Why do some people (try to) avoid using AV software

Would this be a way to have an AV only check newly downloaded files?

 

Some thoughts:


1) The "How do you know you're not infected with malware, if you don't run an AV" argument is hilarious. Let me put it this way: "If you are running an AV, how do you know you're not infected with some malware that your AV happened to miss, seeing how no AV has 100 % effective detection rate?"

In general, it is fairly easy to verify that one is infected, but much harder, even somewhat impossible, to verify one is not infected. An AV scan might prove you are in fact infected - unless it's Yet Another False Positive - but it can never prove you are not infected. AVs miss malware, new malware in particular, so often that it's really quite sad, considering how many people rely on AV protection alone. So, how does one know they're not infected, whether they're using AV or not? The answer is that most likely they don't know, but they may have pretty good reasons to think they're not infected - such as knowing they have a reasonably safe configuration that makes infections less likely, never seeing any signs of infection like strange files in the filesystem or accounts getting hacked or money disappearing from bank accounts - and chances are pretty good that they're right about not being infected, if they have a reasonable level of skill.


2) Why I personally don't use an AV? Because it's useless to me and I won't use something that is of no use to me. What does an AV do? Well, it uses a bit of memory, a little bit of CPU time, and causes annoying little slowdowns whenever it decides to scan something, introduces kernel hooks that compromise system stability, increases attack surface in the system (AVs tend to have their share of vulnerabilities), causes random false positives that may mess up the whole system (especially when the false positive is on a critical system file) and so on. And for all that pain in the backside, what good does it do? Wow, it can (if lucky) detect some known malware, perhaps even new and unknown malware and maybe even prevent infection? Yeah, well, I can prevent infections myself, without having to put up with the slowdowns, false positives and stability issues caused by AV software. So why on earth would I use an AV? I wouldn't, unless I suddenly develop a strange desire to just mess up and slow down my systems a bit. For that, AVs would work just fine, and the free versions wouldn't even cost anything so I could screw up my systems for free!


3) You probably should use an AV if any of the following is true:
- you are willing to exchange some performance and stability for the possible increase in security provided by AVs
- you know little or nothing about computer security and either don't want to learn, have no time or have no-one to help you with the subject
- you have a reasonably high level of knowledge on computer security, but can't be bothered to use that knowledge to create an effective security policy that doesn't require AVs or other blacklist-based tech
- you can't be bothered to think before acting
- you like to run software from untrusted sources
- your system is used by other users who can't be trusted, and these other users have admin privileges on the system
- you have a history of getting infected with malware over and over again, and you can't seem to get it to stop
- you just like playing around with security software, or just happen to like AVs, like some people like motorcycles or gardening
- none of the above, but you just don't trust yourself for some reason (possible reasons, I suppose, may range from actual dementia to just lack of self-confidence or mild paranoia) or just prefer a little "extra" security for peace of mind
For users that fall somewhere inside this list, AV may be very helpful. But don't trust it to always save your behind.
EDIT: One should note that most home users on Windows would fall inside this list, and therefore probably should use an AV, in lack of anything better. Because, let's face it, most people don't know much about computer security - and one might argue that there's better things for them to spend their time learning than computer security.

 

Windchild, I am curious what your security set-up is. Have you listed it anywhere?

 

A thought:

Ever notice how the people who don't use an AV tend to go on and on about it?

 

Obviously, proving the absence of a condition is very difficult. The more salient question, in my opinion, is whether knowing that one (or hopefully more than one) anti-malware product fails to detect an infection increases confidence that a PC is free of malware. Viewed in this way, it is equally obvious that the incremental knowledge gained through an anti-malware scan is highly valuable in enhancing the confidence of a user “beyond a reasonable doubt” that the PC is free of malware.

The situation is no different in other disciplines. Failing to detect “disease X” by a physician in a patient doesn’t guarantee that the condition is absent, but the negative outcome of the test is still highly instructive and worthwhile.

 

That can be true, but no different that any other aspect of security. Everyone has thier own favorite brand of security and if they believe in it would like others to experience what they do. Apply it to just about any program really.

It should be obvious by now that some of us who don't use an AV though don't advise everyone to do the same. Why is it that going without an AV is seen as such a big deal anyway? There is no one product that detects everything or fixes everything or secures everything. So how can users of AV have contempt for those who don't when thier AV itself might not be the "best one". It is pretty silly, the idea that you need or don't need an AV or any security tool. As Rmus has pointed out many times, how can you prescribe a solution when everyones knowledge/habits/systems are so different?

I say use what you need to. If you have the urge/desire, learn more in-depth facts, then strategize and change what you do. The more info you gain, the less you might need the current offering of the day, but no amount of advertising or well-intended advice can really do it for you.

Sul.

 

Amen to that.

Truth often suffers more by the heat of its defenders than the arguments
of its opposers. -William Penn

 

My "security setup" is distinctly unimpressive. Typically:
- firewall hardware at the network perimeter, if there happens to be a network
- operating system security features, such as not running as root/admin
- security features in any other software that I use for work or fun (for example, if my PDF reader for some reason has a feature to execute code inside a PDF without asking me, I'm going to turn that feature off)
- last but certainly not least, me, or in other words, the skill or knowledge of the user
Nothing fancy. Light, but works. I wouldn't recommend it to anyone who has doubts about whether it would work for them. Everyone should use what works for them.

Yes. That seems to happen. And it might have something to do with:

a) some other people always going on and on (and on) about how everyone should use an AV and anyone who doesn't is either a fool, a show-off or reckless

and

b) certain folks always asking why certain other folks don't use AVs.

People tend to react and respond to what they see and hear. If they hear "everyone should use an AV", chances are some are going to respond with "except me, because of A, B and C and X - and because of these reasons, maybe you shouldn't use AVs either." If for years and years, masses of writers and salesmen and techies and hobbyists preach that everyone should use an AV for security, it's really no surprise that some people would point out why they personally choose not to and why others might choose not to. That's normal human interaction. It cannot be denied that AV companies, security "experts", the media and tons of folks who use AVs have been going on and on and on about how AVs should be used by everyone (including users of environments where malware is extremely rare) for far, far more, in fact orders of magnitude more, than the folks who don't use AVs have been making noise about not using AVs.

Truth is, AVs can be useful for some people, but certainly not for everyone.

Sure, increased confidence. That's exactly the same as what the use of computer security knowledge does - increase confidence of the PC being free of malware. My point here obviously being that AVs can't prove you're not infected - at best, they can increase confidence, which can be achieved without AVs, as well. Therefore the "without AVs, how do you know" argument is funny. Or sad, depending, I suppose, on one's point of view.

 

Thanks for the ideas. Funny you should mention PDF reader, I took mine (PDF X-Change) off last night because it was interfering somehow with the OS (was getting an event ID about it). Wondering now if I can avoid PDFs completely, or need to look for another reader. I've read that they are a vulnerability point.

 

Thanks! I've actually been trying applocker after seeing it in malexous' sig

 

In all fairness Max, I think the "element of holier-than-thou" is in your mind only, and nowhere else. I don't see any evidence of it in any of the serious posts here. It's really pretty simple. Some educated users simply choose not to use an AV. Nothing wrong there.

 

Quote Windchild

Made me chuckle but a lot of truth in there

Very true, and that's how they think in my experience.

 

First of all I'm not trying....I don't use any and I won't. Why? Because they're not effective enough and they'd never been just better solutions exist nowdays and I hate the idea to give system resources to unnecessary and uneffective programs that working in the background all the time.

 

I luv my AV.

 

I'm a huge fan of Avira and still have it installed as a on demand scanner but now with all the settings from PunchsucKr's sig, I feel quite comfortable and can tell a slight decrease in system lag with Guard disabled.

 

Nope.

 

I did luv my AV.

 

What was wrong with Kaspersky?

Hope it doesn't start annoying you like it has me. ;) (Recently downloaded more executables than usual.)

 

Yeah, I'm starting to think twice about having ALL of my apps on lockdown

 

In my case i'm just loving it how these files don't execute... kinda like linux now . awesome! i even tried one malware sample... all clear

And as far as avira goes, in my case over at least 80% of the times it was either sending them apps which were fp or sending them samples which were not detected at all..
Take a look...
http://i450.photobucket.com/albums/qq222/ScaryKnight/Capture-3.png
* i think the first 2 files are the same i upped twice.

And this product has one of the highest detection rates ever... in the end i just got so thoroughly disgusted i quit using it. Hence we see the inherent flaws of blacklisting...

 

Don't they know AV's are a basic staple for every PC?!?!?1 and way better than some baffling white listing approach!!!!!!!11

 

You must be new around here..

 

Why? I don't use antivirus, never have, because I'm confident that I know what's going on with my machine.

Saying that I'm not here saying not to use av. I understand on a PC most users will either because they aren't that confident with using computers or they do just for that extra insurance.

 

@J_L
@Meriadoc

It's another instance of sarcasm/irony. They avoid real-time anti-virus. https://www.wilderssecurity.com/showpost.php?p=1703320&postcount=71

 

I fall under the " I know a fair amount but dont feel its enough to not use something and i dont know anyone who is willing to help me out. There has been some help since i started reading these forums but some I dont understand even after reading up on it.. example. I now where that DEP option is but not sure how exactly to use it. I cant find forums to help with settings like that which i would trust. Its not allowed here is it? I just started using win 7 and am still learning all it offers.
I am more than willing to learn and wish to. Thats partly why i came here. But this is the only updated link i could find so until I find someone to help or a site that helps in detail I will be an AV guy.