Can on-demand scan have memory

Avast Free Antivirus / Premium Security
1

Just read this article at www.maximumpc.com/article/features/protect_your_pc_from_guys_like_this?page=1%2C0, that compares anti-virus software. Refer to the review of Norton 2009 suite. It says that the on-demand scan is superfast because each new scan only scans the files that have changed since the last scan time.

Is it possible for avast too to have such a feature? I am guilty of not performing full system scans frequently enough because of the time period it entails.

2

This was discussed before. Or it’s a security hole in Norton or the on-demand scan won’t be faster.
The file could be changed and let the date/time untouched. How they will be sure the file wasn’t changed (infected) at all…

3

As Tech mentions whatever, would modify the file could ensure the date and attributes are set back to the original. So it isn’t foolproof. I know another scanner that uses a trick of placing some sort of marker in the ads stream of a file (NTFS formatted drives only) and checks that, but that is modifying a file just to show it has been scanned which I feel is a step too far.

So I have no idea how norton goes about this to say if it might be a security hole or not.

4

Tech & David, thanks to you both for the replies. The point is well accepted that a malware may modify the file and manipulate date/time of creation to remain same as original.

I will rephrase my query as follows:
Currently ‘QuickScan’ option means scanning for all files in a limited/specified locations.

Can there be an additional ‘QuickScan’ option that scans limited files (those that have changed) across all locations

It goes without saying that in both the types of QuickScans, there is a trade-off between time for scanning and sensitivity of the scan, as compared to a full scan.

5

Some AV’s have their own method of checking that a file has not been modified and so doesn’t need to be checked in subsequent scans, which is probably a bit more sophisticated than some here will admit.

http://www.wilderssecurity.com/showthread.php?t=149725

:wink:

6

It could be done. But I think they won’t do it. On-demand scanning is not a daily action. Standard Shield (resident) is already scanning that files…