Why run antivirus software?

[mechBgon]

Oh, and guys... try the Secunia Software Inspector checkup and see how well you're keeping your system updated. Install Java Runtime Environment (JRE) 6u1 to run the checkup, if you don't have a version of Java already.

My system comes up fully patched (surprise) How about yours?

 

[LintMan]

Originally posted by: JimiP
Anti-Virus softwares are nothing but a PITA. If it makes you feel safe then go for it, use it. My system has been running great since day one and I havn't had any anti-virus softwares on it. And as I've said before, I don't keep any valuable personal information on my PC's. So if a hacker were to take a gander at my files there would be nothing of use to him.

"If it ain't broke, don't fix it."

So basically you're really saying:
1) Nothing bad has happened to you yet (as far as you know), so why worry?
2) You don't care if you do get malware installed on your PC because you have nothing to lose. Would you care if some hacker was using your PC as a zombie in some DDoS attack? What if it was while you were playing BF2 and your ping/framerate goes to crud?

Do you do any online purchases or banking from your PC? The right (wrong?) malware on your PC could keylog your credit card info, pin numbers, and passwords as you type them, before any of that encryption stuff kicks in. It doesn't have to be *stored* on your PC to be at risk. If a hacker cleans out your bank account using your valid PIN number keylogged off your hacked PC as you typed it in, the bank will not accept responsibility or cover your losses.

Well, good luck with that!

 

[JonnyBlaze]

I personally wouldnt use one if my son and my girl didnt use my pc. I have never got a virus and I have been using computers heavily for 20 years.

 

[RiverDog]

Originally posted by: JonnyBlaze
I personally wouldnt use one if my son and my girl didnt use my pc. I have never got a virus and I have been using computers heavily for 20 years.

I had smoked for over 20 years and never got cancer. Does that mean I can start again and not worry about it?

 

[Captante]

Originally posted by: JonnyBlaze
I personally wouldnt use one if my son and my girl didnt use my pc. I have never got a virus and I have been using computers heavily for 20 years.

The flaw in this rational is that the ways of becoming infected had changed quite a bit, especially in the last few years & now don't require anymore then clicking on a link on a compromsed website to wreak havoc... the days of avoiding opening e-mail attachments & being fine are long gone.

Also if you have a reasonable PC, the "overhead" required by most AV programs is minimal except when actually running a full scan ... in benchmarks I've run with Zone Alarm security suite (uses Kaspersky AV) & Panda security suite the difference in gaming performance has been 1-2 fps maximum & impact on none-gaming applications has been zero.

 

[tcsenter]

I've gone months upon months without antivirus software on grossly insecure Windows 95 ~ 98SE and never had a problem with the exception of one time that I deliberately infected my computer with an AOL trojan years ago because I wanted to learn what changes its payload made to the computer. Just exercising diligence and scrutinizing file attachments or downloads, and avoiding suspect websites.

 

[RebateMonger]

There's also a personal responsibility issue here. People's hacked computers are now the main source of SPAM emails.

 

[imported_Imp]

I was thinking like that too a few years back. I didn't go to 'questionable' sites, had pretty high Explorer security, so why waste my resources? Well, then the ****** hit the fan and I somehow got infected anyways. I still didn't install a virus scanner. It wasn't until I built my new rig that I actually went looking for a good free scanner (chose AntiVir).

Lucky I did. Turns out some C-sucker out there will still load viruses onto reputable sites like Gamerankings. Skipped a few heartbeats when my case speaker went off a few times due to a virus detection just from loading that site up. Now, happily keep an up to date virus scanner that's active at all times. Let's hope again I remember to turn it off when I update hardware drivers...

 

[bigsnyder]

Do you go to bed with a stranger without a condom?

 

[Skeeedunt]

If you're patched, behind a firewall, don't go to shady sites, and get lucky... you might go your whole life without picking up a virus. I still think it's worth the minimal system resources (don't get a crappy one) and the $0-$50/year to run some quality AV though.

 

[SparkyJJO]

Considering that AVG is free for home users I might as well have it since it costs nothing
It has caught the occasional virus anyway. Example: Friend at school gets virus, which sends copies of itself through IM. School shuts her port down because it is flooding the network with viruses. I have AVG anti-virus, virus comes to my PC to do the same, AVG kills virus, I don't loose access like she did.

 

[Ken90630]

Originally posted by: mechBgon

If you don't use P2P programs and use a little common sense about what you download and don't open email attachments, I don't really see where the threat is coming from for a sophisticated computer user.

There are plenty of threat vectors you're not accounting for. Hacked websites, zero-day exploits, non-viral threats, malware that self-executes from burned CDs or USB drives upon insertion... I could be up half the night laying out details, but just to cite a real-world one I encountered the other day: Microstar's site hacked. And Asus's was. And the Dolphins Stadium site was. And once my own employer's site was. For the CD/USB ones, look up the Fujacks family just for starters. For zero-days, check up on the QuickSpace worm and just the whole QuickTime vuln situation in general. Or WinAmp and its exploits. Or Adobe Reader.

Not that I'm saying antivirus is the surefire cure. It isn't. It's mostly a reactive solution that leaves a potential window of vulnerability, for the obvious reason: the time lag between discovery, signature creation, and signature deployment. Heuristics are of some value as long as the new threats are somewhat like old ones... but if they're not, then what? Behavior analysis has some merit too, but again, it isn't necessarily a cure-all.

My recommendation starts by putting everything into a safety cage with a non-Admin user account. Then build on that foundation. If you can use a Software Restriction Policy on your version of Windows, then try that out. Keep ALL your software patched, including the third-party stuff like QuickTime, Adobe Reader, media players, browsers, etc. And the rest of the strategy does include an antivirus program and firewall protection, and certainly common sense too

I've never had antivirus software and have had maybe 1 actual virus ever in 10+ years.

How do you know your system doesn't have a nice modern rootkit-hidden malware on it right now? Rootkits will make your system scan "clean," you know. That's what they do. Best to have a security strategy that is not going to let one in the door in the first place, and an antivirus program is part of that strategy.

Granted antivirus programs theoretically identify new viruses that exploit bugs that aren't patched yet

That is not their primary role. Some of them can do a bit of that stuff.

but all the most damaging viruses I've read about have exploited bugs that there were already patches for.

Keep reading malware descriptions. Start by reading every one published by Symantec, every day, including the technical details section. One thing you'll notice is that most of them don't work on Windows Vista OOOPS did I say that? :evil: ...and that most of them fall flat when they're running in the context of a non-Admin user (see this pic for an example, the red NOs show the various ways a non-Admin account would inherently thwart this malware). You'll also notice lots of Trojans, which rely on the unpatchable vulnerability: the human being.

Anyway, that is my position: use a defense-in-depth approach and don't shun the antivirus software. good free antivirus software to look at. And when I say "good," I mean this good :camera:. Still not good enough alone, but about as good as it's going to get.

What he said. :thumbsup:

All these people that claim they've used a computer for X amount of years and haven't been infected ... you have to wonder how many are , or have been, infected and simply don't know it. A lot of malware is quite "stealthy" and does its damage behind the scenes, quietly, with no fanfare, machine crashes, inordinate CPU utilization or other obvious signs.

With spoofing and phishing techniques getting more sophisticated all the time, and for all the reasons mech and others in this thread have mentioned, just being "careful" is not a guarantee of safety. I'd bet that if we could round up a thousand people who say they've never used an A-V program and claim they've never been infected, and scanned their computers with Kaspersky or a comparable A-V program, along with a top-rated anti-spyware program, the results would be surprising. You can hear 'em now: "How in the world did that get in my computer? I'm so careful!"

To each his own, of course, but I'll cast my vote with the better-safe-than-sorry crowd here.

 

[Noema]

I like Avir. It's free and it has a small footprint. And it's not very invasive.

 

[Lemon law]

There are lots of options for an Active anti-virus---either freeware or paid---but at the end of the day---one should be asking two questions. (1) Can I afford to run no active AV at all?
(2) If the answer to question one is a no, why not the best in the free or paid camp?---given that you can run one and only one active anti-virus at a time.

 

[Roguestar]

Originally posted by: tcsenter
I've gone months upon months without antivirus software on grossly insecure Windows 95 ~ 98SE and never had a problem

Not that you know of...

 

[Synomenon]

Is NOD32 still a good one to use?

 

[n0cmonkey]

If you're only doing patches, firewall, and anti-virus you aren't doing enough.

 

[j00fek]

i use NAT

 

[postmortemIA]

Originally posted by: j00fek
i use NAT

 

[n0cmonkey]

NAT is not a security device, especially since client side attacks are all the rage right now.