Security

Do you still need to run scheduled virus scans on machines protected by antivirus packages?

A fellow IT pro said that you should never need to run a virus scan on a PC because most antivirus packages scan the system in real time anyway. Blogger Brad Bird responds to this assumption.

While it is true that the antivirus packages will scan most files against known conditions established by the most currently installed signatures, they do not "scan" the file system in real time. The file system is effectively monitored for accesses and file manipulations done in a way that the antivirus program considers to be a threat.

Okay, let's analyze these facts. I have attended several conferences on IT security and read more than my fair share of reference material on hacking and forensic techniques to protect computers from intrusion. While there is no gospel on this subject, most IT pros that I know, who have a fair amount of exposure in these topics, agree that no one antispam or antivirus product can catch everything.

For example, I am not picking on Symantec specifically, nor will I cite a precise example, but this issue actually happened. The antivirus had current signatures to within a few hours. The server was patched to the most current critical and recommended updates. Yet, there was suspiciously high memory usage on the server in question. It was only upon scrutinizing with Process Explorer from Systinternals, PsList (also from Sysinternals) Netstat, Task Manager, a remote UNC file connection, and a remote port scanner that I was able to confirm that there was an intrusion attempt in progress.

The server had been patched only after a 16-hour time period when a known exploited vulnerability had been published. Through this pin hole, an elevation of privilege attack had occurred. Then a hack tool was installed and a root kit planted.

The root kit hid registry keys, processes, and files from view. Once it was discovered, it was removed easily enough with known tools.

However, other problems were left behind (this was confirmed by file date stamps and checking backups) resulting in another trojan -- which the AV supposedly knew about and cleaned -- had hold of the machine. This is where the interesting part comes in. The trojan was not actually cleaned. There was human error in that the logs were not scrutinized to confirm that the clean attempt actually failed. This trojan was not the same iteration displayed in the AV package. As the server was being monitored using filemon, psexplorer watching threads, and Netstat, the original infection had remained.

A copy was submitted to the AV vendor anonymously and within a couple of hours, a rapid release was put out which would catch the file in real-time protection. The AV vendor said it was the same iteration of a known virus, but a programmer from a competing vendor cited the mutation differences.

While this was happening, another system was infected so the same process was used to monitor it. A real time scan was performed before the rapid release came out, and the file was quarantined successfully.

Clearly, the AV companies are doing their best to update their documentation precisely as information is put out, but the solution is critical and usually gets published faster. In part, this is likely why vendors accept anonymous file submissions -- to help keep in check with viruses in the wild.

My point is just to say that the real-time AV scan does not catch everything. To be honest, a scheduled scan could miss a virus as well, but if a file has similar symptoms to a known virus, it may still have additional hidden code or functionality which can hide it from current real-time scanners.

So my answer to the questions is YES -- scheduled scans on PCs would be highly recommended as part of your defense-in-depth strategy against spyware, malware, trojans, and viruses.

Brad Bird is an IT consultant in Ottawa, Canada. He specializes in Windows systems, security, and network administration. You can find more of Brad's blogs at Rantings of an IT Pirate.

Worried about security issues? Who isn't? Delivered each Tuesday, TechRepublic's IT Security newsletter gives you the hands-on advice you need for locking down your systems and making sure they stay that way. Automatically sign up today!

About

Brad Bird is a lead technical consultant and MCT certified trainer based in Ottawa, ON. He works with large organizations, helping them architect, implement, configure, and customize System Center technologies, integrating them into their business pr...

73 comments
johnsondell
johnsondell

I was also facing same issue, I tried a lot to fix this however I was not able to do that. At last I just visited http://computervirusremoval.us.com/ and made a call on their toll free. I got instant help for my computer by a certified technician.


.Martin.
.Martin.

depending on the machine, either once or twice a week

smootheddie16
smootheddie16

With both Norton and McAffee, they are always scanning the computer for viruses. So running another scan is just a waste of time. This is why these two programs slow down the computer, because they are always scanning the files over and over again. With NOD32, the program, only scan the files when you are downloading, installing, searching, or opening them. Once the files are scanned, the program doesn't have the need to scan those files again. Until the user wants of open the file. That is why NOD32 is at the top of the best Antivirus programs out there. So yes running a regular virus scan is needed, try to run the scans when the computer is not being used.

melekali
melekali

...is that really an IT "PRO". Of course you set the software to scan daily, hopefully a centrally managed scan at after everyone goes home.

louis.slabbert
louis.slabbert

I have personally had to send in 6 or so Viruses that I found lurking all over our university Campus. "Av vendor A,B,C and D" just did not regard the files as viruses or trojans, or even hacktools. In some of these cases the Anti Virus package said that it had caught and successfully removed the virus, but it just didn't "feel" right. In other cases the AV packages said nothing was wrong at all... One of the most interesting cases was when a Trojan actually installed the "Blue Screen of Death" Screensaver from Sysinternals. We had a good laugh after that. In all cases the Sysinternals Suite and some other "dual tools" came in handy. It just goes to show: Human intuition can't be replaced by Technology. The MAIN problem with most of these machines were: 1) They were windows boxes (oh oh oh) 2) The users recently convinced the Helpdesk that they NEEDED to have admin rights (to install MSN or the like) 3) As stated in 2)-> They installed software... SCREENSAVERS are from the DEVIL! A recent article here on Techrepublic stated: "if you put ANY aspect of a managed Deskstop into the hands of the user, it can't be called Managed anymore" That statement is very true. Our Student machine's on the other hand are DeepFrozen (and not even the local technician's can install ANYTHING!) The result: We can do Patch updates every few weeks (or sometimes months), and other than that leave the machine's alone. Now people still wonder why most IT pro's prefer Apple Macs (those who don't, just haven't played with them enough...)

ProperName
ProperName

My take on this is such. If you are in a corporate environment then deal with this issue as you see fit. I refuse to tell home users NOT to run a manual scan at least once a week, with a regular daily scan automatically done. When I set-up the computer, if I know that it is always on, I set auto-scanning to take place in the wee hours of the morning. If the computer is only on through the day, then we work out the most convenient time for each user. My linux clients have active AV just to try to prevent those clients from becoming a vector for other attacks. Many of these clients were inundated with viruses on the Windows platform and linux was a welcome relief for them. So far every single one is happier with the linux box.

richardstevenhack
richardstevenhack

What's the problem with scheduled scans? Run them overnight. Then who cares? The only problem is with laptops taken home - you can't tell when the machine will be on unless the users are instructed to leave them on overnight. And if you check the box that says run the scan if the scheduled time is missed, the users complain the scan slows their machine when they start work in the morning.

ToR24
ToR24

I can't appreciate the logic of scheduled scans. Why scan files you've already scanned with the same old set of definitions, unless one can sneak malware past the realtime scanner? A definition update should trigger a scheduled scan to catch any latent malware missed by old definitions. The realtime scanner should be sufficient to catch newly acquired threats recognized by the updated definitiions.

Tony Hopkinson
Tony Hopkinson

to make sure you aren't a vector. On demand scan is very expensive, so obviously you want to target resources. So if you have an infected file, but it doesn't trigger the on demand scan, you are potentially propagating it.

Thumper1
Thumper1

When my former employer, who I had worked for for 7 years, merged with my present employer, I had the pleasure of transferring client data. After I left (Actually was invited to leave, but that's another story) the former job, they out sourced IS. One of the things the support people didn't worry about was virus scanning. "Hey, the A/V program is in place, nothing should get past it to the servers." WRONG. I transferred the data on a Saturday. My A/V program did a weekly scan on Sunday (as it was set up to do on the former peoples servers). Up until that Monday, I had never seen a virus alert from my servers. That day I received 14, all from the data transferred.

Photogenic Memory
Photogenic Memory

When you mentioned that there was a rootkit found and removed in the system; why didn't you back up essential data and re-install the OS? That's supposed to be a "standard operating procedure", correct? I don't think I could trust the OS after that. No wonder another problem creeped up like the worm.

memman
memman

My experience tells me that YES you need to run manual scans periodically. Auto scans are fine. Full scans are better. Smart scans do what they are intended to do. So far as Jaqui is concerned with regard to linux antivirus... http://www.f-prot.com/products/home_use/linux/ might be something to look at. I'm not concerned with the fact that you may be from Canada or Texas or where-ever. Who cares. We are all in the business. Yes... linux may just be the best ever OS but I support most all OSs. MS, Novel, OS X, Linux, etc... I use AV on all of them. Just to be safe. So far as which AV software to use? Free vs paid? Your call. I prefer AVG or Avast for the free stuff. For paid, I've found nothing to beat Kaspersky. It is fast, uses less resources, and is updated more frequently than most. I'm not a fan of McAffe or Norton as I would agree that the resources used are extensive and greatly slows the performance of any system they are on. Not stating they are bad. Just not my preference. I also run into a lot of issues with Norton/Symantec causing connectivity issues that have to be manually adjusted individually on P2P networks.

cpr
cpr

Let me see...... You put a lock on the front door of your house and expect everyone to enter using this door. Hmmmm....

tom_housden2k8
tom_housden2k8

I couldn't believe my eyes when I read that your man said that virus scans don't need manual scans run. What about malware removal, that bring out a lot of viruses, and new viruses that scanners may not know about?

bkrateku
bkrateku

I know most antivirus software does a "smart" scan when doing the normal scans, so it only looks at part of the files instead of everything. You can turn on full scans, of course. My question is...does a "smart" scan actually scan the file system or would a person have to enable a full scan in order to get this? Is a full scan the recommended type of scanning to be done? I'm assuming a business that does it from an AV server like we do in this case. Sorry...I'm just a little unclear on this.

sglafata
sglafata

I use ClamWin on my Windows machines (I only have two, the others run Linux). I have the 'Documents and Settings' folder scheduled for daily scans and the entire drive scheduled for weekly scans. What's nice is that ClamWin emails me if it finds a virus. The best part is that ClamWin is free. I have found that Symantec and McAfee both hog so much resources that computers tend to slow down noticeably. Whenever I work on a computer that has those antivirus programs installed, I always recommend getting rid of them to my clients, and replace them with a free solution. I understand Comcast provides McAfee free to its customers, but it still slows down the computer.

soundsolutionsinc
soundsolutionsinc

You most certainly should run scheduled virus scans. Your machine may have some dormant malware/virus on your server that the antivirus product does not know about. Once your protection gets updated with a signature that can detect the junkware on your machine, it will remove that infection. You want it removed before your users touch that file or before it goes out of it's dormant state.

mjd420nova
mjd420nova

I run a weekly routine on all of my machines. This starts with an adware scan, spyware scan, then a virus scan, a disk cleanup and finally a disk defrag if recommended. Three of my six units are never turned off and always online thru a router and broadband cable. They are protected with Comcasts MacAfee Security Suite and behind a hardware and software firewall on the router and the windows firewall on each unit.

Jaqui
Jaqui

I don't even RUN antivirus software. But then, the AV companies don't supply AV software to catch linux viruses.

jack8beans2
jack8beans2

Hi I used to use AVG antivirus but I switched to cyberdefender because it did not slow my computer down and it will let me know if a program is potentially a threat.I really like this program and it is free and can be downloaded on line.

JCitizen
JCitizen

That NOD32 is phenomenal, I didn't even have to do a prescan when I installed NOD32, and it still nailed a virus! It rebooted the unit and smashed the virus in the Windows environment mode before completing the boot process! ESET is making an awesome program in my opinion. The viruses don't even get a chance to come through my ports before NOD32 slams them also! And the footprint on your system resources is so negligible, I don't even know that it is there except when it does an update after first logon. I won't pretend to know how the hueristics work on this ESET product but the results speak for them selves. The scary thing is, I have to ask how much virus activity is getting past my clients, who use the usual AV software; as they are not getting the hits I'm recording now. Maybe they are getting hit and don't even know it!

SiUk
SiUk

Due to energy saving policies a lot of companies will force users to shut down machines completely over night which rules out the scheduling scans. Perhaps these machines should be put into standby mode, configured to run the scan and then shut down at night but then you have to take into account users who may have taken their laptop home to do some work at night. -Si.

reisen55
reisen55

In one of my major accounts, I have all systems set to boot and login off-hours at 5am, conduct a virus sweep using AVG at 5:30 am and then load office apps at 7:30 am. Updates to the AVG product are scheduled for 8pm and the systems shutdown at 9:30 pm. Backups on server are run at 11;40 pm. Totally non-invasive and I periodically run SUNDAY sweeps when I am present to see if anything IS SHOWING UP too.

apotheon
apotheon

That was my first thought, too. "What? You tried to 'clean' the system? Whatever for? Shoulda just nuked and paved at that point." . . . or, as Ripley put it in [i]Aliens[/i], "Nuke the entire site from orbit. It's the only way to be sure."

alex.murray
alex.murray

I'm not a fan of scheduled AV scans but I seem to be in the minority. Ok let's say you have an infected PC on your network, but your AV doesn't yet recognise the malware. A pattern file update is eventually released, the AV client updates itself and BAM it detects and takes action as soon as the malware loads (or immediately if the malware is currently loaded in memory at the time of the AV update). The best thing we ever did from a malware-prevention perspective is implement a standard desktop with restricted user permissions, we've never had a desktop virus outbreak sine...

reisen55
reisen55

Under the right conditions. One of my clients is a large optical house, which involves HIPAA issues. I have worked for a hospital chain in NYCity (Continuum Health Partners, outsourced to First Consulting Group was which was assimilated into the Computer Sciences collective) ... worst network EVER. Virus, porn, stolen machines, constant ghost imaging, no management anywhere. So this is a BAD memory and qualifies as something to measure my work against. For the medical office, and having experienced a nasty little monster recently, BRATSK.EXE (look it up), I felt it was high time to do a full everything. AVG is an extremely good product. Installed it on 11 systems on Sunday. I have the entire network autoboot at 5am, conduct a daily sweep at 5:30 am and then initiate software for staff at 7:30 am. Updates are then checked at 8 pm, when they are gone and systems shutdown at 9:30 pm to accomodate daily backups on the server which are run at 11:40 pm. My big challenge here, too, was to work with the staff I am given there, really nice people and totally brain dead. As a consultant, if I cannot get them to work my way ... and I tried ... then I shift approach and work with or around them. I also set my home network to precisely simulate their environment for testing.

art
art

Because I do, I was interested in reading this article. If I didn't, I wouldn't have read it. I never understood why people who have no interest in certain posts read them just to critize. Clearly, they have boring lives with little to do.

zefficace
zefficace

I used to be a windows guy, and used XP up to 1 1/2 years ago. Never had a virus, by just being careful. Ran AV scan, spyware scans and only got cookies declared as spyware really. When I switched to Linux, it wasn't about viruses. Run whatever you want, if a PC is infected, look more to the user. Like Ron White said, you can't fix stupid...

SeanRinVA
SeanRinVA

Hmmm...A product for Linux comes to mind readily enough - ClamAV. But...if you want to leave your system wide open, that's your call.

Understaffed
Understaffed

The winner of the smug contest arrived early in this thread...

Dumphrey
Dumphrey

limiting user permisions is almost more important then the av apps. Better a limited account with no av then a full admin with av. AV software is gotten around to easy anymore by the rash of variants and zero days.

cdean
cdean

Getting security set up correctly goes a long way in preventing malware. However, since some lazy Admins like to make users admins of thier own machines, rather than take the time to figure out WHAT users need access to for a given program, then they have to live with the potential damage that those users can inflict on a network.

Jaqui
Jaqui

there have been viruses for GNU-Linux, 50 of them since it was first released. the AV software doesn't scan for them. [ or any other malware ] on linux, only for malware to infest windows systems. and until every single windows user starts paying me to be their security system, I'll not bother to protect THEM with none for myself.

Jaqui
Jaqui

catch LINUX malware. it only looks for WINDOWS malware. that is why NOPE. there is NO anti virus tool that scans for anything but windows viruses. Symantec, windows malware only. AVG, windows malware only. I never said the was no antivirus apps that RUN on linux, only that they IGNORE the host os security issues.

Ben Iron Damper
Ben Iron Damper

Forgive him as he is Canadian and does not know any better. -)

Understaffed
Understaffed

I seem to recall a Linux installation folder in the last incarnation of McAfee Enterprise Protection Suite too...

Jaqui
Jaqui

you proved you can't understand ENGLISH. I said I do NOT use a tool that DOES NOT PROTECT the system it's on. when the AV companies pull their heads ou of their a$$es and make the tools scan for malware that can infest Linux systems, then it will be worth buying them.

garnerl
garnerl

As a professional administrator, I know better than that. Protecting the other 98% of the office computers is worthwhile whether your own is protected or not. Of course, as a single home user running Linux, it would be stupid to buy a product that does nothing for you. Your statements may be correct, depending upon your environment.

Jaqui
Jaqui

why should I lose cpu cycles for protecing everyone else's systems without getting ny benefit for my own systems? unless I'm getting some benefit myself, such as scanning for linux malware or CASH, I'll not use the current tools.

jngo
jngo

You just pointed it out yourself. 50 linux viruses compared to Windows' thousands. How many of the 50 are currently in the wild? Making antivirus for linux viruses doesn't make a lot of business sense. Start making more viruses if you want vendors to have a business case. Besides if linux viruses are really a concern and necessity for linux users, I would think it would be quite likely that an open-source project would spawn to address this.

JCitizen
JCitizen

even Rootkit Hunter looks for rootkits that have their own kernel and don't rely on Linux to operate. It may run on Linux, but the rootkits are crossplatform capable. Maybe Jaqui will correct me on that.

apotheon
apotheon

The guy may be a bit of a twit, but that's not the fault of an autodidactic approach to professional development. Do you think having a parchment scroll on the wall makes you better?

simphiwe.mngadi
simphiwe.mngadi

For a person who is in ICT...wow, I'm lost for words. I wonder how many systems have you messed up. But then off course, your profile explains a lot: "I've worked in Support\Network Admin area's for about 8-years give or take.Almost all of my experience has come from the school of hard knocks, or basically on the job learning"

Jaqui
Jaqui

if they don't want to check the available info for their AV of choice, I don't really care what they say. even Kaspersky, the first AV that ran on linux doesn't really try to protect against linux malware. I will scan all changed files for malicous code, but they don't specify the os the code is for. and at that, the cost for it starts at 250 US for 10 workstations and goes to 420 US for 10 workstations/file servers and 15 email accounts. or 860.00 US/ yr for 25 workstations/file servers and 37 email accounts.

apotheon
apotheon

. . . and start providing some supporting evidence for your assertions, Timbo. From what I've seen, antivirus solutions for Linux-based system detect MS Windows viruses, and are designed to ensure that infected files don't get passed on from a Linux-based system to MS Windows systems. They are not designed to protect Linux-based systems from viruses that can directly affect them.

Timbo Zimbabwe
Timbo Zimbabwe

"they do not scan for linux malware" You should try them before you make inane comments like that. Then again, that is all some can muster. You have got to be one of the most smug people who post to these forums.....

Timbo Zimbabwe
Timbo Zimbabwe

I have used RAV and Vexira and can account for their use.

Jaqui
Jaqui

they do not scan for linux malware. I've looked at all of them and they only scan for windows malware.

scarville
scarville

I checked out the websites for the above and none of the products advertise as being for Linux actually say they scan for Linux malware. Most have some weasel worded ad speak that could be interpreted to mean they protect against threats to the Linux system but could just as easily be read to mean the software is intended to keep a Linux system from being used as an entry point for Windows malware.

ellsanto
ellsanto

Mighty strong words coming from our northern neighbors. Frozen friends, if our economy goes way south, yours is going to tethered right behind it...along with most of the rest of the world. My question is, when the billions that the US sends oversees in aid every year drys up, who is the third world going to turn to then? China? Russia? It is easy to sling mud, but who is going to clean up the mess afterward?

Ben Iron Damper
Ben Iron Damper

Your from South Africa? I didn't know they had Internet access in the jungle....

Timbo Zimbabwe
Timbo Zimbabwe

"there is NO anti virus tool that scans for anything but windows viruses." Then you didn't try to look very hard, did you? Panda Software Panda Antivirus for Linux Panda Software provides a free 'command line only' version of their software for use on Red Hat systems. The software can be automated easily by creating a script and then scheduling it to run scans at scheduled times, but real time protection is not possible. Updates to the engine are installed manually after downloading new definition files. If you are going to run a Linux workstation this provides a nice cost-effective solution, but too many features are missing to consider it for deployment for on commercial servers. Central Command Vexira Antivirus for Linux Central Command Vexira Antivirus for Linux provides real time protection for workstations as well as servers with the ability to scan email, files, and downloads from external sites. Updates can be downloaded automatically via the Internet, relieving some administration chores. Vexira also has the ability to scan files automatically as they are accessed, and it offers configurable path protection. It also provides email virus notification, blocks access to infected files, and has options for repair - move - rename - deletion of infected files. Vexira provides a command-line scanner, scans archives (.zip, .gz, .tar, etc), and allows for scalable concurrent scanning. Vexira does not provide support for SMP. RAV Antivirus RAV Antivirus Desktop RAV Antivirus Desktop provides a clean graphic user interface for configuring scan engine settings. With the control center you can modify settings for scheduled scans, scan actions such as clean, ignore, rename, delete, or copy to a quarantine folder, and even automated updates. RAV Antivirus for Mail Servers provides support for most email servers including Sendmail, Qmail, Postfix, and CommuniGate Pro. Trend Micro ServerProtect Trend Micro's ServerProtect provides virus protection for Linux servers in a mixed Windows environment. Administration is handled through a Web based interface, and allows administrator the ability to run on demand scans, set scan options for real time and on demand scans, and even automatic updates. Because the management console is web based, remote management is made easy. ServerProtect allows administrators to configure automated alerts via email, and SNMP. The logs are easy to read and provide adequate information for dealing with file infections. The down side of this product is its lack of support for newer kernels, and SMP systems. Sophos Sophos Antivirus Sophos Antivirus provides a "command line" version of their software for use on Linux systems. Creating and scheduling scripts can automate scans. Updates must be downloaded and installed manually. This product does a great job of finding and removing viruses, but lacks many features needed by network administrators. Central Command's Vexira Antivirus for Linux is the best product of its kind for providing overall features and protection. Its only downfall, again, is the lack SMP support. If Central Command can correct this one shortcoming, they could dominate the Linux market until other companies begin providing more features and automation to their products. The cost for a single workstation is around $40, and $400 for a server. Apparently, these companies have pulled their heads out.... have you?

Jaqui
Jaqui

cute. I wasn't bothering to reply to him, since any reply would either be extremely negative, or just make his comment look more important than it is. [ which is about .001 out of 10. ]

broerkie
broerkie

forgive our esteemed Ben "Iron" Damperas HE is from Texas......

simphiwe.mngadi
simphiwe.mngadi

I have yet see a virus that first look at your nationality or if you "know any better". You are missing the point of what the article is all about, which is about "the need to do virus scan"

Jaqui
Jaqui

if you want to scan for WINDOWS viruses. that is the whole point, they DO NOT scan for anyhing that could infest a linux system, so are useless on them.

JCitizen
JCitizen

linkscanner works, as it supposedly scans the web page for hidden exploits before downloading. With the new threats of hidden malware lurking on otherwise legitimate sites, this would mitigate a lot of the problems now. Site ratings unfortunately don't cover the fact that legit sites are being cracked by nefarious criminals. Apparently the new vectors can hide from the web-master's maintenance, although coding towards HTML standards goes a long way toward prevention. I still like Site Advisor as it is better than nothing. Everytime I've ingnored the site rating I have regretted it, so more power to McAfee!

OnTheRopes
OnTheRopes

I just noticed that it slows my pc down enormously and as I already use McAfee Site Advisor I felt that having the Link Scanner active was tantamount to running two AV programs/features. Where do you stop? Do you have six or twenty products all doing the same thing? As far as disabling a 'feature' and still being protected I guess that's a question of what Link Scanner actually does. I think that it does the same as Site Advisor so I have NO qualms about disabling it. So far, so good. Knock on wood. Personally, I still think that AVG is the best free AV out there and I've tried a large number of them. To each their own.

gothsleepy1
gothsleepy1

I guess I don't like the idea of having to leave a potential vulnerability open to get the software to work. Going to stick with Cyberdefender here. :)

JCitizen
JCitizen

such exploits as iFrame attacks and similar driveby malware? I've never used it because of just the problem you relate on net slowdowns. However I haven't been hit (yet)by such exploits without it on my honeypot lab machine.

OnTheRopes
OnTheRopes

Now it runs just fine, as fast as it was before the update to v8.0.

gothsleepy1
gothsleepy1

Regular scans are always needed to keep out viruses. And I've had that same problem with AVG slowing my system to a crawl as well. Cyberdefender works well for me and I haven't had any problems with it so far, so I think it's a great choice. I got an upgrade to use the tech support they offer too, and I've been very happy.

deepsand
deepsand

Or low, as the case may be.

deepsand
deepsand

179 files in the folder, totaling 192,695,630,336 bytes, and, w/ AVG 8, opens in a split second.

simphiwe.mngadi
simphiwe.mngadi

Strange, you must be the first linux/unix user who have never heard or use antivirus because you feel that viruses are made for other OS. Pity.

OnTheRopes
OnTheRopes

I can see that the on access scanner might be a problem under those circumstances. I learn something new everyday.

Jaqui
Jaqui

another time it's a hog. the on access scan when opening folders with a large amount of files. try opening one folder with 45 Gigs of files in it. the system crawls until AVG scans every file for malware. for a lot of people, having a folder or five like that isn't unusual.

OnTheRopes
OnTheRopes

It IS if you leave the Link Scanner enabled. The LS is one of AVG v8.0 features that I leave turned off and I've noticed no performance hit.

reisen55
reisen55

I prefer Trend Micro myself (detest McAfee) and use the inventory count rule. Always, of course, have the definitions up to date and scheduled evening scans are best. But if you do, and occasionally good, a manual sweep, pick random machines to test on a bi-weekly basis. Spend a few moments doing a good thorough check of spybot, etc to see if ANYTHING is getting in. Random is a good statistical method. Either products: SOPHOS seems terrific, Avasta recommended but AVG is a horror when it comes to eating up system performance. And let us not forget USER EDUCATION too.