Do you use real-time AV?

I guess that this is the general perception, although the situation is probably more correctly described by noting that the more general delineation between the two approaches is whether you are more at risk using your own technical judgement or that of a malware expert (and the latter with a variable response time).

Nonexperts should rely on the latter, experts can certainly rely on the former, while the sizeable intervening population is a bit of a toss-up.

Blue

 

I see, I felt the same before I stopped using security software like AV or firewall and now I just can not imagine using them, though I miss a firewall a bit.

At first you have to ask yourself, what is your computer primarily used for? Porno, cracks, IMs, p2p and so on and based on that, choose a proper protection.
But it is a good idea to have a security software as a prevention, in case, that you would make a mistake (running an infected exe, using a vulnerable software).

Sandbox and HIPS provide much more better protection than anti-apps, because they are based on prevention rather then on curing a limited number of malware.

 

Yup i do. At the moment i'm using kaspersky and norman antivirus.

 

ur using 2 avs?...... tut tut

 

I think you need to ask yourself what you hope to gain by NOT using one...

 

Yes, AVK 2007

coming soon v.2008
.

 

I don't like the drag caused by on-access scanning. Perhaps, I'm too sensitive

I'll tell you a secret: I never used realtime AVs with 98SE, but I felt that XP should have one. In 2003, I decided that realtime AVs don't give me a good bang (protection) for the buck (resource usage). At that time, I was using only a firewall, a host file, an on-demand AV/AS and a bit of hardening.

I've never been infected and I've surfed the "dark side" more often than I should, altough I never was fooled by email threats (free lottery, Nigerian mails, jokes/hoaxes, ecards/pictures, suspicious attachments, etc)

Not by a long shot. Non-signature security is too noisy and if it fails, you need a blacklist to detect and clean.
Blacklisting no longer will be the main weapon against malware, but it will be in NIS 2011

 

I´m not using a realtime scanner and that´s because most of them slow down the system and they also can be annoying, for example if you visit a site who tries to exploit already patched bugs, you will get useless alerts. And when I´m downloading malware for testing purposes I don´t want to be bothered.

So at the moment I´m using AntiVir Classic as an on demand scanner (I also might add AVG AS). Actually, I don´t see why you need realtime protection in the first place, as long as you don´t forget to scan your (newly downloaded) files, there is no problem. My HIPS already protects me against zero day bugs.

 

I have not used a residential AntiVirus in years and have had no issues browsing all types of places that are highly likely to cause infection. If used correctly, HIPS are extremely more powerful than an AV.

Tons of system resources.

 

The problem is that it is easy to explain why one uses an AV, but not the opposite.

Redzero, it takes a lot of expertise to 'protect' your computer, including how to configure HIPS/IDS and use of other software to 'block' possible exploit areas and known vulnerabilities. For the rest of us we will need an AV (real-time) and update it regularly.

 

Really?

You get rock-solid protection, instead of an opinion (*insert AV product here*: "Hrm, I THINK this file is clean.") Why do you think it's always the same old slogan of "no AV offers 100% detection" whenever people post for help when their AV fails them?

 

I have no real-time AV, even worse I don't even use an AV, but I ran KAV recently after living without AV more than 6 months and KAV said "No threats found".
I see only 2 possibilities :
1. My computer is indeed threat-free OR
2. KAV didn't find the other threats.
I'm still asking myself, which one of both is true.

 

The problem is that although no AV detects everything all of the alternative options won't detect or prevent all of the possible attacks of malware either. So for now I will run a limited additional bit of security software but I am not about to do away with a proven security app, meaning an av. Maybe in the future the other means of prevention will be good enough that an av becomes reduntant but for now that time is not here yet.

bigc

 

Not necessarily Ajohn.... some AVs run light, some run heavy. Some slow the system down during general file ops, some don't. Really depends, and it IS possible to find an AV with minimal system impact. So the OP needs to ask himself why he's not wanting to run one, because it IS possible to run a good one with little resource and performance impact. I use Avira on XP with good results... So for me, there's no loss in using one, even though I believe I could probably do almost as well without it...

 

BlueZannetti i think struck the right chord in his reply earlier. This particular area of coverage, (choices), fall between two distinct realms, on the one hand selections against an AV based on experience and on the other based on the ease of use & complete necessity.

AV' s are automated unpackers and search for code signatures within every file and that requires additional resources and integrations unlike HIPS.

Like Pete and many others, i don't use either AS or AV's although if i did i would consider one that i have found didn't pull my PC down to a screeching halt, KIS6 was the right ticket there, but that relationship lasted all but a few weeks because of, again HIPS.

My AV never found anything to alert on anyway, plus anyway my HIPS with all those hooks in the SDDT table, already intercepts incoming files whether good or bad, but all that aside, i also trap my browser in SandboxIE covered with Retunil (if needed) plus all of this is already subject to dumping to a "clean" snapshot with FD-ISR's Copy/Update Manager.

 

Where?
I'm so used to the speed of a system without an AV.

 

there are many that are low on system impact.

i certainly know of one

 

Avira does it for me when I'm on Xp. But of course it's a personal matter of trial and error to find the one that works best. I won't argue that they don't have *some* impact, but to my mind, it's just easier to run a light one than to have to worry about downloads and manually scan files when necessary or use a HIPS, which to me is a huge royal pain in the ass with all the popups. I hate popups. Only HIPS I will even consider using is a behavior blocker that doesn't bug me.

Anyway, I can and have done without an AV for long periods, but I always return to one cause it seems easier to just take a mild performance hit (if any) and have some coverage.

But if you don't need one, then by all means, don't use one..

 

Antivir Classic is certainly light here, but it uses some resources. Perhaps I'm very sensitive about performance, when I ran NOD32 I disabled the graphical interface And I'm not short on resources (dual-core moving to quad, 2 GB of RAM, fast I/O)

Easily automated using batchs/scripts.

Just a sandbox (GeSWall) and a rule-based firewall (Jetico 1) here.

I don't see the logic here. If you've been fine w/o an AV, why are you using one?

Sure

Chris,
Have you tried doing some resource intensive work with and without an AV? I think that you'll see the difference.

 

Any resources used for AV are waste on my computer

 

i do alot of resource intensive work on my laptop, there is no difference.

i know there are some system heavy AV's, but drweb surely is not this.

ive done many personal things on my laptop, both with and without my AV, with no difference.

if you are having problems in this way, either you have a poor computer or using a poor antivirus.

 

For example? Video encoding/trascoding, image manipulation, moving big files (archives, executables, mail bases)?

Zero difference? That's hard to believe

I've tried few light AVs: NOD32 (the lightest), F-Prot, Antivir, etc. All introduce some "slugishness" at some time, even with lowered settings.

 

all of those plus more,

mp3 encoding/data compression and encryption.

lots of archives to move, due to work ..... large FTP-ing too.

my laptop is used for everything i can think of, and its essential for me to have a non-obtrusive antivirus, i believe i have found this.

yep, i notice no slowdowns (not even in the slightest) when doing my usual daily tasks in comparison to no AV.

sure, there are some AV's that do slow certain things down, however there are also some that are very good in this department, and drweb is certainly one of those.

not that hard to believe really, the world was once flat you know

 

No AV here for about the last month. I use Sandboxie, Firefox with NoScript-AdBlock-Cookiesafe, all on Vista with UAC on (which is very HIPS-like), Windows Defender (which never finds anything), and Windows Firewall with Advanced Control tweaked for applications that need outbound access. But Kerodo does have a point...Avira is very light on system resources ...I might take his advice and install it. I also keep an image of my system (via Complete PC) just in case. I don't do a lot of high risk surfing...it's just too risky. .

Later.