It's been a while since I've last had a virus living on my PC. And playing in linux without an AV is fun, which led me to think, I should go naked.

I still wish to have a scanner (on demand), one which doesn't run in the background (no services). I just manually scan when I feel like.

My question is, which do you recommend I use? I'm not very knowledgable in the stand alone category :/

There are a few online AV scanners that are available. Bitdefender has a free on-demand program (version 10) for those that don't want a resident AV program.

http://www.bitdefender.com/site/Downloads/browseEvaluationVersion/1/42/

I've used several of the online scanners listed in my signature area, but can't say which is better.

BitDefender caught my eye, but last time I remember from using the on demand, doesn't it sit in the background anyway (as a service) ?

Bitdefender Does have the free on demand scanner,although not real time it still runs for the auto updates there for does use some resources.

-{ Quote: "It's been a while since I've last had a virus living on my PC. And playing in linux without an AV is fun, which led me to think, I should go naked.

I still wish to have a scanner (on demand), one which doesn't run in the background (no services). I just manually scan when I feel like.

My question is, which do you recommend I use? I'm not very knowledgable in the stand alone category :/" }-

Going naked, huh. Yeah, Linux will do that to you. And the weather IS getting warmer so....sure, why not. ;). I've been going naked for a while now, too. Yeah, a former/part-time Linux user here as well. Good luck.

Thanks 8). Linux has grown on me in some ways. It's a good thing I believe.
I'll give Bitdefender a go, and maybe a few others (not sure which yet).


EDIT:
So I tried bit defender 10 free, and didn't like it. If only they made it as light as BD AV 2008. I also had some issues with a file it was trying to install (getting the vista error for compatibility).



Are there any that only run when called on via right click context menu?

Download and run Dr. Web CureIt (http://freedrweb.com/cureit/) when you feel like running a scan. It's updated on a regular basis so you will need to download a new version each time you want to run a scan, especially if the scans are more than a few days apart. Otherwise you can use the NOD32 (http://www.eset.com/onlinescan/) & F-Secure (http://support.f-secure.com/enu/home/ols.shtml) online scanners.

Dr web looks like a good option. I like that Av :D

Dr. Web CureIt is great. Since I don't normally run an antivirus on my system Dr. Web CureIt is always my choice when I get a little paranoid and wish to do a scan. Again, it's a great choice. I do wish they (Dr. Web developers)would allow it to update the database without having to download a new version each time, though.

Later...

I wouldn't mind downloading the update when needed. It gives me the feeling they are keeping on track with their products.

EDIT:
What about Microworld Escan? They seem to have an on demand, and it uses the Kaspersky engine? The detections seem pretty good on AV-Comp.

Its not so important whether a service is running, the issue is what is that service doing. There are a bunch of AV's that can be set up with the on access scanner disabled, or you could use Clam AV, a free open source scanner that is on demand only.

I guess you have old slow hardware and want to have it run a bit more quickly. Try Avira free, or AVG free without installing the web scanner (if that is possible).

I have a fairly new Laptop , pretty powerful, rather I like running the system as lean and fast as possible especially with vista.

My reasoning for on demand and the service issue is strictly personal preference. I thought of clam but the detections aren't so great.

My choices have been narrowed to Dr Web Cureit or Escan

-{ Quote: "My choices have been narrowed to Dr Web Cureit or Escan" }-If those are the constraints, my personal preference would be Dr Web CureIt. No overwhelming reason. It's solid. It works.

Blue

Okay then, choice is made!
Thanks everyone :thumb:

I always recommend to use at least some active free antivirus. On-demand scans wont do you any good when half of your system is infected with Virut or PGP coder... I'm not a high risk user and i know quiet some about malware and i still wouldn't take chances with such malware. A bit performance overhead is nothing compared to lost data and countless hours attempting to recover it.

I have to agree with Rejzor actually. About the only way I would go without at least SOME active protection is if I were using maybe Returnil, where whatever happens goes away after a reboot. Linux is great, lol, I loved not having any security programs running, but, when you have to step back into Windows you're quickly tossed right back into reality.

I personally think if you pick 1 security tool and 1 only, it should be an active antivirus. On today's internet, you no longer have to go looking for trouble to find it. Just my opinion of course :)

-{ Quote: "I always recommend to use at least some active free antivirus. On-demand scans wont do you any good when half of your system is infected with Virut or PGP coder... I'm not a high risk user and i know quiet some about malware and i still wouldn't take chances with such malware. A bit performance overhead is nothing compared to lost data and countless hours attempting to recover it." }-
I think depending on your combo, there are times when going without an actIve AV will work.

-{ Quote: "A bit performance overhead is nothing compared to lost data and countless hours attempting to recover it." }-
Why are you making it sound like users are forced to choose from only two available options: a bit of performance overhead, and losing time and data?

It never ceases to amaze me how people think that an antivirus is THE tool for fighting malware, and other software are just essentially there to back up the antivirus.

Relatively speaking, antivirus software have since fallen hopelessly behind other defensive measures. They're doomed to be forever inferior to sandboxes, HIPS, behavior blockers, access policies etc simply by the nature of how the technologies work. Antivirus software still have their role to play, but for those people who still cling to the archaic mindset that antivirus = protection, and no antivirus = no protection, you're missing out on the variety of possibilities beyond that very narrow and confined view.

-{ Quote: "A bit performance overhead is nothing compared to lost data and countless hours attempting to recover it." }-While I agree in general and do not tend to run without an active AV myself, there are so many other factors that are germane to the general question that it is basically impossible to provide an all encompassing response.

If the plan is to run without a realtime monitoring AV, but to employ a demand only AV, there are a number of demand-only options available and suitable for the task at hand, which the responses above have covered. There are others as well.

There are also a number of OS level configuration/implementation strategies that would significantly aid in overall protection for this type of system and they are well discussed here and elsewhere. Obviously, any user has to perform some level of due diligence as to risk when they step outside of what would reasonably be described as the broadly recommended approach. That would include making a learned assessment of potential downside scenarios and planning accordingly.

Blue

Well I decieded to go naked myself........
Oh yeah, dropped the AV too. ;D
We'll see how well I like the new setup, weather or not I keep it this way.

you will be fine loneWolf. I cant even remember the last time something hit me.... Most of the Sandbox, Virtual Software and the restore softwares are really one needs. I mean in my case it is only SS guarding the net and email. I may periodacally scan with Cure it, and if I did fine something just a simple reboot to roll back to another snap shot is all that is required. I can still test stuff.

No, AVs still have their place, but it sure as hell isnt at the top of the food chain.;)

That's the thing with me. I haven't been infected, or even close to infected in such a long time. This means no alerts from any real time scanners, nor from a manual scan, with viruses and malware etc.

Malware I expect once and a while, and have been doing on demand scans and has worked fine.

The issue I'm finding is I have that locked mindset that no av = no protection. I've noticed it today :-\ I know I'll be fine and can manage, but ive used an av for so long that I got the idea stuck in my head that I need to.

If I am going AV-less especially to gain back performance without it, i would also not use any other real time security app because that would be the same as running the AV itself.

-{ Quote: "A bit performance overhead is nothing compared to lost data and countless hours attempting to recover it." }-
I am somewhat of the opposite opinion I guess.. For me, performance is paramount. If I don't have good fast browsing and snappy overall system performance, then I am annoyed with the whole PC. On the other hand, I don't mind reformatting and spending a few hours setting up fresh if and when necessary, that's no big deal to me. So I'd rather go ahead and take my chances without an AV or HIPS, and probably do fine for months or years with good performance, and if disaster strikes, then start over. Any valuable data I always have stored on CD or DVD or backup anyway.

I think the performance gains stated are a little over rated. For me, it is nice not to hear that ever churning noise, of my files having their repetitive colonoscopy performed.

As a home user I see the biggest threat as the web browser.

I agree, one does not need an AV to stay clean. My opinion programs such as sandboxie,returnil,defensewall-behavior blocker surpass any AV,but would not hurt to a scan every so often and of course backing up a clean image.

-{ Quote: "Well I decieded to go naked myself........
Oh yeah, dropped the AV too. ;D
We'll see how well I like the new setup, weather or not I keep it this way." }-
Good luck! ::)

-{ Quote: "...which led me to think, I should go naked." }-Please be considerate to others...

...and cover up your dangly bits. ;D

More seriously, anyone looking at the no-AV approach should ensure that they have some means of controlling what gets run on their systems. In the DOS days, nothing would happen without some typing on your part but with Windows, there are an ever-increasing number of services that can run things behind your back and make system changes without your consent.

BlueZannetti touches on this with his mention of OS configuration - I would go a step further and recommend running process control software that intercepts (and prompts you whether to allow or not) the running of any new program. System Safety Monitor (www.syssafety.com) is one good example (which has been around for a few years now) but an increasing number of Windows firewalls are also offering similar features. They can add a performance overhead, but it should be a fraction of that from a typical AV background scanner.

I'm also totally naked (all off) and I don't use any AV/AS/AT/AK/AR/... scanner anymore for more than a half year.
My computer cleans and repairs itself automatically instead of giving me all the work.

I've tested this of course and I ran every top-notch and mediocre scanner, I could get in the last two months, using the same procedure : install - update - full scan - uninstall.
They didn't detect anything, not even a MRU or tracking cookie, except f/p's like ShadowProtect, Anti-Executable, IZArc, ...
In theory, I knew in advance, it would be like this, but I had to prove it in practice also.

This is my daily weapon, I keep my real weapon in the background.
No bad guy is going to get me, because this good guy is running faster than them, while using scanners is running after the bad guys, picking up their droppings, a no-win situation. :)

-{ Quote: "I'm also totally naked (all off) and I don't use any AV/AS/AT/AK/AR/... scanner anymore for more than a half year.
My computer cleans and repairs itself automatically instead of giving me all the work.

I've tested this of course and I ran every top-notch and mediocre scanner, I could get in the last two months, using the same procedure : install - update - full scan - uninstall.
They didn't detect anything, not even a MRU or tracking cookie, except f/p's like ShadowProtect, Anti-Executable, IZArc, ...
In theory, I knew in advance, it would be like this, but I had to prove it in practice also.

This is my daily weapon, I keep my real weapon in the background.
No bad guy is going to get me, because this good guy is running faster than them, while using scanners is running after the bad guys, picking up their droppings, a no-win situation. :)" }-

Haha I don't really think you are naked ErikAlbert. In fact, you have quite a number of software that you use for security purposes. Just because you don't have an on demand scanner doesn't count :P

-{ Quote: "Haha I don't really think you are naked ErikAlbert. In fact, you have quite a number of software that you use for security purposes. Just because you don't have an on demand scanner doesn't count :P" }-
Only 4 security softwares ? Do you call that much ? I've seen setups of 30+ security softwares. I only need these softwares to stop the execution of malware and save the period between two reboots, they all fail sometimes, but I remove their mistakes anyway. Security softwares fail too much, my recovery never failed.
I don't even know what these 4 security softwares are doing, except Anti-Executable.

If you're going to install on-demand scanners, I'd recommend those that are fast, like Antivir, NOD32, Prevx CSI, F-Prot. For example, install Antivir free without the Guard and other modules, download Prevx CSI (very fast scanner for critical areas) and use ESET online scanner. You can't get much better than this.

-{ Quote: "If you're going to install on-demand scanners, I'd recommend those that are fast, like Antivir, NOD32, Prevx CSI, F-Prot. For example, install Antivir free without the Guard and other modules, download Prevx CSI (very fast scanner for critical areas) and use ESET online scanner. You can't get much better than this." }-

I agree,not that much,surprised me you not included Dr Web Cureit ! ;)

CureIt is good, but it's painfully slow to do a full system scan. You can do full scans with Antivir and ESET in the time Dr.Web takes for scanning the complete system.
For fast scanning of memory and critical areas, Prevx CSI can't be beaten.

-{ Quote: "CureIt is good, but it's painfully slow to do a full system scan. You can do full scans with Antivir and ESET in the time Dr.Web takes for scanning the complete system.
For fast scanning of memory and critical areas, Prevx CSI can't be beaten." }-

Yes this was also my finding,painfully slow,will give others a whirl.

-{ Quote: "CureIt is good, but it's painfully slow to do a full system scan. You can do full scans with Antivir and ESET in the time Dr.Web takes for scanning the complete system.
For fast scanning of memory and critical areas, Prevx CSI can't be beaten." }-
cureit scans a hell of a lot more than both those mentioned.

Please name a fast scanner with good removal and ability to actually cure a threat.

quality over speed any day of the week.

do people disagree? ;)

For a standalone CureIt is quite configurable if one would care to look.

-{ Quote: "cureit scans a hell of a lot more than both those mentioned.

Please name a fast scanner with good removal and ability to actually cure a threat.

quality over speed any day of the week.

do people disagree? ;)" }-

Both NOD32 and AntiVir would meet those criteria.

-{ Quote: "Both NOD32 and AntiVir would meet those criteria." }-
antivir is very bad at removal. nod32 version 2.7 is bad at removal and i dont know how much version 3 of nod32 has improved with cleaning and removal.

Interesting, sorry, I mistook the meaning.

IMO though, once you're infected it's game over and a wipe and rebuild is the only way to be sure you get it all.

-{ Quote: "antivir is very bad at removal. nod32 version 2.7 is bad at removal and i dont know how much version 3 of nod32 has improved with cleaning and removal." }-
its not just removal, its how deep the scanners are and what they actually do scan.

sure, flat-file scanning will be fine for testing... but an actual infected machine, these fast scanners are a complete joke!

-{ Quote: "antivir is very bad at removal. nod32 version 2.7 is bad at removal and i dont know how much version 3 of nod32 has improved with cleaning and removal." }-
I don't value removal much myself... if something actually did get on here successfully, then it's either restore from image or reformat time for me. I don't really trust any program to remove a problem or mess...

-{ Quote: "I don't really trust any program to remove a problem or mess..." }-
Yup. Go for your backups and done.
-{ Quote: "its how deep the scanners are and what they actually do scan." }-
They go deep enough to find vast amounts of malware. Deep scanning (of the files' content and of the raw drives) doesn't need to be slow. You can do rootkit scanning and/or integrity checking in few minutes.

-{ Quote: "sure, flat-file scanning will be fine for testing... but an actual infected machine, these fast scanners are a complete joke!" }-
The problem is you need to be able to detect the bad stuff first before you can clean it. Only after the scanner can find out that something is amiss, does the question of cleaning arise.

My experience with scanners is that restoring a clean image takes less time than running one scanner. So you better restore a clean image, than running one or more scanners.

-{ Quote: "
They go deep enough to find vast amounts of malware. Deep scanning (of the files' content and of the raw drives) doesn't need to be slow. You can do rootkit scanning and/or integrity checking in few minutes." }-
yeah, deep enough to find those files in the folder labelled 'Malware' located on X:

so, you think these scanners are worth using to detect and cleanup a system?

people should really ask themselfs, "why are they sooo quick?"

-{ Quote: "people should really ask themselfs, "why are they sooo quick?"" }-
Maybe because they have well-written, effective detection algorithms and efficient programming?

I don't know, you say it like being fast is a bad thing and being slow is good. Now if the slow scanners had better detection rates than the fast ones, you might have a case there. But as it is... ;)

-{ Quote: "My experience with scanners is that restoring a clean image takes less time than running one scanner. So you better restore a clean image, than running one or more scanners." }-


Yeah Erik, maybe so, but does that not completely depend on how the end user uses his/her system? If they are a downloader (not just P2P, but regularly tries new programs out), wouldn't trying to keep an updated clean image be more of a hassle than it's worth? You'll have to excuse me if I sound uneducated in image matters because I am, I haven't went that route before :)

Also, if they did just keep around on demand scanners, wouldn't every update also require a new image? This sounds like a pretty decent time consumer. Again I'm not sure how such things are actually done in practice. It's an interesting concept if 1. There is an easier way than constantly updating an image. 2. There is a freebie program that does this.

Edit: Nvm, images would be impossible in my current config as I have only 1 hard drive :) Provided my drive doesn't die, lol, I believe the best solution for me to get rid of any malware that makes it to me is to use Returnil.

-{ Quote: "so, you think these scanners are worth using to detect and cleanup a system?" }-
Yes, although I don't rely on them for cleanup. I do the cleanup manually when I have to fix an infected system. I will restore a clean image when one of my systems is deemed infected by forensic analysis/integrity checking/AV scanning.
-{ Quote: "people should really ask themselfs, "why are they sooo quick?"" }-
Symantec is a product recognized by its cleanup abilities (at least in tests) and it's a fast scanner with >95 % detection rates and very low FPs.
Neither I nor you have the required knowledge to discuss highly technical matters about scanning engines. But, one thing is clear, you don't need to be the King of unpacking to have decent detection rates (both reactive and proactive) and you don't need to scan slowly a disk volume to uncover hidden threats.
Moreover, some of the fastest scanners do advanced things (emulation, sandboxing, decent unpacking, etc) which should cause a massive slowdown. But they manage to do those advanced tricks while being fast.

well, regardless of what 'someone' may say.

Norton is another fast scanner, with terrible removal.

this is from personal experience, half the time it doesnt even attempt to remove anything "detected 1, removed 0" seems to be the norm.

----
as for good programming, maybe they think they have smarter more dedicated staff than the slower scanners.

lol

slower scanners tend to scan more, this is true for kaspersky and drweb at the very least.

companys who choose quality over speed, but it seems speed sells more.

at least drwebs cureit is free for all, i 'recommend' they charge you all for it, maybe only then... sense will be seen in the more through scans. :)

-{ Quote: "slower scanners tend to scan more, this is true for kaspersky and drweb at the very least." }-
Scan "more"?

More of what, exactly? One of the two you mentioned as examples certainly isn't finding more than most of its faster counterparts, at any rate. :argh:

-{ Quote: "Yeah Erik, maybe so, but does that not completely depend on how the end user uses his/her system? If they are a downloader (not just P2P, but regularly tries new programs out), wouldn't trying to keep an updated clean image be more of a hassle than it's worth? You'll have to excuse me if I sound uneducated in image matters because I am, I haven't went that route before :)

Also, if they did just keep around on demand scanners, wouldn't every update also require a new image? This sounds like a pretty decent time consumer. Again I'm not sure how such things are actually done in practice. It's an interesting concept if 1. There is an easier way than constantly updating an image. 2. There is a freebie program that does this.

Edit: Nvm, images would be impossible in my current config as I have only 1 hard drive :) Provided my drive doesn't die, lol, I believe the best solution for me to get rid of any malware that makes it to me is to use Returnil." }-
Yes but you have a classical hardware and software setup and you probably have only ONE harddisk/partition with everything on it. It's not only about restoring images, it's a combination of many things.

-{ Quote: "Yes but you have a classical hardware and software setup and you probably have only ONE harddisk/partition with everything on it. It's not only about restoring images, it's a combination of many things." }-

Yeah, that's exactly how my Windows is set up. Old habits die hard I guess :)

-{ Quote: "as for good programming, maybe they think they have smarter more dedicated staff than the slower scanners." }-
Symantec has one of the most advanced engines. People like Peter Szor and Peter Ferrie are renowned experts on Win32 malware and PE infectors. Symantec seems to have good unpacking abilities, an emulator, behaviour-based heuristics and so on and it's fast.
-{ Quote: "slower scanners tend to scan more, this is true for kaspersky and drweb at the very least." }-
Slower scanners tend to unpack more stuff and/or lack certain optimizations/tricks. However, this doesn't seem to improve their detection rates by much.
Being able to unwrap one or two more layers of obfuscation doesn't seem to add much.
-{ Quote: "but it seems speed sells more." }-
If anyone can prove me than scanning 5x slower will bring sensible improvements in detection rates of both inactive or active malware, slower scanners could have an argument. Judging by recent threads, even Dr.Web users try to avoid full system scans unchecking archives and so on.

-{ Quote: "slower scanners tend to scan more, this is true for kaspersky and drweb at the very least.

companys who choose quality over speed" }-
Agreed :thumb:
Pure personal experience with Kaspersky, in my case.

-{ Quote: "I've tested this of course and I ran every top-notch and mediocre scanner, I could get in the last two months, using the same procedure : install - update - full scan - uninstall.
They didn't detect anything, not even a MRU or tracking cookie, except f/p's like ShadowProtect, Anti-Executable, IZArc, ...
In theory, I knew in advance, it would be like this, but I had to prove it in practice also." }-
Really? ::) why you bother on trying every AV out there? don't you trust on your 'own' security setup? afraid of the dark? ::)

-{ Quote: "IMO though, once you're infected it's game over and a wipe and rebuild is the only way to be sure you get it all." }-

So when you get reinfected a few days later are you supposed to "wipe and rebuild" again?

Re4mat would be the last option for me, installing hrs of updates and replacing software re establise internet and setting up user setting back to prior is a pain in the A** however I usual re4mat once a yr by choice.

-{ Quote: "For fast scanning of memory and critical areas, Prevx CSI can't be beaten." }-I'm sorry but I'm skeptical about Prevx CSI, specifically this: "(*Please note malware removal requires a cleanup license)." It does point to a possible ulterior motive for finding malware. But from experience too I speak. With Prevx2.0 on my computer sometime ago, the policy was something about using it for free for 30 days after it discovered its first detection. During the initial scan it flagged four files (all false positives) and said they were malware. One or two were archived ZoneAlarm set-up files. The 30 day period started ticking at that point. Prevx tech support said the files were good, but never addressed my concern that the 30 day counter had been triggered. This causes me to suspect their "Detection Only, Purchase License" policy with the free Prevx CSI.

-{ Quote: "So when you get reinfected a few days later are you supposed to "wipe and rebuild" again?" }-

Around that point I would seriously re-evaluate my computing habits.

-{ Quote: "Really? ::) why you bother on trying every AV out there? don't you trust on your 'own' security setup? afraid of the dark? ::)" }-
Of course I don't trust my own setup and certainly not with my poor knowledge.
The only way to find out is running as many scanners as I can get, because I don't see the difference between a good and a bad object.
I'm not an expert like you who smells a malware miles away, I have to use scanners to get a professional opinion.
It's not about being afraid in the dark, that is for kids, it's just a one-time verification of my setup.

-{ Quote: "So when you get reinfected a few days later are you supposed to "wipe and rebuild" again?" }-

Could always just restore a clean system image made with Acronis, Shadow Protect or any one of a number of programs. Takes very little time and you would then be as certain as you can be that the infection was gone. Although I have never been infected If it ever happened I would certainly not be happy with some clean up program - restoring a clean image would make me feel a lot safer.

-{ Quote: "The 30 day period started ticking at that point. Prevx tech support said the files were good, but never addressed my concern that the 30 day counter had been triggered." }-
That's bad. Prevx tech support said here that they would reset the trial period if Prevx found FPs.
-{ Quote: "I'm sorry but I'm skeptical about Prevx CSI, specifically this: "(*Please note malware removal requires a cleanup license)."" }-
The free Prevx CSI only offers detection, not cleanup. I'm fine with that. Rootkit scanning and free access to the Prevx database isn't too shabby.

Isn't it the case that you only pay for Prevx CSI if you use it to clean ? so if you
run a clean system there is nothing to pay.
I use these free programs by installing when Returnil/deepfeeze are in protected mode so when they are finished they are gone. I don't mind that a full scan with cureit takes a while. I just go and do something else. Even though I have never found anything bad I like to check every month or so just to be safe.

If I was you I'd pay for Kaspersky. They're really dedicated into their job. The best alternative to it would be Avira Personal Edition Classic.

-{ Quote: "I'm not an expert like you who smells a malware miles away, I have to use scanners to get a professional opinion.
It's not about being afraid in the dark, that is for kids, it's just a one-time verification of my setup." }-
Obviously you didn't get a thing about 'being in the dark'..
I'm not that surprised at all, taking your own words, "i knew it in advance": i just took a look at your sig ;)
Besides, it's too paranoid for my taste :shifty:

Expert? you seem like you forgot to give credits to my one and only security app! ::)
I don't have a good nose for the malware :(

Geschützt
Geschützter
G DATA

I am not exactly sure what the motivation for going "naked" is. Perhaps the OP has an old PC that runs slow with curent AV software.

All I can say is if your banking password gets stolen by a trojan you can expect your bank to tell you it was your fault for not following accepted best practices. If your machine becomes infected and causes damage to someone else, what is your explanation?

-{ Quote: "I still wish to have a scanner (on demand), one which doesn't run in the background (no services). I just manually scan when I feel like.

My question is, which do you recommend I use? I'm not very knowledgable in the stand alone category :/" }-
You may be pleasantly surprised with Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam.php). I know I was. Lots of updates, a nice GUI, good detection rate and used by folks who clean hosed computers.

-{ Quote: "
Besides, it's too paranoid for my taste :shifty:
" }-
Paranoid is a mental disease and paranoid people, don't think in the right proportions anymore. I'm not even a fan of anything, why should I be paranoid.

I just know that scanners aren't the right way to keep your computer malware-free and that has been proven over and over again, facts are facts.
But lots of users seem to feel comfortable with the message "0 threats found", I don't because I know it isn't necessarily true.
The most easy solution to fix a problem is denying the problem, that's not my way to solve problems.

If you think that my setup is a handicap, forget it, I can do everything like in the past, but without having the garbage or removing the garbage. Too much work and inconventient and above all a waste of time. :)

A boot to a clean system is probably the most straightforward approach to get rid of any changes but for many to do so is after some time a bit boring,don't forget many like to play always with new or different setups,for them its the ultimate joy of computing. How many beg here for virus samples to play with or asking for dodgy sites to download these stuff,so in a way many are not looking for best protection but actually looking for toys to play with.

I got cold being naked. Had to add some socks back on.;)

-{ Quote: "You may be pleasantly surprised with Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam.php). I know I was. Lots of updates, a nice GUI, good detection rate and used by folks who clean hosed computers." }-

You forgot excellent support. ;D
http://www.malwarebytes.org/forums/

-{ Quote: "I got cold being naked. Had to add some socks back on.;)" }-

You? I damn near caught pneumonia. ;D

If one decides to go naked I suggest a dedicated partition where a very simple reinstall of the OS and service packs and browser would allow for a fast reinstall.

My XP with SP2, (on a CD) drivers, and browser (Firefox) takes only about 34 minutes (no prep time included). Not a bad "time price" if one wants to go naked. ( I decided to time it for accuracy purposes).

Of course an image restore of this same partition is under 4 minutes with TI10 (restore only not including prep time and "incidentals"--total 10 minutes tops).

A few minutes to go naked might make it a hobby of sorts.

Fully agree Cortez - this is the conclusion I reached in Jan 07. See my sig for my
security. If an infection gets thru then I will restore with an image assuming that
deepfreeze has failed.

I do agree on the comments made on Kaspersky for being a quality product. I admit they are great at what they do. The only issue is the speed for me, especially on a laptop running vista. I don't have a grudge against the product just on this issue, it just happens that way for more reasons than one.

On the other hand, Nod32 v3 is incredibly fast in scanning on vista. It scanned my entire computer in 10 minutes. While others like Avast and Avira took longer, the former taking the longest.

Whether or not it means one catches more than the other, I can't say as I didn't catch anything with them at the time. It 'feels' like the AV is doing a better job when it takes longer.

Personally, I felt safest with Kaspersky, but then again I took the compromise of going with speed and great detections. I'm not that hazardous of a user :P

I guess going naked for me didn't last long. The insecure feeling crept up really fast and since then have settled on trying out Nod32v3 again for the time being. I'm very pleased :)

AV-Comparatives (http://www.av-comparatives.org/), Virus Bulletin (http://www.virusbtn.com/vb100/archive/2008/04) and AV-Test (http://www.virusbtn.com/news/2008/03_13a.xml) all show NOD32 to be one of the top AV scanners around.

If the Eset page is right and they do use a lot of hand-written assembly code for their scanner, then it's no wonder it manages to be both thorough and fast. Certainly will become my scanner of choice as Avira's support appears to have failed me.

Sometimes slow just means slow.

-{ Quote: "I do agree on the comments made on Kaspersky for being a quality product. I admit they are great at what they do. The only issue is the speed for me, especially on a laptop running vista. I don't have a grudge against the product just on this issue, it just happens that way for more reasons than one.

On the other hand, Nod32 v3 is incredibly fast in scanning on vista. It scanned my entire computer in 10 minutes. While others like Avast and Avira took longer, the former taking the longest.

Whether or not it means one catches more than the other, I can't say as I didn't catch anything with them at the time. It 'feels' like the AV is doing a better job when it takes longer.

Personally, I felt safest with Kaspersky, but then again I took the compromise of going with speed and great detections. I'm not that hazardous of a user :P

I guess going naked for me didn't last long. The insecure feeling crept up really fast and since then have settled on trying out Nod32v3 again for the time being. I'm very pleased :)" }-

NOD32 v3 is certainly faster than Kaspersky 7 on doing a full scan, mainly because each has a different deffinition of what a "full scan" means. To me it means that every file on my PC is scanned, even the ones in archives. kaspersky does this, but it does take a long, long time (on my machine 2 x 320 Gb and 2 x 250Gb drives with a total of around 550Gb of data). NOD32 v3 does not do this and scans are subsequently much faster. This does mean that a NOD32 v3 (and v2 for that matter) user is relying on the realtime scanner more.

Both are top notch AV's, they just do things a little differently.

Hmm that's interesting to know. Does that mean when I right click on a zipped file and scan it, it doesn't actually go into the archive to check? I've scanned a 1+GB archived file with Nod32v3 and it would finish almost instantaneously...

-{ Quote: "NOD32 v3 is certainly faster than Kaspersky 7 on doing a full scan, mainly because each has a different deffinition of what a "full scan" means. To me it means that every file on my PC is scanned, even the ones in archives. kaspersky does this, but it does take a long, long time (on my machine 2 x 320 Gb and 2 x 250Gb drives with a total of around 550Gb of data). NOD32 v3 does not do this and scans are subsequently much faster. This does mean that a NOD32 v3 (and v2 for that matter) user is relying on the realtime scanner more.

Both are top notch AV's, they just do things a little differently." }-NOD scans inside archives although you can't go wrong with any of the products mentioned by L815.

-{ Quote: "NOD32 v3 is certainly faster than Kaspersky 7 on doing a full scan, mainly because each has a different deffinition of what a "full scan" means. To me it means that every file on my PC is scanned, even the ones in archives. kaspersky does this, but it does take a long, long time (on my machine 2 x 320 Gb and 2 x 250Gb drives with a total of around 550Gb of data). NOD32 v3 does not do this and scans are subsequently much faster. This does mean that a NOD32 v3 (and v2 for that matter) user is relying on the realtime scanner more. " }-

This is incorrect. A "Full Scan" -- or "In-Depth Scan" as NOD32 calls it -- by default will scan everything except "E-mail Files" and "Unwanted Programs".

I thought this thread was "Thinking about going naked" ? How come it has now become a discussion about different unnecessary AV programs ?

How a AV scans can be a reason to go naked :isay:

-{ Quote: "How a AV scans can be a reason to go naked :isay:" }-
True - very true. or as in my case - none of them ever found anything anyway
(apart from usual false positives) so I just removed them and have never regretted doing so.

-{ Quote: "True - very true. or as in my case - none of them ever found anything anyway
(apart from usual false positives) so I just removed them and have never regretted doing so." }-

Same here, though I don't even get false positives! But it feels weird running with no protection :wacko:

Fear of the unknown, that's all. I ran for years without AV, only using it now out of technical interest more than anything.

That sounds about right. I enjoy trying out software, looking for new software. I'm also a software engineer, which keep my interests in this area :)

-{ Quote: "Same here, though I don't even get false positives! But it feels weird running with no protection :wacko:" }-
Getting false positives or none, depends on which softwares you installed and which scanners you try.
I got f/p's like ShadowProtect, Anti-Executable, IZArc and a few others, I don't remember anymore.

-{ Quote: "Getting false positives or none, depends on which softwares you installed and which scanners you try.
I got f/p's like ShadowProtect, Anti-Executable, IZArc and a few others, I don't remember anymore." }-

I have gotten false positives with Antivir personal 7 almost a year back with a few common things, like a game executable and maybe a program I'd write (nothing malicious)

With the recent release of 8, nothing has been showing up, neither with Nod32 v3, or Avast 4, or Avg 8. I wanted to try Kaspersky 2009, but I kept getting update and component errors (tried re-installing 3 times).

In the end, I realized I just haven't been abusing my internet usage like I would back in the day.

To be frank, since Open-Source and my interest in Linux has risen, I find myself not pirating software. Besides the few cookie warnings I get, there hasn't been real reason to be infected up to this point.

I don't care that much about FP, one can always:
1.- get a second opinion if one has the suspision that is a FP
2.- ask here in wilders (:thumb:)
and/or
3.- google the file name.

I'm more worried about False Negatives, and that is why I ditched my real-time AV (if it really can be called naked ;D)

-{ Quote: "so I just removed them and have never regretted doing so." }-
I hope you'll never have to ;)

-{ Quote: "I hope you'll never have to ;)" }-

I understand your concern but for years people have essentially been saying "sooner or later" you will regret. In 12 years nothing bad has happened. OK risks have changed over those years but I'm still not convinced that any av, as, or hips program that I have seen will significantly reduce the chances of my getting contaminated. For all of use there will always be a small probability of getting infected.I just prefer to live with that probability (and expect to restore my systems should disaster strike ) rather than try to make a small probability smaller.

-{ Quote: "I understand your concern but for years people have essentially been saying "sooner or later" you will regret. In 12 years nothing bad has happened. OK risks have changed over those years but I'm still not convinced that any av, as, or hips program that I have seen will significantly reduce the chances of my getting contaminated. For all of use there will always be a small probability of getting infected.I just prefer to live with that probability (and expect to restore my systems should disaster strike ) rather than try to make a small probability smaller." }-

Do you run anything like superantispyware or asquared?

-{ Quote: "Do you run anything like superantispyware or asquared?" }-


every month or so - with DeepFreeze or returnil or shadow defender running I load up one of a number of av or as programs just to check. So this morning I did install SA this morning - ran a full scan and as alway found nothing. Will now reboot and Super AS will be gone until needed in June or July.

I waited about 6 months before I started running scanners again. Nothing but f/p's, like ShadowProtect, Anti-Executable, ... quite amusing.
But I wasn't surprised, because it was theoretical impossible to get infected.
I only wanted a confirmation of my theory. Now I'm going to wait one year.

A malware is able to install itself, when it bypasses my security softwares, because these softwares can't be fully trusted. That's why all security softwares have a second place in my security setup.
This is old news and proven over and over again.

However installed malware as an object, can't survive in my system partition, because all these objects are removed, not as malware but as a "change" during reboot.

When you tell this at Wilders, everybody tries to discourage you of course with the most frightening stories, like Joanna's Invisible Things, Rootkits, hardware viruses and ghost stories, which are hardly proved.
They never tell you any details, they only want to scare you, well good guys don't scare good guys.

Each time, I upgrade my system partition, I don't use my actual system partition like many users do.
I use my clean system partition and after upgrading, a copy of my clean system partition becomes my new actual system partition, preceeded by zeroing my harddisk.
Now which invisible malware is going to survive this ?

I don't do this to remove invisible malware, it's my STANDARD way of upgrading my system partition, because my actual system partition has been on-line TOO LONG and can't be trusted anymore.

It takes 10 minuts to restore my clean system partition, while any big scanner needs more than 20 minuts to scan my system partition and that time difference was ridiculous to me.
My reboot-to-restore takes 2 minuts, while any big scanner needs more than 20 minuts to do the same job and that is just ONE scanner. That time difference was totally absurd to me.
My reboot does alot more than this, but that has nothing to do with going naked.

If you really want to change things and go naked, you have to change EVERYTHING : new philosophy, new softwares, new habits and new procedures of doing things and FORGET the past. :)

-{ Quote: "I waited about 6 months before I started running scanners again. Nothing but f/p's, like ShadowProtect, Anti-Executable, ... quite amusing.
But I wasn't surprised, because it was theoretical impossible to get infected.
I only wanted a confirmation of my theory. Now I'm going to wait one year." }-Erik,

I'll simply state the obvious here from your postings...., despite your contention that you don't use scanners, you do a whole lot more scanning that I do - mine is realtime, your's is on-demand - aside from that, there is no difference. Coverage is coverage.

-{ Quote: "When you tell this at Wilders, everybody tries to discourage you of course with the most frightening stories, like Joanna's Invisible Things, Rootkits, hardware viruses and ghost stories, which are hardly proved.
They never tell you any details, they only want to scare you, well good guys don't scare good guys." }-While those comments are out there, I would be hard pressed to find uniform opinion that "everybody tries to discourage you". We have tried to get you to understand what your approach can and cannot accomplish.

-{ Quote: "I don't do this to remove invisible malware, it's my STANDARD way of upgrading my system partition, because my actual system partition has been on-line TOO LONG and can't be trusted anymore." }-If your partition cannot be trusted, what does that say about your confidence in the approach that you've taken? By the way, my personal belief is that your blanket statement (on-line TOO LONG) is ridiculous.

-{ Quote: "It takes 10 minuts to restore my clean system partition, while any big scanner needs more than 20 minuts to scan my system partition and that time difference was ridiculous to me." }-Yet, by your own statements, you scan anyway....

-{ Quote: "If you really want to change things and go naked, you have to change EVERYTHING : new philosophy, new softwares, new habits and new procedures of doing things and FORGET the past. :)" }-The words of Santayana are apropos... Those who cannot remember the past are condemned to repeat it.

Blue

Bluezanetti,
I used scanners to VERIFY my approach, who else is going to do this for me.
Are you going to check all my objects in my system partition, one by one to see if it is malware or not ? I don't think so.
My security setup is an experiment and needs to be verified. I'm not going to run scanners forever.

-{ Quote: "I used scanners to VERIFY my approach, who else is going to do this for me.
Are you going to check all my objects in my system partition, one by one to see if it is malware or not ? I don't think so.
My security setup is an experiment and needs to be verified. I'm not going to run scanners forever." }-Erik,

Since the capabilities of malware are not static, the verification you speak of is post-mortem verification only.

Personally, and I have stated this many many times, I think your strategy is fine as long as you maintain the discipline that you understand is required to practice this approach. That would include relying on an online scanner if you ever install/employ downloaded content in the future. If you're like most users, discipline will wane over time.

Blue

-{ Quote: "
If you really want to change things and go naked, you have to change EVERYTHING : new philosophy, new softwares, new habits and new procedures of doing things and FORGET the past. :)" }-

Difficult to say what "going naked" really means. Am I naked even though I use FF with add-ons ? I would say so but others might quite rightly disagree. I sit behind a netgear firewall router - to be naked would I have to use the "free" modem that is often given out by ISPs ?

Have you stopped using AE ? If not then I would question just how naked you really are - a question of definition I know but not sure how a program that operates as a policing action constantly in the background can be used and the system still called naked ?

-{ Quote: "Erik,

Since the capabilities of malware are not static, the verification you speak of is post-mortem verification only.

Personally, and I have stated this many many times, I think your strategy is fine as long as you maintain the discipline that you understand is required to practice this approach. That would include relying on an online scanner if you ever install/employ downloaded content in the future. If you're like most users, discipline will wane over time.

Blue" }-
Discipline ? What discipline ? Every security setup requires discipline, you just got used to it and forgot it was ever discipline. :)

-{ Quote: "Difficult to say what "going naked" really means. Am I naked even though I use FF with add-ons ? I would say so but others might quite rightly disagree. I sit behind a netgear firewall router - to be naked would I have to use the "free" modem that is often given out by ISPs ?

Have you stopped using AE ? If not then I would question just how naked you really are - a question of definition I know but not sure how a program that operates as a policing action constantly in the background can be used and the system still called naked ?" }-
I'm not going to play word games, not in a foreign language. "Going naked" is not mine, the OP used it.
Why would I stop using AE, because it doesn't fit in your approach ?

-{ Quote: "I'm not going to play word games, not in a foreign language. "Going naked" is not mine, the OP used it.
Why would I stop using AE, because it doesn't fit in your approach ?" }-

I'm not playing word games - it really is an important question - and can not be dismissed so easily. Also I didn't say you should stop using AE - I just pointed out that you are not really naked if you continue to do so. As to my approach - that is neither here nor there. I consider myself to be operating on a more naked basis than most but admitted that to be really naked I would probably have to use a modem and even downgrade to IE.

-{ Quote: "I'm not playing word games - it really is an important question - and can not be dismissed so easily. Also I didn't say you should stop using AE - I just pointed out that you are not really naked if you continue to do so. As to my approach - that is neither here nor there. I consider myself to be operating on a more naked basis than most but admitted that to be really naked I would probably have to use a modem and even downgrade to IE." }-
We both work with a frozen system partition. If you don't use any security software, malware can do anything.
So you need security softwares to stop the execution of malware between two reboots. AE does that, DefenseWall does that and any other softwares that does stop the execution is welcome in my system partition, except blacklist softwares.
Which softwares, you have to use to kill the execution is an endless discussion.
If my security softwares fail, my boot-to-restore will remove them anyway and that does not happen in a NORMAL system partition.

The reason why your scanners didn't find anything is DEEPFREEZE, not your security softwares. :)

-{ Quote: "

The reason why your scanners didn't find anything is DEEPFREEZE, not your security softwares. :)" }-

Perhaps I should change my signature ? ( done) when I first bought DeepFreeze I used it all the time. Then came Returnil - on all the time and then Shadow defender. The next change was to use Returnil with session lock. Being lazy I tend not to even use session lock much any more. I know the theory but tend to trust my bank etc.

So today on my main machine I should perhaps list FF, Netgear, and shadow protect as my only "security" with shadow protect being no more than a safety net. I do still run machines which are frozen but tend to think that they are clean not because they are frozen but because my surfing habits are fairly conservative and that risks in general are greatly exaggerated.

-{ Quote: "Perhaps I should change my signature ? ( done) when I first bought DeepFreeze I used it all the time. Then came Returnil - on all the time and then Shadow defender. The next change was to use Returnil with session lock. Being lazy I tend not to even use session lock much any more. I know the theory but tend to trust my bank etc.

So today on my main machine I should perhaps list FF, Netgear, and shadow protect as my only "security" with shadow protect being no more than a safety net. I do still run machines which are frozen but tend to think that they are clean not because they are frozen but because my surfing habits are fairly conservative and that risks in general are greatly exaggerated." }-
If I would only visit my bank website and Wilders, I don't need much security either, but that's not what I have in mind.
I'm already glad I don't have to spend any time anymore on cleaning my system partition, but I'm not satisfied yet, I want more, just don't know how to do it yet.

-{ Quote: "
Are you going to check all my objects in my system partition, one by one to see if it is malware or not ?" }-
Rootkit scanning, verification of digital signatures of system files, checking of auto startup entries and analyzing the filesystem from another system (LiveCD, BartPE, another HDD, etc) is all you need to know if a system is infected or not. You don't need to check every file by hand.

-{ Quote: "Difficult to say what "going naked" really means. Am I naked even though I use FF with add-ons ? I would say so but others might quite rightly disagree. I sit behind a netgear firewall router - to be naked would I have to use the "free" modem that is often given out by ISPs ?

Have you stopped using AE ? If not then I would question just how naked you really are - a question of definition I know but not sure how a program that operates as a policing action constantly in the background can be used and the system still called naked ?" }-

My original thought when creating the thread meant no realtime security software. No HIPS, no Anti-Virus, no realtime anti-malware etc...
On-demand was the intent if any security.

Having a linksys router and using a safer browser are becoming common practice, and thus I wouldn't include it, especially since I won't be able to get internet without the router ;)

-{ Quote: "If your partition cannot be trusted, what does that say about your confidence in the approach that you've taken? By the way, my personal belief is that your blanket statement (on-line TOO LONG) is ridiculous." }-
My thoughts exactly :)

I was using AVG Free 7.5 for a while, the 8.0 release is too bulky to my taste. I understand the desire to go without AV. Any AV is getting larger and slower.
And no warning about threats for me in a long time either.

Going without AV is a big step, and I decided to install Avast! Home Edition 4.8, but only the regular shield (on access scanner).
Nice lightweight.

On my general use computer Avira Premium just found an infected website and allowed me to refuse connection. Good thing I use Firefox with NoScript. Little things like that cause me to run full-time scanners on a computer that wades out in the unknown. 8)

SourMilk out

-{ Quote: "I was using AVG Free 7.5 for a while, the 8.0 release is too bulky to my taste. I understand the desire to go without AV. Any AV is getting larger and slower.
And no warning about threats for me in a long time either.

Going without AV is a big step, and I decided to install Avast! Home Edition 4.8, but only the regular shield (on access scanner).
Nice lightweight." }-
It´s like you mirroring my own behaviour...:)

I also understand the desire (and logic) of running without an AV, but as in your case, running without one is a very big step for me as well since I´ve used it since the early nineties, and breaking old habits is hard indeed. But I strongly advocating the whitelist approach and therefore realize that the blacklist approach AV scanners are using is yesterdays security approach, and not the future for securing your system. The only way I can see that this type of scanners can survive in the long run, is to change approach using a (almost as huge) database of whitelisted files/processes instead, and this move is already applied by some companies.

/C.

-{ Quote: "On my general use computer Avira Premium just found an infected website and allowed me to refuse connection. Good thing I use Firefox with NoScript. Little things like that cause me to run full-time scanners on a computer that wades out in the unknown. 8)

SourMilk out" }-


Don't quite follow. Would Firefox and Noscript have saved you ? if so why was Avira necessary ?

-{ Quote: "Don't quite follow. Would Firefox and Noscript have saved you ? if so why was Avira necessary ?" }-

Guess I'm a belt AND suspenders kind of guy. Besides, Avira Premium does other things like rootkit scans and spyware prevention.

SourMilk out

Recently I reconfigured my user accounts by making them members of the power users group, as opposed to administrators.
Running applications is not frustrating like when you run as limited user.
A power user isn't allowed to make systemwide changes.

In addition I run TeaTimer (http://www.safer-networking.org/en/faq/33.html), the registry monitor provided by Spybot S&D.

How does this sound to you?

I've been trying out Rising AV which seems to be very unintrusive with registry monitoring. I usually hate that sort of thing.

I actually was running free of AV for the past 2 days while deciding which AV to try next. To be frank, I didn't feel vulnerable at all. I've been using Opera and and have caught nothing in so long.

With the increase of Open Source projects, and freebie applications, I feel no need to be infecting myself with pirated versions of software.

Simply DefenseWall + ThreatFire (with outbound custom rule) + Avast (webshield + P2P shield + internet E-mail shield). Off course TF does an AV check when an intrusion occurs. Avast checks only the incoming data streams. I also delayed startup of Avast and skipped the rootkit scan at startup. Runs light and fast on a XP SP3 AMD ATHLON 3900 with 1,5 MB memory.

The on execution and file acces check really slowed down my system, so with this in between solution I am running in swmming suit :D

For Win 98 and XP, I'm trying WinSonar, Tiny Watcher, Script Trap, Script Sentry, Script Defender, Kerio Personal FW 2.1.5 with special rules, a good HOSTS file, SpywareBlaster, WinPatrol, (The very passive) Wincleaner Antispyware, TeaTimer, locking AUTOEXEX.BAT, RUNDLL, RUNDLL32, USER, USER32, SHELL, SHELL32 and COMMAND.COM files, and an AV scan on demand. You guys gave me som VERY good ideas! Thanks.

Dave

Right now I am running Defensewall, Prevx 2.0, Windows Defender, and Returnil with Superantispyware on demand. No Av installed at all. I feel fairly safe with this setup.

Recently took off another layer of clothing ;D
I'm feeling cold, but I'll try to hang in there, as I hope not getting the flu.

-{ Quote: "Recently took off another layer of clothing ;D
I'm feeling cold, but I'll try to hang in there, as I hope not getting the flu." }-
Hurst, based on your sig, you look like you still have plenty of layers of clothing to keep you warm.;)

Well, if we just talk "real-time", i'm layering off.
on-demand is another story :P

-{ Quote: "It's been a while since I've last had a virus living on my PC. And playing in linux without an AV is fun, which led me to think, I should go naked.

I still wish to have a scanner (on demand), one which doesn't run in the background (no services). I just manually scan when I feel like.

My question is, which do you recommend I use? I'm not very knowledgable in the stand alone category :/" }-

You have already received much advice here but here FWIW are my thoughts:

1) If you don't have 1 get a H/W FW in front like a well configed router
2) No one can force a user to use any security SW, just know the risks
3) If you surf the dark side, rethink this naked idea
4) For on demand with zip AV's installed, go main line vendors, KAV, Bitdefender, and yes Norton and McAfee.
5) If you do surf dark side scan daily, otherwise weekly should be ok.

I thought streaking went out in the 70's;D