Why do some people (try to) avoid using AV software

I quite agree - there's no margin for making mistakes if you run Sandboxie without an AV, brilliant program though it is. Keyboard_Commando must have to be really disciplined all the time so as not to make a slip.

I find it's safer to have an AV or security suite just in case I do something silly. It leaves a margin for error both for me as the user and for my security programs, none of which is 100% perfect.

 

Not the best analogy, granted, but I don't believe it completely missed the mark either.

A look around where?
If this issue were half as bad as you're making it out to be I wouldn't even need to look anywhere, it'd be everywhere.
People would be scared to death of the latest TDSS variations like they were of the Confickers (errr at least the first one anyway).

A number of people don't even pay for signatures so "not being able to remove an infection" and the latest rootkits.
The only one that's even somewhat likely to occur is not being able to remove an infection.
But how often do we actually find ourselves infected and out of those few times what's the likelihood of the AV not being able to disinfect it?
Unless you're talking about rogues or rootkits I really don't think the chances are half as bad as you make them sound.
Even if you are talking about those, I still think you're exaggerating just a bit.
Have a little look-see at the ESET forums here, you'll find a couple instances of each but does that really mean that AVs "fail miserably"?
Seems to me that they have the potential to fail miserably, but in all actuality things aren't all that bad.

Anytime.

 

I just don't believe it's anywhere near as bad as you're making it sound.
Though anyone surfing around those places should hardly be surprised when they turn up infected.
If you're going to surf in shark-infested waters, sure, no AV is going to save your bacon every time.
How that makes an AV worthless is beyond me though.

 

Do you install a biometric scanner with a list of known criminals at home, in case you invite the wrong person into your house by mistake? I'm wagering you don't.

Some of us secure our computers like we secure our houses. We don't leave the door unlocked all the time, and we only invite people whom we know and trust inside. I suppose you could call it strict discipline, but for some of us, it's nothing but second nature.

 

I would argue that it doesn't really give me any better protection, for myself anyway. I find that I really don't need an AV. Now that's not to say that a majority of people don't need one. They probably do.

As far as the "drag" on the system goes, that's not really very important, I have plenty of horsepower here and can run an AV easily as well as anything else. But again, why run something you don't need?

 

I dont think anything is useless. Well, except the chest poking of security products. All have their place and each user should decide what best suits their needs. Antivirus products are very good, just as Behavior Blockers, firewalls and Host Intrusion Systems. Oh, and Sandboxies.

No one here can or should, dictate as a so called expert, truely debate the usefullness of any type of product. They do not have the luxury of seeing inside each persons comuter to see if their chosen product has suceeded or failed. So threads like this, really accomplish nothing. I like all products and think all have their place. So my chest is sticking in as I dont feel I have the right to make decisions for you. Only you can do that.

 

Oh but it is for av for these types of infection. I'm not trying to paint a bad picture just stating a fact.

Exactly,..but I suppose someone paying their money, installing an av, deserves to be protected, right?

 

Here's one place: http://forum.kaspersky.com/index.ph...y=Z-A&sort_key=last_post&topicfilter=all&st=0 . And Kaspersky is pretty good at protecting people. (I use it myself but augment it with Prevx.) They have a steady stream of rootkit (and other) infections. I expect you'd find a similar picture for other vendors - I'm definitely not bashing Kaspersky.

I agree that probably only a tiny fraction of the AV users get infected each day (particularly if they're using a full suite). But it often seems to be by the nastiest infections, like TDSS, which must be taken into account when assessing the risk.

For an individual user, one can translate the small daily number of infections in the whole community into the risk of a single user being infected in a much longer period of time.

It's then a matter of personal choice what rate of infection by TDSS or similar malware would be acceptable. Once per year? Certainly not! Once per decade? Preferably not! (I write as a victim of ID fraud.) Once per century? Maybe I could live with that. (Translate as "Never again, please!")

What is likely to be the mean time between infections for people who run without even an AV? I should have thought that 10 years would be wildly optimistic (but that's a pure guess on my part).

This is the mean time I'm talking about. So, expect an exponential probability distribution, in which a small number of people, some or all of whom may well be Wilders members, remain cleaner for much longer. But, in statistical terms, they're just the tail of the exponential distribution - sorry about that, chaps!

 

I use heuristic scanning to protect the house, particularly against zero-day threats. It's called Prevx SafeAtHome.

Seriously, though, your self discipline is admirable. It may even be exceptional. I know myself well enough to know that I am not made of the same stuff. I do sometimes make mistakes, although I try not to. Moreover, I'm acutely conscious of the risk that such a mistake could pose to my financial well being. And it's a trivial matter to make that risk vanishingly small at almost no cost.

 

You can schedule updates and there are cloud scanners.

 

I read somewhere that Prevx PureAssassin executed Osama Bin Laden, it's that good

 

It's silly and completely unnecessary to pay for and use a resident av scanner.

six things:

1. simply use a freebie on-demand av scanner.
   
2. Learn and employ the fine art of backing up/restoring system images. There are nice freebies like Macrium Reflect to accomplish this. Clonezilla is excellent too but doesn't get the recognition it deserves.
   
3. Run in a limited account.
   
4. use anything else already provided in the O/S; Applocker or SRP and firewall, for example.
   
5. download everything from known, trusted sources.
   
6. keep the O/S and all software updated.

 

VirusTotal Uploader is better than just one scanner imo. It searches for the hash of the file before uploading, and redirects to a previous scan results page if found.
It's very quick as well. There's a 15mb file size limit though

 

I use both. SBIE and any light AV. The windows FW is fine with me. I know in theory you could run without an AV and use some kind of virtualization software but ......... I like some AV's.

Ice

 

Well said!

 

Icecube1010 I did not explain myself well on my post. I use both, Sandboxie
and ,like you, a light anti virus(Avast) and Windows firewall. I prefer to use
the AV real time even though you can go without it when you using Sbxie.
Bo

 

I've had a period of almost 2 years without an AV, the feeling of pervasive freedom and satisfaction of not being dependent on a program to tell you who the enemy is, was quite exhilarating (not to mention the real speed improvement with any computer).

I suppose that any choice about how to face the Internet is related to what kind of activity one will be likely to have. If one downloads and executes programs from trusted sources, sandboxing/virtualizing your system will make it very safe with no need of any scanner resident or on demand.

On the other hand if for whatever reasons one needs to download from insecure sources, or save files from flash drives belonging to friends and collaborators, an AV makes a lot of sense. Many people who do not run an AV, may still scan their system sporadically because a scanner is still the only way to spot or to give a name to malware. In the last month for instance, my AV (resident) picked up at least 20 pieces of malware from flash drives, and 6 from one CD ROM (first time I ran into an infected CD, very rare in my experience).

When people say my computer is clean without scanner proof, it is in practice true, but theoretically an infection could exist giving very little behavioral symptoms. I'm back to having a resident AV because of my activity, but if I were only surfing the Internet I wouldn't bother.

 

That big name Russian vendor actually seems to have had a lot of trouble with the TDSS family.
I definitely wouldn't draw any concrete conclusions from that particular example.
Check the ESET Forums.
Unless the Wilders search feature isn't being very generous or I'm just plain blind, they tell a different story.

I've already stated my thoughts as to why "some people (try to) avoid using AV software" and this thread is hardly going to convince anyone start or stop using it.
To each their own.

 

More security for me please. It seems av's are haveing trouble with modern malware more often now a days, and trusted sites cant be as trusted as they use to be, so im going with more protection, and a slightly slower computer.
The problem with the high speed low drag crowd is you only have to be wrong once, and kapooie.

 

Might want to give Autoruns a try. Download the .exe and run as admin. Go the Drivers tab, check to see if the driver info for eamonm (nod32 on access scanner) is still atound after the uninstall. Uncheck it in Autoruns and reboot. If you are worried you can make a restore point before making changes with autoruns.

AutoRuns link
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

 

Wow, that was unexpected! Thank you Namor, found the eamonm driver and unchecked it.

 

AV's are somewhat like a "news" it's yesterdays history today ... AV's (atleast most of them) rely on virus definitions and they are no match for 0-day malwares. I've been surfing the net (underground scenes) w/ no real-time av, from time to time, if I feel like too, I would do an on-demand scan w/ hitman pro ... never been infected. If you know what you are doing there is really no need for an AV.

 

No problem.

 

Since 2007, I use Sandboxie (Paid) and Instant System Recovery (Rollback Rx or EAZ-FIX or AyRecovery).
I open suspicious files within Sandboxie and scan them through VitusTotal.
I often scan my Setup with all known scanners: MBAM, Hitman Pro, SAS, Emsisoft Anti-Malware, Dr. Web CureIt!,
F-Secure Easy Clean, Kaspersky Virus Removal Tool, GMER, Sophos AR etc.,
BUT
they have found just Cookies in the worst case.

I realize the Psychological aspect of running a Resident Anti-Malware solution.
Most users, especially the inexperienced ones, are Not feeling Secure/Safe without a Resident Anti-Malware.
I went through that Stage a few years back (2000-2006 period).

 

Those who argue that today's systems have enough RAM to run it anyway, you're right - but that's also where the ironic thing lies. Nowadays when people are talking about the drag, the systems have always had enough amount of RAM - the ironic thing is that RAM isn't the issue - it's that the AV adds extra work for your hard drive.

Every time you start a program (which then has to read a set files to initialize), and you use a regular AV, the hard drive, which is one of the slowest components of your PC, has to not only read the program and its files, but also has to handle the scanning of the AV.

Summary of the reason for the slowdown: Hard drive has to handle both the program itself and the scanning that the AV performs.



Piece of cake, I'm outta here, and I get to taste it.