AV Yes/No

Discussion in 'polls' started by Rico, Nov 15, 2008.

?

Do You Use An AV

  1. Yes I use a real time AV

    94 vote(s)
    82.5%
  2. No I do not use an AV < why >

    20 vote(s)
    17.5%
Thread Status:
Not open for further replies.
  1. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,701
    Location:
    Texas
    Do you use an AV?

    I may go AVless
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    "No I do not use an AV < why >"

    There are two ways malware gets installed:

    • Sneaking in by remote code execution

    • When a user chooses to install something that happens to be infected.
    The first method has bypassed AV so many times in Zero-day exploits that I find it to not be reliable. A recent example:

    Adobe Reader Vulnerability - part 2
    http://isc.sans.org/diary.html?storyid=5321
    There are other defenses against the remote code execution attack, which, IMO, is the easiest to defend against.

    In the second method, when choosing to install a program and the user scans with AV, the user is relying on the AV to detect if the program is indeed infected.

    I find relying on my own instincts about what software I choose, and from where I obtain it, to be just as effective.

    I'm not advocating that others not use AV, because computer security depends on many factors, and most importantly, on one's approach to developing a security strategy -- and then, selecting products to set up a defense.

    If a person frequents sites where the likelihood of encountering malware is high, then various scanning products might provide some sense of security, but again, maybe not. See this thread:

    https://www.wilderssecurity.com/showthread.php?t=225003

    This is not to single out this person, for there are numerous examples if you look at the hijack forums, where people who say "my ________ program was up to date" are asking for help in removing malware that the security product did not detect.

    ----
    rich
     
    Last edited: Nov 16, 2008
  3. Minimax2000

    Minimax2000 Registered Member

    Joined:
    Jun 11, 2006
    Posts:
    204
    Location:
    Switzerland
    I voted Yes because I rely on a balanced and layered approach.

    That means having

    • Common Sense
    • Real-time Antivirus
    • Classical HIPS
    • Sandbox
    • Firewall
    • Latest OS and Program Updates
    • Backup Strategy
    in place.

    But everyone has to individually answer this question for themselves. :)
     
  4. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I agree with Rmus, AVs are not going to save you if you are relying only on their detection capabililities. I have been for more than a year without an AV without any problems, and because of my layered 'recovery solutions' and common sense, I don't think I need one.

    I have however reinstalled an AV simply because my computer for working reasons it is exposed to physical access(flash drives are the most infected creatures ever), therefore a program that warns me about what I can save to disk and what not, makes my life easier(I know new threats can get through).

    Computers are so powerful nowadays, that running an AV has become more a matter of principle than sheer performance issues.
     
  5. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Just call me old school. I too believe in a layered approach which includes use of an AV.

    While zero day exploits are of course a primary concern there are plenty of old threats still out there. Much like human epidemics in pre-vaccine days they have not gone away but have been rendered all but non-issues due to vaccines for humans = AVs` for PCs`.
     
  6. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    I voted no. I see no need for a antivirus.
    I run Vista 64 as a limited user with Software Restrction Policy, Noscript in firefox running as basic user, outgoing protection in firewall and I use common sense (ie no cracks or warez). I run some on demand scanner now and then when I remember.
    Lately I have installed Norton Antibot. Mainly because I have a free key for a year and since it has no impact and (theoretically) will alert if some bad things gets past LUA/SRP. When Prevx Edge is 64 bit I will try that.

    I agree :)
     
  7. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    No - why ? Because Real time AV is just like "having a broken pencil"
     
  8. wat0114

    wat0114 Guest

    Yes, because NOD32 2.7 provides lightweight, barely noticeable impact system performance. It once flagged a suspect wallpaper my daughter wanted to d/load, so though it and other avs might not detect everything, it will catch probably the majority of nasties so it forms part of my layered approach along with HIPS, firewall and limited account settings, including a reduced services profile.
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I'm curious as to what made it "suspect."

    thanks,

    ----
    rich
     
  10. Beavenburt

    Beavenburt Registered Member

    Joined:
    Dec 17, 2006
    Posts:
    566
    Not as such. I don't run on-access, however I do run occasional scans with drweb cureit. Never finds anything.
     
  11. gaslad

    gaslad Registered Member

    Joined:
    Feb 18, 2007
    Posts:
    116
    Location:
    Toronto, Ontario
    I vote yes, even though I've never been infected, and my various AVs over the years have never flagged anything.

    To my way of thinking, it's like using a seatbelt. I've never had an instance where it saved me, but I wouldn't drive without it.

    What is the downside to using a resident AV?
    - Cost? There are several excellent free AVs: avast! and AntiVir spring to mind.
    - Resource usage? Perhaps a factor if one uses suites, but the foot-print of many standalones is small, and hardly an issue with todays fast CPUs.
    - False positives? The recent fiasco with AVG detecting "user32.dll" is a good example of this hazard. (Mind you, AVG is not a product I would recommend.) Solution: when your PC is working well, don't look for trouble by running unnecessary scans.

    In short, there is no downside to using a resident AV. It is not a cure-all, and will not protect you if you do not practice safe surfing. But I am glad to see the vast majority of respondents to this poll use one. My congrats to those of you that do not- may your luck persist.
     
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I voted yes which is out of character for me since i have long placed total trust in the reliable combo of a tightened rules based HIPS with a more newer innovative Behavioral Blocker which happens to be MAMUTU for me.

    One thing is perfectedly clear, SAS & MBAM are in a class to themselves and always improving, but there are materials in some viruses that will never show up in any AS scan and if the same happened to even for a fraction of a microsecond zipped past or even subdued your HIPS for a flash in time, chances are a reliable long experienced AV can at least indicate a trouble file is been identified.

    There will always be something new that escapes them all at some remote point in time, but recently i become more confident in trusting AV's again especially since they've stopped gumming up operating systems and the ones that give a user the choice to quarantine or not.

    EASTER
     
  13. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    No.

    No need for an AV if using Sandboxie let alone Returnil and Ghost Images as backups.

    Latest rogue - Internet Antivirus Pro installer results below.
     
  14. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    No absolutely not, I don´t need brakes. Only for testing purposes from time to time.
     
  15. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
    Absolutely Yes.

    I feel not at ease without one.

    A little paranoia is a good propeller in life ! :D
     
  16. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    I voted yes, since I use my resident AV mainly as some sort of a last-line "expert" adviser when installing/running executables on my system. Using an AV is still a well-tried security method that works very well for most target users.

    /C.
     
  17. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
    Yes.

    A multi-layered defense need a lot of layers :D , av is one of them. Fw another, HIPS and sandboxing another again, sure. It's the reason for we call it " multi-layered defense ". :)
     
  18. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Briefly and concerning my everyday Windows machine, no av, I don't need it. I know what's on there and what I'm gonna put on it.
     
  19. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    No AV.

    Let it go after 1 too many malware slipped through.
    Sandboxie + Returnil + HIPS
    after a few months:
    Sandboxie + Returnil
    another couple of months:
    Sandboxie

    Now running absolutely naked, but havent got used to it yet. So far, 1 week and no evil malware has gotten me....might be the safe hex I´ve learned since joining wilders.

    Might add an AV in some time, might not... who knows...
     
    Last edited: Nov 21, 2008
  20. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Whats safe sex gotta do with security?
     
  21. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    Voted no

    1. Linux user

    2. XP is setup for games only.
     
  22. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    No.
    None real time.
    Just a scan with CureIt from time to time.
     
  23. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    The problem is how best to teach others this concept.

    The problem of teaching people about basic internet security is a bit like telling little kids not to touch the fire or whatever, but no matter how many times you tell them, they still touch.

    For example, the experts say don't open attachments from unknown sources, but curiosity kills the cat and so on. You or I wouldn't do it, but if we can use common sense and think about it, why can't so many others who fall prey to malware from infection vectors such as this?
     
  24. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Yes I do use an AV.
     
  25. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Yes because AV is the bread and butter of computer security despite how people perceive it to be broken.
     
Loading...
Thread Status:
Not open for further replies.