Avira and Windows Defender - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Avira and Windows Defender

Sir_George wrote:
Quoted text here. Click to load it
So, the automatic scan at startup is on access in your opinion?

Re: Avira and Windows Defender

FromTheRafters wrote:

Quoted text here. Click to load it

I have never found it important enough to debate issues of this nature.
I stated what seems logical to me and if you disagree, well, OK.

--
Sir_George

Re: Avira and Windows Defender

Sir_George wrote:
Quoted text here. Click to load it
That's okay with me, so is it 'on demand' because you hit the download
button and it was configured to scan downloads, or is it 'on access'
because it seems automatic to the user in your opinion?

There's no need to answer if you don't care one way or the other.

Re: Avira and Windows Defender

G. Morgan wrote:
Quoted text here. Click to load it
Neither, it is an additional layer of protection. By 'on demand' and 'on
access' we are talking about file scanning. I assume the download scan
is done in memory before a file to scan is created. If you have 'on
access' scanning enabled, it would scan the content again when the
appropriate (hooked) file manipulation is attempted.






Re: Avira and Windows Defender

Beauregard T. Shagnasty wrote:

Quoted text here. Click to load it

On-demand is, by the word "demand", something that you instigate
manually.  On-access means anytime the object is accessed, and not just
when you happen to perform a scan.  On-access means sometime of the AV
program is resident.  It may be a background process, an NT service, or
a system hook into the file I/O (which obviously you don't get to see a
process listed for it so a "program" isn't running).

On-access and on-demand have always been differentiated from each other.
They do not mean the same thing.

What is an on-demand scanner?
http://www.webopedia.com/TERM/O/on_demand_scanner.html
"scans your computer system for viruses only when prompted to do so by
the computer user"

What is an on-access scanner?
http://www.webopedia.com/TERM/O/on_access_scanner.html
"runs in the background and actively scans your computer system
constantly for viruses and other malicious threats, for the entire
duration that your system is powered on"

Since many users aren't familiar with the lingo, I also use realtime and
manual mode to describe use of the AV program.  However, it isn't just a
case of unimportant semantics.  Racehorse and ironhorse are different
despite the sharing of a word so it is important you don't use one to
mean the other.  Confusion abounds if you use terms incorrectly.

Re: Avira and Windows Defender

VanguardLH wrote:
Quoted text here. Click to load it

Excerpt from:

http://sophosru.arizona.edu/savlinux/doc/installsavl_7_eng.txt

====================================================
3.2 How Sophos Anti-Virus protects your computer
------------------------------------------------

"On-access scanning" is your main method of protection
against viruses. Whenever you access (copy, save, or
open) a file, Sophos Anti-Virus scans the file and
grants access to it only if it does not pose a threat
to your computer.

In addition to on-access scanning, Sophos Anti-Virus
enables you to run an "on-demand scan" to provide
additional protection. An on-demand scan is a scan
that you initiate. You can scan anything from a single
file to everything on your computer that you have
permission to read. You can either manually run an
on-demand scan or schedule it to run unattended.

================[end of excerpt]====================

Some other antivirus company's explanations include things aside from
file access as 'on access' but they are wrong IMO. They are helping to
confuse 'on access' with all other types of resident 'real time'
scanning that may not be a result of the user or system accessing a file.

In modern Windows systems, the registry is a data struture (not a file)
and some 'real time' scanners can monitor it for changes or look for
evidence of malware infestation. This does not make them 'on access'
scanners even though they *are* 'active' or 'real time' or 'resident'
scanners.

It could very well be that all of these terms are now exactly the same.
Once again, the terminology may be changing without my being notified. :o)

But, I'll stick by the notion that 'on access' refers only to file
content scanning initiated by the hooking of the invocation of the
filesystem to access a file, and that there are other ways to be
'resident' protection and operate in 'real time' and be 'active' without
being 'on access'.




Re: Avira and Windows Defender

FromTheRafters wrote:

Quoted text here. Click to load it

Since when has the registry not been a file?  You don't know it consists
of multiple .dat files?  When you open a file to edit it, a portion or
all of the file gets loaded in memory.  Rarely and only in very special
situations are you directly editing the bytes on the hard disk.  You
edit the buffered copy of the file that is loaded in memory.  The
registry is a set of .dat files that get loaded in memory.  The memory
copy gets referenced thereafter.  Changes to the registry *do* get
copied into the .dat *files*; otherwise, no changes to the registry
would be permanent across Windows sessions.

I gave file I/O system hook as one example of an on-access method of
monitoring for changes.  If that's all an AV product monitored then it
would be of little value except in a static (non-running) OS.  Changing
memory is another on-access monitor.  Looking for buffer overruns or
processes trying to access memory outside their address range is memory
monitoring.

File I/O hook and memory monitoring are real-time operations.  They
perform at the time the event occurs.  They are resident because they
are kernel-mode handlers loaded by the OS.  Some products are resident
but not real-time, like the old Microsoft Defender or the free version
of WinPatrol that poll for changes.  They are resident but not
real-time.  Not all of the security product may be continuously resident
but get loaded when a resident portion of it needs it.  Resident may be
considered requiring a background process versus hooking into the system
API.  An event causes by the system hook could load a process so then it
becomes resident.  But all of these are on-access monitors.

On-access mode:
- May be real-time.  May not be real-time.
- May be resident.  May not [all] be resident.
- You configure this monitor.  You don't call it.

On-demand mode:
- You call this monitor.  You initiate the event.
- Might already be active/resident when you call it.  Might not.

Neither on-access or on-demand mode are limited to just file monitoring
unless that's a limitation of the security product you are using.  It is
not a limitation to the operational mode being discussed.

Re: Avira and Windows Defender

VanguardLH wrote:
Quoted text here. Click to load it

It is *stored* as multiple .dat files.

Quoted text here. Click to load it

Yes, but when you open a file for reading or writing it is a filesystem
call. It is that which is hooked by the 'on access' scanner.

Quoted text here. Click to load it

Yes, but in session registry changes don't involve filesystem calls, yet
can be monitored by 'real time', resident, active antimalware scanners.

Quoted text here. Click to load it

That I agree with, and it is/was my point. Most people treat all of
those as being the same.

Quoted text here. Click to load it

Here, I disagree, but no matter. It is a minor point. On access has
always meant to me that the scanner has the chance to intervene in the
process of executing the program file that you or the system invoked, as
opposed to the quarantining and manual (old school) scanning of the
program file when it first arrived on the system.

Quoted text here. Click to load it

I mostly agree, but I also agree with this part of the above:

The emphasis being mine...

" 'On-access scanning' is your main method of protection
against viruses. Whenever you access (copy, save, or
open) a *file*, Sophos Anti-Virus scans the *file* and
grants access to it only if it does not pose a threat to
your computer."

Again, my point was that the terms are not all equivalent as suggested
by others, and on this we seem to agree.

Re: Avira and Windows Defender

Quoted text here. Click to load it

- Disable the Avira AntiVir avnotify nag screen
http://www.elitekiller.com/files/disable_antivir_nag.htm

Apply one of the solutions, the problem is solved.
I did this once and thereafter no nag screen appeared anymore.


By the way I use NOD32 as my "real-time" scanner
and Avira Antivir as my "on-demand" scanner,
programmed to scan twice a week.


In services I changed Avira AntiVir Guard from "automatic" to "manual".
The only "problem" is that updates my scheduled updates are now
"invisible" in stead of "minimized" as was possible in previous
versions.
The small message that an update was completed is gone.

--
Fred W. (NL)

Re: Avira and Windows Defender

Thank you one and all for the excellent and detailed replies--- I do
have and run Malware Bytes and have not had problems but all the
information you have now given me has opened up a lot of things for
consideration. -Thank you again for the efforts --Richard

wrote:

Quoted text here. Click to load it


Re: Avira and Windows Defender

On 27/02/2011 03:40, Richard Oliver wrote:
Quoted text here. Click to load it

I am disabling Window$ Defender.


--
   @~@   Might, Courage, Vision, SINCERITY.
  / v \  Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10)  Linux 2.6.37.1
   ^ ^   15:34:01 up 1 day 23:20 0 users load average: 1.10 1.09 1.09
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺!
請考慮綜援 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

Re: Avira and Windows Defender

Hello Richard,

I think you guys should check out http://www.opswat.com/ there are 2 or 3 p=
roducts that may be a match. I think that OESIS Framework at http://www.ops =
wat.com/products/oesis-framework provides a single interface to many antivi=
rus and Avira is in that list. Another option is, I think, Metascan at http=
://www.opswat.com/products/metascan which is more for ISV.=20
I also found that Avira is certified by OPSWAT at http://www.opswat.com/cer =
tified.

I hope this helps.=20
Regards,=20

Brian

Re: Avira and Windows Defender


Quoted text here. Click to load it

What a joke. This is a reply to an unquoted post made 7 months ago.
No wordwrap. Googlegroups. That figures.




Re: Avira and Windows Defender

Chief Scratchum wrote:
Quoted text here. Click to load it
Other spam posts from this poster are replies to posts from *years* ago.

Really makes me want to check out that Opstwat website, uh huh.


Site Timeline