Do you have more than one anti-virus program running at any one
time, to stop newly arriving viruses, or do you just have them ready to run
when you’ve got a virus and want to clean it out?
Virus scanners are best used to prevent viruses from ever reaching
your machine, but you raise a very good issue that most folks don’t
There are two types of scans, and each has a place and a purpose.
The most common type of scan is the continuous “real-time” scan that watches for viruses in data as it arrives (and possibly as it leaves) your computer. I say it’s the most common because it’s enabled in the default configuration of most anti-virus programs.
Using a real-time scan, the anti-virus software will hook into your network connection and simply watch the data coming and going to and from your machine, watching for viruses. If it identified one then it takes appropriate action and alerts you.
Typically, real-time scans are considered the safest, since viruses are caught before they’ve ever had a chance to run on your machine. Some will also prevent email-borne viruses from arriving in your inbox as well.
It’s extremely important that there be only one real-time scanner running at a time, as they can conflict with each other resulting in false positives, missed viruses, program crashes or worse. But fortunately one real-time scanner is all you need.
With an “on-demand”, or scheduled scan the virus program simply examines the contents of your hard disk, reading the contents of every file looking for viruses. Naturally, reading everything on your hard drive can take a little time.
Free virus scans are often on-demand. You initiate a scan, and a while later the scanner tells you whether or not your machine is infected and whether or not it was able to remove the infections.
When an on-demand scan is complete no further scanning is performed until the next on-demand scan. It runs, scans everything, and then finishes.
Most anti-virus programs include both types of scans, real-time and on-demand. Most will enable the continuous real-time scans by default, but also offer some form of scheduler so that you can automatically run the on-demand scans.
I typically advise having a couple of additional on-demand scanners ready (or at least selected) when it comes time to track down a particularly nasty virus that perhaps your regular virus scanner misses.
For what it’s worth, I actually don’t run a real-time scan, since I’m fairly well protected in other ways and find that real-time scans can occasionally interfere with the performance of my machine. They’ve also been known to cause other anomalous behaviour – most commonly with email. I do, however, run an on-demand scan which is scheduled every night.
Regardless of what type of scan you run, it’s critical that you make sure that the database of virus definitions your scanner uses is as up-to-date as possible. Most anti-virus programs include a scheduler for that as well, and I make sure that mine is configured to download the latest database every night.
Whether you run a real-time scanner or a nightly or other periodic scan, remember that it’s critical to do something. The days of being blissfully ignorant about viruses is long past.
(This is an update to an article originally published in December, 2004.)