Uninstalled BitDefender Pro 8+

[mechBgon]

But, then again, its also stupid to use an AV if you know the propper use of the internet (such as what pages you surf, the mail servers you should use, and the places you download stuff from), don't you think?

And if you or your wife mistype "www.Google.com", then what? Especially if your browser is being run at Admin-level power.

Another example is when The Register's advertising partner got compromised and began serving Bofra worms. They're certainly a safe site in and of themselves, I visit daily. Think about this. Incidentally, if your browser were attacked by Bofra, a Limited account would thwart it regardless of whether you had antivirus protection or not, since it runs with the privilege level of the local user.

Or then there's DNS cache poisoning. You can think you're somewhere else than you really are, because a DNS server is compromised and is handing out incorrect resolutions. Or the auto-phishing emails that try to modify your HOSTS file with a script and show no other symptoms at all, but the next time you visit your bank's site, it's not really your bank's site.

Anyway, it's your show, but I certainly don't think it's "stupid to use an AV," nope. That's just one facet of keeping up your security, and you should think about using Limited accounts as well IMHO.

 

[Malak]

I do not have an AV loaded and haven't for a while. I haven't had a virus yet. The naysayers can say what they like, but clearly they don't know everything. Nothing short of a hacker targetting me specifically can get a virus on my system. And what clueless hacker would target me?

 

[mechBgon]

Originally posted by: malak
I do not have an AV loaded and haven't for a while. I haven't had a virus yet. The naysayers can say what they like, but clearly they don't know everything. Nothing short of a hacker targetting me specifically can get a virus on my system. And what clueless hacker would target me?

Right, I'm sure a security professional like n0cmonkey is just making it all up as he goes along

 

[n0cmonkey]

Originally posted by: malak
I do not have an AV loaded and haven't for a while. I haven't had a virus yet. The naysayers can say what they like, but clearly they don't know everything. Nothing short of a hacker targetting me specifically can get a virus on my system. And what clueless hacker would target me?

How do you figure?

 

[Sforsyth]

I have AV and Spyware programs running all the time unless I'm playing a game I use msconfig and shut all the startup stuff and uneeded services off and restart some times.

 

[Aenslead]

Originally posted by: mechBgon
Right, I'm sure a security professional like n0cmonkey is just making it all up as he goes along

Well now! A security expert! That is something you don't see too often.

So pray tell, n0cmonkey, what security councils do you have for us?

I would certainly like to know the AV, Firewall and Anti-spyware you use; After all... if you are the security expert that someone like mechBgon suggests, your advices would be of great value.

And please, don't tell me to "look" in the forums for other threads. I want to have it straight from the horse's mouth. Please.

 

[episodic]

I don't keep an antivirus in the memory as a resident app. I do do a daily scan with clam antivir.

 

[tfinch2]

NAV Corporate Edition, Hardware Firewall, Microsoft Antispyware keeps me clean.

 

[Malak]

Originally posted by: mechBgon
Right, I'm sure a security professional like n0cmonkey is just making it all up as he goes along

So you are saying those of us not using AV's and are perfectly clean are liars? Or somehow we managed to do what others can't, but we are the ones that aren't experts?

 

[mechBgon]

Originally posted by: malak

Originally posted by: mechBgon
Right, I'm sure a security professional like n0cmonkey is just making it all up as he goes along

So you are saying those of us not using AV's and are perfectly clean are liars? Or somehow we managed to do what others can't, but we are the ones that aren't experts?

Let me ask you this: how do you know you're perfectly clean?

 

[Malak]

Originally posted by: mechBgon
Let me ask you this: how do you know you're perfectly clean?

Once every few months I install an AV to scan. It's always negative. I also scan for spyware and adware at the same time, and at best they might find a couple tracking cookies.

 

[Gurck]

Originally posted by: malak

Originally posted by: mechBgon
Right, I'm sure a security professional like n0cmonkey is just making it all up as he goes along

So you are saying those of us not using AV's and are perfectly clean are liars? Or somehow we managed to do what others can't, but we are the ones that aren't experts?

Not liars, takers of unnecessary risks. Again, knowing what you're doing isn't failsafe. Do you have Java installed? Do you update it constantly or were you vulnerable via security holes which were later patched - which my a/v warned me about?

Originally posted by: malak

Originally posted by: mechBgon
Let me ask you this: how do you know you're perfectly clean?

Once every few months I install an AV to scan. It's always negative. I also scan for spyware and adware at the same time, and at best they might find a couple tracking cookies.

Do you update definitions before scanning? What scanners do you use? Yes, that's plural - no scanner is perfect, it's best to use at least two each for spyware & viruses.

 

[Malak]

You say I'm vulnerable, but I say I'm not. It's like saying I should wear a bullet-proof vest to school, because I am vulnerable to bullets otherwise. I don't do anything that attracts virii, I don't go to websites that could infect me, and I don't download anything except from sources I trust. I never get spyware, never get virii, and I know anyone can do that. It's not unnecessary risk, it's unnecessary protection.

 

[mechBgon]

Originally posted by: malak

Originally posted by: mechBgon
Let me ask you this: how do you know you're perfectly clean?

Once every few months I install an AV to scan. It's always negative. I also scan for spyware and adware at the same time, and at best they might find a couple tracking cookies.

Ok, now read about rootkits here: http://www.f-secure.com/blacklight/rootkit.shtml If your system's gotten rooted, the scanners aren't going to find anything because they only see what the rootkit chooses to let them see. How many invisible people do you see in your living room? Eh?

I'm not saying you're a liar, just that you're like a person who thinks he doesn't need to wear his seatbelt because he hasn't been in an auto accident yet. The first time is one time too many IMHO, if it results in theft of your identity, CC info, game CD keys (yes, viruses do that nowdays), or (*gasp*) your Forum logon info. :Q Just like the first auto accident could be the one where you're thrown from the vehicle and killed because you didn't wear your seatbelt.

If that's a risk you're willing to run, then go for it. Your idea that you're invincible to exploits is just ...sadly amusing, to put it nicely. But I think we've hashed all that out in a previous thread.

 

[mechBgon]

I don't do anything that attracts virii, I don't go to websites that could infect me, and I don't download anything except from sources I trust.

See my re-posted info below. You can be taken to websites that can infect you, bro. Or the legit site that you visit can have a compromised ad server dishing out malware, like The Register did.

Originally posted by: mechBgon

But, then again, its also stupid to use an AV if you know the propper use of the internet (such as what pages you surf, the mail servers you should use, and the places you download stuff from), don't you think?

And if you or your wife mistype "www.Google.com", then what? Especially if your browser is being run at Admin-level power.

Another example is when The Register's advertising partner got compromised and began serving Bofra worms. They're certainly a safe site in and of themselves, I visit daily. Think about this. Incidentally, if your browser were attacked by Bofra, a Limited account would thwart it regardless of whether you had antivirus protection or not, since it runs with the privilege level of the local user.

Or then there's DNS cache poisoning. You can think you're somewhere else than you really are, because a DNS server is compromised and is handing out incorrect resolutions. Or the auto-phishing emails that try to modify your HOSTS file with a script and show no other symptoms at all, but the next time you visit your bank's site, it's not really your bank's site.

Anyway, it's your show, but I certainly don't think it's "stupid to use an AV," nope. That's just one facet of keeping up your security, and you should think about using Limited accounts as well IMHO.

 

[Malak]

What I'm saying is, I am wearing my seatbelt, but I'm also not driving poorly like the rest of the people on the road. I don't leave things in my car because I know people will steal them

I have dealt with spyware and virii, I know how they infect and affect. I had to deal with Nimda when it hit the entire ITT network. It was harmless and easily spotted though.

Tell me this: What are the odds of any of what you described happening? I think I have better odds of getting shot while buying groceries.

 

[mechBgon]

Tell me this: What are the odds of any of what you described happening? I think I have better odds of getting shot while buying groceries.

Based on my work fleet of about 85 systems, I'd say the odds are far higher. About as high as being sneezed on while you're buying groceries, maybe

I run a very tight ship at home too, currently on a fully-patched Win2000 system with ZoneAlarm, Kaspersky AVP 5, deleted administrative shares, strong account passwords, and a Restricted-User account for daily usage. I am certainly not in the habit of browsing dangerous sites, I don't IM, I don't play with P2P, and I read every virus description published by McAfee, Kaspersky Lab, and Symantec as part of my sysadmin work, so I know the general trends and vectors for attack.

Nevertheless, I was attacked the other day while Googling for song lyrics. Kaspersky put up a nice little dialogue warning me about it. So the final analysis is that you can be a very security-concious user and still need some protection. I might've had several layers of protection, since I use a RU account (aka Limited for a WinXP system), but that's fine with me.

Tangentially, since I predict you're not going to change viewpoints despite all my eloquence, can I suggest you run Microsoft Baseline Security Analyzer if you haven't done so already. And if you don't plan to use AV, consider using a Limited account for browsing and IM'ing. Further info on how to do that without the hassle of logging onto a different account

 

[Aenslead]

Originally posted by: mechBgon

I run a very tight ship at home too, currently on a fully-patched Win2000 system with ZoneAlarm, Kaspersky AVP 5, deleted administrative shares, strong account passwords, and a Restricted-User account for daily usage. I am certainly not in the habit of browsing dangerous sites, I don't IM, I don't play with P2P, and I read every virus description published by McAfee, Kaspersky Lab, and Symantec as part of my sysadmin work, so I know the general trends and vectors for attack.

Gracious!!! Do you have... vital goverment/enterprise/whatever information on your home computers or something? Don't get me wrong, I respect you for what I've read from you, but that has got to be the MOST over-protected use I've EVER seen on a computer!

You remind me of a movie called "Bubble boy", where this guy's mom puts him on a plastic bubble so that he wouldn't get infected of anything out there; J/k.

 

[mechBgon]

Originally posted by: Aenslead

Originally posted by: mechBgon

I run a very tight ship at home too, currently on a fully-patched Win2000 system with ZoneAlarm, Kaspersky AVP 5, deleted administrative shares, strong account passwords, and a Restricted-User account for daily usage. I am certainly not in the habit of browsing dangerous sites, I don't IM, I don't play with P2P, and I read every virus description published by McAfee, Kaspersky Lab, and Symantec as part of my sysadmin work, so I know the general trends and vectors for attack.

Gracious!!! Do you have... vital goverment/enterprise/whatever information on your home computers or something? Don't get me wrong, I respect you for what I've read from you, but that has got to be the MOST over-protected use I've EVER seen on a computer!

You remind me of a movie called "Bubble boy", where this guy's mom puts him on a plastic bubble so that he wouldn't get infected of anything out there; J/k.

If I have some knowledge of security principles due to my work, why would I not apply it to my home computer too? Show me where there's a downside. I guess a guy could say that the antivirus software slows the system down, but I desparately need to upgrade my home system anyway. 1GHz Duron + Radeon 7500 = no HalfLife2 for mech, whether I am running antivirus software or not. At least I've got my old Cheetah X15-36LP in there, disk I/O ain't the holdup

 

[Malak]

A home system is not comparable to a fleet at work.

 

[mechBgon]

Originally posted by: malak
A home system is not comparable to a fleet at work.

Do you know any victims of identity theft and the hell they go through to clear their names afterwards? One keystroke logger...

 

[Zero Plasma]

Why anyone connected to the Internet would not run an anti-virus program is beyond me.
It has NO downside if you have a decent computer and it is insurance.
Plus there are a lot of good free anti-virus programs or 6-12 month trials out there.
Why not have it?

 

[Fokks]

Originally posted by: n0cmonkey
I use anti-virus on my Windows machine. It doesn't take up any real resources, and if I thought it was slowing things down too much I'd get better hardware. I run as a limited user and use mozilla where appropriate. I don't download a bunch of junk, and 99% of the software I use is F/OSS (including my anti-virus). Going without anti-virus is just stupid.

Ditto!

Aenslead you have an Athlon64 with a gig of ram, if your anti-virus is in any way slowing that system down there's a problem.

 

[n0cmonkey]

Originally posted by: Aenslead
Well now! A security expert! That is something you don't see too often.

Professional, not necessarily an expert. And we're all over the place.

So pray tell, n0cmonkey, what security councils do you have for us?

If you're just going to be an ass, you probably won't gain much from what I have to say. That's fine with me, it means I type more. And I love the sound of this keyboard.

I would certainly like to know the AV, Firewall and Anti-spyware you use;

It's largely moot, since I'm not much of a Windows guy.

After all... if you are the security expert that someone like mechBgon suggests, your advices would be of great value.

He flatters.

And please, don't tell me to "look" in the forums for other threads. I want to have it straight from the horse's mouth. Please.

Monkey, not horse.

AV:
Nothing on my OpenBSD, Linux, Solaris, and Mac OS X machines. Clamwin on my Windows machine, which doesn't do a whole lot.
Firewall:
Windows XP SP2 firewall on the Windows machine. I don't run any services I don't want people to be able to connect to on the other machines.
Anti-spyware:
Windows- I use a limited user account, Mozilla, and lavasoft's adaware.
Mac OS X- Huh?
OpenBSD- What?
Linux- HAHA!
Solaris- *giggle*

When I get around to it I'm going to setup my home made firewall again. It'll probably be the Ultra 10, running OpenBSD -current. I'll use Packet Filter (the best F/OSS firewall software out there) for the firewalling. Probably p0f, snort, pads, and a couple of other pieces just for giggles.

The internal snort sensor and the external one should push their information to a centralized database, probably on a Linux machine.

And yes, this is all for a home network because THIS IS THE FUN PART. This is the game that WoW could never be.

 

[n0cmonkey]

There are a number of thoughts on the subject. There are the seasoned admins (mechBgon), who think it's silly not to use simple protections that don't get in the way.

There are the people who don't care (I didn't read the entire thread, but I haven't seen any), and they're dangerous.

There are people that don't know, and they're dangerous.

There are the few, the proud, the whatever that just don't get viruses. Good for them. Run without it, but please don't try to convince the rest of the populace not to use AV, they're not as smart as you.

There are also the extremely paranoid (me), who build up the security precautions to the point of absurdity on a home network. I know that there are ways to hide processes from prying eyes. I know it's easy to get a password from plenty of users. I know that some moron on comcast's network is trying to send me one thousand emails about enlargening my penis. Either they thought they were too smart for AV, or they just didn't know. I'll err on the side of caution.

:beer: for everyone.