Why use an AV?

Why use an AV when there at a couple of good Anti EXE's out there? And just use a on demand scanner when you need to.

 

Great question, as that is what I have been doing for quite a while without issue.

 

I was just thinking, you don't have to wait for definition updates or scanning through a cloud.

 

This is always an intriguing question, the way I see it. Which also brings more questions to the table, such as:
What if malicious code bypasses your antiexecutable?
What if using a realtime antimalware application could protect me from this malicious code that just bypassed my antiexecutable? Then again, maybe it won't.
What if the on-demand scanner reports all is great, but simply because the malicious code had instructions to self-terminate once done with its task?

Ultimately, if one is really concerned about any of this stuff, one should restore to a prestine state each single time one finishes performing a task.

 

clean image

 

No realtime AV here also.
Just AppGuard + the lightest and fastest on demand scanner available: HitmanPro

 

good choice pablo

 

I go without an AV for long periods now also. I just use NVT Exe Radar with EMET and Zemana, with MBAM for on-demand. Seems to cover most of the bases. The only weakness I can see is possibly an in-memory browser exploit or something, but hopefully EMET helps that, and I think the odds are pretty low anyhow. I feel secure enough, and the system is much lighter without the AV.

 

Most people use an AV because:

1) They're easily available

2) They're often free

3) They're easy to understand and comprehend

4) They generally don't require much user interaction

Let's face it....people who visit this forum are the extremes when it comes to computer and internet security. Most people simply live their lives and don't spend lots of free time learning about the various and different methods of computer safety. Even those whose knowledge is very limited know that a firewall and an antivirus product kept up to date greatly increases their chances of not being infected. Start talking about "ANTI-EXE's" and you've lost them.

 

Good response ... Some people even don't know that an AV is running on their computer

 

To mitigate risks. I like to air on the side of caution. I will not use any Windows based machine without an av. Now Linux, that's a different story.

 

No real time AV since Dec 2010 or on demand scanner since Dec 2011. No problems here. If I was sharing my computers with other people or installing programs all the time, then I would use something like MSE along Sandboxie. Personally, I feel that I am very relaxed using the computer because I don't use antiviruses and I truly believe that I am safer because I am not using them.

Bo

 

I've never had a FP wiping my system either. I currently don't use any realtime antimalware application. When I did use them, I used them a detection intrusion systems and not prevention. (Detection, as in only alert but perform no other action.)

Anyway, the reason of my previous post was more in the line of: How do I know my antiexecutable is flawless? I'm pretty sure it isn't, because like every other piece of code, for sure it has its fair share of bugs, and bugs that if found by hackers, will render it useless.

There's a bit of security through obscurity with antiexecutables, which is the reason why I use it. They're especially used within enterprise environments, and that's where attacks against (using such bugs to bypass them) them will occur, not against me.

Other than the antiexecutable, I only got Chromium. But, the web browser is my primary security measure. All security is there. I also only allow it to connect to a very short list of domain names, which will reduce by most likely more than 90% the chances of being hit with an exploit attack. Let's hope these websites won't themselves host the exploit code and payload.

As for apps I install, well... either they're clean...

 

People assess their potential threat gates differently. Common ones include:

a) drive-by downloads
b) others executing code that may be malicious
c) oneself executing code that may be malicious

For a) and b), AE helps to minimize that risk. Not everyone is willing to utilize AE though as it may not fit their workflow so they may opt for other technologies (such as real-time AV).

For c), one may either opt for:

i) on-demand scanner if he/she feels that suffices
ii) real-time AV doing a background analysis if it makes the person feel more comfortable

Just be glad that there are those around us that use real-time AVs because they are contributing to the wellness of the AV industry (growing database, revenue to keep the company alive, etc).

Imagine if the AV industry dies. There would be neither Hitman Pro nor VirusTotal and the likes. Those of us who don't run real-time AVs...we download from trustworthy sources (which are still verified through AVs) or we use on-demand scanners. Hence, I'll say that we indirectly benefit from the others.

 

Nor should you have a FP wipe out your system with an AV if configured correctly. The mistake people make is permitting the AV to delete (perceived) threats instead of quarantining to 1st verifying whether the threat is real. That's what the virus vault/chest is for. If it does turns out to be a FP you can restore the file(s), if it is a verified threat then you delete.

 

Same here.

 

I'm going to play devil's advocate here so bear with me. How can you trust those results when you have no confidence in AV it could be that they're not able to detect a problem on your system. Also it could be that if your system is infected that it could trick those scanners into thinking your system is clean. While I doubt this to be the case I think it's something I'd be worried about. I would like to drop my AV but I think I'd just be too scared to.

 

In a case where the FP involves system files, default quarantine is still a bad idea in my opinion. If I'm running an AV, it has to ask me 1st for any action.

 

I'm not Peter2150 but I hope you don't mind. If that's the case, what makes you think a real-time AV results any better? Harsh truth: AVs can't detect everything. You either trust the results you get or you don't.

 

I feel you. I run an AV now and still have a feeling of mild paranoia when it comes to my system's security. If I have to remove the AV, for whatever reason, the few minutes it takes to get it back on the system is excruciating.

 

I very much appreciate your reply safeguy. I don't know if I can trust my AV results I just hope that I can. It's the same with most of the software that I use, I just hope that it does what it's supposed to. I've had the idea of using AV so ingrained, I just can't imagine not having it even though part of me does think it might be a waste of time. My AV doesn't take too much of my system resources which is why I can tolerate it but it may as well not be there for all that it does.

 

Whether you have the AV 'ask' or 'quarantine' with a perceived threat, either is preferable to issuing a blank check for the AV to delete what it finds.