Simple question: In CAV, what’s the difference between “On Access” and “Stateful”? Is “Stateful” JUST AS GOOD but faster, or is “On Access” somehow functionally superior? Is the ONLY difference speed? If so, why would anyone use “On Access”, wouldn’t everyone use “Stateful”?
“On Access” is above “Stateful” on the “slider bar” of modes, does this indicate that it’s somehow better than “Stateful”?
I don’t know which to use. Explain, anyone? Thanks
On Access - Provides the highest level of On Access Scanning and protection. Any file opened will be scanned before it is run and the threats are detected before they are getting a chance to be executed.
Stateful - Not only is Comodo Internet Security one of the most thorough and effective AV solutions available, it is also very fast. CIS employs a feature called Stateful File Inspection ™ for real time virus scanning to minimize the effects of on-access scanning on the system performance. Selecting the ‘Stateful’ option means CIS scans only files that have not been scanned since the last virus update - greatly improving the speed, relevancy and effectiveness of the scanning.
Oh, I read the help file. But it contradicts itself, at least somewhat and indirectly, and it doesn’t answer my question.
Scanning every file on access should be functionally identical, in terms of protection, to scanning a file when accessed only if it’s not been scanned since the last DB update (and hasn’t been changed since the last time it was scanned).
One of those is optimized and faster than the other, but as far as I can see, the result is identical.
Therefore, how can it then be said that On Access mode “provides the highest level of […] Scanning and protection.”, which implies the “Stateful” isn’t as good (which is also implied by its lower position on the slider control), if “Stateful” mode is functionally identical, just faster?
So my original question stands… is “On Access” somehow better than “Stateful”, in terms of catching malware? Or is exactly identical, just slower?
That’s what I thought it meant. But what I don’t understand is why CIS offers the choice between them at all. If they’re the exact same level of protection, and one is much more efficient and lighter on system resources than the other, why wouldn’t Comodo eliminate the “On Access” option entirely and change the “Realtime Scanning” slider from:
…where “Enabled” would mean Stateful?
It doesn’t make much sense to me, why they’re both included. If you have two algorithms that do the exact same thing, and one’s lightweight and fast, and the other’s bloated and slow… why would even offer the user a choice at all? Why would the bloated and slow one even be included in the product at all?
In all other software products, if the author comes up with a much faster and less resource-intensive way to do the exact same thing as before, the next version of the software doesn’t give a choice between the bloated, slow original algorithm and the much faster and leaner new algorithm. The better algorithm simply replaces the less-efficient one entirely.
Very true, actually. I didn’t consider dim-witted users who don’t know what the phrase “exactly the same protection” means, or who somehow refuse to believe it.
Good point. In a technical sense, there’s no reason to offer both. But in a human sense, with not all users being sufficiently intelligent, there may indeed be merit in still offering the less-efficient, brute-force technique.
Especially since database updates can be every 30 minutes. This relegates the stateful scanning mode to be less than useful. It pretty much rules out any performance improvement to all but system files. How many other files are you opening multiple times in 30 minutes?
I have not been able to find the phrase “exactly the same protection” or even the word “exactly” used in this context in any of Comodo’s help files. It seems to have cropped spontaneously in this discussion. If I missed it, please post the URL.
There is a difference that can be important for the Truly Paranoid. Stateful detects changes by examining the META DATA of a file: its date of creation, the size as recorded in the directory, the date and time it was last updated, and so forth, while On Access detects changes by examining the ehtire CONTENTS of the file.
It is possible to change the contents of a file while preventing any changes to its meta data; this is trivial if a rootkit is involved.