Is scanning different from (laboratory) testing?

--
@~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
/ v \ May the Force and farces be with you! Live long and prosper!!
/( _ )\ https://sites.google.com/site/changmw/
^ ^ https://github.com/changmw/changmw


--- PyGate Linux v1.5.13
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 2026/3/15 9:12:45, Mr. Man-wai Chang wrote:

Is scanning different from (laboratory) testing?

Ask your pets: is a cat scan different to a lab test?
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()ALIS-Ch++(p)Ar++T+H+Sh0!:`)DNAf

"This situation absolutely requires a really futile and stoopid gesture
be done on somebody's part." "We're just the guys to do it."
Eric "Otter" Stratton (Tim Matheson) and
John "Bluto" Blutarsky (John Belushi) - N. L's Animal House (1978)

--- PyGate Linux v1.5.13
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 3/15/26 5:12 AM, Mr. Man-wai Chang wrote:

Is scanning different from (laboratory) testing?

My doctor scans me when I walk into the room but later takes blood for lab testing. I
prefer the latter.

--
Linux Mint 22.3, Mozilla Thunderbird 140.8.1esr, Mozilla Firefox 148.0.2
Alan K.

--- PyGate Linux v1.5.13
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 3/15/2026 6:27 PM, J. P. Gilliver wrote:

On 2026/3/15 9:12:45, Mr. Man-wai Chang wrote:

Is scanning different from (laboratory) testing?

Ask your pets: is a cat scan different to a lab test?

I dunno... why are those tools not called virus "tester"?? :)

--
@~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
/ v \ May the Force and farces be with you! Live long and prosper!!
/( _ )\ https://sites.google.com/site/changmw/
^ ^ https://github.com/changmw/changmw

--- PyGate Linux v1.5.13
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 3/15/2026 7:49 PM, Alan K. wrote:

On 3/15/26 5:12 AM, Mr. Man-wai Chang wrote:

Is scanning different from (laboratory) testing?

My doctor scans me when I walk into the room but later takes blood for lab testing. I
prefer the latter.

Now we have nano-tech that could inject a spy robot into your blood
while sucking blood? Or maybe to infect you with a real killer virus? :)

--
@~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
/ v \ May the Force and farces be with you! Live long and prosper!!
/( _ )\ https://sites.google.com/site/changmw/
^ ^ https://github.com/changmw/changmw

--- PyGate Linux v1.5.13
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Mr. Man-wai Chang <toylet.toylet@gmail.com> wrote:

On 3/15/2026 6:27 PM, J. P. Gilliver wrote:

On 2026/3/15 9:12:45, Mr. Man-wai Chang wrote:

Is scanning different from (laboratory) testing?

Ask your pets: is a cat scan different to a lab test?

I dunno... why are those tools not called virus "tester"?? :)

Probably because they're *not* called 'virus scanners', but antivirus software (case in point: 'Microsoft Defender Antivirus'). virus
protection (Windows terminology), etc.. And yes, they *can* scan
(multiple files), but normally do not scan, but indeed 'test' and take
action if needed.

'virus scanners' is common speak, but not quite correct, just like
'the internet', when something which uses the Internet is meant, for
example 'the web'.

--- PyGate Linux v1.5.13
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On Sun, 3/15/2026 12:10 PM, Mr. Man-wai Chang wrote:

On 3/15/2026 6:27 PM, J. P. Gilliver wrote:

On 2026/3/15 9:12:45, Mr. Man-wai Chang wrote:

Is scanning different from (laboratory) testing?

Ask your pets: is a cat scan different to a lab test?

I dunno... why are those tools not called virus "tester"?? :)

There is real-time AV protection. When you download a file
from the Internet, the antivirus software scans it, using
a signature definitions file as a reference for known malware.

On-demand scanning is offered for free by some companies.
That could in principle, scan every file on the C: drive
whether executable or not. There are "levels of skill"
in on-demand scanning -- not all AV products do good
scans, and a "naive scan" using ClamAV definitions could
be augmented with other styles of known exploits.

EXE files get scanned for sure. PDF files are also an attack
surface, and a PDF can attempt to use multimedia tools to
present material. An exploit could be planted in a PDF movie
block perhaps, and the movie player tipped over. Malformed video
files could stack-smash the video player, those are scanned
as well.

Heuristic testing comes about as part of real-time testing.
For example, if a program makes obscene gestures towards
the system random number generator, an AV could flag that
as abnormal.

Scanning is certainly a part of what AV programs do, whether
they scan a single file in real time, or whether they scan
all of System32 at startup.

*******

Laboratory testing is AV-Comparatives. That is testing to show
the percentage of materials that can be detected, the number
of false positives and false negatives. Some AV scanners
(snake oil), they will complain over and over again about
your copy of Notepad, when nothing is wrong with Notepad.
This is to give the mis-impression that the product is "good".

Another place a person might refer to a "laboratory", is when a
new sample is delivered by virustotal to a company,
and they "analyze it for attack pattern". If a company
needs to remove a pest from a computer, what it attacks
is important. For example, the Sality malware attacks
every executable, and in a non-reversible way. The
AV product may indicate that "you should reinstall your
OS and re-download your programs", due to the kind of damage
that was done. Restoring from backup may work, if you have
a recent backup. Some pests will wipe out your entire
computer room (due to exploits you never bothered to patch).
Malwares can arrive with a "kit of tools they can use",
so they are quite powerful and skilled at exploitation.

For other malwares, they can be reversible by removing something,
and the only remaining evidence of an infection might be
that a series of registry entries owned by TrustedInstaller
were added to the Registry. If another scanner is added
to the computer (Malwarebytes on-demand), the registry entry
will "trigger a detection of trouble", when no trouble
exists (no modified EXE). For the user, good luck elevating yourself
to TrustedInstaller so you can remove those registry entries :-)
I helped someone do that, and that was the rough equivalent
of pulling teeth in a dental office :-)

Paul


--- PyGate Linux v1.5.13
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Mr. Man-wai Chang wrote on 3/15/2026 2:12 AM:

Is scanning different from (laboratory) testing?

Yes.
Local AV/AM scanning and online scanning is not lab testing.

Lab testing is an evaluation of AV/AM software's detection abilities for threats(known and or emerging), behavioral response, and false positive findings.

--
...w­¤?ñ?¤

--- PyGate Linux v1.5.13
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)