Why use an AV?

Maybe. But I cannot imagine how they (including me) have being trained.

 

I totally agree.

 

Absolutely. Well said.

Ya know, it's really funny how companies and organizations spend countless time and money researching and testing antivirus software. Heck, apparently all they needed to do was come to Wilders and ask some of the "advanced members" what they should or shouldn't be doing. Apparently then, they'd learn that their products are "crap" and "ineffective". I thought all those "97-99% effective ratings" against current, old, and zero-day exploits were pretty good....but apparently we've been all mislead. Apparently, it's all marketing and all they want to do is "sell" us something. Even companies that offer FREE antivirus software...or heck, an organization like AV-comparatives.org - which last time I checked wasn't trying to "sell" me anything.

 

GrafZeppelin, I think you're being a little unfair on me particularly by taking what I'd said out of context. You underlined half of one sentence and underlined half of another sentence and creating something I didn't quite say.

Okay before I explain my post fully, I'd like to comment on some of the points in your post and to clarify that I've never forced a security program upon someone and I never would. It's up to any person how they wish to use their computer and I'm happy to give advice to my friends but I find that people hate advice that they didn't ask for. I've fixed a number of my friends computers and have seen one case where the person didn't like to update software like Flash, Java and his browser as he felt that if something was working you shouldn't change it. I suggested it was a little unwise and he should keep it up to date and left it at that. Another friend had porn in his browser history from more than a year ago and had then given the laptop to his mother. He also did his online banking in the same browser I suggested Sandboxie but didn't press the matter.

Okay I'll move onto my first statement:

When I bought AppGuard, I offered a relative one of the licenses and suggested he use the trial. When I told him him a little about it he seemed to get uncomfortable and felt he didn't need it because he was using MSE and that it seemed too difficult.

I think there are any number of programs that can help to tighten computer security and any number of combinations and this is down to personal choice. You get 3 licenses with AppGuard so I was happy to share the other two with members of my family; it's certainly not because I think all people should use AppGuard. Well he didn't understand the point of an anti-exe because he like many other people think all you need is your AV and that other programs are a bit of a con. He didn't want AG, that's ok but this now bring me to the second comment I made:

I do think think the idea that having an AV being the best and only solution is very misleading and potentially quite dangerous for your computer.

I agree with what you said about a real time av, router, firewall and being up to date. I think you're right, most people will more than likely be okay doing this and it's such a simple solution. I know what I've just said contradicts my previous statement but I'll explain that now.

What I don't like about the approach with AV is that it protects against existing problems but if something new arrives it has come up with a solution and in the mean time your computer could face any number of problems. An AV just isn't the most effective way to handle new problems, you must know of any number of programs that have a better approach to security such as the various sandboxing/virtualizations, anti-exes, image backups etc. This is used by a minority. I think AV companies should consider taking this approach and it could argued some are but the old way of fixing things isn't the most effecient. Prevention is the best solution. I even recall you lamenting in a previous post that if only the AV companies came up with a good quality anti-exe.

Most computer users just want to surf the net or play games etc and they don't think twice about their online security.


I think when we look at the most popular passwords such as 123456 or password or people using out of date software that security isn't a priority. Adverts are regarded as major way of spreading viruses/malware yet I was recently told only a small percentage of people use ad blockers. Microsoft even told people to use EMET that were using IE, one of the most popular browsers because of a large number of zero day threats yet I can't imagine many people use EMET. This isn't even about just having an AV as many people don't even use one. People are more interested in other things than the security of their computer.

I certainly didn't say and wouyld never agree with the statement that anyone who doesn't use AppGuard and an AV instead doesn't care about security. And I'm definitely in no way looking to attack you or anyone else on the forum.

GrafZ, I really hope this has cleared everything and that we're all good

 

People that cant comprehend that antiviruses are not necessary by everybody should read this post by Mr Fabian Wosar.

https://www.wilderssecurity.com/showpost.php?p=2221882&postcount=16

Bo

 

Sorry, just had to bring that up.

That's not what an AV was made for. It's just a side effect created by the competition of AV vendors. Relying to a traditional AV to protect against zero-day is just not right, IMO.

But still, some AV vendors implement advanced tools in their products, like ESET with its excellent HIPS, to deal with zero-day. So using only an AV is probably enough for typical users. Zero-day isn't a common thing anyway, and web browsers get more secure each day, so there's no need to worry about new threats.

True, a real-time AV isn't the most effective way. So are sandbox, HIPS, AE, etc. They all have their own flaws. They all are bypassable. What I don't like is when AVs are accused as the least effective way by some people. Sorry, but that's just untrue. Do remember though, that using an AV is also a prevention.

Those AV vendors are in a serious need to implement a good AE in their products. It's much easier to use than HIPS IMO, which is already a common thing nowadays.

I'm honestly wondering if people actually do that. I just don't think people are that stupid really. EMET is definitely not for everyone. There are some tweaks and some programs may be incompatible/crashed under EMET's protection. And pssst, I just dropped EMET, not using one now.

FYI, I'm more interested in 2D animations and bullet hell shmups instead of security. I'm just an ordinary PC user who want to secure my computer the easy way. Maybe some people could handle HIPS popups, I couldn't. Maybe some people could use Sandboxie properly, I couldn't. And I'm not interested to use non-linear methods nowadays. If they want to use more advanced ways, then as I said, please do so. But I'll have to disagree if someone says AV is the least effective way compared to other methods.

I hope we're all good and yes-AV and no-AV fractions could coexist together without anyone's feeling more superior than the others.

 

Sorry but i dont accept that.
You say "popularity and revenue" have nothing to do with how good a product is.
If kaspersky was utterly useless do you honestly feel 300million people would use it.?

Regards.

 

Yeah, definitely. 90% of the population has no idea how an exploit actually works, let alone knows how to defend against attacks. They're subject to marketing because they can only know what they're told, and whoever yells the loudest about their product is the one who'll make money.

 

And personally I'm not saying that they ARE necessary....

But I do think that it's foolish to go around trying to tell EVERYONE ELSE that they are NOT necessary.

It can be summed up real easily: Some Wilders members have started this little kick that they are hoping becomes a trend. And that is, to see how many people they can get OFF of using an antivirus, and convert them over to an attitude that using an "anti-EXE", "sandbox" and "re-imaging" is the way to go!

Of course, they're asking a vast majority users (hundreds of millions) to invest a lot more time and effort in to learning how all of this works...as well as how to perform it. The functionality of it simply is not as easy as using an AV.

And like I've said previously....a lot of people want the decisions as to what is good or what is bad taken care of for them by malware professionals. Most people simply want to use their computer, not feel like it is a choir and responsibility for them to perform certain tasks any and every time they start it up or open a browser.

I think the "You don't need an AV" crowd would do themselves a lot of favors if they didn't preach to, insult or talk down in a condescending way to people who choose to use an antivirus.

 

Just curious....

A lot of you on the "anti-AV" side are constantly beating the drum about "AV companies making money" (like that's something evil or something. It's actually a necessity to survive! But I digress...). So you seem to be against companies marketing their products in order to make money. Basically, you're on a bit of an "anti-capitilsm" kick of sorts.

Meanwhile, you're touting "anti-EXE" software. "Re-imaging" software. "Sandbox" software, etc.

I can name NUMEROUS "FREE" antivirus programs......how many "FREE" anti-exe, sandbox, or imaging programs can you name?

 

I think you are WAY off base in those statements. Nobody here is telling anyone what to do, or how to do it (except maybe AMIGA500.. ). Nobody here cares about trends either. This is just YOU, reading all that into it.

All some people here are saying is, there is more than one way to skin a cat, as someone already mentioned a long time ago. You can use an AV if you want, or you can use other means to secure your machine. Both methods can work effectively.

AV or no AV doesn't need to turn into a bitter political argument here guys... it's just meant to be a discussion of what's possible.

 

Perfectly agreed.

 

I'm not against making money at all. I'm certainly not anti capitalist.

I'm against lying to customers, telling them they're secure with your product, and then pushing out the same technology we've been using since the 80's. Or, if you're one of those start up AE's, since the 90's.

I most definitely do not tout any of that software anywhere. In fact I have been quite anti AE for some time.

I don't care about those products. I don't even use them. I certainly don't suggest other people use them.

 

Oh, no... you didn't say that, did you? lol (It calls for comment of mine. )

Joke aside, antiexecutables end up being useless for two reasons: they cannot protect the user from him/herself, nor can they protect against exploits, they only stop the payload, but a payload is not necessary.
So, one could ask: Why use an antiexecutable?

Are most of those using such kind of security analysing each file they download themselves and come to the conclusion it's safe? I have my doubts. They could argue they upload files they download to services such as VT, Anubis, etc., but they all have a size limit. So, what option is there?

Sandboxes... well, we could be talking about Chromium's or Internet Explorer's one, but they also cannot protect the user from him/herself. They also cannot protect against every exploit, nor can they protect against kernel exploits. The same applies to Sandboxie/other.

Reimaging. I previously mentioned this would be the way to go. But, how to be sure (100% sure) any of the images are indeed clean? Which is why I don't really care about imaging, when it comes as a malware protection either. They would give me a false sense of security, to be honest.

Maybe the question should be: Why not use an AV, as an additional security measure? *edit* Or, maybe we could ask: Why not use a sandbox, as an additional security measure?, etc *end of edit*

Yes, AVs aren't perfect. Sandboxes, antiexecutables, reimaging aren't perfect either. So... it's all about choices. You end up chosing the one(s) that make you feel most secure. Even among the most advanced users here at WSF, I wonder what's the real % of them that could and/or would actually analyse every file, and would actually waste their lives doing it, for the sake of security?

-edit-

Would just like to add that I don't advocate or do advocate the use of an AV or whatever else. It's just that I've seen quite a few threads regarding people asking others whether or not it's time they should drop their AVs, and some do say things like being clean during the time they dropped their AV. I honestly don't know how someone can say that, unless they analyse each file arriving to their systems, but OK...

 

Very well said. I'm in complete and total agreement

This part too

 

"Why use an AV?" Why use anything!

Everything in life is a point of view. Everyone has her/his own point of view.

Security is a state of mind: we aim to employ security methods that give us that peaceful, state of mind devoid of fears.

Read Bruce Schneier's Beyond Fear: Thinking Sensibly About Security in an Uncertain World. It's ten years old, but much is still relevant.

A couple of chapter headings:

I walk down my street and notice several houses have bars on the windows. One who uses such may say to neighbors who do not, "I can't believe you don't have bars on your windows."

Some answers might be,

• "I've lived here for 15 years without a break-in."
  
  
• "There are better solutions; you've been influenced by the 'Bars on Windows Industry.'"
  
  
• "I have a dog outside 24/7."
  
  
• "I have a motion detection system that alerts to intrusions."
  

In the above scenario, substitute "AV" for "bars on the windows." Everyone will a rationale pro and con.

All subjective points of view.


----
rich

 

I don't really care how an exploit works. All I want is to prevent it, and good AVs like Kaspersky do prevent them if I am reasonably careful.

As for reading some article to prove I am not very smart, I also don't care about that. I had rather surf safely with my AVs standing guard.

Jerry

 

You're joking, right? I mean, perhaps humor/irony is intended but I don't get it (language barrier?).

 

i just wonder if my emsisoft and malwarebytes prevents exploits?

 

Not literally, but might be helpful in most cases. Better use a script blocker to make their jobs easier.

 

thanks
i heard that kaspersky is good at blocking exploits in real time

 

Sorry - but I really don't see where you get this from! You must taking a very selective view of some peoples opinions.

 

Because AV can be just set and forget. Unlike HIPS/AE or on demand scans.

 

Actually, an AE could be used as a set-and-forget solution. Unless you don't consider SRP/AppLocker as AE. Some OD scanners have an option to run a scheduled scan, HMP for example.

 

Or it could be that we are participating in a discussion in a forum devoted to security related issues with no agenda other than sharing ideas and telling of how we do things or how we look at things.

Or it could be that those who have more knowledge understand it helps in many aspects, and so they encourage others to also gain more knowledge, because it helps in many aspects.

I would say that is the kettle calling the pot black myself. Read the thread over again. The only thing being preached is that an AV is not mandatory to ones security. Everything else, anti executable or sandbox or imaging is mentioned as some alternatives to the AV, or in conjunction with an AV. And a firewall if so desired.

I might be wrong, but I really don't think anyone who doesn't use an AV has any hidden agenda going on.

Sul.