Saturday, 19 July 2008 7:34 PMI try the best I can NOT to use Microsoft products, but recently a friend talked me into giving a 90 day trial of LiveOneCare a shot (I used ZoneAlarm before this).
OK... so, I'm willing to give this beastie a chance.
Off the bat, I have two obvious questions about the anti-Virus, anti-Spy feature
1. I don't see a way to schedule virus definition updates. I mean there is a "chek for updates" function (in blue, in the right hand column) that can be ran manually whenever I remember to do it, but there is NO way to set the virus definitions updates at regular intervals.
2. I don't see a way to pre-set the depth of the scheduled scans. I mean, I set the virus/spyware scan to run at such-and-such time every 24 hours, but there is NO way of knowing if this is a "quick scan" or "deep scan."
Saturday, 19 July 2008 9:40 PMModeratorOne Care checks for updates automatically so there is no need to schedule definition updates. Every virus and spyware scan is a "deep"scan. So called "Quick Scans" are pretty much a waste of time since they only scan a few common areas where malware may reside. I schedule One Care to scan weekly since it scans all files on access.
I apologize for for posting incorrect information regarding scheduled scans. Scheduled scans are Quick Scans.
Sunday, 20 July 2008 2:09 AMHm....
Maybe Live OneCare is better than I thought.
Got another 85 days to go.
Thank you for a quick response.
Sunday, 20 July 2008 2:09 PM
On the other hand, you might be right, Microsoft Doubter. Working in a recent thread on command line scans with MpCmdRun.exe, I was checking to see if command line scans would be included in the support log. While reviewing the support log, I was surprised to see that all of my scheduled (daily) scans were logged as “Custom Scans” and only scanned 5,081 files on a system where a full scan included 248,972 files. I would translate that as a “Quick Scan”. The information on scheduled and on-demand scans is available by creating a support log, so, Microsoft Doubter, you should easily be able to confirm or disconfirm my observation. I just changed the scan schedule to weekly to see if that would result in a full scan. This time the scan took less than a minute and the log reported another “Custom Scan” with only 561 files scanned. At this point I’m not sure that any scheduled scan will scan everything. Personally, this doesn’t have much impact, because I’ve always relied on manual full scans when I observe something unusual, and find nothing inconvenient about doing that. JimR1, If I’m misreading the log, or if there's a way to force a scheduled scan out of its apparent “Quick Scan” default, please advise me.
Sunday, 20 July 2008 5:26 PMModeratorYou both may be right. I can't check my logs because the browser I'm using won't render the logs in a readable fashion. In my opinion, and I am not a security expert, virus scans are a waste of time anyway. If real time monitoring is working as it should any threats should be detected on download or upon execution so a manual or scheduled scan should not find anything. If malware is not detected in real time why would it be detected in a scan?
Sunday, 20 July 2008 7:20 PM
No question about it, JimR1, the on-access scanning is the important thing, and the scans don’t do much more than give the user a psychological sense of security. The only reason I picked up on this is that we are attempting to discover what files are being scanned by MpCmdRun.exe in another thread, and that led me to wonder what was actually being scanned in a scheduled scan. You are a security expert, and I concur wholeheartedly in your opinion of scans, but we can certainly understand the user’s natural desire to know what’s going on behind the graphics, even if that information is mostly “academic”. Thanks and best regards,
Monday, 21 July 2008 4:53 AMModerator
Though it's sort of been discussed here already and may also have been more completely covered in the other thread which I haven't read yet, here's the situation as it currently works..
As you've already discovered, the scheduled scan is basically the equivalent of a Windows Defender "Quick scan", though it uses the engines and detections from the combination of the Virus and Spyware databases. Along with the Manual scan, a full scan is also run each time a Tune-Up is performed.
Though the idea that the real-time on-access protection should detect and remove a virus before it's ever saved is basically correct. what happens if it doesn't, for example when it's a new unknown malware variant? The reason for the other scans is to detect anything missed by the real-time protection and remove it before someone attempts to access it. This should happen rarely though, so it isn't necessary to do very often.
The Quick Scan operates like an AntiSpyware scan and checks common locations in both the registry and file system for installed and operating malware. The Full scan checks all files that might carry and/or launch any type of malware, including installers and data files that can't themselves be considered executable malware. For this reason the Quick scan can be performed regularly without much wear and tear or overhead on your hard drive, while the Full scan can occur more rarely such as the recommended 4 weeks or whenever you might suspect that malware is present on the PC.
Monday, 21 July 2008 6:22 PM
Thanks, OneCareBear. I took JimR1 to be describing the ideal situation when he qualified his point with the condition “If real time monitoring is working as it should…” This immediately brought to mind the situation where virus and spyware protection gets stopped or interrupted for some reason, which might allow malware to get through and therefore might require a scan detection. Your case of unrecognized threats is another case where an eventual scan detection would be desirable, although if there were obvious symptoms of an infection, I personally would resort to an alternative online scanner, rather than wait for a definition update.
To be honest, I had completely forgotten about the automated tune-up scan, and I think this might amount to a giant oversight on my part, because this actually might be a key point for trial users, like Microsoft Doubter, who are concerned about OneCare’s ability to do “deep” automated scans. You do have the option of setting the tune-up to run as often as once a week, and although this will involve a little extra overhead, it seems like a good option. Since the tune-up scan is a full scan, and really should also be considered a scheduled scan, this also means that I was wrong in thinking or stating that all scheduled scans are “Quick Scans”. My apologies here for not seeing the whole picture. So once the tune-up scans are thrown into the mix, the OneCare automated scan options seem quite flexible, it’s just the approach that’s a little different.
The other thread that I mentioned has no direct bearing on this one, other than that it poses the same type of questions about how many files are actually being scanned. This thread deals with the command line scans using MpCmdRun.exe, and I mentioned it only because I had recently been looking for an answer to what this file was scanning by looking in the support log, only to find that although the command line scan results seem to be saved, there is no apparent way to view them in the support log. With all the white space on that “Logging” tab, you would think there would be room for a check box entitled “Include command line scans in the support log”. Anyway, it was during this examination of the support log that I noticed that the scheduled scans appeared to be Quick Scans. I had no great confidence in this finding, and was merely presenting it for review and consideration. I am now aware, as per the discussion above, that, at best, it’s only half true.