AV yes/no

Hi Guys,

My NOD32 subscription runs out soon, & I'm thinking about not renewing, and running AV free. I'm aware of free AV from AVG & free online scans.

Current defense system:

NAT router <survived crash test + stealth ports >
Shadow Defender
NOD 32
SpywareBlaster
Acronis 10 < weekly backups >
SeconfigXP < hardening >
Site Advisor
SuperAntiSpyware < on demand >
DropMyRights < anything connecting online >
regular patch XP < 2nd tuesday monthly >
Firefox < 3.04 >
Data separate partition
I stay away from file sharing, celebrity tabloid BS, etc

I have a long history with this setup of no malware + not even a recent false positive. NOD32 + SAS never finds anything. So is it foolish to go AV free?

Thanks
Rico

 

I think, that with your current setup and skills, free AV will do just fine. I would recommend you to try out Avira with high heuristic enabled, it is also really light.

 

Hi Rico;

I agree with TOMxEU; a free AV, provided you choose the right one, will offer excellent protection. I strongly recommend installing Avast; it offers resident scanning, webshield, on-demand scanning, e-mail scanner, automatic updates, an optional boot-time scan, and more. As I have posted in these forums several times, I also strongly recommend Avira to be installed without the "guard", and use it as a very effective second opinion on-demand antivirus scanner. That combination along with what you already have installed should keep you very safe.

The only other addition I would go for would be to install Malwarebytes (free) as another on-demand scanner. To my knowledge, it will not conflict with any of the applications you currently use or those I have recommended. Additionally, something fairly new and free is Prevx Edge. You might want to check it out if you haven't yet done so.

Just wondering; do you have NoScript installed in Firefox ?

 

The free version does not remove anything that it finds.

 

Hi Guys,

Thanks for the comments:

Tom - Avira seems to be a fine AV.

wtsinnc - Are you implying Avira & Avast are the same? I did not like 'NoScript'

emperordarius - Saved me a trip to Prevx, previously I ran this prog. very nice.
___________________


The case for NO AV. Firewall = router, DMR anything online for LUA = localized damage, Shadow Mode = reboot & problems are gone, if I screw this up = Acronis.

Scan after scan 0 threats found, SAS on demand gets used less frequently & finds zilch.

What I perceive as the weak link is email, with no AV email is not contained, where i would have to rely on DMR to localize damage. I think if I could scan email automatically without running an AV, I would be fat, dumb & happy.

Please poke hole in my logic!

Take Care
Rico

 

Hello Rico;

What I was referring to in post #44 of this thread is that Avast was a favorite AV of mine but I also have installed Avira (without the real-time guard) for a second opinion on-demand scanner. Both AVs are excellent, I just use them in different ways keeping Avast as the primary antivirus so that I can take advantage of it's excellent e-mail scanner.

Looking over the aformentioned post #44, I see no reason why someone would perceive my comments to insinuate that the two applications were "the same". If you prefer to not utilize an antivirus application, that's your business, but if your stated concern about e-mail viruses can be alleviated with a totally free application, why would you not at least give it a trial run ?

Good luck in your endeavors !

 

By AV free I thought you meant not using an AV ? Based on post#1 I would say that it would not be foolish to run no real time AV

 

Hi Wtsinnc,

I think you meant post #3. I thought maybe Avast made Avira, (when I wrote) sorry my bad.

Actually my concern is two fold email & consistent find nothing for all AV's & spyware scanners. NOD32 consumes the most resources on this machine + I reversed BlackSpears tweaks to NOD32, as this made it suck way too much memory. I guess I'm looking for a reason to justify using any AV.

Thanks
Rico

 

Hi Long View,

Yes, I'm trying to see how foolish I would be by not having an AV installed. So far free or pay for me I thinks it's a waste of resources.


Take Care
Rico

 

I too almost never find any infections scanning with Superspyware or Malwarebytes, and I've only had 5 viruses since 1997. But I think having an AV is like buying auto insurance even though you've never had an accident.

 

What types of malware do you think would come to you via email?


----
rich

 

This isn't a question that has a simple yes or no answer. If I understand Shadow Defender correctly, it prevents malware from permanently installing but does not supply any real time protection. Malware doesn't have to be permanently installed to be costly. A keylogger or password stealing trojan running in one session could steal valuable data. Some level of control over running processes is needed between reboots. That control can come from an AV, HIPS, or system policy. With an AV, that control is blacklist based. HIPS and system policy enable you to establish a whitelist based control over running processes. Which is better depends on your usage patterns and your skill and knowledge.

AVs are the most common method of preventing unwanted code from executing, the classic example of a default-permit policy in which anything not identified as malicious is allowed. I haven't had an AV installed for about 3 years now. I rely on a default-deny security policy which whitelists the allowed processes along with the parent-child settings and other activities of each one. Running without an AV isn't foolish, but not having some kind of control over what can run/execute is asking for trouble. Whether it's whitelist or blacklist based, or a combination of the two is up to you. Both have their good and bad points, which have been covered in detail in several threads.

 

noone_particular is exactlly right. I also have not had any AV or other security applications installed for years, but it is better to have something, just for sure. AV is like instal and forget, HIPS based aplication requires "maintence" to allow/deny rules. You could also use Comodo Firewall with HIPS instead of AV, or with AV.

True, but it is better to know, that PC is infected, even when it can not be cleaned automatic. That is why I highly value aplications like Prevx or MWAV.

 

Still think I am being OT here. I have only been virus and malware free ( please let's not get into philosphical debates about how I'm infected but don't know it) for 12 years.

whilst accepting the insurance argument made by twl845 I wonder how many years a user would have to be malware free for others to say that the use of AV, AS or hips is not really required ?

As to the realtime keylogger/trojan argument are there no password safes and other methods to keep sensative data safe ?

Tried the new Prevx yesterday. Have no idea whether it is better than the old version. Like all other programs tested it found nothing to report.

 

@ Long View, you are infected - God told me to

 

Thanks GES/POR - better report that to Prevx then. Looks like their new product is no better then the old ?

 

Exactly, worst and worst with each recent new versions released (gods, I mean), and it keeps like that from a long time ago...

At least from my IMO atheistic point of view.

 

No, it isn't. I think ShadowDefender, Acronis, Firefox, and your Nat router are more than adequate if you systematically use shadowmode when you surf. A two way firewall would also help for your privacy, but for normal use an AV isn't really necessary.

On the other hand there are some excellent free AVs alternatives, why not take advantage if your system is fast?

 

I wouldnt know since i cant use it but in all fairness from what ive read it seems to be a good detector, just not that stable yet wich will prob take a while but at least PrevxHelp is out for the rescue Px 2 is goin off my system fast though

 

AFAIC, some control over running processes has to be part of any security policy. The question becomes:
Does that process control have to come from an AV?
Your question is really at the center of this topic. By itself, a time figure of being malware free without an AV is not sufficient to decide whether one is necessary. There's too many other factors at work here,

• amount of daily usage,
• number of users,
• type of user accounts or profiles, (admin, user, power user, limited, guest)
• common sense demonstrated by these users in their activities, or a lack of it,
• OS version,
• how patched and up to date the OS and software are,
• the default browser,
• browser and system settings,
• other security measures in place,
• your ISP,

and above all (and the hardest to factor into the equation)

• luck or random chance,
• user skill and knowledge,

All are variables in this type of equation.
Regarding:

Those were intended as examples of malicious code that doesn't have to be installed to be a problem. Other examples would include malicious code that's executed via the browser or a plugin but attacks peripherals like the router. I was referring to any malicious code that runs from memory.

The AV question itself is open to some interpretation. I assumed the question referred to having resident or real time AV protection, which I shut down 3 about years ago. It was another year before I removed it completely. I still have a couple of manual scanners on board that haven't been updated since who knows when. (I had to look, last updated 1/07 and 10/06. ) I do run downloaded files through an online scanner. In that respect I do use an AV. IMO, PrevX has to be regarded as a type of an AV. It is partially reliant on signatures and performs many of the same functions. That point aside, PrevX does fill the role of controlling what can execute.

The question of whether an AV is necessary is one each user has to answer for themselves. IMO, if a user has to ask if an AV is necessary, it probably still is for them. I didn't just decide one day that I didn't need an AV anymore. Eliminating the AV was a gradual process that started with beta testing security software on a separate test box and expanded from there. It was almost a full year later before I was satisfied that the default-deny security policy and the software that enforced it was sufficient to protect my primary PC. Three years later, I still rely on default-deny enforced by the same apps. The specific rules they enforce and some system settings have changed since then in response to the evolving threats and new methods of exploiting systems and software, but that's normal for all security setups, no matter what policy they're based on.

 

Hi Rico,

Whether you like NoScript is irrelevant, it will protect you from cross-scripting JavaScript attacks! Also, get CustomizeGoogle Firefox Add-on for privacy feature.

-- Tom