Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What's the difference between a "quick" and a "full" scan, and which do I want?

Question:

Should I be running a ‘Full Scan’ or a ‘Quick Scan’ on my various
anti-spyware, anti-malware, anti-virus software? The options, and their
differences aren’t always clear to me – when would one be more suitable than
the other, and what might be the dangers of running the wrong one?

Naturally, the answer changes slightly depending on which program we’re
talking about, but ultimately the software giving you a pretty basic
choice:

Do you want the scan to be quick, and pretty good? Or would you rather it
take much longer but also be much more thorough?

Of course it all depends on what I mean by “pretty good” and “much more
thorough”.

I’ll outline what they usually mean, and then which I suggest using and
when.

]]>

The vast majority of malware – both viruses and spyware – actually affect only certain types of files and only in certain locations. For example, files that your computer would attempt to actually run – like a “.exe” file – are the most likely to be infected. Other file types like plain text files or music and video files are less likely to be infected. A quick scan might restrict itself to only scanning those files that fall into the former category, and ignore the rest. The list of file types it might scan could still be quite long, but it’s much quicker than scanning everything.

“‘Quick’ scans are quick because they don’t scan every file.”

Similarly, most often files that are infected are in particular locations – like in your Windows folders. A quick scan might restrict itself to scanning files only in folders that fall into this “most likely to be infected” category, and ignore everything else. There might be many locations but it’ll be much faster than scanning all locations.

“Quick” scans are quick because they don’t scan every file. Instead of scanning every file in every folder on every disk in your machine a quick scan would scan only those files and locations where malware is most likely to be present.

Exactly what is and is not scanned in a quick scan will vary depending on the specific tool you’re using.

In general, quick scans are “pretty good” in that they run quickly, don’t interfere much and provide a good level of protection.

Full scans are just that: full. They scan every file in every folder on every hard disk that you tell them to. As you can imagine, reading every file can take some time, and that’s the drawback. Depending on the tool it can adversely impact the performance of other applications also attempting to use the hard disk for the duration of the scan.

But it is thorough.

Remember I said that infections in some file types aren’t likely, but that doesn’t mean that they aren’t possible. It’s rare that a music or video file contain a virus, for example, but it can happen. A full scan stands at least a chance of catching it, whereas a quick scan that didn’t even look at these files of course would not.

And that, then, would be what I mean when I say “much more thorough”.

So, what to use?

My machines are on 24 hours a day, and I have them run a full scan every night when I’m not around. If you also leave your machines running overnight I suggest doing the same. Coupled with normal safety precautions during the day (i.e. don’t open attachments you don’t trust, don’t click on suspicious links, stay up-to-date, etc.) then you’re in a pretty safe spot. You might break out the quick scan if you ever felt like running one manually, but I’m guessing you probably won’t need to.

If, on the other hand, you turn your machine off over night, then it might be very prudent to schedule your anti-malware software to do a quick scan – so as not to interfere with your usage much – on login, or at some point during the day. I would then also perform a full scan perhaps once a week, either manually or scheduled when you know you won’t be impacted by it.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

2 comments on “What's the difference between a "quick" and a "full" scan, and which do I want?”

  1. What I like to do is a full scan every so often (I usually run it every second Sunday) and a quick scan other times.

    Of course, common sense is one of the best antiviruses. But the only way to never get a virus is to never use a computer. :-)

    Reply
  2. My own observation using Microsoft Security essentials is that many times the quick scan did not find the malware such as a Trojan or a Java exploit. Maybe these malware creators have mange to work around these quick scans. I agree with you, that the best scan is a complete scan at least once a week.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.