Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Are bootable anti-virus/malware scans as good as the normal

Apr 25, 2015 7:20PM PDT

I recently started using the various bootable anti-virus/malware scanners, like the Kaspersky's Rescue Disk.

However i am really interested in how do these bootable scans compare to the "normal" Windows run scans.

For example, would a maximum scan from Kaspersky Rescue Disk find as many malware/viruses as a max scan from Kaspersky Total Security?

Assuming both anti-virus/malware scanners are up to date (latest versions and databases), which is expected to reliably find and clean more viruses/malware?

Thank you for helping out

Discussion is locked

- Collapse -
Answer
Re: bootable antivirus disk
Apr 25, 2015 7:40PM PDT

Those bootable disks have the clear advantage that (a) you don't have to boot into Windows to run them and (b) you don[t have to install them to run them.

So they are useful in cases where (a) you can't boot into Windows, or (b1) existing malware does prohibit their install, or (b2) you already have another antivirus program installed. So in these cases it will surely fnd and delete at least the same amount, maybe more, because the installed one doesn't even run, so finds and deletes 0.

Moreover, if a rootkit is active in Windows, it can hide infections from the antivirusprogram running in Windows. But it doesn't run if you boot from a disk. In this case also, the disk version will find at least the same amount, maybe more.

Also, a rootkit or active virus might cause a deletion to fail. So the disk version will delete at least the same amount, maybe more.

Kees

- Collapse -
Answer
One Problem Though...
Apr 26, 2015 4:08AM PDT

The various rescue disks are locked in time when you create them.. The "onboard" version of an antivirus will update multiple times during a day, adding a new virus definition each time. In order to update a rescue disk, you'll need to perform a new download of the disc software and create a new disk.. In addition, to answer one of your questions, the updates are not kept as current on the rescue disks. And although a full scan with one tool is similar to a full scan with the other tool, they may not be identical at any one moment. The rescue disks are great for their intended use but they don't provide any "real time" protection like the onboard version.

But as Kees state above, when needed, the boot scan option may be the only option to clear up an infection so other scanning tools can be run.

Here, I only use the rescue disks when my other onboard tools/scanners don't work. And for most problems, I use a boot scanning disk and then use a different brand of onboard scanner, just to cover all the bases.

Hope this helps.

Grif

- Collapse -
I disagree with an Avira Rescue Disk
Apr 27, 2015 7:28AM PDT
- Collapse -
The Problem With Most Comps I Fix.....
Apr 27, 2015 9:06AM PDT

...is they are so infected that I CHOOSE to unplug them from the internet before performing the scan...or they're so infected they can't access the internet. I seldom have to use the bootable rescue disc if the machine is already able to access the internet.

You'll also note the Avira version of the rescue disc will "attempt" to update its definitions by accessing the net unless it is unable to do so. So technically, you're correct. In my experience though, the program is unable to do so almost aways...and as such, must use the definitions burned to the disc from the ISO.

By the way, the Kasperky Rescue Disc, (to answer the question about the program originally mentioned by the OP), will attempt to perform an update also.. It has the same problem when the internet can't be accessed.

Thanks though.

Hope this helps.

Grif