Please excuse my addressing several individual's points in one mail.
You can configure scheduled scans for performance: most packages will
allow you to catalogue all of the files on a drive and cache a
checksum.
Actually, one of the products tangentially represented in this thread
does the same thing for realtime scans, thus not only speeding up the
scan and reducing latency, but also introducing some additional measure
of generic protection.
In the end it is all about what is an acceptable level of security for
you and how to get to that level while maintaining an usable
network/desktop.
Absolutely. This isn't a question with an absolute answer. There is a
measure of additional security to be gained from scheduled scanning,
but that measure depends not only on the product you use, but also on
your corporate comfort zone, and that depends on a number of issues,
including:
* What supplementary measures you have in place
* Local configuration and architecture
In the end, whether the degree of extra protection is worth the
extra cycles is going to be a local decision.
Hence the anti-virus vendors continued recommendations
to run weekly scheduled local scans on all computers.
I'm not sure this is altogether true, certainly of the AV
vendors reps who've spoken out in this thread, or the non-aligned
AV research community. It's worth remembering that
the prevailing market culture in AV still inclines to the
lowest common denominator, and it's easiest to recommend what
in some contexts might be considered over-engineering.
Question: if malware disables your scanner, how could a scheduled
scan
possible\y discern the malware?
Answer: the sound of one hand clapping?
Absolutely. Some of this thread seems to rest on an illusory perception
of the differences between on-access and on-demand. Obviously, detail
varies from vendor to vendor (not to mention individual configurations),
but the days when on-access scanners only picked up a subset of the
detections the on-demand component was capable of, and could not do
heuristics, are long behind us. It's not impossible for a discrepancy
to arise between the two components, but it doesn't happen routinely.
If a malicious program is resident and executing despite the presence
of a realtime scanner, on-demand scanning is generally not better
equipped to detect it. By all means take account of the scenarios
where it -might- be, but don't panic about them.
--
David Harley
This e-mail is confidential and privileged. If you are not the intended
recipient please accept our apologies; please do not disclose, copy or
distribute information in this e-mail or take any action in reliance on its
contents: to do so is strictly prohibited and may be unlawful. Please inform us
that this message has gone astray before deleting it. Thank you for your
co-operation.
