Real Time Scanners
The real time scanner (English on ACCESS scanner, real-time protection, background guard among other things), also access scanner or resident scanner mentioned, is active in the background as system service (Windows) and/or demon (Unix) and scan all files, programs, the main memory and possibly the HTTP like ftp traffic. In order to reach this, filter drivers so called are installed of the anti-virus program, which make the interface available between the real time scanner and the file system. Generally must be differentiated with the real time protection between two strategies:
- Scanning when opening files (reading)
- Scanning with providing/changing of files (recording procedure)
With some virus scanners this strategy can be adjusted, with others is it in the program constantly configures. Since recording procedures occur substantially more rarely than readings, many users prefer this attitude. It ensures for the fact that the anyway additional load of the computer is decreased by the real time scanner, but it does not prevent that the computer system infects itself, if user malicious however inactive files opens.
The exclusive employment of an on ACCESS virus scanner does not offer complete protection before mark commodity, since most virus scanners are not very successful with recognizing other kinds of malicious software as viruses and worms. Also they are usually only able to recognize such mark commodity for which they received virus signatures. However if one is of the anti-virus program recognized malicious however un active file on the computer, which was downloaded before the appropriate update of the virus signature, she cannot infect the system and/or possibly the network, if she becomes implemented by the user (opened), if all files are examined also with opening.
In order to reduce the load by the real time scanner further, become often some file formats, compressed files (archives) or like only partially or not at all scanned. Therefore regularly a manual Scan should be accomplished despite a real time protection. If the real time scanner finds something suspicious, it usually asks the user for the further procedure. These are the deletion of the file, shifting into the quarantine or, if possible, a repair attempt.
The manual scanner, also as file scanners designated, must be started of the user by hand (on and). If a scanner finds then harmful software, a warning appears and in some cases options to the cleaning, quarantine or deletion of the stricken files. In the cases, where such options are not given, usually a reference takes place on a liable to pay the costs product. Non removable disk CAN should be implemented regularly. Most programs offer for it certain assistants, who scan the computer e.g. once per week.
On-line virus scanners
On-line virus scanners anti-virus programs are called, which load their program code and the virus samples over a network (on-line). They work contrary to firmly installed virus scanners only in on and mode. That is not called the persistent protection by an on ACCESS mode is ensured. Therefore on-line virus scanners are suitable to cleaning, not however to the preventive protection of a system. Also the danger exists the fact that a stricken computer can become remote controlled over the connection to the Internet or even Spam dispatches or attacks other computers, while it is on-line for the Scan. Therefore one should separate and with an off-line scanner examine a potentially struck system according to possibility immediately from the net. Often on-line virus scanners are used also as so-called Second Opinion scanners, in order to seek additionally to the installed virus scanner one second opinion “too infestation.
Most on-line virus scanners are based on the ActiveX technology and are bound thereby to the use of Internet Explorer. In addition, there are alternatives for the platform-spreading employment, which were released with Java.
Beside the real time and the manual scanner there is still another number of further scanners. Most of it work, by analyzing network traffic. In addition scanning it the data stream and would as for instance drive out with a remarkableness a defined operation, a closing of the data traffic.
Another solution is the employment of Proxy software. Some Proxies permits a tying up of anti-virus software. If a file is downloaded in such a way, this is examined and examined first at the Proxy whether she is contaminated. Depending upon result she is then delivered to the Client or closed.
A variant of these pro XY virus filters Mail Relay servers with anti-virus software are, partly than on-line virus filters characteristic (see however above). Emails are led first on the Relay server, rejected there scanned and, placed or cleaned under quarantine and passed on then on the Mail server of the receiver.