AV Necessary?

I've scaled back my internet activity (i.e. not downloading warez, unknown apps, etc) after several years of exploring the realm of the web. I was just wondering if anyone else feels that a AV is totally necessary if they were only running trusted apps, have a good firewall, and a program sandbox? The only email attachments I view are picture formats, and I have preview panes disabled. Just looking for opinions, thanks.

I use Sygate 5.5 & the recent SSM beta. My Norton subscription ran out awhile ago, and I've just avoided running an AV since. NOD32 is the only I'd buy right now (all the others have unbearable footprints/usage), and it doesn't exactly fit my needs (web/email worm watchdog).

 

Sounds like ur a experienced 'puter/web user. And u probably know about many of the free AV's. And you know most answers here in a security forum will be:

Yes, you should have a AV application. I like and use AVG (free). Virii can enter via chat, email, d/l's, safe web sites etc. It could just about be considered 'safe surfin' . . . and you reduce your risk of unknowingly infecting others in our internet community!!

 

In my humble opinion, I would not be without an AV installed in my computer. NOD32 has a top rating - good choice. If you can't afford it, then go for AVG by Grisoft [freebie]. My Norton AV has just run out and I am in a quandry too. In my situation, I get mega email because of a club I belong to [am a News Editor] so for me, an AV is an absolute must. Anyway, you might want to try Wormguard & add the free AVG - that might suit your needs. Cheers

 

http://www.pcmag.com/print_article/0,3048,a=28345,00.asp you can get a virus just looking at pictures. An av is a compleat necesessity on todays internet. This virus is not a bad one but it was reported back in 2002 I am sure the virus writers have made progress by now.I appoligize for the dead link but if you type the whole thing numbers and all it doe's work. I fixed the link by adding "url" tags around it. If you press the quote button on this post you'll see how it was fixed so you can do it yourself in the future. LWM


The Graphics Virus: No Red Alert
June 18, 2002
By Sebastian Rupley

Several antivirus software makers warned last week of a new virus called W32/Perrun that is notable because it is the first reported virus to infect JPEG (.jpg) graphics files. All the attention created a buzz, but the virus exists only in labs at the moment. It does not represent an immediate threat to users.

Network Associates, a firm that supplies security solutions, rates W32/Perrun as a low risk and is treating the virus as more of a model of how future viruses could affect graphics files than as a present threat. According to a Network Associates description of the virus, W32/Perrun "is an appending virus that requires an extractor file to extract and execute the virus code from infected JPEG files or files with a .JPG file extension." In other words, the virus requires two components to execute and become capable of infecting other JPEG files, with the extractor component being necessary to spread infection.

Security Watch
Antivirus Software
Software: Digital Imaging

According to an advisory from Steven Sundermeier, product manager at antivirus software maker Central Command, users should not worry about being infected by the W32/Perrun virus at this point, and the virus should not be overhyped: "Unfortunately, when harmless viruses that are not in the wild get hyped by larger vendors, it becomes a lose-lose situation for everyone. For us, our support technicians get bombarded with information requests from worried customers—over a virus not seen outside a virus lab. For an unknowing user, it adds an unnecessary level of panic and usually involves an expensive support call to their vendor. With no means of fast distribution (lacking mass mail capabilities, not network aware, etc.) and needing two components to successfully execute, users have nothing to be worried about with W32/Perrun. Without both parts, W32/Perrun is the equivalent of a gun without any bullets.

 

My (non-expert) opinion is that if you are running any version of Windows, and you are connected to the Internet, you absolutely should run anti-virus software. If you also use email, that adds one more compelling reason.

 

That's half my opinion anyway bigc, the AVs are always playing catchup with real threats (innovations), or even created by such companies.

Since I've started with McAfee in '95, on AOL, I have yet to have an identified virus that I did not download intentionally (Napster, etc), and even then it was a major ITW infection such as Sub7; that my current firewall/sandbox would stop. Norton, KAV, F-Secure.. I've tried them all, they just keep getting bigger, more expensive, and takeover the PCs resources to such a point that some legitamite programs recommend disabling AVs while running them. I do like NOD32 though (ran a trial recently), if only it was a freebie

The firewall & sandbox however, I would not compute online without anymore.. MS exploits are getting ridiculous.

Anyway, just wondering how many people thought I've totally lost my mind

 

Certainly a lot will differ, but contrary to widely held sentiment especially by the av industry and security consensus, no, it is not sacrilegious to not have an av, especially an on access av running all the time particularly if it's just a single user pc. Part of it depends on what date is stored in the system, if there's a backup, and on the user's awareness of "what normal" processes should be running in the system.

A large portion of the most virulent viruses out there exploit holes in popular broswer and especially email clients, and the propensity of users to download and click on anything left and right. In general they often come in the form of email attachments and executables. Like with anything there's a risk but one can get by running swf or a process manager and supplementing that with an on demand av scanner only. What has to be kept in mind though is that if you choose not to run an on access av you have to more mindful of and from time to time monitor the running processes in the system, and it can be done.

 

You speak a lot of sense. I fully agree.
You do need on demand scanning though.

The problem with onaccess virus scans and antiviruses in general is that it breeds this sense of over-confidence that overrules common sense sometimes

"hmm this funny looking attachment just came in with the dangerous extension pif,from somebody I don't know, with some lame one-liner that says" this is the document you requested" just came in. but my antivirus didn't kick it, so let's see what is in it "

Of course it just happens this is a new strain only hours old (nowdays this is very common) that your antivirus can't detect yet, and you are nailed.

I have seen this happen in many help forums, where some obviously techno savy guy admits he smelt a rat but was curious and after scanning he didn't find anything, so he opened it.

viruswritters 1, commonsense/ antivirus 0

 

Lwm I appreciate that, I have learned something at wilders today. Of course that happens every day

 

Count me among those who will differ. There was a time when I was of the same mind, but the realities of a computing world that centers around Win32 have since come clear to me.

Consider that any application, even a popular, innocuous application like Winamp, can have a vulnerability that allows for code execution to take place. And, of course, there is an endless string of buffer overrun vulnerabilities like this one in Windows (which happens to be directly related to the Winamp flaw; but there are a slew of similar bugs).

The response to this is always "I patch immediately", but Microsoft is famous for botching patches. Several of their recent patches either failed to truly correct the problem they were supposed to, or the patch corrected one problem, but overlooked a different--but very similar--problem (this is what happened with the initial patch for the MSBlast RPC exploit).

Before telling me that I am full of it, lets review what the aforementioned article says (I have paraphrased here):

Unless I am misunderstanding this issue, you could obtain a virus, worm, or trojan simply by hovering your mouse pointer over part of a web page. Maybe an anti-virus utility will protect you in this case, maybe it wouldn't. But I'd rather err on the side of caution. No one is "too k3w1" for anti-malware utilities.

 

Ya I heard about the header exploit, a long time ago.. but unless I have errored my knowledge, don't buffer overruns inject code that could be stopped by a sandbox?

I didn't say I was too cool for it, but I am too cheap. I'm not running a corporate payroll, so I don't really see the need to pay for a flawed or excessively layered security model.

 

I don't know about the sandbox issue. I do know that all security is flawed to some extent, though no security system is too layered, unless it becomes too hard to manage or involves too many trade-offs.

And what you're saying is that anti-virus utilities present too much of a trade-off for your taste, and I can completely understand that. It was only a few days ago that I made inquiries here about free and low-cost anti-virus solutions, because I was sick of problematic and overpriced software.

And my experience is that anti-virus utilities cause far more problems--and far more serious problems--than the malware they supposedly protect me against. I guess I'm banking on it actually being worth it someday.

 

Consider that any application, even a popular, innocuous application like Winamp, can have a vulnerability that allows for code execution to take place. And, of course, there is an endless string of buffer overrun vulnerabilities like this one in Windows (which happens to be directly related to the Winamp flaw; but there are a slew of similar bugs).

It's true, there's a large number of windows components that are vulnerable to a hosts of buffer overruns and auto executions - just clicking on a specially crafted html page or link is enough to prove that, but at the moment a good number of the top virulent viruses uses attachments and flaws in the way email in connection with browser clients to render and interpret data as a preferred method of delivery.

Is an antivirus necessary? that depends on the individual and host machine in question. But to proclaim that an antivirus especially an on demand scanner to be running all the time - is imperative - as been preached by certain segments of the security industry is questionable. It's a risk management issue, an antivirus is not a security panacea, if that was the case hundreds and thousands of windows clients out there would not have contracted the latest outbreaks, at best it is a supplement protection and it should be treated as such.

The security of a machine always and will center with the hardening of the OS and various internet clients and applications first and of course the user's awareness. Now don't get me wrong i'm not implying that one should go out and not run an av, if one thinks it's necessary that's fine, but it's just a part of the various methods to protect a machine.

 

Then I fail to see where we disagree.

 

A resident antivirus shield should be on every computer connected to the internet... it is your first line of defense (but not only defense).

If you choose to run all kinds of *fun* software on your computer but neglect to run a resident AV, your computer should be considered a Typhoid Mary. Saying that all virus software isn't 100% perfect is not a good excuse either.

In the end it is your decision to make but understand that there are viruses that can virtually destroy a computer. Unless you are on the corporate payroll, a computer costs considerably more than an antivirus.

 

Like i said (implied) in my 1st posted response. Guest is no stranger to this issue! He has posted a rhetorical ? as he knows what is best for him/herself. The discussion though is good education for all of us!