Compartilhar via


Poll: do you use scheduled scans for malware?

An  interesting comment recently appeared on my older post about whether or not to use antimalware software. Peter van Dam wondered whether scheduled scans are really necessary, given that anti-malware products scan files as they enter (and sometimes exit) a computer.

He raises a good point, and I’m curious what all of you think? Do you use scheduled scans? If so, why? If not, is it because you’ve decided the same as Peter?

Comments

  • Anonymous
    January 05, 2009
    The comment has been removed

  • Anonymous
    January 05, 2009
    I agree security is all about layers, no harm in multiple scans of a file if it is spare cpu. Scan at the border with av vendor a, scan on the mail server with vendor b, active scan on the client with vendor c :) Then schedule scan with vendor c and or D on the client just to be sure.

  • Anonymous
    January 05, 2009
    On my own machines I don't do either, but I have in the past used Trend Micro's House Call to do a one off scan if I suspect something is odd. I haven't picked up anything yet.

  • Anonymous
    January 05, 2009
    I run scheduled scans simply to pick up things that may be caught with newer definition files (so, documents at rest may get scanned again with newer definition files). Although, you could argue that if it's there and been used and you didn't pick it up the first time, you may have already been owned :)  I think it provides some small extra protection in some instances of platform specific attack (specifically, where the document server and client are different operating and/or application software versions).

  • Anonymous
    January 06, 2009
    If I bother to do AV, then yep - I schedule AV uses a limited range of API's, if you can slip the data through an unmonitired one - it's on the system. Now hopefully the next api used to open the data will catch it, but if you acknowlege the "limited api scope" - then scheduled scans are the best defence. eg. I know this used to be the case A file saved to a file server running Symantec AV would not scan the file. Trend would. That API was not part of the system, as the server was not technically "infected", just storing it, and when the file was opened on the server (if ever) or on the client - the principle was it would be picked up then. Not sure of current versions.

  • Anonymous
    January 06, 2009
    I do use scheduled scans. Whilst anti-malware products do scan stuff as it comes in, and sometimes out, the one I'm using does generate false positives on a couple of websites I use. So much so that I will disable it while I use them. Bad, and I should know better, but I'm comfotable enough behind my other IDS/proxy and firewall, and that I don't use anything other programs or web site while I'm doing so, that I'm can be reasonably confident that I'm malware free. But, my point is that there are times when the automatic scans might not function. Doing a scheduled scan (and yielding a report) gives you an assurance that it is doing something. Of course, logically, if a rootkit bypassed the incoming scan somehow, then a scheduled scan won't pick it up because at that point it's installed and the scanner won't detect it. But, can you really ever have 100% assurance?

  • Anonymous
    January 06, 2009
    The comment has been removed

  • Anonymous
    January 06, 2009
    The comment has been removed

  • Anonymous
    January 07, 2009
    The comment has been removed

  • Anonymous
    January 08, 2009
    The comment has been removed

  • Anonymous
    January 12, 2009
    The comment has been removed

  • Anonymous
    January 15, 2009
    The comment has been removed

  • Anonymous
    January 17, 2009
    I never use 'scheduled' scans for any of the anti-malware products that I use. One main reason is that I like to do everything manually. Everytime I download a file, I manually scan it. It's not that hard to do and it's just a matter of making it a habit. Also like what Peter pointed out, good antimalware products scan everything in real-time anyways I agree with his point about not needing scheduled scans. Unless somehow the 'scheduled scan' was more thorough with it's scanning mechnism than a manual scan, then yes, I would consider it.

  • Anonymous
    January 19, 2009
    Nope. If my protection didnt find it on the way in then the only other options are 1) scheduled which doesnt actually prevent anything, after all there was nothing happening with the file at the time, 2) on subsequent access. The argument that schedule will pick up due to newer def's etc is exactly true of the on access scan so to me all your doing with a scheduled scan is driving up machine and HDD utilisation and generating unneeded greehouse gasses. If your HDD must do something after hours then get it to run defrag or build search indexs, something that will have a posative return on the energy invested...

  • Anonymous
    January 20, 2009
    The comment has been removed

  • Anonymous
    February 09, 2009
    I also run scheduled spyware scans on desktops using Trend Micro Officescan. I also run a scan at the proxy on inbound http. I also run live spyware scans on desktops along with AV scans to try and stop infections before its too late.. Even if it is too late, at least I can identify and remove an infected machine.

  • Anonymous
    February 09, 2009
    The comment has been removed

  • Anonymous
    February 10, 2009
    The comment has been removed