Why use an AV?

Discussion in 'other anti-malware software' started by DX2, May 7, 2013.

Thread Status:
Not open for further replies.
  1. DX2

    DX2 Guest

    Why use an AV when there at a couple of good Anti EXE's out there? And just use a on demand scanner when you need to.
     
  2. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA
    Great question, as that is what I have been doing for quite a while without issue.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    I have to agree. I don't use any AS or AV software, and I have had no problems.

    Pete
     
  4. DX2

    DX2 Guest

    I was just thinking, you don't have to wait for definition updates or scanning through a cloud.
     
    Last edited by a moderator: May 7, 2013
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    This is always an intriguing question, the way I see it. Which also brings more questions to the table, such as:
    What if malicious code bypasses your antiexecutable?
    What if using a realtime antimalware application could protect me from this malicious code that just bypassed my antiexecutable? Then again, maybe it won't.
    What if the on-demand scanner reports all is great, but simply because the malicious code had instructions to self-terminate once done with its task?

    Ultimately, if one is really concerned about any of this stuff, one should restore to a prestine state each single time one finishes performing a task. :D
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    clean image:thumb:
     
  7. pablozi

    pablozi Registered Member

    Joined:
    Oct 24, 2010
    Posts:
    190
    Location:
    Oudenbosch
    No realtime AV here also.
    Just AppGuard + the lightest and fastest on demand scanner available: HitmanPro :thumb:
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    good choice pablo:cool:
     
  9. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    I go without an AV for long periods now also. I just use NVT Exe Radar with EMET and Zemana, with MBAM for on-demand. Seems to cover most of the bases. The only weakness I can see is possibly an in-memory browser exploit or something, but hopefully EMET helps that, and I think the odds are pretty low anyhow. I feel secure enough, and the system is much lighter without the AV.
     
  10. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Most people use an AV because:

    1) They're easily available

    2) They're often free

    3) They're easy to understand and comprehend

    4) They generally don't require much user interaction

    Let's face it....people who visit this forum are the extremes when it comes to computer and internet security. Most people simply live their lives and don't spend lots of free time learning about the various and different methods of computer safety. Even those whose knowledge is very limited know that a firewall and an antivirus product kept up to date greatly increases their chances of not being infected. Start talking about "ANTI-EXE's" and you've lost them.
     
  11. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
    Good response ... Some people even don't know that an AV is running on their computer :D
     
  12. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    To mitigate risks. I like to air on the side of caution. I will not use any Windows based machine without an av. Now Linux, that's a different story.
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    No real time AV since Dec 2010 or on demand scanner since Dec 2011. No problems here. If I was sharing my computers with other people or installing programs all the time, then I would use something like MSE along Sandboxie. Personally, I feel that I am very relaxed using the computer because I don't use antiviruses and I truly believe that I am safer because I am not using them.

    Bo
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    I run SBIE NVT's ERP and Appguard. I've never had a False Positive wipe out my system.

    You could also ask what if the sky falls. With a few layers the concerns you express are very remote.

    Pete
     
  15. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I've never had a FP wiping my system either. I currently don't use any realtime antimalware application. When I did use them, I used them a detection intrusion systems and not prevention. (Detection, as in only alert but perform no other action.)

    Anyway, the reason of my previous post was more in the line of: How do I know my antiexecutable is flawless? I'm pretty sure it isn't, because like every other piece of code, for sure it has its fair share of bugs, and bugs that if found by hackers, will render it useless.

    There's a bit of security through obscurity with antiexecutables, which is the reason why I use it. They're especially used within enterprise environments, and that's where attacks against (using such bugs to bypass them) them will occur, not against me.

    Other than the antiexecutable, I only got Chromium. But, the web browser is my primary security measure. All security is there. I also only allow it to connect to a very short list of domain names, which will reduce by most likely more than 90% the chances of being hit with an exploit attack. Let's hope these websites won't themselves host the exploit code and payload. :D

    As for apps I install, well... either they're clean... :D
     
  16. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    People assess their potential threat gates differently. Common ones include:

    a) drive-by downloads
    b) others executing code that may be malicious
    c) oneself executing code that may be malicious

    For a) and b), AE helps to minimize that risk. Not everyone is willing to utilize AE though as it may not fit their workflow so they may opt for other technologies (such as real-time AV).

    For c), one may either opt for:

    i) on-demand scanner if he/she feels that suffices
    ii) real-time AV doing a background analysis if it makes the person feel more comfortable

    Just be glad that there are those around us that use real-time AVs because they are contributing to the wellness of the AV industry (growing database, revenue to keep the company alive, etc).

    Imagine if the AV industry dies. There would be neither Hitman Pro nor VirusTotal and the likes. Those of us who don't run real-time AVs...we download from trustworthy sources (which are still verified through AVs) or we use on-demand scanners. Hence, I'll say that we indirectly benefit from the others.
     
  17. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    Nor should you have a FP wipe out your system with an AV if configured correctly. The mistake people make is permitting the AV to delete (perceived) threats instead of quarantining to 1st verifying whether the threat is real. That's what the virus vault/chest is for. If it does turns out to be a FP you can restore the file(s), if it is a verified threat then you delete.
     
  18. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    Same here.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059
    I would tend to agree. The one thing I noticed is that with no AV's especially real time, my system peforms much better.

    I've actually been running this way for over two years with no issues. I recently for fun scanned all 4 of my machines doing a deep scan with two different scanners. Not one hit.
     
  20. merisi

    merisi Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    316
    I'm going to play devil's advocate here so bear with me. How can you trust those results when you have no confidence in AV it could be that they're not able to detect a problem on your system. Also it could be that if your system is infected that it could trick those scanners into thinking your system is clean. While I doubt this to be the case I think it's something I'd be worried about. I would like to drop my AV but I think I'd just be too scared to.
     
  21. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    In a case where the FP involves system files, default quarantine is still a bad idea in my opinion. If I'm running an AV, it has to ask me 1st for any action.
     
  22. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    I'm not Peter2150 but I hope you don't mind. If that's the case, what makes you think a real-time AV results any better? Harsh truth: AVs can't detect everything. You either trust the results you get or you don't.
     
  23. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    I feel you. I run an AV now and still have a feeling of mild paranoia when it comes to my system's security. If I have to remove the AV, for whatever reason, the few minutes it takes to get it back on the system is excruciating.
     
  24. merisi

    merisi Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    316
    I very much appreciate your reply safeguy. I don't know if I can trust my AV results I just hope that I can. It's the same with most of the software that I use, I just hope that it does what it's supposed to. I've had the idea of using AV so ingrained, I just can't imagine not having it even though part of me does think it might be a waste of time. My AV doesn't take too much of my system resources which is why I can tolerate it but it may as well not be there for all that it does.
     
  25. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    Whether you have the AV 'ask' or 'quarantine' with a perceived threat, either is preferable to issuing a blank check for the AV to delete what it finds.
     
Loading...
Thread Status:
Not open for further replies.