe. To sum up, back when I used Avira, I set it to "Scan on Writing".

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: On-access scan on writing only

Post by Buster_BSA on 22/7/2010, 00:06

Ruhe wrote:Short question: do you expect, or is there, a loss of security by configuring an AV on-access scanner to check on writing only?

Configuring an AV scanner to check on writing only you improve scanning speed but there is a loss of security.

Not all malwares write to disk. Let´s take as example a backdoor. When you run the backdoor it will open a port in your computer and it will wait for incoming connections but nothing will be written to disk.

Of course, there are backdoors that write something to disk, but that´s not really required, so the backdoor could be running and the AV would miss it.

avatar
Buster_BSA
Member
Member

Posts : 87
Join date : 2010-07-21

View user profile

Back to top Go down

Re: On-access scan on writing only

Post by Ruhe on 22/7/2010, 00:09

@Backdoor: that's a good hint. Thanks.

In the meantime I run Avira with scanning on reading+writing again.
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Re: On-access scan on writing only

Post by Buster_BSA on 22/7/2010, 00:17

If you care about system resources then the better solution is this:

Main protection layer:

+ Anti-Executable technology preventing that nothing runs without your permission.

+ Sandboxie for a secure browsing.

Additional protection:

+ AV products to scan suspicious files that you must run.

A good solution in this case is Virus Total because you can check with lots of AV engines and it´s not resource consuming as they are not installed in your system.

+ A behavioural analysis tool like Buster Sandbox Analyzer.

Zero day malwares may be undetected by AV products but a behavioural analyzer may detect it.

All the above almost doesn´t consume any system resources.
avatar
Buster_BSA
Member
Member

Posts : 87
Join date : 2010-07-21

View user profile

Back to top Go down

Re: On-access scan on writing only

Post by Ruhe on 22/7/2010, 00:22

In fact, I don't have a problem with insufficient system resources or speed, but a system is never fast enough Smile

Intel Core i7 920 (4x 2.66 GHz), Intel X25-M G2 Postville as SSD
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Re: On-access scan on writing only

Post by Buster_BSA on 22/7/2010, 00:27

I have a Core i7 920 too, but mine has 8 cores. Very Happy

Yes, sometimes is not a problem of resources but more security programs installed don´t necessarily mean more protection. The setup I just commented is more effective than other having Hitman Pro, MBAM, A-Squared, etc, etc, etc.
avatar
Buster_BSA
Member
Member

Posts : 87
Join date : 2010-07-21

View user profile

Back to top Go down

Re: On-access scan on writing only

Post by Ruhe on 22/7/2010, 00:33

Buster_BSA wrote:I have a Core i7 920 too, but mine has 8 cores
Offtopic, but the 920 has 4 cores / 8 threads

Cores and threads go hand in hand. Multi-core processors are single chips that contain two or more distinct processors or execution cores in the same integrated circuit. Multi-threading allows each core to work on two tasks at once, thereby letting you do more things simultaneously, producing faster, more efficient results. Now your computer can keep up with even your heaviest multitasking. Source: http://www.intel.com/consumer/products/processors/corei7-specs.htm#2
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Re: On-access scan on writing only

Post by Buster_BSA on 22/7/2010, 00:35

I thought it had 8 cores. Thanks for the correction!
avatar
Buster_BSA
Member
Member

Posts : 87
Join date : 2010-07-21

View user profile

Back to top Go down

Re: On-access scan on writing only

Post by ssj100 on 22/7/2010, 02:49

Wow, very good point Buster. I never thought of malware that simply open Ports and never actually write on to the system.

Buster_BSA wrote:Main protection layer:

+ Anti-Executable technology preventing that nothing runs without your permission.

+ Sandboxie for a secure browsing.

Additional protection:

+ AV products to scan suspicious files that you must run.

Spot on. That sounds identical to the security setup/approach that I've been practising since late 2009.

With regards to having high-end hardware, I think to some extent it doesn't really make a difference when it comes to noticeable slow-downs on your system. From my experience, if eg. an antivirus program is "heavy", it will always (relatively) slow down your system no matter what hardware you have.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: On-access scan on writing only

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum