Discussion in 'polls' started by Rico, Nov 15, 2008.
Do you use an AV?
I may go AVless
"No I do not use an AV < why >"
There are two ways malware gets installed:
Sneaking in by remote code execution
When a user chooses to install something that happens to be infected.
The first method has bypassed AV so many times in Zero-day exploits that I find it to not be reliable. A recent example:
Adobe Reader Vulnerability - part 2
There are other defenses against the remote code execution attack, which, IMO, is the easiest to defend against.
In the second method, when choosing to install a program and the user scans with AV, the user is relying on the AV to detect if the program is indeed infected.
I find relying on my own instincts about what software I choose, and from where I obtain it, to be just as effective.
I'm not advocating that others not use AV, because computer security depends on many factors, and most importantly, on one's approach to developing a security strategy -- and then, selecting products to set up a defense.
If a person frequents sites where the likelihood of encountering malware is high, then various scanning products might provide some sense of security, but again, maybe not. See this thread:
This is not to single out this person, for there are numerous examples if you look at the hijack forums, where people who say "my ________ program was up to date" are asking for help in removing malware that the security product did not detect.
I voted Yes because I rely on a balanced and layered approach.
That means having
Latest OS and Program Updates
But everyone has to individually answer this question for themselves.
I agree with Rmus, AVs are not going to save you if you are relying only on their detection capabililities. I have been for more than a year without an AV without any problems, and because of my layered 'recovery solutions' and common sense, I don't think I need one.
I have however reinstalled an AV simply because my computer for working reasons it is exposed to physical access(flash drives are the most infected creatures ever), therefore a program that warns me about what I can save to disk and what not, makes my life easier(I know new threats can get through).
Computers are so powerful nowadays, that running an AV has become more a matter of principle than sheer performance issues.
Just call me old school. I too believe in a layered approach which includes use of an AV.
While zero day exploits are of course a primary concern there are plenty of old threats still out there. Much like human epidemics in pre-vaccine days they have not gone away but have been rendered all but non-issues due to vaccines for humans = AVs` for PCs`.
I voted no. I see no need for a antivirus.
I run Vista 64 as a limited user with Software Restrction Policy, Noscript in firefox running as basic user, outgoing protection in firewall and I use common sense (ie no cracks or warez). I run some on demand scanner now and then when I remember.
Lately I have installed Norton Antibot. Mainly because I have a free key for a year and since it has no impact and (theoretically) will alert if some bad things gets past LUA/SRP. When Prevx Edge is 64 bit I will try that.
No - why ? Because Real time AV is just like "having a broken pencil"
Yes, because NOD32 2.7 provides lightweight, barely noticeable impact system performance. It once flagged a suspect wallpaper my daughter wanted to d/load, so though it and other avs might not detect everything, it will catch probably the majority of nasties so it forms part of my layered approach along with HIPS, firewall and limited account settings, including a reduced services profile.
I'm curious as to what made it "suspect."
Not as such. I don't run on-access, however I do run occasional scans with drweb cureit. Never finds anything.
I vote yes, even though I've never been infected, and my various AVs over the years have never flagged anything.
To my way of thinking, it's like using a seatbelt. I've never had an instance where it saved me, but I wouldn't drive without it.
What is the downside to using a resident AV?
- Cost? There are several excellent free AVs: avast! and AntiVir spring to mind.
- Resource usage? Perhaps a factor if one uses suites, but the foot-print of many standalones is small, and hardly an issue with todays fast CPUs.
- False positives? The recent fiasco with AVG detecting "user32.dll" is a good example of this hazard. (Mind you, AVG is not a product I would recommend.) Solution: when your PC is working well, don't look for trouble by running unnecessary scans.
In short, there is no downside to using a resident AV. It is not a cure-all, and will not protect you if you do not practice safe surfing. But I am glad to see the vast majority of respondents to this poll use one. My congrats to those of you that do not- may your luck persist.
I voted yes which is out of character for me since i have long placed total trust in the reliable combo of a tightened rules based HIPS with a more newer innovative Behavioral Blocker which happens to be MAMUTU for me.
One thing is perfectedly clear, SAS & MBAM are in a class to themselves and always improving, but there are materials in some viruses that will never show up in any AS scan and if the same happened to even for a fraction of a microsecond zipped past or even subdued your HIPS for a flash in time, chances are a reliable long experienced AV can at least indicate a trouble file is been identified.
There will always be something new that escapes them all at some remote point in time, but recently i become more confident in trusting AV's again especially since they've stopped gumming up operating systems and the ones that give a user the choice to quarantine or not.
No need for an AV if using Sandboxie let alone Returnil and Ghost Images as backups.
Latest rogue - Internet Antivirus Pro installer results below.
No absolutely not, I don´t need brakes. Only for testing purposes from time to time.
I feel not at ease without one.
A little paranoia is a good propeller in life !
I voted yes, since I use my resident AV mainly as some sort of a last-line "expert" adviser when installing/running executables on my system. Using an AV is still a well-tried security method that works very well for most target users.
A multi-layered defense need a lot of layers , av is one of them. Fw another, HIPS and sandboxing another again, sure. It's the reason for we call it " multi-layered defense ".
Briefly and concerning my everyday Windows machine, no av, I don't need it. I know what's on there and what I'm gonna put on it.
Let it go after 1 too many malware slipped through.
Sandboxie + Returnil + HIPS
after a few months:
Sandboxie + Returnil
another couple of months:
Now running absolutely naked, but havent got used to it yet. So far, 1 week and no evil malware has gotten me....might be the safe hex I´ve learned since joining wilders.
Might add an AV in some time, might not... who knows...
Whats safe sex gotta do with security?
1. Linux user
2. XP is setup for games only.
None real time.
Just a scan with CureIt from time to time.
The problem is how best to teach others this concept.
The problem of teaching people about basic internet security is a bit like telling little kids not to touch the fire or whatever, but no matter how many times you tell them, they still touch.
For example, the experts say don't open attachments from unknown sources, but curiosity kills the cat and so on. You or I wouldn't do it, but if we can use common sense and think about it, why can't so many others who fall prey to malware from infection vectors such as this?
Yes I do use an AV.
Yes because AV is the bread and butter of computer security despite how people perceive it to be broken.
Separate names with a comma.