Is antivirus really necessary?

Discussion in 'other anti-virus software' started by buridan, Dec 13, 2007.

Thread Status:
Not open for further replies.
  1. buridan

    buridan Registered Member

    Joined:
    Nov 27, 2007
    Posts:
    11
    I posed the following query in BD's forum, but I think it applies equally for any A/V program. Any thoughts? Am I just lucky?

     
  2. Hangetsu

    Hangetsu Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    259
    Here's my two cents: Think of AV as an insurance policy moreso than day to day software. If you're getting viruses day in and day out, you're either doing something very wrong or have technical expertise.

    99.99999% of the time, people visit regular sites that won't give them a virus. However, you own a software for that 0.00001% of the time.
     
  3. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    What you need to do is to make a rough analysis of the likely frequency of an event if you don't have an AV installed (for most of us it should be between 1 event per 1-10 years, although if you get frequent alerts, use that number per year as a rough metric) and the likely downside potential (on the light side it might be an incovenient slowdown until the offending malware is noted up to and including loss of irreplaceable data or information (account passwords, credit card info, etc.)). The former is certainly much more likely than the latter, but the latter does happen.

    Look at the time/money spent undoing the likely and/or perhaps more serious downsides vs. the continuing costs and determine whether it is a net positive or not for you. From the description of your situation, you might also consider some of the alternate approaches (virtualization, strict use of LUA, etc.) available.

    Blue
     
  4. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    Is antivirus really necessary?

    Considering that there are some pretty good free one's, why not ?
    It just may save you someday.
     
  5. buridan

    buridan Registered Member

    Joined:
    Nov 27, 2007
    Posts:
    11
    True, but for those of us who know what to avoid and are careful, is full-time resident protection really necessary? There are plenty of free antispyware programs that only need to be run on-demand, and the periodical online virus scans seem to be adequate.

    I've been doing this for the past year now, and I've yet to encounter a problem with Vista in this regard - that of course may change. And, after a full scan with the latest version (updated definitions) of BD, my nearly year-long trek without antivirus protection appears to have been safe.

    I'm not recommending this as a general practice, but it seems to me that unless you're the average computer user who doesn't pay much attention to risky online behavior, antivirus protection may be superfluous.

    Again, I'm asking myself if the slight loss in performance is worth the peace of mind, which itself may be an illusion.
     
  6. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Some people don't even run AVs on their Vista machines instead running online scanners every now and then. After 10 months on Vista I have started having similar thoughts as you. SAS hasn't had to do anything since I installed it on Vista back in February. Sure Norton blocked some nasties off my computer but I wonder what would happen if I allowed them to install? Those that slipped by Norton was caught by IE7's Protected Mode. I mentioned in another thread that so far I have only saw one person reporting an infection on his Vista computer (ANI Exploit) but he had UAC turned off (in which Protected Mode is turned off as well).

    I wished I had a spare computer to run Vista on to test it without having an AV. I just can't risk it with my main machine.

    I have been wanted to bring this up myself but I thought it would turn into a Vista VS XP war and there are too many of those going on out there.
     
  7. Aerowinder

    Aerowinder Registered Member

    Joined:
    Aug 15, 2007
    Posts:
    29
    You should always have an antivirus. No exceptions. None. Zero.

    If you feel you are vigilant enough to keep yourself clean, turn off resident protection and remove the app from startup. This will fix performance issues resident AV protection is notorious for causing. If your confidence is well-placed (in yourself), it was just hogging resources anyhow.

    I will use myself as an example: I have not used resident protection (AV/AS) in years, but I do manually scan every file I download (one of my newer habits - call it paranoia.) I run a full system scan maybe twice a month. No set schedule. I update my AV several times a day. If you ever smell something fishy, you run your scanner.

    The only resident protection I run is a firewall.
     
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    You can best answer that question for yourself by first listing the possible ways that malware can become installed on your computer, and then consider the likelihood of a successful attack w/o AV installed, via each of those ways.


    ----
    rich
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I don't use scanners anymore, they are all based on incomplete blacklists and that is gambling with your security. I remove any change during reboot and that keeps my system partition clean.
    Even restoring a clean image takes less time than NOD32 needs, to do a full scan on my system partition and that is just ONE scanner. Almost absurd.
    I prefer to use recovery, whitelists, sandboxing and anti-execution.
     
    Last edited: Dec 13, 2007
  10. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    98031
    As stated a few times here it is up to you, sure you can run the gauntlet without protection its up to you :)

    ----------Begin minor off topic statement---------------------
    This topic has brought up an interesting question for me, when is the "prime time" for exploits/vulnerabilities to surface after a major Windows version upgrade. I believe this is based on adoption and user base for profiteers, I also understand that 2006/7 versus 2001 are completely different animals but this would still be interesting none the less.

    ie. How many years following a version release before a majority of the exploits/holes surfaced? I looked at Secunia but they only go as far back as 2003 from what I can tell. This could be interesting to have a statistician plot out..*cough*.. ;)

    This would shed some light on when the real wave of attacks against Vista could begin, if they haven't already.

    I must still be in thesis mode.....
     
    Last edited: Dec 13, 2007
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    so what do you do about exploits through email.
     
  12. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    A lot of ISPs filter attachments nowadays I think, at least I know mine does... that doesn't guarantee that everything will be caught, but I've not once seen anything bad here via email in 10 plus years with the same ISP....
     
  13. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Hi Kerodo,

    My ISP strips executables as attachments. I don't get many like this any more:

    email-malware_4.gif
    ____________________________________________________________

    It's very easy for ISPs to do this, so if anyone gets attachments like this, complain!

    However, my ISP chooses not to delete zip file attachments, since that is a legitimate way to send executable files,
    and I agree. At least with a zipped attachment, two operations are required: 1) open attachment 2) extract file

    @ trjam,

    One would certainly consider the source of the email before taking any action.

    For the past year or so, what few exploits I've received by email have been zipped attachments.
    This, of course, requires user action to run the exploit. The malware writer hopes that you will be
    enticed to view the file:

    email-malware_1.gif
    _____________________________________________________________

    More common are links within the email which lead to websites with code to download malware.
    Again, requires user action to initiate the exploit:

    email-malware_2.gif
    _____________________________________________________________

    Another type comes as formatted HTML. Configuring your email program to display as Text
    gives you the opportunity to see what the message is before opening to read. This is protection
    from possible malicious HTML code running upon viewing:

    email-malware_3.gif
    _____________________________________________________________


    ----
    rich
     
    Last edited: Dec 13, 2007
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Running without an AV, doesn't necessarily equate to running without protection. I don't run an av, as I don't think it's worth the machine load, But I am definitely protected.

    My primary protection security software wise is Online Armor, SSM, and Sandboxie. My two my threat horizons are malicous action by a website, or my trusting a program I shouldn't. All my browsing is done via sandboxie, so anything that is bad, aside from getting alert from OA,SSM, is gone when the sandbox is empty When installing a hopefully, trusted program, I first setup means of remove, FDISR/Imaging/Returnil/ShadowDefender, and then leave the OA,SSM out of learning mode and watch the install behavior. Any kind of suspicious activity, and I can remove it.

    This approach has worked well.

    Pete
     
  15. wat0114

    wat0114 Guest

    My feeling is I could run without av for several years and still avoid infection. If I do get bitten, it's no big deal recovering from an ATI image. However, I really don't notice an appreciable performance benefit without it (ran for a month without av), so I just decided, what the heck, to keep it as a bit of insurance.
     
  16. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    98031
    Pete - I agree with your approach. I was making my statement to the OP as he/she did not divulge the info of other protections, she/he eluded to it but it was never stated. :)

    I too personally got tired of the AV's and left vba32 on my Windows partition with OAfree, granted I rarely ever use it(Windows) anymore but it is there. My significant other is resistant to the Linux world so she is running Threatfire and OAfree on the old athlonXP and that is it, anything else slowed it too much. Although if I left it on I may be able to convince her to come to the "darkside". Seriously though she hasn't had a virus since we have been together and I feel she is fine without one. I rely mainly on network defenses vice host defenses to limit the hosts ability to reach these "bad sites" via Tomato firmware, autoDL MVP host file to the router, dnsmasq and IPtables. Not to mention only 1.5 out of 5 boxes run Winders :)
     
  17. buridan

    buridan Registered Member

    Joined:
    Nov 27, 2007
    Posts:
    11
    Vista FireWall Control is the only resident security I use. It uses Vista's own firewall for inbound and outbound protection. And as I mentioned, I will run a freeware version of something like SAS or Spybot maybe once a month, and an online a/v scanner every 3 to 4 months, give or take.

    It seems to me that, at least with Vista (for the time being), the benefits of resident a/v protection are not all that great. Vista's UAC may be a pain in the arse, initially, but it sure seems to be doing what it was designed to do very well.

    As likuidkewl noted, Vista may still be in its honeymoon stage - perhaps it's not yet a worthy target...
     
  18. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    All the people who cry that AVs are necessary are really just green behind the ears. Your own experiences should already tell you that the die-hard AV believers are dead wrong. I personally run without an AV: ThreatFire + Returnil on my main system, and Limited User Account + XP access permissions + Group Policy restrictions + Windows Steadystate on my test machine. Both are using none other than the built-in XP firewall. I challenge those people who keep crying that you need an AV to show me an intrusion method or malware that bypasses these defenses.

    If you know what you're doing (and this is an important "if"!), no, AVs are nothing but dead weight, and a very unreliable technology to boot. The proponents of AV software will always resort to the claim that "no AV detects 100%" when support queries come in that their AV let them down; this should already give you a clue.
     
  19. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    Well I'd say this might be true if the antivirus is the only antimalware application, and the user doesn't want to think of security too often.

    This approach is becoming more and more inadequate considering the staggering number of new (0 day) malware coded every day (there must be a real army of guys out there doing nothing but malware).

    Virtualization has the great advantage of cleaning up a session (or a critical browsing session) without any investigations of sorts. Adding a HIPS to check executables will make the system almost bullet proof.

    If an antivirus doesn't detect malware for lack of signatures, chances are that the malware might go unnoticed for a long time (it doesn't always do something obvious to the system, e.g rootkits), and the risk is that you might backup a system that is unknowingly infected.

    I've stopped using one, mainly because it makes my system really fast, but also in principle (and it's not a matter of money) I don't want to depend on updates as a sword of Damocles over my system security.
     
  20. 212eta

    212eta Registered Member

    Joined:
    Nov 12, 2007
    Posts:
    67
    I don't trust the AntiViruses/AntiSpywares anymore! Why?

    ->Too many False Positives!
    ->Inadequate Search Engines!
    (based on Poor and/or Outdated definitions in spite of what the vendors say).
    Even multi-engined AntiViruses have failed to protect their users!
    Runnning a single Antivirus is not enough! You need to have at least another one on-demand!
    ->Weak Heuristics that cannot effectively deal with most of the new malware!
    ->Time-consuming & Resource-hogging Updates and Scan sessions!
    ->Conflicting Anti-Virus Test results: Which one to believe? Are they reliable?

    Currently, I am using:
    -Inbound Protection: Modem-Router Firewall (SPI, NAT etc.).
    -Inbound Protection + Outbound Protection: Online Armor Firewall v2 (free).
    -Sandbox: SafeSpace.
    -System Recovery: Acronis TrueImage.

     
  21. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    solcroft,

    That "if", and it's a huge one, still makes an AV the largely preferred solution.

    The problem with the question posed in the subject line is that it reflects only a single and specific solution to a general problem which has a large number of readily available alternate solutions. As such, the most appropriate answer is no, assuming one of the alternate solutions have been implemented.

    Blue
     
  22. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    On Vista UAC: Its possible to run XP in user mode, but it takes some skill to get everything working. Use this excellent resource-

    http://nonadmin.editme.com/

    Vista, if you can stand it, has had a low adoption rate which tends to keep the bad guys from bothering with it. The same could be said of Mac's and Linux, although the later two are more secure than windows by design.
     
  23. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    Just publish your challenge and email address in the hackers sites, make them angry and wait a few days.

    They'll do the rest :)
     
  24. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    No, you don't need an av, just pick up the right OS. My kids doesn't obey me and that's why my daughter has Online Armor firewall with HIPS, Avast 4.7 Home anti-virus, COMODO BOClean anti-malware, Ewido micro on USB stick, PrevX CSI Free, SpywareBlaster, AVG AntiRootKit, Avira RootKit Detection and Firefox's ad ons; AdblockPlus, Dr.web link checker, FEBE, Firekeeper, IE Tab, McAfee Siteadvisor, TrackMeNot, Update Notifier, WOT. Can you guess who is updating and scanning this kind of s...t and how long does it take for me?

    Best regards,
    Firefighter!
     
  25. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    A good AV and Sandboxie and you could ditch all you wrote.;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.