Check this out:

http://blogs.technet.com/steriley/archive/2007/09/22/antivirus-software-who-needs-it.aspx

In brief, the author says he can control what he clicks on and what he installs, so he never gets infected.

He also makes a reference to running Vista with UAC enabled but the prompt turned off so that IE7 will run in the protected mode.

I often wonder if IE7 protected mode is a better bet than Firefox. I tried running IE7 with IE7 Pro for a while and found its functionality to be good, but IE seems to have more trouble enlarging the type fonts in a usable way on many web pages than Firefox.

Anyway, several folks around here are running without AV's and relying on other strategies, including rolling back to a clean image or snapshot periodically.

If anything, I find the possibility of running without an AV to be one of the more tempting aspects of OSX and Linux.

av's are cheap enough, and even free!

why take the risk, i say.

With Windows there are some very good a/v's for free.
Might as well be protected.;)

I don't know about that neccessity with Linux etc..

Here we go again. First of all which AV would the experts use. I assume we are talking real experts and not just those who think they are (as to who needs AV anyway), second in the the article they say when is the last time AV found anything (long time).

O. K. it is confession time...(as to going to the doctor) if you feel healthy and stop going for routine physical at the doctor that will be the one time you get silent killer.

Most should get some AV and at least have the realtime part running. My postion remains the same as this has come up before. ;)

Perhaps what this is really about is that successful security is about using your head. For sure there are 3 free AV's that get mentioned around here daily. Just as surely the malware writers are changing their products on an almost daily basis to avoid signature based detections. A lot of the stuff gets delivered by compromised websites. Protected mode is supposed to avoid that. However, I cant help wondering that you could pick up a keyloger that would only work in IE7, but that would be enough to steal your banking password.

I don't know if you have had a chance to notice this, but there are some people who have minimal security precautions in place on their machines (windows firewall and AV from a large vendor) and never have a problem. Others with the exact same setup have completely trashed computers and continue to use them with no interest in a clean up.

How about phishing? Doesn't anyone have enough sense to not click on a link in an email that states we need your banking details?

Perhaps the problem is that there are rare instances in which there is no protection. That would be the zero day attack against a known but not patched OS flaw. The rest of the stuff is so obvious.

I have to say that I use an AV about 50% of the time.
Even before I deployed Linux around the house this was the case. The kids computer and the fiancee's always had some sort of AV solution and limited accounts, but now they are just running as thin clients so the need is not really there.

Precautions:
1. Bookmark all online banking and personal information sites in Firefox and place the file where it is easily accessible, ex. USB drives etc. import on all clients XP or CentOS.
2. Use Thunderbird as an email client, when not using web based email solutions. Suggest web based email solutions as they have quite adequate email filtering and phishing protection.
3. Use Tomato Linux on the Router/Gateway(WRT-54GS) with a script to download and run MVP host file on each reboot, actually each WanUp. Thousands of nasty sites are block by default.
4. Use limited accounts in XP, and they are a default in Linux.

I am not preaching the Linux bandwagon, to each there own, I used Windows for years and I still do on the notebook(Linux is a little flakey on it) and one of the desktops for use with Photoshop for some classes. But the other machines were starting to age and it became noticeable that the resources were depleted, so they made perfect candidates for a thin clients. This also saved on energy as I can remotely shutdown all thin client's with a cron job.

If all infection vectors are secured, why would an antivirus be necessary?

Malware can only infect your system only if it is executed, whether by yourself because you fell for a social engineering trick, or stealthily without user interaction via a software security flaw or from autorun USB drives. As long as you can ensure that these do not occur, then you won't need antivirus software. As a matter of fact, most of us already take such measures (downloading security patches, using non-IE browsers and educating ourselves to not fall for phishing scams, for instance), and in all honesty these measures actually do a better job of protecting us than antivirus software can ever hope to.

{QUOTE->
3. Use Tomato Linux on the Router/Gateway(WRT-54GS) with a script to download and run MVP host file on each reboot, actually each WanUp. Thousands of nasty sites are block by default.
<-QUOTE}


Where did you get that script? I almost completely forgot about hosts. Its a really great idea as it is free, uses next to no resources and requires no user interaction, making it foolproof.

{QUOTE-> Check this out:

http://blogs.technet.com/steriley/archive/2007/09/22/antivirus-software-who-needs-it.aspx

In brief, the author says he can control what he clicks on and what he installs, so he never gets infected.

<-QUOTE}

I have done without any resident AV for periods of time without trouble myself, as I know many others have done too. It depends 100% on the user and how the PC is used. If you just do some browsing at regular sites you know on a daily basis, some email with friends, listen to some mp3, burn a few CDs and download a few files occasionally from trusted major sites and not much more, then I think a resident AV isn't necessary. Perhaps an occasional scan or an on-demand scanner is good enough. There are a lot of people who fall into this category.

The user needs to know enough not to get into trouble as the article says. That's obvious. I feel I know enough to avoid trouble, as do many others. I run a resident AV for only one reason: It's easier that way. I don't so much feel that I really need it, but if I do want to scan a file, a resident scanner is easier than manually scanning something or going to an online site to scan it. And I don't mind the overhead of the resident scanner either, big deal.

But is it really needed? Speaking for myself, I think not...

Oh yes Diver I do agree it is very important factor in how one uses their machine...where do they go on the internet and what do they do. Oh yes, for sure. :thumb:

sure, if all you do is surf on genuine websites, there is no need.

however, with alot of viruses and spam/phishing arriving by emails, surely this needs to be protected.

but with the prices of some, and even the FREE! ones, i dont understand why a user would take this risk.

:o

"Do you need any AV?"

For as long as I run Windows and surf dangerously, I will run an AV.

{QUOTE-> "Do you need any AV?"

For as long as I run Windows and surf dangerously, I will run an AV. <-QUOTE}


Totaly agree. ;D

{QUOTE-> "Do you need any AV?"

For as long as I run Windows and surf dangerously, I will run an AV. <-QUOTE}
On the contrary. The more dangerously I surf, the less safe I will feel to be relying on an AV.

{QUOTE-> On the contrary. The more dangerously I surf, the less safe I will feel to be relying on an AV. <-QUOTE}
Yeah, I think if I am surfing in dangerous waters I would be inclined to add a HIPS or behavior blocker in addition to the AV...

For the record, I will not run a Windows machine without an AV. If I repair a PC for a friend it leaves here with a free AV installed, unless there was a functioning pay AV on board. I clean up friends PC's for free and invariably these machines had an expired AV. But the problem was not the expired AV so much as carelessness. Invariably, there are signs of abuse such as Grokster.

Usually I will install AVG free. That is not to imply that it is better than Avira or Avast, but it seems to be the most dummy proof of the three.

Perhaps the moral of the story is the AV is not your primary line of defense, its your brain.

{QUOTE-> Where did you get that script? I almost completely forgot about hosts. Its a really great idea as it is free, uses next to no resources and requires no user interaction, making it foolproof. <-QUOTE}

Here you are, quite easy to setup actually...

http://www.linksysinfo.org/forums/showthread.php?t=53133

{QUOTE-> Perhaps the moral of the story is the AV is not your primary line of defense, its your brain. <-QUOTE}
Agreed. I only need scanners to check new files. I have clean images to use in case of trouble.
The rest (http://www.wilderssecurity.com/showpost.php?p=1082211&postcount=49) of my security/privacy/data protection setup.

{QUOTE-> Perhaps the moral of the story is the AV is not your primary line of defense, its your brain. <-QUOTE}

Once again, the natural trend I can see, excepted for the brain line of defense (actually one can imagine a rootkit-like malware totally "invisible" to your smart brain) ::) , is that antivirus scanners are not to be anymore the first line of defense, especially in company networks. It looks to me as if it is more simple to base your security on policy, and to deal with exceptions thanks to scanners which will eventually eradicate malwares reaching the computers. Antivirus scanners are becoming the last line of defense.

NB:imaging / restoring softwares hapen to be of great helps... once contamination became true.

the human brain makes more mistakes than anyone can figure out, in simple terms... USE AN ANTIVIRUS.

;D

It seems that even here on Wilders, people place more faith in antivirus programs than is realistic, even thinking it can somehow compensate for the human brain.

On a few of my test machines, I install AVs solely for the purpose of making sorting malware easier. When you realize the percentages of malware that AV scanners miss on a daily basis, you'll come to appreciate the fact that AV products can offer you an opinion at best ("hmm... I think this file is clean"), not protection.

{QUOTE-> the human brain makes more mistakes than anyone can figure out, in simple terms... USE AN ANTIVIRUS.

;D <-QUOTE}

I did not say to skip the AV, I said do not rely on it solely. Use your head first, if your head misses, the AV is a second shot.

Another related article:

http://www.guardian.co.uk/technology/2007/sep/20/guardianweeklytechnologysection.spam

{QUOTE-> sure, if all you do is surf on genuine websites, there is no need.

however, with alot of viruses and spam/phishing arriving by emails, surely this needs to be protected.

but with the prices of some, and even the FREE! ones, i dont understand why a user would take this risk.

:o <-QUOTE}

Hi CSJ

There are other factors. I've tried a bunch of AV's and have license for most of them. But my machine really runs so much better without them. One can shift the problem in other ways. All my browsing is done thru sandboxie. If I am going a bit risky, then I run ShadowDefender and then go thru sandboxie. And if I am going to the darkside, I but my desktop in Shadowmode, then fire up the VM machine, and use SHadowdefend and Sandboxie on it.

Same thing with email. Usually I just delete, but if really curious, I will take the above steps and get it from webmail. That way sandboxie and Shadowdefend are on duty.

I just get tired of the impact of the AV's. Didn't realize it was there, as they had been on the machine since day one.

Pete

{QUOTE-> I just get tired of the impact of the AV's. <-QUOTE}

I have to echo those same sentiments. Stemming all the way back to Windows 98, AV's by the very nature of the way their fashioned, have to be designed to infilitrate if you will EVERY file on the system. How else does one explain that while engaged and you run across lets say a page with even a script virus in text form, your AV (if in database), will immediately pop up or with some disable the page entirely as a precaution, and that IS a very good activity that it should perform. In like manner, should some virus manage to enter a file your AV will at-once alert then try to clean the affected file, whichever it might be.

But like Peter2150, i always found them very stressful to my systems, even on XP, that is up untill KIS6, which to my surprise, i noticed didn't burden resources like many AV's have done in the past.

With the onset of HIPS & Virtualization technology though, i've migrated away from "resident" AV's to a more reasonable On-Demand scanning for viruses.

{QUOTE-> Hi CSJ

There are other factors. I've tried a bunch of AV's and have license for most of them. But my machine really runs so much better without them. One can shift the problem in other ways. All my browsing is done thru sandboxie. If I am going a bit risky, then I run ShadowDefender and then go thru sandboxie. And if I am going to the darkside, I but my desktop in Shadowmode, then fire up the VM machine, and use SHadowdefend and Sandboxie on it.

Same thing with email. Usually I just delete, but if really curious, I will take the above steps and get it from webmail. That way sandboxie and Shadowdefend are on duty.

I just get tired of the impact of the AV's. Didn't realize it was there, as they had been on the machine since day one.

Pete <-QUOTE}

I also feel more and more that sandboxing and virtualization make AVs redundant. Whether you are infected or not who cares, reboot and it's gone.

Still if you want to save something from your session how are you going to determine whether it's infected or not? People say use your brains... With rootkits?

I'm still using an AV because it is the only way to check if something is there. If it misses, well bad luck, but you might not know you are infected for a long time, and giving enough time all good AVs will eventually detect the new nasty.

Are all AVs impacting your machine so noticeably?

{QUOTE-> I have to echo those same sentiments. Stemming all the way back to Windows 98, AV's by the very nature of the way their fashioned, have to be designed to infilitrate if you will EVERY file on the system. How else does one explain that while engaged and you run across lets say a page with even a script virus in text form, your AV (if in database), will immediately pop up or with some disable the page entirely as a precaution, and that IS a very good activity that it should perform. In like manner, should some virus manage to enter a file your AV will at-once alert then try to clean the affected file, whichever it might be.

But like Peter2150, i always found them very stressful to my systems, even on XP, that is up untill KIS6, which to my surprise, i noticed didn't burden resources like many AV's have done in the past.

With the onset of HIPS & Virtualization technology though, i've migrated away from "resident" AV's to a more reasonable On-Demand scanning for viruses. <-QUOTE}

One of the things I've recently learned, in trying to isolate a problem, is the only to be sure something is a problem is to get it off the system. That's why I've taken AV"s and AS's off completely. No realtime, no scanning, by by. It's working well.

On this system stress thing, I thought I had a Vista slow file copy issue. Turns out my AV was scanning inside of a program installer file that had many objects inside when I copied the file. Vista highlighted the problem as the time calculation box did not close until the scan was complete, a behavior that appears to be different from XP.

See this link for an example of AV drag on system peformance:

http://www.wilderssecurity.com/showthread.php?t=186331&page=2

I don't consider it to be definitive, and its quite possible KAV benefited from istreams, which I believe resets after each update.

It costs me nothing to have a resident AV particularly a free one. Nuff said.

{QUOTE-> It costs me nothing to have a resident AV particularly a free one. Nuff said. <-QUOTE}

Sure it does. System performance. May not matter to you but it is there.

{QUOTE-> Sure it does. System performance. May not matter to you but it is there. <-QUOTE}

How much performance degradation are we talking about here? I am currently using AVG and while its not perfect, I can still play online games and get my work done. I am certainly not going to be scanning while playing or doing some crucial work but I don't need to shut it down. With most AV you can control when it should be scanning which I will do when I'm out for lunch or doing something else. The overall my point is that having it is not that big of a deal.

If users have found an antivirus program that works for them, they should use it.

There is absolutely no reason not to use any antivirus program that may stop malware, if the antivirus program runs well on your system.