Thinking of going naked

I do agree on the comments made on Kaspersky for being a quality product. I admit they are great at what they do. The only issue is the speed for me, especially on a laptop running vista. I don't have a grudge against the product just on this issue, it just happens that way for more reasons than one.

On the other hand, Nod32 v3 is incredibly fast in scanning on vista. It scanned my entire computer in 10 minutes. While others like Avast and Avira took longer, the former taking the longest.

Whether or not it means one catches more than the other, I can't say as I didn't catch anything with them at the time. It 'feels' like the AV is doing a better job when it takes longer.

Personally, I felt safest with Kaspersky, but then again I took the compromise of going with speed and great detections. I'm not that hazardous of a user

I guess going naked for me didn't last long. The insecure feeling crept up really fast and since then have settled on trying out Nod32v3 again for the time being. I'm very pleased

 

AV-Comparatives, Virus Bulletin and AV-Test all show NOD32 to be one of the top AV scanners around.

If the Eset page is right and they do use a lot of hand-written assembly code for their scanner, then it's no wonder it manages to be both thorough and fast. Certainly will become my scanner of choice as Avira's support appears to have failed me.

Sometimes slow just means slow.

 

NOD32 v3 is certainly faster than Kaspersky 7 on doing a full scan, mainly because each has a different deffinition of what a "full scan" means. To me it means that every file on my PC is scanned, even the ones in archives. kaspersky does this, but it does take a long, long time (on my machine 2 x 320 Gb and 2 x 250Gb drives with a total of around 550Gb of data). NOD32 v3 does not do this and scans are subsequently much faster. This does mean that a NOD32 v3 (and v2 for that matter) user is relying on the realtime scanner more.

Both are top notch AV's, they just do things a little differently.

 

Hmm that's interesting to know. Does that mean when I right click on a zipped file and scan it, it doesn't actually go into the archive to check? I've scanned a 1+GB archived file with Nod32v3 and it would finish almost instantaneously...

 

NOD scans inside archives although you can't go wrong with any of the products mentioned by L815.

 

This is incorrect. A "Full Scan" -- or "In-Depth Scan" as NOD32 calls it -- by default will scan everything except "E-mail Files" and "Unwanted Programs".

 

I thought this thread was "Thinking about going naked" ? How come it has now become a discussion about different unnecessary AV programs ?

 

How a AV scans can be a reason to go naked

 

True - very true. or as in my case - none of them ever found anything anyway
(apart from usual false positives) so I just removed them and have never regretted doing so.

 

Same here, though I don't even get false positives! But it feels weird running with no protection

 

Fear of the unknown, that's all. I ran for years without AV, only using it now out of technical interest more than anything.

 

That sounds about right. I enjoy trying out software, looking for new software. I'm also a software engineer, which keep my interests in this area

 

Getting false positives or none, depends on which softwares you installed and which scanners you try.
I got f/p's like ShadowProtect, Anti-Executable, IZArc and a few others, I don't remember anymore.

 

I have gotten false positives with Antivir personal 7 almost a year back with a few common things, like a game executable and maybe a program I'd write (nothing malicious)

With the recent release of 8, nothing has been showing up, neither with Nod32 v3, or Avast 4, or Avg 8. I wanted to try Kaspersky 2009, but I kept getting update and component errors (tried re-installing 3 times).

In the end, I realized I just haven't been abusing my internet usage like I would back in the day.

To be frank, since Open-Source and my interest in Linux has risen, I find myself not pirating software. Besides the few cookie warnings I get, there hasn't been real reason to be infected up to this point.

 

I don't care that much about FP, one can always:
1.- get a second opinion if one has the suspision that is a FP
2.- ask here in wilders thumb
and/or
3.- google the file name.

I'm more worried about False Negatives, and that is why I ditched my real-time AV (if it really can be called naked )

 

I hope you'll never have to

 

I understand your concern but for years people have essentially been saying "sooner or later" you will regret. In 12 years nothing bad has happened. OK risks have changed over those years but I'm still not convinced that any av, as, or hips program that I have seen will significantly reduce the chances of my getting contaminated. For all of use there will always be a small probability of getting infected.I just prefer to live with that probability (and expect to restore my systems should disaster strike ) rather than try to make a small probability smaller.

 

Do you run anything like superantispyware or asquared?

 

every month or so - with DeepFreeze or returnil or shadow defender running I load up one of a number of av or as programs just to check. So this morning I did install SA this morning - ran a full scan and as alway found nothing. Will now reboot and Super AS will be gone until needed in June or July.

 

I waited about 6 months before I started running scanners again. Nothing but f/p's, like ShadowProtect, Anti-Executable, ... quite amusing.
But I wasn't surprised, because it was theoretical impossible to get infected.
I only wanted a confirmation of my theory. Now I'm going to wait one year.

A malware is able to install itself, when it bypasses my security softwares, because these softwares can't be fully trusted. That's why all security softwares have a second place in my security setup.
This is old news and proven over and over again.

However installed malware as an object, can't survive in my system partition, because all these objects are removed, not as malware but as a "change" during reboot.

When you tell this at Wilders, everybody tries to discourage you of course with the most frightening stories, like Joanna's Invisible Things, Rootkits, hardware viruses and ghost stories, which are hardly proved.
They never tell you any details, they only want to scare you, well good guys don't scare good guys.

Each time, I upgrade my system partition, I don't use my actual system partition like many users do.
I use my clean system partition and after upgrading, a copy of my clean system partition becomes my new actual system partition, preceeded by zeroing my harddisk.
Now which invisible malware is going to survive this ?

I don't do this to remove invisible malware, it's my STANDARD way of upgrading my system partition, because my actual system partition has been on-line TOO LONG and can't be trusted anymore.

It takes 10 minuts to restore my clean system partition, while any big scanner needs more than 20 minuts to scan my system partition and that time difference was ridiculous to me.
My reboot-to-restore takes 2 minuts, while any big scanner needs more than 20 minuts to do the same job and that is just ONE scanner. That time difference was totally absurd to me.
My reboot does alot more than this, but that has nothing to do with going naked.

If you really want to change things and go naked, you have to change EVERYTHING : new philosophy, new softwares, new habits and new procedures of doing things and FORGET the past.

 

Erik,

I'll simply state the obvious here from your postings...., despite your contention that you don't use scanners, you do a whole lot more scanning that I do - mine is realtime, your's is on-demand - aside from that, there is no difference. Coverage is coverage.

While those comments are out there, I would be hard pressed to find uniform opinion that "everybody tries to discourage you". We have tried to get you to understand what your approach can and cannot accomplish.

If your partition cannot be trusted, what does that say about your confidence in the approach that you've taken? By the way, my personal belief is that your blanket statement (on-line TOO LONG) is ridiculous.

Yet, by your own statements, you scan anyway....

The words of Santayana are apropos... Those who cannot remember the past are condemned to repeat it.

Blue

 

Bluezanetti,
I used scanners to VERIFY my approach, who else is going to do this for me.
Are you going to check all my objects in my system partition, one by one to see if it is malware or not ? I don't think so.
My security setup is an experiment and needs to be verified. I'm not going to run scanners forever.

 

Erik,

Since the capabilities of malware are not static, the verification you speak of is post-mortem verification only.

Personally, and I have stated this many many times, I think your strategy is fine as long as you maintain the discipline that you understand is required to practice this approach. That would include relying on an online scanner if you ever install/employ downloaded content in the future. If you're like most users, discipline will wane over time.

Blue

 

Difficult to say what "going naked" really means. Am I naked even though I use FF with add-ons ? I would say so but others might quite rightly disagree. I sit behind a netgear firewall router - to be naked would I have to use the "free" modem that is often given out by ISPs ?

Have you stopped using AE ? If not then I would question just how naked you really are - a question of definition I know but not sure how a program that operates as a policing action constantly in the background can be used and the system still called naked ?

 

Discipline ? What discipline ? Every security setup requires discipline, you just got used to it and forgot it was ever discipline.