Why use an AV?

AE can't set and forget. Because you won't be able to install new software.

 

No, not joking. I don't really care about all the technical aspects of all this, and don't spend any time trying to learn.
Personally, I think there are those who are in truth self-deceived as to their expertise, and are critical of everything and everyone who takes a different view.

Years of people using AVs and not being infected has shown the worth of such applications, and to say they are not effective or are worthless is simply nonsense.

Each pays his money and takes his choice, so do as you will.
As for me I am OK with what I use and it has kept me from being infected for at least 15 years. I also don't have to make an image every time I want to download something or change AVs.

Not sure what else I can say so I think I will leave this thread.

Regards,
Jerry

 

Or..., you can whitelist a folder to install a new software. That's what I did when I was still using SRP/AppLocker. I made a folder where I put my installers and run it from there.

 

So you saying I could lock down entire computer with exception of Program Files folder? That way malware can't install itself. Very clever. I stand corrected.

 

I don't have enough sleep so there's a possibility that I misunderstood your post, sorry about that.

What I was saying is that you whitelist Program Files & Windows folders, because it's necessary (and my Games folder but that's out of context now). Then, I created another folder which I renamed as Transit. I put those three (alright four) in the whitelist, so unless an installer (be it malicious or legit) could magically copy itself to those folders (which is harder to Program Files and Windows since I had UAC enabled at always notify and under LUA), there would be no installation.

 

Uh oh, Jerry....you're sure to have riled them up with that comment! Even though I agree with you, you're asking others to look in the mirror for self-examination...and that, my friend, is a tall order. I've found that many people are quick to criticize OTHERS...but once that is pointed out to them, they quickly go into self-defense mode and start attacking the messenger.

Probably the best idea for everyone involved here, truthfully....although we all know that some people always like to have the last word. Especially those who consider themselves the "so-called experts".

 

And what about EMET, hardware DEP, SEHOP and ASLR?

 

That's true to some extent (the antiexecutables). But, that means two things, you're only using Path rules and only install software at system level (Program Files).

But, if applications that you need to run are installed to user space, then the type of rule to be applied should be Hash rules (I dislike Publisher rules.). This means that, whenever there's an upgrade to the application, you also need to create new hash rules.

-edit-

Also, some installers place temporary dlls in user space (I've seen cases where I need to do it so.). You need to create rules for it as well.

 

Why is knowing how exploits work mandatory to prevent them? Heck, whenever I look at most of the exploit code ... Sure, if someone is developing security applications, for sure one should know how they operate, but the rest? Unless one digs this kind of thing as a hobby.

The common mortals, all they want are tools/means to help prevent them. DEP, ASLR, etc., Microsoft EMET, web browser sandboxes, etc.

 

Agree, let's use this opportunity for open goal to say the last word as a self proclaimed 'so-called' expert:

IMO when a thread elevates to self reflection/philosophy . . . .

It is has crossed the bounderies of OP's original question en is well beyond the life time of a thread, so
MODS .............PLEASE CLOSE..........

 

I've had to use a real-time Anti Virus for the first time in about 4 years, because an application no longer works with Sandboxie. It's kinda strange how I've slipped back into thinking the AV has got my back and wont let me down. I dropped an AV because I thought they're an old and unreliable technology, I'm using KAV, btw. I have to say I have been impressed with the security features in KAV. Maybe they're all just feel good factors? it feels safe.

 

Some folks say they don't need an AV. After all they haven't been infected in years, and their AV never stops anything. I haven't gotten a virus/trojan since 1998 when I was checking out a porno site. I still however, have an AV. My reasoning is this. I'll bet everyone here has had fire insurance on their home for decades, yet none of us has had their house burn down. OK maybe one of us. Yet every year we cheerfully pay a few hundred dollars to renew our policy. We do this because you never know if your house will catch fire. Same thing with an AV.

 

There might be incompatibility issues, though if you can make it right, it would be very powerful indeed.

Or..., we can make it back on track so this thread won't be ended up like any other similar threads. C'mon now, I started to see this thread to be different.

I love freebies.

 

https://www.wilderssecurity.com/showpost.php?p=2230427&postcount=30145

Avoiding blue screes caused by real time antiviruses is one of the benefits that I get out of not using scanners.

Bo

 

1. Not all AVs cause BSOD.
2. Not only AVs can cause BSOD.

 

Current AV's offer much more than just traditional signatures and engines but the above is what AV's don't offer. And EMET is above most users comfort-level, I'd say.
Also, keeping your sw up-to-date is often not watched by an AV (I know Avast offers an option for this (for some high-risk programs) perhaps other AV's also). Updating requires a different mind set than 'My AV should deal with ~ Snipped as per TOS ~'.

Everytime this kind of thread reappears; Do I need an AV/Can I go without an AV/etc, there are two sides; one considering the general user and who thinks "Hell No!" and the other side, considering the security software afficionados and who thinks "Sure, some folks can certainly go without". When both sides don't have the same user in mind, the thread always goes haywire.
It's unfortunate that folks clash just because they have a different audience/user-group in mind.

PS Whenever someone asks 'Can I go without?', I think the question itself is reason enough not to abandon an AV.
PPS On most of my boxes I use a real-time AV.

 

Seriously.... any software can cause BSODs, including virtualization such as SBIE, SD, DF, etc...

 

The reality is that unless you get a BSOD from having two AVs with real time protection installed, it is extremely rare to get a BSOD from antivirus software.

Sure, occasionally some AVs have bugs which cause BSODs in certain situations. But this is very rare, and certainly not a valid argument against using AV software.

 

The thing is, a computer is a tool not a pet. You don't have any extra responsibilities owning or using one. You could argue that computers can be dangerous to yourself and others financially, socially, etc. and should require some kind of license like automobiles/guns, but that is something you have to prove worth restricting.