“Daily Scans are Pointless” – to the tune of “Every Sperm is Sacred”!
I’m a real fan of AVG’s anti-virus [AV], but for the life of me I can’t understand why, by default, it wants to do a daily scan.
“Please note that by default, the Whole Computer Scan is already scheduled to run every day.”
Actually, I should briefly ‘back up’ and say that until fairly recently, I actually rated most AV programs as next to useless, and that it’s the operating system that should ‘get more a grip’ on protecting its users! I wrote a piece on this for Computer Weekly back in 2002 – although I can’t remember if it was published [I was doing ‘Thought for the Day’ things for them back then]. Anyway, I’ll post that in another article and link to it here.
Back to ‘scanning’ then!
Any decent AV program hooks into the operating-system and scans a file for viruses, etc. whenever it’s accessed. Therefore, why do a scan? If a file is infected, but not being accessed, why worry about it?
Of course, it may be that you’ve got a virus in some file, and yet it’s only recently that your AV’s been trained to recognise it [see the other article], but again, what’s the problem there? I repeat: if an infected file’s not being accessed, why worry about it – when and if it is accessed, it’ll be caught.
Think about how many AVG installations there are in the world. Think about how many people go with the default ‘scan every day’ option. Think about how much energy that uses! Think about all of the other AV vendors that also do daily scans by default now!
Also, and anyway, scanning on any modern Windows machine could be greatly speeded up because the operating-system can keep a journal of exactly what’s changed on a drive – that’s over reboots too. This technology has been there since Windows 2000, so why scan everything anyway? Only scan what’s been changed/added if you want to find ‘new stuff’ – but again, why even bother with that? Wait until an infected file is accessed – and fix it then!
This missive from 2002 is here simply because it’s referenced from this.
Or, was it this? Dunno … I’m as ‘confused’ as normal!
Antivirus programs cannot truly protect you and, at worst, lure you into a false sense of security; and, I’ll tell you why…
The State of ‘Play’ Today:
• Way back, computer-viruses were transmitted via floppy disk – slowly, from one machine to another.
If the virus was known, and the destination machine had an up-to-date anti-virus program on it, further spread could be prevented as an infected file was accessed.
• Then came networks – but these too could be kept reasonably safe, so long as the ‘entry-point’ (floppy disk-drive) onto that network was protected – as above.
• Then came the Internet – in lots of ways the Internet is just a big network – the ‘EWAN’ – the ‘Extraordinary-Wide-Area Network’. Now it’s getting kinda tricky to protect yourself.
The main thing is that, in order to catch a virus, your anti-virus program has to first know that it exists.
It’s like the way the Flu jab works – you get innoculated against the strain that is predicted to hit the country: not ‘the Flu’ per se. However, if a different strain hits you – well, you’ll get the Flu! Viruses – real or cyber – have signatures, and you can only be immunised against known entities.
With the Internet, it’s quite possible that you’ll get hit by a new strain before an antidote can be prepared by your anti-virus program’s vendor.
Take the way viruses use email programs to move themselves about nowadays – it goes like this:
• Someone gets a virus (somehow)
• It does its damage and then emails a copy of itself to everyone in his or her contacts-list/in-box, etc.
• When the recipients get it, it does the same for them – this is Exponential!
So, in no time at all, it spreads (successfully) like wildfire – as, remember, we’re pretty much all connected at the speed of light now – and your antivirus hasn’t been informed about this new strain yet!
Anyway, some poor soul ultimately discovers that this thing is a self-replicating virus – and (if they can be bothered – as it’s too late for them) they notify Norton, Symantec, AVG, blah blah blah. In a bit, they all confirm that it is indeed a virus, and work out a fix – time ticks by. They then issue this on their web-sites. Hopefully, you’ve got an ‘Active Update’ kind of program running at your end (or do you have to periodically check for updates yourself!?), and quite soon (this is usually based on a pull rather push model – so you probably update once in 24 hours) you’ll get the fix! However, will it all be too late when it arrives? You bet ya! The likelihood of this is almost certainly proportional to the value of your data of course!
So, are anti-virus programs really worth having? Well, broadly speaking, I say ‘no’. What’s needed is better technology – viruses could be caught by the operating-system – and they should be!
In order for a virus to work, it needs to be executed: either directly, or by some other already-executing-process. Now, the operating-system is the thing that creates processes; and as such it can learn what they access. So, if the operating-system were a bit more picky about what processes it’ll start ‘automagically’, well … these things could be caught very effectively.
Imagine, you double-click what looks like an Excel file-attachment appearing in your email. However, the operating-system sees that the file is actually an executable. Next, it checks to see if this executable has been run on your machine before and, if it hasn’t, it simply asks you – “Are you sure you want to run this PROGRAM?”. You answer ‘no way’. Problem solved. How about if the virus infects Excel itself – and runs as some sort of extension to the program though? Well, hopefully you’ll have run Excel a few times before, and the operating system can learn about its habits? For example, should Excel now try to access your Firefox settings, or start trawling your folders for a Microsoft Money file, one would hope that the operating system might think that this is all a bit peculiar, and ask you about it [suspending Excel while it consults you of course].
Alternatively, this kind of approach – where the operating-system is rather more proactive – could be extended to anything that has write-access to your hard disk. After all, no write-access = no-damage [writing to a port, i.e., writing ‘across the wire’ is a write operation of sorts, and as such is not permitted]!
Written in 2002
