Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Do I really need an AV? I don't think so!

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion
View previous topic :: View next topic  
Author Message
merlot_1
Warrior


Joined: 28 May 2006
Last Visit: 08 Apr 2008
Posts: 85
Location: dixon.il

PostPosted: Sat Nov 25, 2006 3:57 pm    Post subject: Do I really need an AV? I don't think so! Reply with quote

I use to do all the nastys. Got my pc 2 years ago and stole all kinds of software and music from p2p sites. Also visited every porno site I could find, and had 27 casino programs on my pc. I downloaded screen savers, smilys, and went to crack sites. I had over 20 security apps on my pc, and still got trojans, and other viruses that slipped through. My machine would get so infected that the only cure was to reformat, which I did EVERY week for a year and a half. Yes, at least 80 times I had to reinstall Windows! Then I came to this site and have not even had a tracking cookie for 3 months without using anything other than Oprea Browser and safe surfing. I have Nod32, Ad-Aware, and a firewall, but do to my safe surfing, I think I get by with just a firewall, now, and dump the AV and Ad-Aware as they never find a thing! It is my opinon that if you surf careful you can dump ALL security apps except your firewall.
Back to top
View user's profile Send private message Send e-mail
roger_m
Warrior Addict


Joined: 24 Feb 2006
Last Visit: 06 Mar 2014
Posts: 605
Location: Blackwater, Australia

PostPosted: Sat Nov 25, 2006 6:38 pm    Post subject: Reply with quote

Well reformatting in never the only cure. Personally I believe in never ever reformatting.

Personally I do use antivirus software, however as I am careful about what I do online, when my I get my new laptop which should be in a few days I hope - I guess it hasn't been assembled yet, I am seriously thinking about using no antivirus or antispyware protection. Because viruses and spyware are not a problem for me at all - however I would certainly not recommend other users do the same. As for a firewall, Windows XP SP2 firewall is all I need.

I'm just saying that if you are an experience user and are careful about what you do online then virus and spyware should not be much a problem.

However I am seriously considering cloning the harddrive from an old IBM laptop I used to use until the motherboard gave me problems a few months back and trying to get the copy of Windows on that running on my new laptop - last time I tried to do something like this it failed, and yes I had to do a new install of Windows, but at least it will keep me busy for a day or two trying to get it to work, and this copy of Windows does have some antivirus and antispyware software installed on it.
Back to top
View user's profile Send private message
merlot_1
Warrior


Joined: 28 May 2006
Last Visit: 08 Apr 2008
Posts: 85
Location: dixon.il

PostPosted: Sat Nov 25, 2006 7:36 pm    Post subject: Reply with quote

Hi, roger_m, I was afraid people would think I was crazy.. only running sp2 with no other protection. I never had anything too important on my pc, that's why I always reformatted to get rid of all the infections. It ony takes about 1/2 hour and I don't mind at all. But aside from this site, BetaNews, Download.com, and Yahoo, I really don't visit any other sites that could harm my pc. Besides that, with no security apps to slow it down, plus a whole gig of ram, my pc will be so fast that I might not be able to hang on to my mouse tight enough to keep up with the speed Laughing
Back to top
View user's profile Send private message Send e-mail
Erikalbert
Warrior


Joined: 10 Aug 2006
Last Visit: 05 Jul 2007
Posts: 219

PostPosted: Mon Nov 27, 2006 6:53 pm    Post subject: Re: Do I really need an AV? I don't think so! Reply with quote

merlot_1 wrote:
I use to do all the nastys. Got my pc 2 years ago and stole all kinds of software and music from p2p sites. Also visited every porno site I could find, and had 27 casino programs on my pc. I downloaded screen savers, smilys, and went to crack sites. I had over 20 security apps on my pc, and still got trojans, and other viruses that slipped through.


Seriously, I'm not sure if you are trying to get infected on purpose. But you can do all these activities without getting infected.

Or so I have heard lol.

Well except maybe the download all the smileys and screensavers part, but that one can be done if you are very careful and selective.
Back to top
View user's profile Send private message
Nick
Site Admin


Joined: 27 Feb 2004
Last Visit: 15 Jul 2014
Posts: 3913
Location: California

PostPosted: Mon Nov 27, 2006 10:10 pm    Post subject: Reply with quote

Not running an antivirus is not a wise idea. Even if you think there isn't anything of interest on your PC for the bad guys to get, you forget many of them aren't interested on what is on your PC. They want to hijack your PC to use a as relay for spam or to use in a bot network. It may not matter if there are backdoors running on your PC, but the people who get spam passed through your computer may care...
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Sep 2014
Posts: 10329
Location: sunny California

PostPosted: Mon Nov 27, 2006 11:07 pm    Post subject: Reply with quote

Another reason to have an antivirus -- there are plenty of legitmate, normal sites, including forums, that get hacked with exploits and linkd to malware. Also good sites can have infected banner ads -- banner ads have been known to be poisoned by the bad guys.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
trickyricky
Warrior


Joined: 14 Dec 2004
Last Visit: 15 Apr 2009
Posts: 192
Location: London, UK

PostPosted: Tue Nov 28, 2006 2:05 am    Post subject: Reply with quote

I always liken security apps to wearing a seat belt or a crash helmet. You can do without them if you are careful enough, but there may be the odd occasion where they may save your life, due to something unexpected.

So whereas I can do without an antivirus, I choose to have NOD32 running just to be safe. It has never found or stopped anything on this PC, but one day it may just save me from something nasty and unexpected.
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Sep 2014
Posts: 10329
Location: sunny California

PostPosted: Tue Nov 28, 2006 9:01 am    Post subject: Reply with quote

Trickyricky, I found this from a link on your website. This page has a video showing an unprotected machine being hit with the Sasser worm.

http://www.bbcworld.com/content/clickonline_archive_14_2005.asp?pageid=665&co_pageid=3

There's an interview with Jacques Erasmus of Prevx, who was formerly a hacker apparently.

The article and video don't state, however, that the vulnerability used by Sasser has been patched. A fully patched, updated machine would not be vulnerable to Sasser now.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Mrkvonic
Warrior


Joined: 27 Sep 2004
Last Visit: 01 Feb 2007
Posts: 209

PostPosted: Tue Nov 28, 2006 10:26 am    Post subject: Reply with quote

Hello,
Most exploits are based on scripts. Browsing the net using a script regulation software like Noscript extension will prevent all these exploits from ever becoming. Then, there's the issue of propagation. Exploits will have a much harder time invoking their functions in a non-IE browser.
Mrk
_________________
http://www.dedoimedo.com
Back to top
View user's profile Send private message
Oldfrog
Site Admin


Joined: 08 Aug 2004
Last Visit: 09 Feb 2013
Posts: 1161
Location: Hewitt, TX

PostPosted: Tue Nov 28, 2006 12:04 pm    Post subject: Reply with quote

On initial reading I was inclined to agree that my AV had never found anything on my system either. Upon reflection I had to modify that.

It is true that no AV has ever found anything on my system that I did not intentionally put there, but that is only part of the story. Both NIS (which included NAV) and my more recent scanner (NOD32) have detected files that were not technically on the system but were attempting to enter through either an infected disk being read, an email attachment, or an IM message. Several of these intended infections were received from contacts that I know and whom I would normally trust. You can do what you want but I will continue to run an AV against these very threats.
Back to top
View user's profile Send private message Visit poster's website
merlot_1
Warrior


Joined: 28 May 2006
Last Visit: 08 Apr 2008
Posts: 85
Location: dixon.il

PostPosted: Tue Nov 28, 2006 12:38 pm    Post subject: Reply with quote

Ok, I guess I could keep Nod32, as it doesn't consume much resources, and sp2, of course, but I can dump my anty spyware apps, correct? I don't even get tracking cookies with Opera, so I have no need anymore for CounterSpy, Spyware Doctor, SpySweeper, etc. As I said earlier, I use to have over 20 of these apps on my pc at the same time, trying to add some protection to all my bad habits! Some nights it would take me 3 hours to run all their scans, and the funny part was they all found stuff the others missed. Rolling Eyes
Back to top
View user's profile Send private message Send e-mail
Oldfrog
Site Admin


Joined: 08 Aug 2004
Last Visit: 09 Feb 2013
Posts: 1161
Location: Hewitt, TX

PostPosted: Tue Nov 28, 2006 12:57 pm    Post subject: Reply with quote

Quote:
the funny part was they all found stuff the others missed.

The unfunny part is that some of those were likely false positives.
Back to top
View user's profile Send private message Visit poster's website
nosirrah
Warrior


Joined: 30 Aug 2006
Last Visit: 16 Jul 2007
Posts: 160

PostPosted: Tue Nov 28, 2006 1:11 pm    Post subject: Reply with quote

I don't known about that , some were likely false positives but not all .

I use several different scanning engines when I disinfect my costumers machines and I often find a few lingering files even on the last scan (I scan their drives as slaved drives so registry false positives do not apply) .

Even after all of that I still sometimes find some new ones when I do a manual inspection of the usual places :


C:\
C:\windows
C:\windows\system32
files created in the last month
files modified in the last month
hidden/system for no good reason
.sys outside of the drivers folder
Back to top
View user's profile Send private message
Oldfrog
Site Admin


Joined: 08 Aug 2004
Last Visit: 09 Feb 2013
Posts: 1161
Location: Hewitt, TX

PostPosted: Tue Nov 28, 2006 1:22 pm    Post subject: Reply with quote

I certainly agree that no one app finds everything and that all miss something. At the same time, I have never used an app that did not have the occasional false positive and some that I have used had a lot. I don't really consider it safe to delete anything that a scanner recommends to delete without checking it personally. In that context, the more scanners used the more false positives will likely surface.
Back to top
View user's profile Send private message Visit poster's website
merlot_1
Warrior


Joined: 28 May 2006
Last Visit: 08 Apr 2008
Posts: 85
Location: dixon.il

PostPosted: Tue Nov 28, 2006 2:19 pm    Post subject: Reply with quote

Thanks for the replies, but to get back to my last question...do I really need an anti-spyware app to go with sp2, Nod32, and Opera? Keep in mind I'm a good boy now Wink
Back to top
View user's profile Send private message Send e-mail
Oldfrog
Site Admin


Joined: 08 Aug 2004
Last Visit: 09 Feb 2013
Posts: 1161
Location: Hewitt, TX

PostPosted: Tue Nov 28, 2006 3:00 pm    Post subject: Reply with quote

merlot_1 wrote:
do I really need an anti-spyware app to go with sp2, Nod32, and Opera?

Only you can really answer that. If you are careful and not getting infected then you certainly don't need one. To be honest, I only run one out of curiosity as to what it will detect and for the fact that the beta version I am running has a decent HIPS as a build-in.
Back to top
View user's profile Send private message Visit poster's website
hornet777
Warrior Guru


Joined: 28 Oct 2005
Last Visit: 20 Oct 2009
Posts: 458

PostPosted: Tue Nov 28, 2006 4:01 pm    Post subject: Reply with quote

I nixed a reply to this thread because upon re-reading it, I noticed that merlot had NOD, which suggested to me that he/she indeed had AV, at least installed.

Now I return, and make the same point in the nixed reply: its one thing to have it installed, and another to run it resident. The former is optional, but do you really want to have no AV even installed on your system merlot, or have I misunderstood?

I don't even know of a hacker that would not have AV installed. What's that say? The others have already made excellent points in support of retaining the install, and there are perhaps others. On the other hand, you could have just uninstalled it and not told a soul. <shrugs>
Back to top
View user's profile Send private message
merlot_1
Warrior


Joined: 28 May 2006
Last Visit: 08 Apr 2008
Posts: 85
Location: dixon.il

PostPosted: Tue Nov 28, 2006 5:22 pm    Post subject: Reply with quote

You all have very good points. The only reason I was thinking about running with no AV was #1, it never finds anything because I don't have bad habits. #2 Face it, anyone with pc smarts knows an AV slows your system down..some as much as 50 percent!(Same is true for today's spyware scanners) and #3, it costs money. Yes, I still know how to hack any registered AV out there, but I won't do that..it's stealing and I have reformed.
Back to top
View user's profile Send private message Send e-mail
Mrkvonic
Warrior


Joined: 27 Sep 2004
Last Visit: 01 Feb 2007
Posts: 209

PostPosted: Tue Nov 28, 2006 11:12 pm    Post subject: Reply with quote

Oldfrog wrote:
On initial reading I was inclined to agree that my AV had never found anything on my system either. Upon reflection I had to modify that.

It is true that no AV has ever found anything on my system that I did not intentionally put there, but that is only part of the story. Both NIS (which included NAV) and my more recent scanner (NOD32) have detected files that were not technically on the system but were attempting to enter through either an infected disk being read, an email attachment, or an IM message. Several of these intended infections were received from contacts that I know and whom I would normally trust. You can do what you want but I will continue to run an AV against these very threats.


Hello,

Nicely put. Protect against those you trust - that's what AV is really
for. And best suited for corporations and networks. At home, things are more lenient.

About hackers using AVs? Joanna Rutkowska does not use one...

Mrk
_________________
http://www.dedoimedo.com
Back to top
View user's profile Send private message
trickyricky
Warrior


Joined: 14 Dec 2004
Last Visit: 15 Apr 2009
Posts: 192
Location: London, UK

PostPosted: Wed Nov 29, 2006 2:22 am    Post subject: Reply with quote

suzi wrote:
Trickyricky, I found this from a link on your website. This page has a video showing an unprotected machine being hit with the Sasser worm.

http://www.bbcworld.com/content/clickonline_archive_14_2005.asp?pageid=665&co_pageid=3

There's an interview with Jacques Erasmus of Prevx, who was formerly a hacker apparently.

The article and video don't state, however, that the vulnerability used by Sasser has been patched. A fully patched, updated machine would not be vulnerable to Sasser now.

Thanks for that pointer, Suzi. I am about to perform an update to my site and that link will be going along with some of the other outdated or redundant ones.
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Sep 2014
Posts: 10329
Location: sunny California

PostPosted: Wed Nov 29, 2006 8:49 am    Post subject: Reply with quote

trickyricky, it's good link, IMO. I think the article containing the video was written after the Sasser exploit was patched -- so they might have deliberately left out that fact to make a point... just guessing.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
herbalist
Warrior Addict


Joined: 28 Aug 2004
Last Visit: 25 Jun 2008
Posts: 726
Location: northern Michigan

PostPosted: Wed Nov 29, 2006 6:08 pm    Post subject: Reply with quote

Quote:
Do I really need an AV?

Are you referring to a resident AV or an AV scanner? While I don't run a resident AV, I do have AV scanners. I do scan all files entering my system but I don't consider the AV to be part of my core security package. As far as whether or not hackers use AVs, I would expect that most have AV scanners but not nearly as many would run a resident AV. Many "hacker tools" and other administrator software gets targeted by AVs and malware detection software because of their potential and actual usage for malicious purposes. On my system, I have to tell an AV scanner to ignore a lot of files, including some batch files the AVs heuristics don't like. I doubt most of them would tolerate an AV getting in the way. Then again, how many hackers would you expect to find using windows unless they actually needed to?
For real time protection, I rely on SSM to replace a resident AV. Barring bad decisions by the user, it's completely capable of preventing malicious code from running on a PC. When you get right down to it, infections are either processes themselves or malicious files placed on your system by a running process. Prevent the malicious or exploited process and you prevent the infection.
At the risk of over-simplifying things, and this is seriously over-simplified, users have two general options.

  1. Identify the files and/or processes and compare them to a database, reference file, etc. If the file is on the list, deny access to it, quarantine it, etc. If dealing with a listed process, block it, kill it, etc. If the file or process is not in the datadase, reference file, etc, allow access to the file or allow the process to run.
  2. Prevent all unknown processes from running. Allow each known process to start (parent) only those specific processes that are needed by that particular parent process for normal system operations. Allow each process to be started by (child) only those specific processes that would be used to launch it in normal usage.

The first example describes a typical AVs procedure. The second describes HIPS with a restrictive ruleset. The AV approach checks against a database of known malicious code, which contain huge numbers of pests and variants, but are never complete or completely up to date. HIPS uses a much smaller database of what is specifically allowed, a listing that matches your systems contents, and blocks anything not listed. AVs are weak against new threats and nearly useless against new exploits. HIPS doesn't depend on identifying the specific threat, so it isn't affected by the newness of the malicious code. When a tight, restrictive ruleset is in place, HIPS can defeat many exploits by not allowing a vulnerability found in one program to be used to access another it normally could or would not.
The AV has its place on a PC, especially the scanner. HIPS will not prevent you from sending a malicious or infected file to someone else. But AVs are not sufficient to protect a PC from the huge variety or threats in the wild. HIPS alone is not sufficient either. Some form of traffic control is still necessary. I wouldn't go online without a firewall. While I probably could get by without Proxomitron, I'd be a lot more careful about where I went without it. Put the 3 together, Proxomitron, HIPS (SSM) and a firewall (Kerio 2.1.5), give each a good ruleset/filterset, and your AV won't have much left to do.
Rick
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
Franklin
Warrior


Joined: 17 Nov 2004
Last Visit: 23 Jan 2008
Posts: 143

PostPosted: Sat Dec 02, 2006 8:01 am    Post subject: Reply with quote

To answer the post topic - no you don't need an AV if setup securely.

Use FF with Noscript extension run through Sandboxie and you can surf where you like.

And even then you can allow any scripts to run if inside the sandbox.

Look at or open things inside the Sanbox then delete and it's as if you've never been there.

Sure, use a decent AV such as Kav or Nod32 but as only as on demand, same as as any antispyware apps.

Empty the sandbox and the on demand scanners won't find a thing.

If using FF you can speed up browsing by turning off "check suspected forgery sites" and use OPENdns which has equvaent filters.

http://www.sandboxie.com/index.php?FrequentlyAskedQuestions

http://www.opendns.com/
Back to top
View user's profile Send private message
Osage
Warrior


Joined: 19 Aug 2005
Last Visit: 07 Sep 2011
Posts: 227

PostPosted: Sat Dec 02, 2006 9:47 am    Post subject: Reply with quote

My comment is that it may be possible to get by without an active AV on your system---but you better be really expert and have various other programs running such as a sandbox to compensate---so label that stunt as for experts only and not advice to be given to any non-expert.---and a stunt at that.

But like nearly any other problem in life---its a risk vs. reward problem. We all know the risk--and as someone who had the joy of buying a used system that came with an abundance of malware--I can stress the fact that its not always easy to get the crap off once it gets in.---and those extra special few can take an inordinate amount of time.

But where is the reward?----a maybe slightly faster system?---but unless the AV is total bloatware---the program will not tax a modern computer system to a any great extent---and as I type this my system is idling along--even though I may have a download going in the background while another program does something else.---and my active anti-virus is definitely running

But it is a necessary annoyance to have internet security in place.
And a risk vs. reward problem---but when you are evaluating the total tax on the computer to have a given degree of security---one must look at the total of anti-malware apps you are running---as the time you lose in computer slowdowns---and then add in the time it takes to get bad guys off once they get in.---and then compare that to the time you save in faster boots and in having a computer that completes tasks slightly faster---and also look what time you lose maintaining your sandbox---vs. the time you lose with a active AV.
Back to top
View user's profile Send private message
nosirrah
Warrior


Joined: 30 Aug 2006
Last Visit: 16 Jul 2007
Posts: 160

PostPosted: Sun Dec 03, 2006 11:33 am    Post subject: Reply with quote

This is one of those questions that has a different answer depending on who is asking the question . There is no universal answer .

If my parents asked me this question the answer would not only be yes but I would pick it out , install it and make frequent reminders to update and run scans .

If someone with an excellent understanding of windows and malware had a system with nothing to protect on it asked me I would say no .

In the middle is the massive gray area where there is no good answer .

This is just like the "what should I do for data/system backup" question . Your skills and critically of your data determine the answer . There is no one size fits all answer .


Personally I don't run active AV on my work machine (it is never taken anywhere accept a few forums and windows updates) . I feel confident with my skills that if anything ever got into my system that I could remove it myself .

My girlfriend has Antivir and SAS as active monitors . Her skills and usage habits require it .

To directly answer the question , maybe .
Back to top
View user's profile Send private message
Nick
Site Admin


Joined: 27 Feb 2004
Last Visit: 15 Jul 2014
Posts: 3913
Location: California

PostPosted: Mon Dec 04, 2006 11:35 am    Post subject: Reply with quote

I'll add, if you have to ask if you need to run an antivirus, then the answer is yes.
Back to top
View user's profile Send private message
herbalist
Warrior Addict


Joined: 28 Aug 2004
Last Visit: 25 Jun 2008
Posts: 726
Location: northern Michigan

PostPosted: Mon Dec 04, 2006 4:20 pm    Post subject: Reply with quote

Nick wrote:
I'll add, if you have to ask if you need to run an antivirus, then the answer is yes.

That sums it up quite well.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
thejynxed
Warrior


Joined: 09 Nov 2004
Last Visit: 14 Oct 2007
Posts: 89
Location: Pennsylvania

PostPosted: Tue Dec 05, 2006 4:58 am    Post subject: Reply with quote

Since he has NOD32 installed I would just set it to the following:

DMON, EMON, and IMON, he can leave off AMON and just scan manually.

Not all exploits come from ActiveX or JS you know, there are Flash exploits, etc as well. While yes, you can block Flash, etc using NoScript, in this day and age of malware being found in video and sound files, etc, it is just better to be safe than sorry by having at least the Internet Monitor option running. IMON I believe also takes care of messenging apps.

DMON and EMON take care of documents and email.

Then again, he could just swap to Linux or BSD and not have to worry about spyware and viruses ever again (just rootkits and even those are easily found on such a machine nowadays, and most people aren't stupid enough to run as Root anymore either), or even bothering to install such software. If all he does is email, websurfing, etc, why bother with the Microsoft shuffle?
_________________
"I stab thee with a rusty spork."

Back to top
View user's profile Send private message AIM Address
merlot_1
Warrior


Joined: 28 May 2006
Last Visit: 08 Apr 2008
Posts: 85
Location: dixon.il

PostPosted: Tue Dec 05, 2006 10:27 am    Post subject: Reply with quote

I do run Linux, once and a while, but I prefer Windows
Back to top
View user's profile Send private message Send e-mail
herbalist
Warrior Addict


Joined: 28 Aug 2004
Last Visit: 25 Jun 2008
Posts: 726
Location: northern Michigan

PostPosted: Wed Dec 06, 2006 6:47 pm    Post subject: Reply with quote

Quote:
Not all exploits come from ActiveX or JS you know, there are Flash exploits, etc as well.

Most any type of file can be used maliciously or to deliver an exploit. Scripts, whether Javascript, ActiveX or .hta files (HTML Applications), are just part of the picture. Signature based security apps will always have problems with these, partly because malicious scripts can be written in a few minutes or less. To make the matter worse, a script doesn't have to be malicious in itself. One can just as easily be used to open a malicious page. Some good reading on HTML applications here: The Power of Trust: HTAs and Security
While NoScript does help, Proxomitron is a more powerful alternative that can do everything NoScript does, and much more, plus it works with all browsers.
Windows definitely needs real time protection against malicious code, but that protection doesn't necessarily have to be in the form of a resident AV. Application firewalls or HIPS as they're usually called now are very capable of defending your system against malicious code, providing the user understands their system well enough to properly configure it.
The reward?
Lighter system load.
Better protection against new threats and exploits.
No dependence on outdated and incomplete signature files and databases.
While HIPS can be used to replace a resident AV, it's not a practice the average user should consider. It also won't prevent you from sending an infected file to someone else.
Rick
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
Osage
Warrior


Joined: 19 Aug 2005
Last Visit: 07 Sep 2011
Posts: 227

PostPosted: Thu Dec 07, 2006 1:05 pm    Post subject: Reply with quote

While I think the last post by hebalist was excellent---and covered the subject well---I would have one minor quibble in defining the reward in not running an active AV on your computer at all times.

Which lies in ONLY TWO areas in my opinion.

(1) It slows down your system-- in terms of boot time--plus the time
and slow down spent to keep definitions updated.

(2) There is always the risk of a false positive---and having your AV remove legitimate files that you will later need.

And because I own two fairly modern computers that will at least meet vista minimum standards---factor 1 is not noticeable--and I have never experienced factor 2.

But in terms of running various forms of HIPS--you can do so totally independent of running an AV or not running an AV. But it stands to reason that running an AV plus some HIPS is going to be more secure than running HIPS without an AV for a backstop.

I will also note--that those of us still stuck on dial up--that relying on an online virus scanner is no walk in the park--because first one usually has to download a 20 plus Mega byte file---so figure a whole afternoon to get the job done.
Back to top
View user's profile Send private message
herbalist
Warrior Addict


Joined: 28 Aug 2004
Last Visit: 25 Jun 2008
Posts: 726
Location: northern Michigan

PostPosted: Thu Dec 07, 2006 5:16 pm    Post subject: Reply with quote

Quote:
I will also note--that those of us still stuck on dial up--that relying on an online virus scanner is no walk in the park--because first one usually has to download a 20 plus Mega byte file---so figure a whole afternoon to get the job done.

I can definitely relate to that. I had dialup until a couple months ago. Just updating an AV on dialup wasn't much better, especially when the update was big.
For me, system load is critical. My old hardware won't run XP, let alone Vista. I keep a couple of AVs for manual scanning but not for real time protection. On my system, the difference is huge, not so much in the boot time but in performance during normal activities.
My big concern with AVs is the amount they miss. The only time I've had a virus infect this box, I had an up to date AV. I've also got several more packed away that my AVs (was running 3 AVs at the time) didn't recognize at the time I received them. They wouldn't have protected me.
I won't argue that most users should run an AV. My point is that AVs don't provide the protection they used to. The methods most AVs are based on are not capable of keeping up with modern threats. Remember Slammer? It was widespread before AV vendors could react. Internet speeds are even faster now. Instead of script kiddies, we're dealing with professional criminals more often than not. The threats are harder to detect and even harder to remove. You mentioned a 20mb+ file for an online scan. Care to guess how many pests and variants that number represents? Depending on signature based security apps means you're depending primarily on a blacklist with a 6 digit quantity. If you include adware, it would well be a 7 digit number. The quantity alone makes security by identification an impossible task.
While an AV is still useful, it's not dependable enough to provide any real protection. IMO, it much better to have your core security allow a short list of system processes and applications, and either block everything else outright or intercept and investigate before permitting. Default-Deny.
Rick
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
hornet777
Warrior Guru


Joined: 28 Oct 2005
Last Visit: 20 Oct 2009
Posts: 458

PostPosted: Thu Dec 07, 2006 5:52 pm    Post subject: Reply with quote

Quote:
My big concern with AVs is the amount they miss.


Yep. So long as I have been aware, AVs typically only have sigs to handle about 10% of the real threats. It hasn't changed that much over ~6, going on 7 years now. This means that if any given AV says it gives your a modicum of protection against 30 000 virii, that leaves 270 000 not protected against. Yeah, you could quibble a lot over the numbers and what they mean, but its the bottom line: 10 per centum, that's it.

Tho its off topic, I *think* you might squeak by on XP Herbalist. Given the problems you had over the BIOS and recognising hard drives some time ago, this might be the most serious limitation. My system is similar, tho with an Award BIOS, and just passes under the wire. If it works, there should be no performance issues viz. 98 v. XP: e.g., they should be about the same, perhaps better in view of XP's stability. Tho, just in case, you are still good to go for 2k; I bet you might find a copy for $25 or less, NIB.

Still overall, and even tho AV isn't "all that," its still definitely valuable enough a tool to make sure is included on anyone's box -- to the point where contemplating getting along somehow without it is unthinkable. If perf impact is a concern (on any PC) turn resident off. Also, ensuring it has a context-menu capability within Explorer goes a long way toward rendering it much more handy (most do).
Back to top
View user's profile Send private message
Angoid
Expert Developer


Joined: 08 Dec 2006
Last Visit: 09 Mar 2013
Posts: 87
Location: Notts, UK

PostPosted: Tue Dec 12, 2006 4:40 am    Post subject: Reply with quote

The worst experience I ever had with an AV was when I received a virus by email from a friend's infected email.

The AV quarantined the entire of my OE Inbox, thus other mails were moved as well (OE stored incoming mails in a database file)!

Can't remember what I did to get it back, but I managed it in the end. I then emailed the friend to advise that they had a virus, also adding what to do to get clear.

The reply? A circular mail, simply saying "I DO NOT HAVE A VIRUS!" (yes, it was shouted).

A week later I received another circular mail from the same friend. It said, "Dear friends, my computer system is currently down due to a virus".

The best approach to security is a multi-layered one. You need a firewall to block unwanted incoming traffic, and unwanted programs on your system trying to make contact with its controllers.

You need an AV to help protect your system from viruses and trojans. As we have seen, these not only arrive by infected banner ads, but also compromised GIF or JPEG images, emails, and accidentally hitting bad sites. Another forum I'm on got hit by a hacker about a year ago - instead of getting the forum I got this lovely red-on-black page that had been put there by some Turkish hacker. It didn't contain any malicious code, but it could have done.

Have at least 2 or 3 antispyware solutions lying around as well, and scan on demand. What one misses another one might pick up, and as has already been noted sometimes they do pick up false positives.

But the best package, which is free for all, is called CommonSense. Version 1 is as good as any, and you don't even have to download it!! It should be running in your mind, quietly in the background. It may not prevent you from going to the occasional bad site (intentionally or by design), it may not even prevent you from picking up malware (including tracking cookies), but it will also alert you to when things simply don't seem right and a system scan (or other corrective action) would be in order Wink
_________________
If you don't know what eschatology is then don't worry; it's not the end of the world.
Back to top
View user's profile Send private message
nx42qr7
Warrior


Joined: 22 Apr 2007
Last Visit: 08 Sep 2014
Posts: 86

PostPosted: Sat Apr 28, 2007 6:42 am    Post subject: The Neighbor Hood Constable Reply with quote

Though we are here looking at a post somewhat removed as time would have it,it is nevertheless a post that has much to offer any ill considered thinking whereby a computer user would think they be the wiser by venturing forth without the ability to protect there personal property and personal information from being violated.The almost difficult position to defend against is one that would actually provide for a false report which would wish to encourage the impressionable with a inability to defend against,and that would be a lie.This is why this question drew my attention because how terribly dangerous and innocous the attacks are here on the internet.I would believe that merely because of what appears to be dancing figures are in fact a dangerous illusion which if not corrected will provide an underpining to a disaster.I dont think there can be enough of a warning as if Gabriel was shouting to defeat without compensation any attempt to market a stratedgy whereby a computers stored information is made vulnerable to a would be thief.This can be stated with no greater care, do not and I repeat do not venture forth without a full service anti-virus application.I wish not to reserve any recommendation in so far as care for your very life but if what your computer houses isnt valuable then you better know that is why there are courses and classes and computer science degrees and so on.It must be stressed in no uncertain terms that to allow for the question is merely to dabble in the Black Arts and invariably provide a witness to a walking death.It would be as a Zombie that you would venture forth,a lifeless corpse whose fullness lacks blood and mind as the eternal darkness now allows for your personal property to be used in an serial spree against others whose lives and there personal information are as much your responsibility as they are in your computers memory banks.The Personal Computer is a very responsible machine that is freightening as to its propensity to participate as well as its vulnerability to attack.Please be careful!This is not a joyride-
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group