What do you think about on-line virus scans vs. resident AV programs?

Discussion in 'polls' started by sk, Jan 9, 2003.

Thread Status:
Not open for further replies.
  1. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    Well, I've been saving this one for a while. Aside from the fact that I'm sure it's tantamount to throwing bloodied meat into a tank full of starving piranha, I AM asking it as a serious question, and not as something to just stir up the waters. As proof of that - or to make matters even worse, depending on your perspective - I have not used any resident AV program for the past two months, but I do regularly run Trend Micro's online House Call at least 3-5 times a week, if not more. To date, not a single virus has been detected on my system. I'm not offering this up as any sort of 'proof', or even as an example of what anyone should do; rather, just as an accurate account of the status on my system. LET THE FUN BEGIN! :D

    sk
     
  2. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    SK,I have used online virus scan programs a few times in the past.Prior to installing NOD 32 I used Trend Micro's service to double check that I was "clean".The last time I used Symantec's service.I had a message about Code Red being blocked.(My firewall locked up).I was clean according to Symantec.I later purchased TDS-3.I personally prefer the resident a/v and a/t programs.The only negative aspect of an online scan for me is that it takes quite a bit longer to scan.I think the online scan services are dependable though.I've heard of other people that do what you do and they seem to be free of virus infections.I'm just more comfortable with the programs installed on my pc.I think it's a lot like choice of programs,it's personal preferrence.I won't knock that.
     
  3. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Hi Sk

    I have used "HouseCall" too. AVG 6 now for the last year. But did I ever mention the best antivirus is between keyboard and chair, but - ofcourse - when there are no multiple users at your puter - it is possible.
    I just wonder what kind of information does they collect from peoples puters besides they scan for viruses ;)

    *Ari*
     
  4. Loki

    Loki Registered Member

    Joined:
    May 26, 2002
    Posts:
    193
    Location:
    Lake Worth, Florida, USA
    Hi,

    To me it's all about trust. I will not willingly open my computer to an online file scan. I Don't Trust Anyone That Much.

    Loki :cool:
     
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    In short: on line scan: counter active (in case of a true positive detected, much harm can be done already..). Resident running antivirus/trojan: pro active.

    Is there a choice? ;).

    regards.

    paul
     
  6. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    Well, since Loki and Krusty both raised the trust issue, I'll respond to both in this post. I have thought a lot about the trust factor; but let's remember: Trend Micro of Trend Micro House Call is basically the same Trend Micro that makes a resident program to install on your computer's hard drive. And an AV program is one of the main programs you entrust to protect your computer.

    It's the same whether it's Trend Micro or Norton. Interestingly, aside from the fact that I can't stand seeing/hearing about how this program or that program doesn't run or install well with NAV, I personally - rightly or wrongly - do not trust Norton products. That's just my personal feeling. I don't know why and can't really offer any explanation; I just don't. So in fact, any way you look at it, trust does factor into the picture.

    It's the same with sites that nano-probe your hard drive. That's a matter of trust too. I have never personally met Steve Gibson; but for whatever reason I happen to trust him - at least enough to expose my computer's hard drive to his tests.

    But like I've said in another post, unless you strictly use your computer off line, the second you log on it becomes a matter of trust. From that point, each person basically decides for him/herself who to trust and who to doubt. And there really is no right or wrong answer as far as that goes. So thanks to Loke and Krusty on raising the very fundamental issue of trust; very good point you two.

    sk
     
  7. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Sk, you can't really compare since when you find one, it might have already been there for couple days and done god knows what at that time.
    Having a resident one such as NOD means that when one does knock at your box, it will be dealt with immediately.
    AS you say, you've not been hit by one yet, good for you...but if and when that happens, you might not be so happy.... ;)

    After all, the same could be said for firewalls ! :D
     
  8. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    Firstly, what Paul points out is clearly the most objective criteria on which to answer or assess the question, theoretically at least, anyway. ("Theoretically" meaning: if all AV programs caught all viruses, then in theory, it would be 100% correct. But since they don't, it's not a guarantee that even by having a resident AV you're 100% effective, or, for that matter, that running the online scan will catch 100% of the viruses after the fact.).

    But in answer to Paul's question: "Is there a choice"? I believe there is. The choice boils down to balancing the real world risks/benefits, just as in anything else. And when I factor in all of the crashed installs that have so mucked up my system that I've had to do either a total reinstall or a reinstall of a backup image prior to the crash, vs. how many REAL WORLD VIRUSES I've actually gotten, the choice IS very clear to me which of the two available options is the most beneficial based upon my past experience(s). But what I'd like, if possible, is to get as clear a picture as possible factoring in more end user's real world experiences, because I believe there are definitely other people who have also had more damage done BY AV programs than by viruses. But by the same token, just because I believe it doesn't make it so; maybe I'm totally off, and I'm willing to accept that possibility too. But the most helpful input to sort this out is input which is as objective as possible, rather than loaded with emotional generalities. The more the input can be quantified (i.e. I've caught 3 (or 300) viruii over the past year running xyz AV software, etc.) the more helpful it will be.

    And obviously from what I've just stated, my perception of the choice issue is clearly different than Paul's. That doesn't, IMHO, make one right and the other wrong. And there's no question that Paul's experience with internet security totally dwarfs mine without a doubt. But by the same token, that does not preclude the possibility that there is only one way to achieve a safe, secure system.

    And the only way I know to ever really understand this is to try to separate out the truth from the hype. And it would be naive at best to think that there is not considerable hype when it comes to the whole matter of AV software. And the only way I can think of to begin to do that is to try to determine, as accurately as possible, how real the threat of a virus actually is? If it's imminent, that's one thing. If it's remote, then that's yet another. If it's close to nill, then that's yet another case altogether. Obviously, the more imminent the threat is, the more his position holds sway. The closer to nill it is, the less it holds sway. That's why I stated that during this two month 'test period', I have encountered no virii whatsoever. And no trojans as well. But that is anectdotal data, not scientific, and I realize that. And the fact of the matter is, it might never be possible for anyone to provide a totally accurate account of the real threat that viruses pose. But the more we can open up the dialogue and share real-world information, the clearer the picture will become.

    And that's really the purpose of this type of thread: To open it up to real world users and see just what's what. I would hasten to add that regardless of one's position on this issue, the issue of backups should be unanimous: ABSOLUTELY make as many current, relevant backups as you have time and space to do. Part of the reason I can 'roll the dice' so arrogantly as far as not running a resident AV program is because I also keep a ready supply of Drive Image backups on hand, usually a day or two apart. That's my ultimatel backup/defense. Even if at some point I get a whopper of a virus, I have total restores, not just restore points, just a few clicks away. When I contrast that to the almost constant hassle caused by any number of misbehaving AV programs, for me the choice becomes that much clearer. It's just not the choice that makes sense to Paul's way of thinking and computing. But again - I don't believe it makes one right or wrong.

    Now it's up to anyone who cares to contribute to this discussion or not. I think the discussion so far has pretty much defined the lines along which this post can now dissect the merits of both sides, and now it's time to see where the numbers fall. As long as people can keep focused on the technical issues and not the personal/emotional ones, this could/should be a very interesting discussion. I say that realizing ahead of time that for some people, security is almost a religion. And questioning the need for a resident AV program stabs at the very heart of a security and can be perceived - not necessarily consciously - as blasphemous - but that reaction is sometimes unavoidable, although my hope is that it can be avoided in this discussion as much as possible.

    sk
     
  9. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    Hi, MtM. Even if one runs Housecall every day?

    sk
     
  10. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Sk

    You just can surf on mines, there are alot of them on net. One mine can be found at virtualfreesites.com, I do not recommend to surf there. That one is just named as "seeker.js" but there are worse too. So good luck ;)

    *Ari*
     
  11. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    What are 'mines', Krusty?

    sk
     
  12. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    I am not an expert ....for example hostile javascripts your browser suck them right away on your hard drive without you have no idea what is going on. AV is suppose to detect these "mines" in real time monitoring, before they take action. That is why I do not like surfing where ever. There are such bad "mines" on web sites they can even erase your hard drive. [ winXP atleast ]
    Besides, if your firewall failures, there is another program defencing further damages.
    http://www.visualizesoftware.com/visualzone/20021001.htm

    *Ari*
     
  13. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    SK

    I took liberty to quote Steve Gibson=

    "This vulnerability allows the files contained in any specified directory on your system to be deleted if you click on a specially formed URL. This URL could appear anywhere: sent in malicious eMail, in a chat room, in a newsgroup posting, on a malicious web page, or even executed when your computer merely visits a malicious web page. It is already being exploited on the Internet"

    http://grc.com/default.htm

    *Ari*
     
  14. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    Well, Krusty...since you and MtM both mentioned firewalls, that does definitely add another dimension to the picture. I guess the best overall question that can maybe be asked - and it might be the subject for another thread; it depends how this progresses - is what are the most prevalent, imminent threats incurred while surfing, and what are the corresponding programs that best handle those threats.

    There is already a great thread listing pretty much all of the categories and software people use by JayK https://www.wilderssecurity.com/showthread.php?t=5882;start=0. What might be a logical next step is to try to quantify, as best as possible, or order, the threats according to occurrence rates. That way, the real 'value' of each might be more readily definable.

    Just as an example, I clearly encounter more ads, popups and cookies than just about anything else. And on the other end of the specturm, as I've stated, I've never had a virus, a trojan, or a 'mine'. Those are pretty much the poles, from one end to the other.

    Since discovering MailWasher, I believe I've taken one of the most positive steps in terms of heading off the most viable threat-entrance to my system's security, particularly when incorporating it into a multi-layered approach; just an approach that replaces a resident AV program with an online variety.

    Maybe if it's possible to really get to the heart of all of this, everyone would be able to benefit and focus on the real threats vs. the hyped, inflated ones. In this context, there needs to be an honest acknowledgment of the difference(s) between a corporate network, where viruses obviously promogulate, and the majority of end user systems. I would never suggest that running a corporate network without a resident AV program makes sense; but corporate systems and end users are completely different.

    sk
     
  15. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    Thanks, Ari. While it appears this is just something that affects XP users, it's certainly good that you posted it for anyone who was not aware of this particular XP vulnerability, and the available fixes.

    sk
     
  16. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    If i can use an analogy, no one really needs Life Insurance or any type of insurance for that matter until the day before tragedy strucks !
    If only one knew when that was to happen ! :D
     
  17. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    A Good one Mickey! :)

    *Ari*
     
  18. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    That is a good one, Mickey. And the simplest way I can think of to respond is this: Suppose you had two options or two insurance plans to pick from: One where you 'pay every day for the rest of your life and carry it around your neck no matter how wearying it becomes and no matter how many side effects is causes', and one where you "Have a ball, do what you want, all you need to do is click this link once a day, and if you find that you're infected, pull out this 'magic disk', plug it in, and you're right back to exactly where you were yesterday or maybe at most two or three days ago". In a sense, MtM, that's is what I do, and while I am not suggesting that anyone follow that plan, I am saying that it is, IMHO, a legitimate alternative.

    At the same time, I am more than open to any discussion that would indicate how what I am suggesting is dangerous.

    sk
     
  19. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    I personally agree, although I respect anyone's decision to run their PC like they wish.

    Just like smoking [I hate it, but will fight for anyone's rights to do so as long as it's not in workplace/restaurant], up to the individual.

    Having a resident AV/AT is much more preferable for ME. Not much point looking for an Insurance Agent after the accident. [Once again for me]

    I have used on-line scanners twice.

    The first time was about 3-5 years ago [Trend] when I knew nothing much about Av's, security, etc.

    Then used it again about 2 weeks ago, just to see what had changed, etc. and was impressed. It's a very good BACK-UP, as if a virus had got thru and disabled your own AV, online scanners can detect and clean your system.

    Cheers.
     
  20. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > it's my belief at least that AV programs can and do in fact cause more damage than the viruses themselves.

    And your evidence is ........... o_O

    The two biggest-selling AVs in the world both suffered from well-publicized bugs in the past few months which arbitrarily deleted entire mailboxes. That probably would have been a lot of damage to you if you happened to be one of the unlucky users who read "Welcome to Outlook, first time user" on your screen ... but the combined damage worldwide from both of those bugs was nowhere near as great nor cost anywhere near as much in downtime, cleanup, and lost productivity as Badtrans, LoveLetter, Melissa, or any one of many other viruses.
     
  21. sk

    sk Registered Member

    Joined:
    Nov 19, 2002
    Posts:
    241
    Is it really necessary to interject terms like 'evidence'? This is not a trial; this is a discussion. Not to mention the fact that your portrayal neither confirms nor denies any additional collateral damage caused by AV programs - it simply does not address it. And that's clearly not to say that you do not have more than enough experience dealing with AV software. But my point is this: Based on my experience, I have come to the conclusions that I have. And I'm sure the same goes for you. But as I have at least tried to quantify that experience, limited and anecdotal as it is, I have requested that anyone who responds try to do the same. It does not appear to me that you've really done that, yet that is really the stated focus of the question here. And I believe that only answers along that line will help to clarify, vs. muddy, the waters. I don't know how to state that any clearer.

    sk
     
  22. snowy

    snowy Guest

    In the beginning SK made a statement....the thereafter replies were all very good. An it shows a two-sided view equally...

    What does interest me personally is the mention of Trust of which I have absolutely none......in all matter computer/internet related.
    There is a resident virus and trojan scanners on my os...but do I trust those alone...NO! If infected I am not going to sit and nervously wonder.."did the Thingy" reallt get cleaned...no way...I'll reformat immediately. For peace of mind....no other reason.
    On line virus scans may have some purpose..to each their own on the use thereof. Firewall port scans can be done from within the os...but few myself included do so an instead use online port scans....do such scan collect information....imo its very foolish to even consider that they don't...from jump street to jump-off street info is collected
    Many are satisfied cleaning a virus....thus the use of such a program for that purpose.....an it does sever that particular purpose....which online scanning does not.....so a matter of personal choice....I have such a program an keep it updated....yet would reformat anyways....that is not the normal reaction...just mine.
    Have enjoyed reading each person's comments. Any damage done by the use of an anti-virus program is so minute as not worth the mention compared to the good such programs perform....frankly I see nothing to compare between an online scan and a anti-virus program....using an online scan simply tells you that your computer has been infected an you can expect problem...simply a warning given sooner than if waiting for the computer to crash...either way the results are the same. That can't be compared to an anti vurus program which fixes the problem pronto.

    snowy
     
  23. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    sk,

    For people attending boards like these, this might be an interesting discussion. Let's take it to a broather perspective: my calculated guess is, say 90% of all "average Joe's"/net users have no - or hardly any clue in regard to antiviruses/antitrojans and firewalls, nor about HTML based emails coming with very nasty scripts.

    Thus, in practice I for one would like to see those 90% installing pro active security software, which is easy to handle and to update. It surely would save us the time and effort to handle a vast number of "help" emails coming in related to infected systems.

    regards.

    paul
     
  24. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi,

    IMHO the first aim of an AV is to PREVENT infections BEFORE any damage has been done on your PC and before it can spread on the W3 through you infected machine.
    If for instance the virus/worm installs a keyloger it's probably to late to scan online, it has already phone home...

    An online AV cannot handle bootvirus.

    What do you prefer : to take a medecine when you get a fiever to heal or always stay fit and well ?

    Cheers,
     
  25. snowy

    snowy Guest

    Paul

    What a super great replie...YES....in-experience uses INSTALL AN ANTI-VIRUS PROGRAM..!
    Herein lies a major issue that needs addressing..in-experience users without proper computer protection or any knowledge of the dangers nor to make repair.
    Option....there is no option......not even reformatting because inexperience users either don't know how to or when to.......they plod alone un-awear of having been infected.....and pass on the infection......which is then passed on and on and on............
    For such people on-line scans are not an option but a worsening of an already bad situation.....they may actually learn they are infected an do nothing for lack of knowing what to do or where to find information.......an ignor the infection if their computers continue to work.
    most of us here can find a flea in a hard drive then train it to jump hoops. Newbes can't afford such playful antics....an should get an anti-virus program immediately......forget having second thoughts...install the program then discuss any issues.


    Snowy The Snowman
     
Loading...
Thread Status:
Not open for further replies.