I run virus and malware scans on my C drive only. I have several external drives and I’m wondering if I should be scanning them as well?
Interestingly enough the answer on this one isn’t always clear. I personally don’t scan my external drives, but there’s actually a pretty strong argument that perhaps I should.
Become a Patron of Ask Leo! and go ad-free!
C: is the typical target
The vast majority of malware that’s out there targets only your system drive. That means that it installs files in your Windows folder or in the registry, or corrupts the programs that have been installed. In other words, it attacks stuff that’s normally placed on your C: drive.
That’s why all anti-malware tools are going to scan your system drive, aka your C: drive, by default.
Now, there’s certainly malware that will install itself on external drives; but in order to propagate, not necessarily to technically infect those drives. So what happens is the stuff that’s on the external drive isn’t really infected, but the files that comprise the malware are copied somewhere onto the drive so that when that drive is installed or connected to another machine, that machine can become infected. The same happens with USB thumb drives.
The best way to think of this is that the drive isn’t really infected, per se; it’s more of a carrier of the malware. There’s no real damage to the files on the external drive. It’s just that some additional information has been placed there in the hopes of it propagating to another machine, should that drive ever be plugged into another computer.
Infected external drives
It is possible to actually infect files on external drives, but it’s uncommon. And the reason it’s not that common is that, other than moving a drive from one machine to another, malware authors can’t really count on the infected files on an external drive ever being used for anything.
I don’t know what you use your external drives for, but I use them for things like backup, archives, or just storing random data. Like most people, I don’t have any programs on external drives, so there’s no real software for the malware to infect. So, rather than take the time and risk detection because of its activities on external drives, most malware just doesn’t bother.
To scan or not to scan? That is the question.
Certainly, there’s no harm in doing scanning your external drives. So I’ll just go ahead and say “scan”. It’s certainly better to be safe than sorry. I’m also not terribly concerned if you don’t, for all of the reasons that I’ve mentioned above. I really don’t think it’s a particularly high risk area.
And in fact, your anti-malware tool may have already made a decision for you. It could be defaulting to scanning all the connected drives, or not. Have a look at it’s configuration.
Bottom line: This is one of those cases where if it makes you feel more comfortable, by all means, go for it. But if it ends up being too much of a burden on your system, or slows down your computer’s performance, or is just inconvenient, then I’d feel free to skip it.