AV Necessary?

Discussion in 'other anti-virus software' started by Guest?, Nov 4, 2003.

Thread Status:
Not open for further replies.
  1. Guest?

    Guest? Guest

    I've scaled back my internet activity (i.e. not downloading warez, unknown apps, etc) after several years of exploring the realm of the web. I was just wondering if anyone else feels that a AV is totally necessary if they were only running trusted apps, have a good firewall, and a program sandbox? The only email attachments I view are picture formats, and I have preview panes disabled. Just looking for opinions, thanks.

    I use Sygate 5.5 & the recent SSM beta. My Norton subscription ran out awhile ago, and I've just avoided running an AV since. NOD32 is the only I'd buy right now (all the others have unbearable footprints/usage), and it doesn't exactly fit my needs (web/email worm watchdog).
     
  2. libbo1

    libbo1 Registered Member

    Joined:
    May 28, 2003
    Posts:
    123
    Location:
    florida
    Sounds like ur a experienced 'puter/web user. And u probably know about many of the free AV's. And you know most answers here in a security forum will be:

    Yes, you should have a AV application. I like and use AVG (free). Virii can enter via chat, email, d/l's, safe web sites etc. It could just about be considered 'safe surfin' . . . and you reduce your risk of unknowingly infecting others in our internet community!!
     
  3. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    In my humble opinion, I would not be without an AV installed in my computer. NOD32 has a top rating - good choice. If you can't afford it, then go for AVG by Grisoft [freebie]. My Norton AV has just run out and I am in a quandry too. In my situation, I get mega email because of a club I belong to [am a News Editor] so for me, an AV is an absolute must. Anyway, you might want to try Wormguard & add the free AVG - that might suit your needs. Cheers
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    http://www.pcmag.com/print_article/0,3048,a=28345,00.asp you can get a virus just looking at pictures. An av is a compleat necesessity on todays internet. This virus is not a bad one but it was reported back in 2002 I am sure the virus writers have made progress by now.I appoligize for the dead link but if you type the whole thing numbers and all it doe's work. I fixed the link by adding "url" tags around it. If you press the quote button on this post you'll see how it was fixed so you can do it yourself in the future. LWM :)


    The Graphics Virus: No Red Alert
    June 18, 2002
    By Sebastian Rupley

    Several antivirus software makers warned last week of a new virus called W32/Perrun that is notable because it is the first reported virus to infect JPEG (.jpg) graphics files. All the attention created a buzz, but the virus exists only in labs at the moment. It does not represent an immediate threat to users.

    Network Associates, a firm that supplies security solutions, rates W32/Perrun as a low risk and is treating the virus as more of a model of how future viruses could affect graphics files than as a present threat. According to a Network Associates description of the virus, W32/Perrun "is an appending virus that requires an extractor file to extract and execute the virus code from infected JPEG files or files with a .JPG file extension." In other words, the virus requires two components to execute and become capable of infecting other JPEG files, with the extractor component being necessary to spread infection.

    Security Watch
    Antivirus Software
    Software: Digital Imaging

    According to an advisory from Steven Sundermeier, product manager at antivirus software maker Central Command, users should not worry about being infected by the W32/Perrun virus at this point, and the virus should not be overhyped: "Unfortunately, when harmless viruses that are not in the wild get hyped by larger vendors, it becomes a lose-lose situation for everyone. For us, our support technicians get bombarded with information requests from worried customers—over a virus not seen outside a virus lab. For an unknowing user, it adds an unnecessary level of panic and usually involves an expensive support call to their vendor. With no means of fast distribution (lacking mass mail capabilities, not network aware, etc.) and needing two components to successfully execute, users have nothing to be worried about with W32/Perrun. Without both parts, W32/Perrun is the equivalent of a gun without any bullets.
     
  5. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    My (non-expert) opinion is that if you are running any version of Windows, and you are connected to the Internet, you absolutely should run anti-virus software. If you also use email, that adds one more compelling reason.
     
  6. Guest?

    Guest? Guest

    That's half my opinion anyway bigc, the AVs are always playing catchup with real threats (innovations), or even created by such companies.

    Since I've started with McAfee in '95, on AOL, I have yet to have an identified virus that I did not download intentionally (Napster, etc), and even then it was a major ITW infection such as Sub7; that my current firewall/sandbox would stop. Norton, KAV, F-Secure.. I've tried them all, they just keep getting bigger, more expensive, and takeover the PCs resources to such a point that some legitamite programs recommend disabling AVs while running them. I do like NOD32 though (ran a trial recently), if only it was a freebie :D

    The firewall & sandbox however, I would not compute online without anymore.. MS exploits are getting ridiculous.

    Anyway, just wondering how many people thought I've totally lost my mind ;)
     
  7. Stranger

    Stranger Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    9
    Certainly a lot will differ, but contrary to widely held sentiment especially by the av industry and security consensus, no, it is not sacrilegious to not have an av, especially an on access av running all the time particularly if it's just a single user pc. Part of it depends on what date is stored in the system, if there's a backup, and on the user's awareness of "what normal" processes should be running in the system.

    A large portion of the most virulent viruses out there exploit holes in popular broswer and especially email clients, and the propensity of users to download and click on anything left and right. In general they often come in the form of email attachments and executables. Like with anything there's a risk but one can get by running swf or a process manager and supplementing that with an on demand av scanner only. What has to be kept in mind though is that if you choose not to run an on access av you have to more mindful of and from time to time monitor the running processes in the system, and it can be done.
     
  8. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    You speak a lot of sense. I fully agree.
    You do need on demand scanning though.

    The problem with onaccess virus scans and antiviruses in general is that it breeds this sense of over-confidence that overrules common sense sometimes

    "hmm this funny looking attachment just came in with the dangerous extension pif,from somebody I don't know, with some lame one-liner that says" this is the document you requested" just came in. but my antivirus didn't kick it, so let's see what is in it "

    Of course it just happens this is a new strain only hours old (nowdays this is very common) that your antivirus can't detect yet, and you are nailed.

    I have seen this happen in many help forums, where some obviously techno savy guy admits he smelt a rat but was curious and after scanning he didn't find anything, so he opened it.

    viruswritters 1, commonsense/ antivirus 0
     
  9. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Lwm I appreciate that, I have learned something at wilders today. Of course that happens every day :)
     
  10. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Count me among those who will differ. There was a time when I was of the same mind, but the realities of a computing world that centers around Win32 have since come clear to me.

    Consider that any application, even a popular, innocuous application like Winamp, can have a vulnerability that allows for code execution to take place. And, of course, there is an endless string of buffer overrun vulnerabilities like this one in Windows (which happens to be directly related to the Winamp flaw; but there are a slew of similar bugs).

    The response to this is always "I patch immediately", but Microsoft is famous for botching patches. Several of their recent patches either failed to truly correct the problem they were supposed to, or the patch corrected one problem, but overlooked a different--but very similar--problem (this is what happened with the initial patch for the MSBlast RPC exploit).

    Before telling me that I am full of it, lets review what the aforementioned article says (I have paraphrased here):

    Unless I am misunderstanding this issue, you could obtain a virus, worm, or trojan simply by hovering your mouse pointer over part of a web page. Maybe an anti-virus utility will protect you in this case, maybe it wouldn't. But I'd rather err on the side of caution. No one is "too k3w1" for anti-malware utilities.
     
  11. Guest?

    Guest? Guest

    Ya I heard about the header exploit, a long time ago.. but unless I have errored my knowledge, don't buffer overruns inject code that could be stopped by a sandbox?

    I didn't say I was too cool for it, but I am too cheap. I'm not running a corporate payroll, so I don't really see the need to pay for a flawed or excessively layered security model.
     
  12. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I don't know about the sandbox issue. I do know that all security is flawed to some extent, though no security system is too layered, unless it becomes too hard to manage or involves too many trade-offs.

    And what you're saying is that anti-virus utilities present too much of a trade-off for your taste, and I can completely understand that. It was only a few days ago that I made inquiries here about free and low-cost anti-virus solutions, because I was sick of problematic and overpriced software.

    And my experience is that anti-virus utilities cause far more problems--and far more serious problems--than the malware they supposedly protect me against. I guess I'm banking on it actually being worth it someday.
     
  13. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    A sandbox certainly does complicate the question... The heart of my security is first and foremost the Tiny sandbox (Tiny Trojan Trap). It is central on my system because of the power of it. Next in importance to me if my firewall, yes for the usual blocking of the open services ports (XP here) from Internet connections, but also for the now rather indepth application controls. After those, I'd say anti-virus comes next for me. Consequently, I use AVG6 Free as my resident AV. It is enough based upon the previous software, plus a handful of lesser security apps and rather tight security settings within my OS and apps.

    I do have F-Prot for DOS for on-demand file scanning (just to scan specific download files). Because of these factors, I don't use an Anti-Trojan or any of the more powerful resident AV products.
     
  14. Stranger

    Stranger Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    9
    Consider that any application, even a popular, innocuous application like Winamp, can have a vulnerability that allows for code execution to take place. And, of course, there is an endless string of buffer overrun vulnerabilities like this one in Windows (which happens to be directly related to the Winamp flaw; but there are a slew of similar bugs).

    It's true, there's a large number of windows components that are vulnerable to a hosts of buffer overruns and auto executions - just clicking on a specially crafted html page or link is enough to prove that, but at the moment a good number of the top virulent viruses uses attachments and flaws in the way email in connection with browser clients to render and interpret data as a preferred method of delivery.

    Is an antivirus necessary? that depends on the individual and host machine in question. But to proclaim that an antivirus especially an on demand scanner to be running all the time - is imperative - as been preached by certain segments of the security industry is questionable. It's a risk management issue, an antivirus is not a security panacea, if that was the case hundreds and thousands of windows clients out there would not have contracted the latest outbreaks, at best it is a supplement protection and it should be treated as such.

    The security of a machine always and will center with the hardening of the OS and various internet clients and applications first and of course the user's awareness. Now don't get me wrong i'm not implying that one should go out and not run an av, if one thinks it's necessary that's fine, but it's just a part of the various methods to protect a machine.
     
  15. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Then I fail to see where we disagree. ;)
     
  16. surprised

    surprised Guest

    A resident antivirus shield should be on every computer connected to the internet... it is your first line of defense (but not only defense).

    If you choose to run all kinds of *fun* software on your computer but neglect to run a resident AV, your computer should be considered a Typhoid Mary. Saying that all virus software isn't 100% perfect is not a good excuse either.

    In the end it is your decision to make but understand that there are viruses that can virtually destroy a computer. Unless you are on the corporate payroll, a computer costs considerably more than an antivirus.
     
  17. libbo1

    libbo1 Registered Member

    Joined:
    May 28, 2003
    Posts:
    123
    Location:
    florida
    Like i said (implied) in my 1st posted response. Guest is no stranger to this issue! He has posted a rhetorical ? as he knows what is best for him/herself. The discussion though is good education for all of us! :D
     
Loading...
Thread Status:
Not open for further replies.