Why do some people (try to) avoid using AV software

Discussion in 'other anti-virus software' started by 3GUSER, Jun 27, 2010.

Thread Status:
Not open for further replies.
  1. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    That sounds ideal, but I am not finding a download manager on IE8, but I am still looking.

    And I have already set up MBAM (paid) to auto-update and auto-scan. Just need to find that download manager and hook things up.
     
  2. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    606
    Location:
    Cleveland, Ohio USA
    There should be third party download managers that will work with IE8. Just do some Googling.
     
  3. T-RHex

    T-RHex Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    152
    Don't most AV products have the ability to disable on access scanning and just scan files downloaded via browser or email? That would remove the "real time AVs are a resource drain because they scan every file access" argument.

    And something else I don't quite understand: for those in the "no realtime AV but I scan once a week/month/whenever", what's the point? Either you're not trusting your security setup/browsing habits, or you're going to find something long after it's been running (if it wasn't blatantly obvious). Sure, you could argue that you could then restore a clean image and it's gone. But what damage has it done? Will you ever know?

    I see it as always leaving your house door unlocked (to continue an above analogy) and once a week checking to see if someone's been through the house. And if you find subtle evidence someone was there, you'll always wonder what they did...
    The rope might be fine, but won't do a thing if the anchor is weak.

    Luckily most malware seems to be obvious once it infects the system (correct me if I'm wrong, I don't read all the security journals). And blatantly obvious too, if the fake AV products are any judge: misspellings and glaring errors that neophytes can pick out, never ending window popups, etc. What happens when they go stealth or incognito and the malware popups look just like OA or ESET or KIS?

    And I'm not saying there's anything wrong with going nekid (with no AV) for those who know what they're doing. However, if you know what you're doing and you eschew realtime AVs, why use them on demand? Unless you're in transition, that is, and still testing out your security setup. But if on the one hand you argue AVs are useless because they can't catch all threats, then on the other you say you run scans on demand ... to not catch all threats on demand ... :D
     
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Why should I not submit a file that I download to an AV testing house? Just because I don't need to run with an AV on 24/7 does not mean that I am brain-dead. AV has its place, and can be of service. Whether or not it is something I rely on everyday is different from whether I choose to be wise and employ one when I feel the need.

    AVs are not use-less, but they certainly could be used-less if you know what you are doing.

    Sul.
     
  5. T-RHex

    T-RHex Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    152
    Ha! Good one.
    No, my questioning was for those who run weekly/monthly system scans to test stuff that's been sitting on their system for however long. I see nothing wrong in treating any newly downloaded file with suspicion. I certainly do: for some software I download it from at least 2 different sources and do a binary compare. Makes me feel that much better when installing it that I didn't hit a fake link.
     
  6. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    I have my own answer to your question. I use scheduled on-demand scans with a two-stage plan in mind: 1. try to get whatever slipped by off the system before it causes harm, then research it to see how dangerous it is, to see if there are other steps necessary. 2. if that's not enough, hit the panic button, just bail out, and re-install the system image.

    A couple of days ago, a trojan got in because I trusted a game demo from a company with a good history, and I let it out of SBxie without checking. My fault, but the OD scan found it later, and got it out. Stage 1 was enough that time, but now I think I need to tighten things up a bit. An on-demand scanner that would kick in with a new download would be great. Maybe I already have one and don't know it yet. Going to look further into this.

    edit: Found a pretty good solution: a right click on a new download brings up a 'scan with MBAM' command, which can quickly scan what's in the folder. While it is not automatic, it is easy enough.
     
    Last edited: Jun 29, 2010
  7. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    I have been thinking about the topic of this thread ever since I started reading Wilders a couple of months ago. My impressions may be based on the reality of the AV situation, or maybe not.

    AV's are the past, there is no way they will keep up. They feel cracked at the seams from trying to handle the exponentially increasing onslaught. I have tried about a dozen AVs now, and most of them feel bloated and intruding too much into the OS.

    AV suites are probably still a necessity, but my guess is there is something new coming, and that we are already experimenting with it. Someday it may be invisible and incorporated into the OS so seamlessly that it can be used by anyone. But for now we are patching it together. The future has got to be virtualization and imaging, if for no other reason than the damn bots will learn how to replicate without exactly duplicating, and then it will all be zero day.
     
    Last edited: Jun 29, 2010
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Same reasons here, https://www.wilderssecurity.com/showpost.php?p=1703456&postcount=9124
    only I still have a sleeping AV (Avast) which is activated by the OS through Group Policy or Registry tweak (ScanWithAntiVirus set to 3).
     
  9. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    ok, would this be using no realtime AV.;)
     
  10. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    What i have seen using an av (which i have now given up on) is that no av is perfect (which has been repeated over and over again :p )... in the end its the user's practices which come into play. period.

    The last malware which was able to execute itself on my system was last nov by my sister, why?--because avira missed it and the exe had a folder icon. I did not have sandboxie installed at that time, neither did i know my cpu supported hw DEP (until today!) so it was disabled, thanks to certain manufacturers' policies to have it disabled in the bios by default and give it a name like 'execute disable' (MSI). At least it would have been some protection against it.
    No question of a HIPS... she would've just allowed everything. :D This malware in question was from a flash drive from a friend.

    Since then, rather than depend on the av to flag such files, and have her trust everything that wasn't flagged by these imperfect av apps, i've instead taught her how to recognize such fakes, and just set sandboxie to run everything off these drives.

    Talking about user stupidity, recently my elder brother was ready to click on the "i understand the risks take me to this site ..." link on the malware alert page by firefox just because the site in question was a reputed site he used to visit often... Good thing i was there... so in the end it just comes to user decisions and ~60% protection against 0 day threats isn't really good performance from the safety point of view..

    Hence safe browsing practices and some sense go a long way instead of trusting these resident av apps.

    Drive by infections are anyways a thing of the past now... i remember from the days i first got my first computer some 6 or so years back, norton just used to disappear abruptly while browsing the net (wasn't anywhere near safe browsing practices)...lollin now..:D

    I now believe taking a few precautions and enabling such options that i have in my sig are enough protection for me.

    Just my 2 cents.
     
    Last edited: Jun 29, 2010
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    nah, feel nakey without a AV.:cautious:
     
  12. stratoc

    stratoc Guest

    i have to say, with the tests i have done i don't think most av products are worth the bloat and some of them are frankly shocking. all the pc's i clean have got loads (far too much) security software installed that usually did nothing. If you use warez and torrent be very careful, i have yet to see antivirus stop most of the bundled fake malware trojans that come along for the ride.
    i think sandboxing, back ups and common sense are the future.
     
  13. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    It actually makes sense to only use an on-demand scanner, even if people here give wrong reasons to justify it. The reason is that basic security practices is more than adequate to secure you if you know what you're doing, but they are not as effective when you need to introduce new software into the system. Having a resident AV in the background constantly rescanning a clean system is pointless, but invoking an on-demand scanner to get a second opinion on the stuff you're about to let loose in your system can be a good idea.
     
  14. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    U have just shed new light on the scene... the constant rescanning..! just imagine how much energy could be saved worldwide if av apps weren't necessary for anyone.! ;)

    The latest malware i came across about a week ago, again a flash drive, it was me who detected it and sent it to MS (i was using MSE which missed it).. so when *more often than not* the reverse happens why should i use the app!? :D

    btw they promptly added it to their db within 12 hours.
     
    Last edited: Jun 29, 2010
  15. T-RHex

    T-RHex Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    152
    I must admit this thread has given me some things to seriously think about. I've taken the "install AV realtime product, setup, ignore" approach for so many years mostly because I hadn't realized there were alternatives for a possibly better secured system. I'm not saying I'm going to suddenly jump ship and dump the AV, but it does have me (re)thinking about system security as a whole.
     
  16. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    You just need to keep on saying to yourself over and over again "We don't need no anti-virus." Or, if you like to get your thrills by free climbing, you can tell yourself that the AV slows you down like carrying that heavy rope that you never need.

    After all, as doc77 points out, the AV checks all your disk reads and writes, and your disk is slow (because you can't afford an SSD). So, that slows you down. If you didn't have the AV, you wouldn't have those pesky, slow disk reads/writes, would you? Mmmm...

    Never mind:
    AVs are for wimps;
    AVs are for idiots who don't know how to set up a secure PC;
    AVs are for idiots who run Windows outside a VM;
    Avs are for boring, ordinary folk.

    I'm not boring! I'm not ordinary! I don't need no anti-virus! I don't need no thought control!

    And then, oh my God, I just heard that the kids next door have got swine flu. Anyone know where I can get some Tamiflu, fast??
     
  17. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    830
    Location:
    Ireland
    Anti-virus companies have been employing technologies to combat this. Norton has 3 options:

    Whitelist of files never to scan.
    Caching of files already scanned.
    If I understood the option correctly, 2011 will have the option to not scan files of a certain type (Norton's choosing).

    As long as there are vulnerablilties in the OS and programs, I think anti-virus will continue to exist.

    I am currently running without an anti-virus real-time but like others I use anti-malware to scan downloads.

    As soon as solutions such as Sandboxie, GeSWall, etc. become widespread malware writers will start to target them and the need for programs to detect (anti-virus) the malware will continue, at least, for the average user.
     
  18. DHCPme

    DHCPme Registered Member

    Joined:
    Jun 29, 2010
    Posts:
    5
    Thanks PunchsucKr! I like your sig setup so I'm borrowing it on my machine. Feels good man.
     
  19. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    Glad to help m8!! :) But there might be some better ones here in this thread itself, basically adding applocker to the mix.
     
  20. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    To make such blanket statements on a forum serves no useful purpose, in my view.

    Without knowing the user's computing habits/daily use situations, one cannot offer constructive advice.

    Many, including myself, have spoken to the many weaknesses in depending on AV as the sole security protection, but that is different than writing it off completely for everyone.

    I'm helping a friend set up a new laptop for his granddaughter for college next Fall. Now, she is as computer/security savvy as anyone I know. She will be in a different environment on a campus, including connecting to/downloading files from the campus network.

    She doesn't presently use an AV program, but we are installing one on the laptop as extra insurance.

    Being a rather good-natured person, she would probably just smile, I'm sure, at being labeled a wimp, idiot, boring, or ordinary!

    ----
    rich
     
  21. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    Agree with you Rmus.. those statements are uncalled for.

    Btw DHCPme i've now added Applocker as well and so far its been great.

    Now i don't know why i'm using sandboxie though.. :D
     
  22. progress

    progress Guest

    If you want to donate some of your ~ 125 licences please feel free to contact me :)
     
  23. ALiasEX

    ALiasEX Registered Member

    Joined:
    Mar 30, 2010
    Posts:
    240
    @Rmus
    @PunchsucKr

    Was MaxEntropy not being sarcastic? After all, they use Kaspersky.
     
  24. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    Did you ever hear the word 'irony'? It sometimes serves a useful purpose, in my view.

    The OP asked "Why do some people (try to) avoid using AV software?"

    We can't get inside those people's minds, but we've been given some reasons here. An element of 'holier-than-thou' makes them fair game for a bit of parody, in my opinion.
     
  25. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Yeah I am sure you are right. And my saying AVs days are numbered is probably utopian or just silly. After all, using an on-demand scanner is still using an AV.

    On the other hand, Windows 7 includes a lot of built-in security that has no noticeable impact on actually using the computer. Maybe things will move more in that direction.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.