Same here, as concerns the no stress part. If we're talking stress, I would be more inclined to have it due to NOT running a real time AV. But I understand Bo and some of the other guys saying an AV can cause stress... MBAM messed up one time pretty bad and lots of people got stressed, to put it mildly. Sandboxie and Macrium Reflect have been my major stress relievers. The AV is a secondary layer, albeit one I choose not to lose.
If what someone else uses mattered to me, I wouldn't be using this OS, PC, or any of the security apps on it. Any more, you can't find a manual scanner that doesn't require a half dozen processes. There is no good reason a manual scanner needs to add services. IMO, AVs are becoming a liability and a prime target for exploitation. If someone still made an AV that wasn't bloated all to hades, didn't embed itself all through the system, and didn't consume more resources and RAM than the OS itself uses, I'd still turn it down. Reasons: They only catch about half of what's in circulation at any given time. They won't leave my batch files and scripts alone. What they call PUPS, I call tools. Leave them alone. Several of them are adding anti-piracy features. If a file on my system isn't malware, it's none of their business. I won't tolerate being searched by an app that's supposed to be protecting me. Anyone remember Blue Frog, the spam the spammer software? A huge DDOS attack helped knocked them out of business and took half the country offline. If I'm remembering correctly, they couldn't find the malware responsible for the attack. Later they found the attacker had exploited Norton Internet Security and used it to launch the attacks. IMO, a security package should stand on its own. Making it dependent on the internet or cloud servers only serves to increase your attack surface in ways you can't mitigate. One of Windows greatest liabilities was exposing its core files to the internet. IE6 was a security nightmare for that reason. Why is this acceptable for AVs?
Thats the norm and should be the norm. In my personal case, stopping using a real time antivirus was not something that I planned or gave it much thought. After using SBIE for about a year and a half, I knew it could be done and I could see myself doing it but I didn't think about it. But one day I got fed up with my favorite antiviruses (more than one) changing what I thought was perfect and when MSE 2 came out in Dec 2010, I didn't like it right away, so I uninstalled it and didn't replace it. It felt normal and just kept going. Later, in Dec 2011, I did the same with OD scanners. I decided to not have them installed in my system. I feel better that way. That doesn't mean that I don't run any scans, I do run scans, that's one of the reasons that I use Shadow defender. Sometimes I put my computers in Shadow mode and install MBAM and HMP. I like both of them and believe in what they say. And every once in a while I also run Emsisoft. But when I get out of shadow mode, they are gone. The best part of what I am saying is that its really easy to do and you dont even have to be a computer guy. I am not one. Bo
All well and good and understandable, however, I was actually referring to the other way around... guys who think others should use what they are using. That is slightly different than what you are describing, n_p. What a great point! What’s good is bad, what’s bad is good, plain and simple. You make a mess of good point, n_p.
No, you're just humble and modest. Your knowledge and skills exceed that which you appear willing to describe.
I haven´t been running a realtime (or on demand) scanner in 6 years. It´s mostly because they are too bloated, slowing down my PC. I have been relying on VirusTotal, the best thing since sliced bread. Now that I have a faster PC, I consider using Avira or Avast Free, but only for on demand scanning, realtime is not necessary, IMO.
I don't run a real time AV. The reasoning behind my decision is : If my current setup (see sig) won't stop a virus /malware, an AV won't either. Not worth the performance penalty and extra bloat IMO.
And their hardware, anything with an SSD will probably be unnoticeable unless that AV is really screwed up.
Perhaps so. Few years ago I used Antivir and it didn't made my system crawl. But there was a noticable performance penalty. Of course, if I skipped scan-at-read and only used scan-at-write the penalty wasn't really there. Are things different today? Edit : I'm trying to remember hard but last time I used a a real-time AV, it blocked a potential infection - only once - and the malicious code was delivered by malicious /hacked ad servers. Come to think of itm I think Adblock would have stopped it!
I'm actually wondering if SRP can help to prevent the exploitation of AV software. I might reconsider to back to using one again. My current setup makes me feel so lonely lol.
I'm not sure that one can restrict an AV and still expect it to function. You can't restrict its access to any of the disk, file system or the internet. It has to be able to launch and terminate other processes. It has to be able to update files, add new files including executables and run them. It has to be able to shut down and restart the OS. The policies would have to accept and allow the AVs executables regardless of their file hash. Quite some time ago, I tried to configure SSM to allow an AV to function and update automatically. I had to allow its executables to do pretty much whatever they wanted just for it to function. In order for auto-updating to work, I had to disable integrity checking for all its executables and rely solely on the vendors signature. In the end, I concluded that AVs aren't compatible with classic HIPS unless you severely weaken the HIPS ability to control the AVs activities. Making auto-updating work required allowing the AV to be able to launch new and unknown files at will. AVs have become more complicated and invasive since I last used one. It would be even more difficult now to restrict one than it was then. While SRP don't allow as tight of control over executables, a lot will still apply. IMO, AVs in their present form can't be restricted or confined to any substantial degree and still function. If an attacker can compromise an AV, they basically own the system it's running on.
Yes that too, we all know that there are some pretty bad choices out there, even you know that I think after that terrible experience you had not long ago.
I've been using AV+HIPS combination in past and usually had to grant AV almost all rights. When it comes to updating, it all depends on AV. Some AVs (like Nod) don't release many component updates, so usually only AV database gets updated (integrity checking on AV files doesn't have to be disabled). Some others update their components (exe, dll files...) more frequently and need more rights to successfully update. In that regard I've found ESET really "classical HIPS friendly". Just allow ekrn.exe full rights and that's it. hqsec
I can't really answer this, of course all AV's have one goal to keep malware out. And sure since you used AntiVir, AV products has become more advanced, and more effective, and are no longer just a signature based product.
The program itself was not really that bad. I didnt notice any effects on system performance BUT when i did a manual scan . . . the whole OS froze, i had to use the reset button.
Been using Bitdefender AV+ since the 2013 version & have never really had any issues with it, so light I hardly notice it at all, Comodo firewall is used for HIPS.
Yeah, today AV's are more like a total package. HIPS, FW etc. For me, a weekly on demand scan is working well.
I was more thinking about how your PC behaved after uninstalling it with the long shutdown times, or was it boot time that took forever I don't remember
And they're usually found in the IS and users that don't want/need them can go with the more simple AV only product, but some vendors have started with "Total bloat suites" products with features I don't want or need in an AV. backup, system performance tools, browser cleanup....it never ends. But thankfully there are still a few vendors that think once and twice before they add unnecessary features like this. Several vendors needs to go "back to the roots" and stop competing with backup companys, and programs like CCleaner.
Hahahaha you have a good memory even i forgot about that . . . Yeah, after uninstalling it i had problems booting and shutting down. Took over 5 mins to shutdown and sometimes would not boot up properly. Also had some serious problems with the browser that it would not render some websites correctly. I had to refresh a website 5-10 times in some cases. Everything is fine now because i finally purchased a new HDD and formatted it.
