Do you use real-time AV?

Discussion in 'other anti-virus software' started by RedZero, Oct 27, 2007.

Thread Status:
Not open for further replies.
  1. Chato

    Chato Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    35
    Location:
    Enschede, The Netherlands
    @Trespasser
    I didn't mean it that way.
    I know you have the knowledge about security.
    And I hope you forgive me my sarcasm.

    Gr
    Chato
     
    Last edited: Nov 3, 2007
  2. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,204
    Location:
    Virginia - Appalachian Mtns

    You are forgiven, my son. ;) .

    Later...
     
  3. Beavenburt

    Beavenburt Registered Member

    Joined:
    Dec 17, 2006
    Posts:
    566
    I am considering running without an AV. I haven't had a genuine infection for god knows how long. However, I would feel quite naked without one. I really like Threatfire. Do you guys think TF is enough and would it cover the lack of an AV?
    My system is well hardened and Firefox is locked down with various extensions.
     
  4. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    why take the risk, when some AVs are FREE.

    avast being my choice by far.

    threatfire is fine, but you will still be wondering if your machine is infected, and constantly checking with other things, so why do it? :)
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Unless you have some serious performance issues running an AV, I would think it's best to use both (AV and TF). With just TF, it would probably catch something but more likely only after it's installed and running, which means more mess to clean up. I am thinking an AV might catch it as the file opens right before execution, instead of after the install. But I guess it's hard to tell, and the only way to know is to see what happens in a real situation. But to my mind, running an AV is just easier, particulary if you pick one that causes no performance slowdowns or issues.
     
  6. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Haven't used a real-time AV for nearly 9 months now. Before that I used Avira, Avast, AVG, Norton and a number of others whose names I forget over a period of about 10 years. Some were better than others and some did manage to keep me busy with false positives.

    I should add that my mail provider checks everything and removes spam so it is possible that any nasties are removed before they get to me.

    I know that some will say that it can do no harm but that argument has never seemed quite right to me. It would probably do no harm to have a hips program or to use real-time AS or even to have a software firewall in addition to a hardware firewall but as none of these programs has ever provided any benefit I don't use them either.

    I do run occasionally on-demand scans but if NOD 32 can't find anything I have to wonder if there is anything to find.
     
  7. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    As usual, it depends a lot on your user habits.. if you're one prone to encounter nasties, then it pays to use an AV and/or HIPS I would guess. But for many "safe" users, myself included, it's entirely possible to do without one. For myself personally, I probably don't need one, yet I run one resident mostly cause it makes life easier, just so long as there is no performance hit.
     
  8. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Hi,

    If your primary PC routine is surfing net, then adding a virtualization (such as returnil, deepfeezer etc) may fulfil your wishes. A good friend of mine has done just that and is a very happy surfer. Take care.
     
  9. Beavenburt

    Beavenburt Registered Member

    Joined:
    Dec 17, 2006
    Posts:
    566
    Well I took the plunge and I must say my system is snappier than i've ever experienced it. I was running Avira Classic and before that AVG Free. So it proves even a so-called light AV has an impact on system performance. I'm running Threatfire because I didn't want to run naked and I must say I feel safe enough with it and no less safe without an AV. I think I will re-install AVG as an on demand only and see how it goes. So far so good.
     
  10. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,204
    Location:
    Virginia - Appalachian Mtns
    If you're not running a sandbox I wouldn't run without an AV if I were you. A sandbox, like Sandboxie or SafeSpace, protect you by collecting the rubbish that's downloaded into your computer during a surf session and deletes it after you close out your browser. ThreatFire is a great application but it's not going to protect from everything that you might encounter while surfing like a sandbox.
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    True, a AV and Sandboxie is the least but very protective way to go.
     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I've found the same.
     
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    If you think about it, anything that scans every file on open and/or close will have *some* impact on performance... it's just a matter of degree. I also notice a difference without any AV. I guess the trick is to find the one with the least impact....
     
  14. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    A number of AVs now can be set so that their Guards only scan "new files". This smart mode is seen in a number of scanners; Dr Web/VBA32/KAV, which IME, all run very light.

    Then when carrying out very resource intensive work, just disable the Monitor.
     
  15. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    That works well.
    I generally disable the monitor when I scan with the antivirus or antispyware scanners.Disconnected from the internet of course.;)
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    You can just as efficiently employ a HIPS program which includes strict file protections. Call it an AV that you have to help build it's database or rules. I been running without a "live" AV for well over a year and i often dive into laced malware sites to reap samples. Not only that but the system is virtualized with Power Shadow as well as the channel for intrusions named IE is sandboxed. Consider these few shields all incorporated into a single system snapshot which can be re-written over again either on reboot or manually from an archive (origin duplicate), and any AV cannot possibly match this level of complete security & protection.
     
  17. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    It is often assumed that the "general public" have to run security because ....

    anyway I visited a client yesterday who had agreed some months ago to allow some testing. The desktop was full of irrelevant icons and short cuts, toolbars had been turned off as a result of less than perfect mouse skills, and various on demand programs showed messages such as "definitions not updated since June 07.

    I then ran some tests with NOD32, SAS, Ad-aware, ........ and found nothing.

    A Netgear DG834 + Firefox . NO realtime AV, AS, no HIPS and no understanding of computers

    Off to see another client next week who has managed to create 3 versions of outlook and to apparently loose his mail. I will fix the outlook problem and check for nasties but do not expect to find any.

    Conclusion - contamination has more to do with surfing habits than anything else. Just being on line is not all that dangerous.
     
  18. Big Apple

    Big Apple Frequent Poster

    Joined:
    Aug 22, 2006
    Posts:
    724
    You could be right, most of the time......but I have experienced different.......One 'bad' pop-up and the system was on his back.....and it took quite a while to get it clean again.
    I really don't see any reason for not using some kind of real-time protection. You don't have to close up a system with all kinds of security software, but one 'good' real-time protector can save a hell of a lot of trouble.
    And it's real bad advise to the 'general public' not to run a good security program.
     
  19. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    In practice I can not argue - having a real-time av can give peace of mind - just don't expect it to do much if you are computing properly.

    At the end of the day that is really my main concern. Too many people have been led to believe that they must have loads of security. far too often people argue that they are clean because they are running 12 different programs and follow a layered approach. many of these people would have been clean anyway.

    When it comes to infection contamination the last thing I would want to do is to continue to use a machine which had been cleaned by some AV program - I just wouldn't trust it.

    I forgot to mention earlier that I run with Deepfreeze or Returnil and whilst they are not security programs they are useful in that if a nasty ever did get on one of my machines it would be gone at the next reboot. This only leaves data theft which for account numbers/passwords etc I have encrypted. I f any one wants to steal my photos music etc ...... not too concerned.

    Finally I would not and have not advised the general public not to use security. I have said that examples of the general public have been shown how to be secure without the use of programs - which is not the same thing.
     
  20. Big Apple

    Big Apple Frequent Poster

    Joined:
    Aug 22, 2006
    Posts:
    724
    You are talking a lot of sense, but this sense is absolutely not known by the majority of computer users. Deepfreeze, Renturnil, Data encryption.
    Not letting your computer getting cleaned by any Av program.......is all ok for experienced users, but absolutely not for the 'general public'.
     
  21. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    I always think that if there is nothing valuable in your computer, then there is no reason to stress about viruses etc. and perhaps a realtime av is not necessary. I pay bills from my computer, do some work, have some important passwords and other data I don't want to lose, so those are my reasons for having realtime av-protection.

    I use Dr.Web+Threatfire.
     
  22. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    I've also stopped using my AV 2 months ago, and I share more or less your attitudes towards security nowadays (although I run AntiExecutable along with my virtual program).

    Recently my son's computer had to be cleaned from a lot of malware and I must say that running Kaspersky online scanner and Eset online scanner gave very different results: 5 trojans detected by KAV online, and 0 by NOD32 online. These results were later confirmed by an Avira scan and a Virus Total scan.

    I still think Eset is a very reliable company with its ups and downs, but from now on every other month I'll be scanning my system with several online scanners.
     
  23. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    That sounds nice, and smart too. It is kinda temping to run without one, but I suspect there is still a little performance hit with any HIPS too.
     
  24. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    If you're planning to use KAV's online scanner, I suggest you to make a image before running the scan and restore it after the scan is finished to avoid the creation of objects IDs.
    There's zero performance hit using a speedy packet filter and a light policy-based sandbox.
     
  25. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    Performance impact may be unnoticeable but.. it's still there.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.