Why use an AV?

Discussion in 'other anti-malware software' started by DX2, May 7, 2013.

Thread Status:
Not open for further replies.
  1. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,205
    Location:
    USA
    I know a lot of people who think that they are "safer" because they don't wear seat belts in a car or a helmet on a motorcycle. Don't know that I agree with them, but that's their choice. I'm sure they THINK they are safer because they are more observant and don't take as many risks....and maybe that's what you're trying to say here as well. But I have visited sites that I thought would be were perfectly safe only to have my AV catch/quarantine a Trojan. So nothing is foolproof. Is you're happier and more content and practice safer surfing habits as a result of not having an antivirus running resident on your computer, that's great...but I highly doubt that you are actually "safer" as a result.

    ;)
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    That depends I guess. I've fixed countless systems which were infected but had up to date virus engines and definitions. So, from what I have seen, you don't know when you can count on an AV.

    Personally I think you can count on them almost all the time for older known variants. Its the new versions running around that I don't know about. Thats why I stopped using them real-time myself. You have to wonder, if there are a good number of people that do a weekly or monthly or yearly manual scan with more than one scanner, and nothing ever shows up, just who is getting infected and how often?

    I think viruses are the minority and the AV itself is not as needed as in the past. Its the malware that I fix more often, and while the AV tries to get into that arena too, I don't think its really any different, they always have to find the latest, then get that to the user, which could be too late in many cases.

    Its hard to say because the AV does work, but the very nature of how it works always leaves a weak spot. Going without one, well, theres a myriad of ways to approach that, and by many of the replies here, many effective ways at that.

    Sul.
     
  3. guest

    guest Guest

    Anti-executables? :D Man, if those AV companies had a good anti-exe in their products I probably would be very excited. :D
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Nod antivirus has hips feature where you can configure to be as exactly as anti-executable in real time but need to do some learning;)
     
  5. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Policy restrictions all the way. That's enough after the system is set-up properly with all software you wish to have on it. Nothing should get installed or alter system space unless you allow it to.

    But the hard part is;

    Find a good way to classify the eventual installer as 'good' or 'bad' before installing it. I think here is where the AV might come in handy. The AV could be anything, an on-demand scanner such as MBAM or Hitman... or as simple as VT-uploader.
     
  6. guest

    guest Guest

    Nah HIPSs are too noisy. :D Much prefer something more quite like AppGuard or SRP. Unless you muted the HIPS, but I'll go with OA if I'd do that. :shifty:

    The problem with 2nd hand OD scanners are...

    ...which to me, could also means...

    :D

    VT still has an upload file-size limit. There's a possible chance that malware got bundled with a big file-sized programs. And don't forget online-installers. Better let the big-momma taking care of the bad guys. ;)
     
    Last edited by a moderator: May 9, 2013
  7. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    An online installer isn't allowed to install itself because Policy Restrictions denies changes to system space and launches from user-space. Take AppGuard for instance... if you run the browser as Guarded, you're safe from that threat.

    Problem, as I said, was to identify an installer as 'good' or 'bad' before softening Policy Restrictions to allow installations. I agree with you there. That's why you could use a few on-demand scanners, but one or two is enough... Policy Restriction treats unsigned installers as potential threats and block them anyway.
     
  8. guest

    guest Guest

    No, that's not my point.

    Now that's my point when I said...

    What if those scanners said an online installer is clean, but when you're installing it some trojans are ready to take-off? :argh:

    There are some legit installers that are unsigned. Oh hai, 7zip. :D
     
  9. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    That's what I said in the first place. You need a second opinion scanner.
     
  10. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    This is one of my only points of concern really. I think downloading from someplace which puts a good effort to keeping garbage out is a good place to start. But, its often, for me anyway, I find something new when i'm not looking for it, and like to get it straight from the devs website rather than a repository. In that instance, what do I really trust here?

    A scanner could be handy here, whether online like jotti or maybe offline like mbam, or even an AV done manually if you don't have a resident. Its strength is that known about things are usually found. Its weakness is obvious, you hope the scanner knows how to detect something if it exists.

    I decided to not worry so much about it and if I don't trust something that much open it in sandboxie and watch what happens. If I don't like it, delete the sandbox. If I do like it (whatever it offers) but still am not sure about it, maybe then open it in vm and really watch what it does. For me, if it defeats a sandbox or full blown vm, then I bow down in defeat.... and put my image back on. No more problem.

    Others of course follow different paths to how they handle such things. But it is by far what I consider my greatest threat.

    Sul.
     
  11. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    The idea that you will be safer without an antivirus is quite simply ridiculous in my opinion. While I don't exactly practice safe surfing habits (and visit plenty of unsafe sites), I rarely get infetced when I don't use antivirus software as I'm careful about what I let run on my computers. I'm no less careful when I am running AV software.
     
  12. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,205
    Location:
    USA
    Thank you. Glad to hear that somebody else is looking at this the same way that I am. I simply can't imagine anyone actually thinking that they are "safer" because they DON'T use an antivirus product. :blink:
     
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I know what you guys are saying, but honestly, it *can* sometimes be safer to rely on other (non-Av) measures than to rely for example only on an AV which may actually miss things sometimes. And then there is also the danger of FP's and related problems, which exist in most AV products at one time or another.
     
  14. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    No disagreement from me on that, and that is why I never rely on or even expect any software to keep my computers protected.

    False positives are not an issue for me, as I always set my security software to prompt for action when a threat is found. The only non AV measure I use is my own judegement - as I really hate being questioned about every single change to my system. Baidu Antivirus does prompt me about some things - but as the prompts are kept to a minium I can live with that.
     
  15. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    For me it is . . . Peace of mind. :D
     
  16. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Safer without an AV? Maybe, if you segregate the ways a virus enters (ie. the browser) with something like Sandboxie, or strictly control what (the browser) may do, then why could it not be as safe?

    You assume that examining a file for potential malicious intent prior to it entering your system is the only way to maintain system integrity perhaps?

    Not saying AV cannot be a good part of anyones security, because it certainly can. I am saying that with all the ways one can choose to secure their system, an AV is not a prerequisite to good security. Only another tool in the arsenal.

    And that sums up everything I have to say here at Wilders, about almost any topic - there is almost always another way, even if you haven't tried it. But then, thats why I am here, to learn from others so I can try out as many "out of the box" methods as possible, and use whatever I find in whatever way works for me, and any combination thereof o_O And man is this place a treasure trove of ideas. All it takes is a thread like this one to get people discussing their views, and you never know what sort of ideas will be thrown around.

    Sul.
     
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Cates, I don't think I am safer, I am safer. I know you don't understand where I am coming from so I ll tell you. I don't need an AV like you do to tell me if a site is infected or not, I have Sandboxie, that's it, I don't need any program to tell me anything. All files and programs that I open in my computer, they always open in a sandbox. I get better protection from SBIE on its own than if I was using it along an an antivirus. Thats why I am safer.

    Cates, when I run programs and files in my computer in a sandbox and I don't have an AV running around, I know Sandboxie is at its best. By running Sandboxie on its own, I am making sure that I am avoiding any potential conflict that may arise out using an antivirus along SBIE.

    Roger can call it ridiculous but that's how it is. By the way, I visit all kind of sites, I don't care what site it is, I go, I know that I wont get infected. You could also feel as I do if you used the sandbox for over four years and don't get infected. Someone in this thread mentioned that viruses are like non existent, that is exactly how I feel.

    You need an antivirus, you use an antivirus. I am not a guy that knows (quoting you) "all the do's and don'ts and inner workings of security software", but I am extremely relaxed doing things how I do them. Yours and Rogers comment don't make me blink any. You guys want to keep playing the updating, upgrading antiviruses game, that's your choice. To me, that gives me stress. So while you guys waste some precious time doing scans, I ll be enjoying the internet and my computers in a way that you have no idea.

    Bo
     
  18. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Cause I can, and will, make mistakes. That includes infected/old disk images and whatnot. Better real-time AV than trying to fix something after the damage is done. If it's useful without too much drag/errors, then use it.
     
  19. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    No I don't you misunderstood me - I was referring to people who use no protection against viruses at all.

    I do the same, and it is very rare for me to get infected, even when I'm using absolutely no protection.
    The only scans I do are quick scans every few months with Malwarebytes - I never do scans with my AV software, except when install it - and only then if it has a quick scan option.

    I feel quite safe even when I go for months with absolutely zero virus protection. When I do have av software running it has more to do with trying out different software rather than feeling in need to be protected.

    To be honest I've never even considered using sandboxing software - however after reading your comments I might just give it try.
     
  20. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    Im glad a complete newbie to computing does not read this thread and take the advice given quite literally.

    Its an accepted standard of using an av and firewall.These are the basic fundamentals which are stated by known international security companies and yet we on this thread seem to wish to contradict this.

    I use an av because its easier and i have very limited knowledge and software restriction as will most people reading this thread.

    I cannot see the relevance in an analogy which compares using an av to wearing a seatbelt.If i dont use an av then the worst that could happen is my computer may fail to start etc.
    If a seatbelt is not worn then you may lose your life.
    I know what i would sooner do.

    Your analogy is puzzling to say the least.
     
  21. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,205
    Location:
    USA
    Elam...you failed to mention that you use Sandboxie or any other type security product in your initial post. You said "If I was sharing my computers with other people or installing programs all the time, then I would use something like MSE along Sandboxie". "IF" and "something like" doesn't definitively say "I USE". So while you're trying to sound like an internet tough guy, maybe you should lay off the semantics and say what you really mean rather than beat around the bush.

    Go back and read what I wrote one more time. You're missing that I said "I know a lot of people who think that they are "safer" because they don't wear seat belts in a car or a helmet on a motorcycle." You're focusing on the wrong aspect of my post. The point I was trying to make is exactly what I wrote and highlighted - I know people WHO THINK THEY ARE SAFER.....I'm sure as Hell not comparing a computer infection to a car crash. :rolleyes:

    Geez, reading comprehension, people!
     
  22. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    Maybe some are so brilliant that they can run without protection and not get infected. If so fine, but I have my doubts, and think that it is nonsense. The fact that you haven't been infected is no surety that you won't.

    It would be foolish for a dummy like me, of course. In the 15 or so years I have owned computers I have had several attempts at penetration, but my AV stopped them. I am satisfied to let the AV and MBAM do it.

    If money is a problem there are some excellent freebies.

    Jerry
     
  23. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I interpreted the title of this thread to mean why use an AV, as opposed to some other form of protection. I think most of us know that it is pretty idiotic to use *nothing*. I don't know of anyone here or elsewhere that actually does use nothing. Anyway, maybe I misinterpreted the thread title, but I don't think so.. :)
     
  24. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Interesting statement.

    Do you propose that this "accepted standard" is simpy good enough for everyone, that we should not be contradicting this?

    I can't help but think what things would be like today if creative folks like those here had not pushed the boundries of such "accepted standards".

    I see what you describe as an "accepted standard" as a baseline, a recommendation as to what one could use today if they knew nothing. The more such an "accepted standard" would be pushed the more I would deviate from it, simply because there are no finites in such things. Now, if there is an accepted standard that "fists don't penetrate 1" thick steel", I would gladly follow such a guideline without questioning, because there isn't much room for argument ;)

    You probably meant to point out that beginners reading a thread such as this should follow the classic AV and Firewall route, and that our "contradicting replies" might confuse them.

    There seems to be a growing trend here about forum members being concerned with what visitors or beginners will think or do with what is written here. I can appreciate the concern, but do we speak freely or not here? If we are not going to speak freely, then what is the point? Newbies need to take on some responsibility of their own at some point. If Wilders wants to tone down topics so that beginners won't do what some of us here do, then I would have to move on elsewhere. Thats what I like about this place, talking about half-baked schemes and trying new and different stuff out :)

    Sul.
     
  25. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I would agree with Kerodo about the meaning of the topic.

    I don't think it takes brilliance to run without any protection, just knowing how you could be compromised and simply not putting yourself in a position to be compromised. But that might mean you don't do much online :D

    And I agree completely that just because you haven't been infected is no guarantee you never will. I personally have used less and less security software because I haven't had issues, but I still have emergency measures that I follow because I realize it could happen.

    If someone is able to go about their everyday computer life without much security software, or any, or too much, and stay problem free... well, sounds like a great thing to me. Computers are so personalized, what each person does so different, its pretty hard to refute others claims because of the variability in everything.

    Sul.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.