Do you run a real time Antivirus?

Discussion in 'polls' started by Page42, Jan 17, 2014.

?

Do you run a real time Antivirus?

  1. Yes

    68.5%
  2. No

    31.5%
  1. guest

    guest Guest

    @noone_particular

    The exploitation that I was alluding actually was about the execution manipulation in which the malware is designed to trick the AV to run the executable and the user here is not involved at all.

    But indeed, all "deep" security software can, ironically, be the threat-gate that can be very fatal if the attackers managed to exploit them. But then again, we already have the OS itself to worry about.
     
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I remember reading about that, malicious code that executes when the AV parses the file. I don't see any way that SRP or a classic HIPS could prevent that and still allow the AV to examine the file without knowing exactly how the AV works. With most of the being closed source, that's not possible.
     
  3. guest

    guest Guest

    Not quite happy to hear that, but I see, thanks.
     
  4. SPRINTMAN

    SPRINTMAN Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    53
    Location:
    Canberra, ACT, Australia
  5. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,535
    Yes, on execution only...
     
  6. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    517
    I remember that also. So it could, in theory, be safer to not run a virus scan as administrator. Hitman pro requires admin rights but I know some can be run as regular user.
     
  7. nimd4

    nimd4 Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    23
    Location:
    Belgrade
    "WSA" = Webroot SecureAnywhere AntiVirus ?

    .. How would you know, that it's not killing the drive btw. :-0

    P.S.
    A little bit contradictory, that whole post.. Today there is virus, that can self-replicate when it runs into a scanner / cleaner; that can obfuscate and survive (along with many other methods). An antivirus might soon need to be a part of the system, if not the kernel itself (if not ROM, even!), in order to be effective - and not just integrated (Services, or whatever)

    .. Sorz for not providing any links, or reference! Just being lazy, no other reason!! (but I can see it's been mentioned in the thread) =)
     
  8. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,434
    Location:
    Land of the Light
    No Real-Time; just check with various On-Demand Tools.
     
  9. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,535
    No, on-demand only...
     
  10. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I don't see any contradiction. You just spelled out one of the reason, malicious code that can be executed by the AV itself, checking the file. An AV will attempt to open every file that appears on your system, regardless of how it got there. Every file that turns up in the browser cache, temp folders, etc. Combine that behavior with browsers prefetching the links on pages. They're just like 100% effective social engineering, except that most AVs have root access.Just drop the file and the AV will open it. Most users know better and are warned against that kind of behavior.

    Others will not agree with this point, but that's fine. The only real difference between an installed security application and one that comes with the operating system is whose name is on the files. For all practical purposes, once an app is installed, it is part of the operating system.
     
  11. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    623
    Location:
    Canada
    No real time; MBAM and HitmanPro on demand only. (I added back NoScript to Palemoon just in case Bo was checking my signature):cool:
     
    Last edited: Apr 15, 2014
  12. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    if one checks every downloads that is not from a reputable source with an on-demand scanners then the only thing to worry about are email attachments.
    i used to worry about drive-by malware but those seem to be a thing of the past.
    especially with Chrome and its sandbox.

    the only thing then that one has to worry about are email attachments.
    i get those at least once a month.
    i know they are malware because i never purchased airplane tickets or the like.
    in fact, i'd rather jump out of an airplane with a parachute than fly in one. ;)

    so it seems to me email attachments are really the thing to watch out for.
    though Outlook/Hotmail do a pretty good job at blocking most of them, but not all.
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,388
    Location:
    Nicaragua
    Moontan, I don't worry about emails or email attachments, all I do is run them sandboxed (Sandboxie) and that's it. You can do the same. The only time really that I have to be extra careful is if I install something new in my real system or during the rare occasions when I run something out of the sandbox.

    Bo
     
  14. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i have an allergy to security software. ;)

    anyway, i use IE with 64 bits Enhanced Protection Mode to check my emails .
    so i guess it's sandboxed in a way.
    i use IE for checking my emails and online transactions only.
    i could always use Chrome but i use that for regular surfing.
    i never open those dubious attachments but it certainly could be a major problem for the Joes and Janes Average of the world.

    thankfully, us Wilderites know better.
    depending on how inebriated we are at any given moment! :isay: lol
     
    Last edited: Apr 15, 2014
  15. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I run downloads through VirusTotal before opening them. I barely use e-mail at all. Even so, I have SSM rules for the e-mail folders that block all executables from running from those folders.
     
  16. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Yes. Emsisoft
     
  17. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,490
    Yeah, high five. Hahahaha
     
  18. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,715
    Location:
    Toronto Canada
    Yes. Avira currently.
     
  19. Ed_H

    Ed_H Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    662
    Location:
    Chicago, IL
    I alternate between ESET and Avira.
     
  20. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,361
    On the laptop I'm using now, which I did a clean install of Windows 7 on, I have no security software of any kind installed, and have Windows Defender disabled too. I disable Windows Defender for good on all my laptops at the first case of high CPU usage from it.

    Maybe, in time, if I decide to keep this laptop I will install an AV with real time protection.

    I do have Windows Firewall enabled, as well as UAC. This is the first laptop I've not disabled UAC on it, as it something I really hate. However while I usually install and uninstall software as often as seven days a week, I intend to install very few programs on this laptop to help keep Windows running fast and error free. So, I shouldn't be seeing many UAC prompts at all - and in this case I can live with them.
     
  21. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    if you scan all downloads with an on-demand scanner like Hitman Pro and/or VirusTotal and don't open suspicious email attachments then a real-time antivirus is not needed, imo.

    if you have a house full of teenagers it might be another story but if you are the sole user of your computer then a real-time AV is not only overkill but a waste of system resources as well.
     
  22. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,361
    I don't ever open suspicious email attachments. I rarely even use my email account. I am not scanning any downloads at the moment. But, I have very few programs installed, and won't be installing much more, and I am careful about what I download.

    No, it's just me, and yes I agree about the waste of system resources, and somewhat agree with the overkill bit, as sometimes an AV is useful.
     
  23. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,112
    Location:
    Slovakia
    Today every email provider scan emails and attachments and some browsers even scan downloads, so there is not even a need for any on-demand scanning.
    Not to mention, that DNS blocks download request from malicious pages, so if a possible trojan wants to download something from a blacklisted page, it will fail.
     
  24. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    right you are!
    Outlook.com does a pretty good job of filtering out the bad stuff and IE 11 scans everything I download.

    same here, I very rarely use things like Hitman Pro and VirusTotal as I don't install much stuff anyway.
     
    Last edited: May 17, 2014
  25. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    553
    Location:
    The Outer Limits
    It`s on those rare occasions that Sandboxie comes into it`s own as I once found out.

    It was a free av package and I only wanted to see which av engine it was using so I opened it and the thing went ballistic.Trying to open internet connections, access protected system files and replicate all over the place.

    Thanks to the right click and "run sandboxed" all was well and my curiosity was cured for good.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.