Do you need any AV?

Check this out:

http://blogs.technet.com/steriley/archive/2007/09/22/antivirus-software-who-needs-it.aspx

In brief, the author says he can control what he clicks on and what he installs, so he never gets infected.

He also makes a reference to running Vista with UAC enabled but the prompt turned off so that IE7 will run in the protected mode.

I often wonder if IE7 protected mode is a better bet than Firefox. I tried running IE7 with IE7 Pro for a while and found its functionality to be good, but IE seems to have more trouble enlarging the type fonts in a usable way on many web pages than Firefox.

Anyway, several folks around here are running without AV's and relying on other strategies, including rolling back to a clean image or snapshot periodically.

If anything, I find the possibility of running without an AV to be one of the more tempting aspects of OSX and Linux.

 

av's are cheap enough, and even free!

why take the risk, i say.

 

With Windows there are some very good a/v's for free.
Might as well be protected.

I don't know about that neccessity with Linux etc..

 

Here we go again. First of all which AV would the experts use. I assume we are talking real experts and not just those who think they are (as to who needs AV anyway), second in the the article they say when is the last time AV found anything (long time).

O. K. it is confession time...(as to going to the doctor) if you feel healthy and stop going for routine physical at the doctor that will be the one time you get silent killer.

Most should get some AV and at least have the realtime part running. My postion remains the same as this has come up before.

 

Perhaps what this is really about is that successful security is about using your head. For sure there are 3 free AV's that get mentioned around here daily. Just as surely the malware writers are changing their products on an almost daily basis to avoid signature based detections. A lot of the stuff gets delivered by compromised websites. Protected mode is supposed to avoid that. However, I cant help wondering that you could pick up a keyloger that would only work in IE7, but that would be enough to steal your banking password.

I don't know if you have had a chance to notice this, but there are some people who have minimal security precautions in place on their machines (windows firewall and AV from a large vendor) and never have a problem. Others with the exact same setup have completely trashed computers and continue to use them with no interest in a clean up.

How about phishing? Doesn't anyone have enough sense to not click on a link in an email that states we need your banking details?

Perhaps the problem is that there are rare instances in which there is no protection. That would be the zero day attack against a known but not patched OS flaw. The rest of the stuff is so obvious.

 

I have to say that I use an AV about 50% of the time.
Even before I deployed Linux around the house this was the case. The kids computer and the fiancee's always had some sort of AV solution and limited accounts, but now they are just running as thin clients so the need is not really there.

Precautions:
1. Bookmark all online banking and personal information sites in Firefox and place the file where it is easily accessible, ex. USB drives etc. import on all clients XP or CentOS.
2. Use Thunderbird as an email client, when not using web based email solutions. Suggest web based email solutions as they have quite adequate email filtering and phishing protection.
3. Use Tomato Linux on the Router/Gateway(WRT-54GS) with a script to download and run MVP host file on each reboot, actually each WanUp. Thousands of nasty sites are block by default.
4. Use limited accounts in XP, and they are a default in Linux.

I am not preaching the Linux bandwagon, to each there own, I used Windows for years and I still do on the notebook(Linux is a little flakey on it) and one of the desktops for use with Photoshop for some classes. But the other machines were starting to age and it became noticeable that the resources were depleted, so they made perfect candidates for a thin clients. This also saved on energy as I can remotely shutdown all thin client's with a cron job.

 

If all infection vectors are secured, why would an antivirus be necessary?

Malware can only infect your system only if it is executed, whether by yourself because you fell for a social engineering trick, or stealthily without user interaction via a software security flaw or from autorun USB drives. As long as you can ensure that these do not occur, then you won't need antivirus software. As a matter of fact, most of us already take such measures (downloading security patches, using non-IE browsers and educating ourselves to not fall for phishing scams, for instance), and in all honesty these measures actually do a better job of protecting us than antivirus software can ever hope to.

 

Where did you get that script? I almost completely forgot about hosts. Its a really great idea as it is free, uses next to no resources and requires no user interaction, making it foolproof.

 

I have done without any resident AV for periods of time without trouble myself, as I know many others have done too. It depends 100% on the user and how the PC is used. If you just do some browsing at regular sites you know on a daily basis, some email with friends, listen to some mp3, burn a few CDs and download a few files occasionally from trusted major sites and not much more, then I think a resident AV isn't necessary. Perhaps an occasional scan or an on-demand scanner is good enough. There are a lot of people who fall into this category.

The user needs to know enough not to get into trouble as the article says. That's obvious. I feel I know enough to avoid trouble, as do many others. I run a resident AV for only one reason: It's easier that way. I don't so much feel that I really need it, but if I do want to scan a file, a resident scanner is easier than manually scanning something or going to an online site to scan it. And I don't mind the overhead of the resident scanner either, big deal.

But is it really needed? Speaking for myself, I think not...

 

Oh yes Diver I do agree it is very important factor in how one uses their machine...where do they go on the internet and what do they do. Oh yes, for sure.

 

sure, if all you do is surf on genuine websites, there is no need.

however, with alot of viruses and spam/phishing arriving by emails, surely this needs to be protected.

but with the prices of some, and even the FREE! ones, i dont understand why a user would take this risk.

 

"Do you need any AV?"

For as long as I run Windows and surf dangerously, I will run an AV.

 

Totaly agree.

 

On the contrary. The more dangerously I surf, the less safe I will feel to be relying on an AV.

 

Yeah, I think if I am surfing in dangerous waters I would be inclined to add a HIPS or behavior blocker in addition to the AV...

 

For the record, I will not run a Windows machine without an AV. If I repair a PC for a friend it leaves here with a free AV installed, unless there was a functioning pay AV on board. I clean up friends PC's for free and invariably these machines had an expired AV. But the problem was not the expired AV so much as carelessness. Invariably, there are signs of abuse such as Grokster.

Usually I will install AVG free. That is not to imply that it is better than Avira or Avast, but it seems to be the most dummy proof of the three.

Perhaps the moral of the story is the AV is not your primary line of defense, its your brain.

 

Here you are, quite easy to setup actually...

http://www.linksysinfo.org/forums/showthread.php?t=53133

 

Agreed. I only need scanners to check new files. I have clean images to use in case of trouble.
The rest of my security/privacy/data protection setup.

 

Once again, the natural trend I can see, excepted for the brain line of defense (actually one can imagine a rootkit-like malware totally "invisible" to your smart brain) , is that antivirus scanners are not to be anymore the first line of defense, especially in company networks. It looks to me as if it is more simple to base your security on policy, and to deal with exceptions thanks to scanners which will eventually eradicate malwares reaching the computers. Antivirus scanners are becoming the last line of defense.

NB:imaging / restoring softwares hapen to be of great helps... once contamination became true.

 

the human brain makes more mistakes than anyone can figure out, in simple terms... USE AN ANTIVIRUS.

 

It seems that even here on Wilders, people place more faith in antivirus programs than is realistic, even thinking it can somehow compensate for the human brain.

On a few of my test machines, I install AVs solely for the purpose of making sorting malware easier. When you realize the percentages of malware that AV scanners miss on a daily basis, you'll come to appreciate the fact that AV products can offer you an opinion at best ("hmm... I think this file is clean"), not protection.

 

I did not say to skip the AV, I said do not rely on it solely. Use your head first, if your head misses, the AV is a second shot.

 

Another related article:

http://www.guardian.co.uk/technology/2007/sep/20/guardianweeklytechnologysection.spam

 

I have to echo those same sentiments. Stemming all the way back to Windows 98, AV's by the very nature of the way their fashioned, have to be designed to infilitrate if you will EVERY file on the system. How else does one explain that while engaged and you run across lets say a page with even a script virus in text form, your AV (if in database), will immediately pop up or with some disable the page entirely as a precaution, and that IS a very good activity that it should perform. In like manner, should some virus manage to enter a file your AV will at-once alert then try to clean the affected file, whichever it might be.

But like Peter2150, i always found them very stressful to my systems, even on XP, that is up untill KIS6, which to my surprise, i noticed didn't burden resources like many AV's have done in the past.

With the onset of HIPS & Virtualization technology though, i've migrated away from "resident" AV's to a more reasonable On-Demand scanning for viruses.