Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Is real-time anti-malware scanning really needed?


Is it really necessary to have a real-time anti-virus program running at all
times using up resources? I have Avast anti-virus, but I also run a different
manual online scan every day using Malwarebytes, anti-malware, and Super
Antispyware, Bit Defender and others. I was wondering if I can uninstall my
real-time Avast AV?

In this excerpt from
Answercast #74
, I look at the advantages of real-time scanning for viruses
and spyware. Real-time scanning of email can be another story.

Become a Patron of Ask Leo! and go ad-free!

Stopping real-time anti-virus scans

Well, it’s a hard one to answer generically.

My recommendation in general is if you’re not sure, have one.
Have exactly one real-time anti-malware scanner working for you.

Now the reason I hesitate at all is because there are people who are
experienced enough on the internet that they will actually never get infected.
They will never accidentally cause something to download on their machine and
infect it.

One would think that I would be such a person, and in fact, to the best of
my knowledge, I have never actually invited malware on my machine. I would be a
candidate for not running a real-time anti-malware scan. I’d run it
anyway. In fact, I do run it anyway.

Malware can slip by

The fact is – it’s simply too easy for things to kind-of sort-of slip by,
sometimes. I have come very close to downloading and installing malware without
realizing it. It’s that “without realizing it” part that you want a real-time
scanner there to protect you from.

Malware can infect your machine in seconds!

In other words, by the time you realize that what you just downloaded is in
the process of infecting your machine… it’s too late!

So, my recommendation in general is that yes, you should have one good
anti-malware product that is keeping an eye out in real-time for the
things that are happening on your machine. That way, you can be protected from
things that might accidentally get to your computer.

If you are a person who is confident about always being able to
identify something – and never, ever downloading it – then of course,
feel free to skip the entire process. I just don’t think that there are many
people who fall into that category.

Real-time email scanning

Now, I do want to clarify something about one real-time aspect that
definitely can cause people problems when it’s enabled: that is real-time
email scanning.

Sometimes, the anti-malware software’s real-time component, when applied to
your email (in other words, as your email is being downloaded), can
occasionally cause problems: everything from false positives to all of your
email being deleted as it’s downloaded.

My recommendation in general is to leave those features turned on. Just be
aware that they can cause that kind of a problem. If they do, then turn off
that and only that portion of the real-time scanning
component of your anti-malware software.

(Transcript lightly edited for readability.)

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

5 comments on “Is real-time anti-malware scanning really needed?”

  1. I would never disable real-time scanning. The web can be a dangerous place, even for experienced surfers.

    How many legitimate sites are compromised on a daily basis? Plenty. One day you visit your favourite tech site, political site, recipe site etc not knowing its security has been compromised and boom!

    You don’t have to travel to so-called “shady” sites to get infected.

  2. Some time ago I had two (or maybe three) real time scanners running at the same time, just as an experiment. They did not like sharing at all.

  3. When trying to avoid viruses and malware a real time scanner is nice but it is also important to remember that Window’s User Account Control can stop most viruses and malware by blocking off access to parts of the machine’s hardrive that they require.

    Standard account users only have access to their particular profiles and cannot access most parts of c: drive or the windows directory. They also have no ability to add keys to the registry and register new dll’s. This alone can stop most malware in its tracks.

    Admin account users have access to everything ans so does the malware they download

  4. I’m in the boat with Leo. I’m one of the least likely to invite malware into my machine, very experienced, and smart enough to know what to click and what not to click.

    However, we all slip up every once in a while. A few months back I got an email and without thinking, I just clicked on the link. Thankfully, Thunderbird popped up a warning. I then smacked my head for being so stupid as forgetting to check what the link was actually going to do. We all slip up now and then.

    The only time I’ve run without real-time scanning was many years ago on a slow computer that only had dial-up internet. Everything took forever to do, so the only thing I ever did on the internet was email. I couldn’t even follow links that were in email and if the email had an attachment, it had better be from someone I know and trust or else that attachment just never got downloaded (took too long).

    Those days are long gone. Run with real-time scanning.

  5. Great advice. I feel I’m very safe, but I just can’t get comfortable turning off real-time scanning. However, no one should feel that AV by itself provides adequate protection. Maximum UAC setting and products like Chrome, BufferZone and Keriver 1-click Restore provide the best protection.

    A good compromise is to exclude files you work with on a daily basis from real-time scanning and just scan them on a nightly basis. For instance, I’m a programmer, so I exclude my development directory. If I were an artist, I’d exclude my artwork directory.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.