SOPHOS InterCheck Technology?

InterCheck
technology

In Sophos Anti-Virus, the fast scanning speed of the virus engine is complemented by Sophos?s patented InterCheck technology, which
optimises on-access virus detection by filtering files as they are accessed to determine whether they need scanning for viruses.
InterCheck intercepts any request to access a file and calculates a
checksum, a unique identifier for every file. If the file has not been
modified since the last time it was filtered by InterCheck, a matching checksum will exist and the access is allowed.
If the file has been modified, or if it is new, a copy of the file is sent to the virus engine for scanning. Every time a file changes, the checksum becomes invalid; after the file has been scanned and
providing it is virus-free, a new checksum is created.
If the file is found to contain a virus, InterCheck prevents the file from being opened until it is disinfected by the virus engine. InterCheck also provides centralised messaging of any virus incident anywhere on the network.
InterCheck?s unique approach means that performance overheads are kept to a minimum no matter how the number of viruses grows over the years. This has particular advantages in a multi-user
environment where several hundred users might be accessing the same server-based files.

This is copy&paste from SOPHOS PDF:
http://www.sophos.com/sophos/docs/eng/evaluation_guide.pdf

I was wondering if this InterCheck Technology really makes a big difference? Is checksuming really that faster than checking file?

For sure, scanning with avast engine is faster than checksumming. This is because checksumming requires the whole file to be read from the disk, whereas scanning usually touches only certain parts of the file.

BTW avast uses a yet-more-powerful “intercheck” in its XP on-access module: it really doesn’t scan files that have not been modified since last scan. It can do it without checksumming, though – its kernel-mode driver is watching for all file I/O and knows exactly which files have been altered and which not…

Command AntiVirus uses Holo-check ™ that does the same thing.
and avast scans a lot faster than command

Tricky :slight_smile: But sometimes i got the feeling like Avast! is checking very slow. And this is only now with Avast! 4 Pro. Home Edition was really fast. I guess i have something configured wrong.
Oh and why is sometimes checking files that are not opened,modified or anything (if i have Show details on performed action enabled)?

I also noticed scanning speed of Avast! which exceeds 30MB/s, this is very good result :smiley: