dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
40
share rss forum feed


Trel
Good Evening
Premium
join:2002-10-08
Hillsborough, NJ
reply to claudiubotez

Re: Webroot SecureAnywhere scanning PC - suspiciously fast....

To reply to kit

quote:
Trel:

Anybody's full scan can miss stuff if the definition isn't there. That being said, the default scan is a deep scan and full scans aren't necessary to protect with the WSA system. You can still do them though, and they'll catch things that are otherwise dormant and so normally ignored by the deep scan. A full scan will take several hours plus on most systems. As I answered above, we're looking into the term "full" on the web page to avoid confusion in the future.

If your real time scanner can catch it in time to do any good, your on demand should be able to find it as well.
--
/chown -R us:us /yourbase

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

said by Trel:

To reply to kit

quote:
Trel:

Anybody's full scan can miss stuff if the definition isn't there. That being said, the default scan is a deep scan and full scans aren't necessary to protect with the WSA system. You can still do them though, and they'll catch things that are otherwise dormant and so normally ignored by the deep scan. A full scan will take several hours plus on most systems. As I answered above, we're looking into the term "full" on the web page to avoid confusion in the future.

If your real time scanner can catch it in time to do any good, your on demand should be able to find it as well.

I agree with you Trel, BUT on demand scanners are not necessarily as strong at detection as the real time scanners. That's generally because the vendor has not invested in making the on demand scanner outstanding. Avira dragged their heels for years in regards to upgrading Luke Filewalker (their on demand scanner). There were quite a few malicious items that Guard would catch but Luke was silent regarding them. I got very upset once with Avira when I downloaded a nasty trojan all nicely zipped up. I had read on a security forum (not here) that this was a very nasty trojan so I could not believe that as WinRAR unzipped it that Luke did not alert. So, I went into the folder where it was unzipped to and scanned it with Luke. No detection.

As it turned out, the trojan was buried very deep (multi packed layers) but I had Luke archive recursive depth settings configured to be even deeper so that wasn't why Luke didn't alert. That could be the reason Webroot doesn't alert though as you can't configure its on demand scanner to the extent you can Avira's. I kept going layer by layer, by layer, peeling the layers off one by one and Luke still would not alert. When I got down to the bottom layer...it was quite tricky and I didn't clck on "exe" but it was set up to execute on my previous click (tricky and deceptive) and it was at the moment of execution that Guard stopped it. Luke never peeped.

The reason that Luke never alerted was because Avira had not at that time made Luke able to deal with 7zip format (although most other vendors' on demand scanners were set up for it) even though us users had begged for a long time for them to fix that vulnerability. They finally did after I posted and posted the link also to download the trojan so others could see for themselves that Luke was weak. Avira said that it was very time consuming for them to beef up the on demand scanner. My reply was that then maybe they should just get rid of the on demand scanner as folks expect it to find what the real time scanner finds. Plus, users were doing full scans daily because Avira was extremely fast for on demand full scans so people relied on it not realizing that in some areas it was quite weak as a scanner.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson