New
#11
Kurdishboy seems to have the answer(s?) that he wanted - so I hope that he does not mind if we chat about this a bit more in his thread.
ICit2lol said (in part):
"...you just stuck it in and looked at the files and meanwhile it is downloading all sorts of rubbish and malware..."
If any app is copying or moving files - then those files are being accessed. All files that are accessed will be scanned as a part of the real time protection. All files that are written to the fixed hard drives (or to removable media) will also be scanned. Access/activity = real time scan. If nothing starts copying/moving files, then why scan the inactive files on the USB drive?
I'm not arguing against using the feature that you (ICit2lol) mentioned. I hope to present info that convinces people that they should scan every file.
Let me deviate from what Kurdishboy mentioned and turn the discussion to the fixed hard drive(s) in a computer. Most antivirus tools setup a default scan of every file on a computer (or just certain file types). My question would be why? I could use a computer for 10 years and never access many of the files within the Operating System and yet my antivirus app scans them all... Every! Single! Day!
For the sake of simplicity, I'll stick to discussing accessing a file - even though accessing does not mean executing it. In other words, I can copy a virus without letting it run.
For files that are never accessed:
Can a file harm a computer even if it never loads into RAM?
(I think that the answer is no.)
Can a file infect another file by just sitting on the computer?
(I think that the answer is no.)
I'm not ignoring the two posts by LMiller7 in this thread - I'm just going over some of the same questions that I've asked myself (and others) many years ago when antivirus scans would make my computer noticeably slower for more than an hour. I had no choice in the antivirus vendor that my employer picked and I could not change the scan times. Those settings were (& still are) controlled by a central server. So this line questioning was not just something that I sought answers to for the fun of it.
Unfortunately, I never got a good technical explanation of why full scans are needed. Those attempting to answer my questions said sort of what LMiller7 said - but they said it like this:
AV apps can scan a file in different ways. They can compare different things during the different scan types. The real time scans are not as deep as the full drive scheduled scans.
Frankly, I did not find that answer to be very satisfying. It was not very technical. I have read papers that mention how some antivirus apps build local databases containing the file hash of files checked during the full drive scheduled scans. Then the real time scans of those files are faster... but I read that a long time ago. I'm not sure if that is still the practice of modern antivirus apps. If file hash databases are still being used, the full scheduled scans have value based on that alone. How often to do this scan is still up for debate.
To those finding/reading this thread that think the scheduled scans are not of value - I can only say:
You are probably not smarter than those writing the antivirus apps - so you should just follow their advice and keep doing the scheduled scans.
If your are smarter than those writing the antivirus apps - I would really like to talk to you
Now back to the files on a USB stick: I'm not sure that the hash for each file would be added to the local database since the files are on removable media, so I have a harder time understanding the value of scanning files on a USB flash drive that are not accessed. Perhaps its main value is so that you can find out if files that others might access in the future are infected.
Some of the scripts that I compile get flagged as viruses...
...so I've read up on how/why that is
...and what the AV app is looking for
...and what part of the file is flagged
...and I'm still confused :-(
To paraphrase LMiller7, this stuff is complicated.
One final set of thoughts on the value of scanning files every day that may otherwise never get accessed: we are all in this together. While I may never access that file, others might have that same file on their computer and they might access it someday. The antivirus app that is installed on my employer supplied laptop sends info about every file scanned to a central server (within our company). If a combination of files on my computer is found to be dangerous, that info is eventually fanned out to other computers at my company via a signature file generated/circulated within the company.
If you opt in to share that sort of data with your antivirus vendor, then you make the internet a safer place for us all. Thanks