share
Super UserDo you run anti-virus software?
[+34] [28] Paolo Bergantino
[2009-07-15 09:22:41]
[ security performance anti-virus virus ]
[ http://superuser.com/questions/561]

Do you find the crippling effect that most anti virus software has on a computer's performance worth the "security" they provide? I've never been able to really tell myself its worth it, and have used my computer without "protection" for years without any problems. Jeff Atwood wrote about this a while back [1], taking a similar stance.

So I'm looking for some discussion on the merits and downfalls of antivirus software, and whether you personally think its worth the hassle. One point I do think is valid is that I am probably okay with not running it because I know if something goes wrong I have the ability to make it right (most of the time) but I can't really recommend the same for family as they may not be able to...

(4) Should be CW . - Simon P Stevens
"Crippling effect" is very antivirus-specific, IMO. Some antiviruses (McAfee and Norton, in my experience) can really hog resources, while with others, you don't even notice it. - musicfreak
I used NOD32, but when my subscription ran out I didn't bother renewing. PC's faster, and with exactly the same number of viruses - 0. (I do occasionally run ClamWin, and I keep check of things like system file md5s and autorunning applications myself) - Phoshi
I friend of mine had a corporate notebook on which the antivirus was set to scan all files after startup. That made the notebook practically unusable... - Quiark
This is only a discussion, and obviously bringing "discussion" answers only. In my opinion, it has nothing to do on a Q&A site. Voting to close. - Gnoupi
[+59] [2009-07-15 09:32:53] Matt Thompson

I don't bother running an anti-virus program. The intrusiveness of the software, along with the number of times I have seen some cause massive problems on others machines, makes me thing it's just not worth it. I have my OS partition ready to be wiped at any time if something does happen, with all my important data stored elsewhere on the system.

I do regularly run malwarebytes, search and destroy, and adaware just to make sure my system is clean. If it seems like there may be a problem, and those programs can't get rid of it, I either go to one of the online scanners, or just restore from an image.


(8) +1 I haven't used monitoring anti-virus software in the last 5 years. - Mercer Traieste
(7) How do you know if your important data stored elsewhere haven't gotten infected and reinfects your system everytime you wipe your OS partition? - Svish
(6) +1. My anti-virus software never caught anything while using Windows. A firewall, updated software, and common sense are all you really need. - Nikhil Chelliah
(33) For the average user, this is really terrible advice, and the fact that it's the number one answer to this question is frankly dangerous. Social engineering is incredibly sophisticated these days and can snare even an experienced user. (Not to mention, the owners of the Conficker botnet don't give a fig about your important data; they just want to pwn your CPU cycles.) - phenry
(4) I use an account with limited privileges and I use a secure browser (Google Chrome). Running Vista machine for last 2 years while constantly connected to internet. No problems yet! - Hemant
(13) @phenry But this isn't averageuser.com! :) - Rob Hruska
(1) The average user should not be running as an Administrator -- they should follow what Hemant said. A/V is a crutch to continue using computers unsafely, not a solution. If you'll take the time to learn how to use a car, take the time to learn proper use of a computer. - romandas
(1) The problem with the so called 'Average User' is that they don't know not to run as administrator. The default account that they create when they log into windows for the first time is... An Administrator account. When they ask a more experienced user for advice and they say something like the answer above it can cause all sorts of problems. I read that 64% of all Microsoft vulnerabilities for 2009 are mitigated by Least Privilege accounts. This should be the default set-up for all out of box pc's. I know thats slightly off topic but its a powerful statistic. - Joe Taylor
(2) @Rob: That doesn't change the fact that this site will probably show up pretty high on search engine result pages ... - Joey
1
[+33] [2009-07-15 11:50:48] 17 of 26

As far as I'm concerned, anti-virus software is a virus.

Not only does AV software infest itself into the deepest darkest corners of your system hampering its performance, but it can't even protect you from new threats until it gets updated.

I've found that just being an intelligent computer user is much better protection than AV software.

I run my machines without any real time AV software and do occasional scans using TrendMicro's online scanner [1] just to be sure.

[1] http://housecall.trendmicro.com/

(7) +10 if i could! - fretje
(2) I have a friend whose system was rendered unusable by his AV, after it decided a totally legitimate user32.dll was a virus and deleted it... - Martinho Fernandes
2
[+19] [2009-07-16 14:07:30] CesarB

Obligatory xkcd:


(5) Add the tooltip please ;-) - Robert Munteanu
I tried to add the tooltip (title=), for some reason it did not work (the image did not even show). - CesarB
(1) Did you try HTML? - Nikhil Chelliah
Yeah, what I tried was <img alt="xkcd - Linux User at Best Buy" src="imgs.xkcd.com/comics/linux_user_at_best_buy.png"; title="We actually stand around the antivirus displays with the Mac users just waiting for someone to ask.">, did not work. - CesarB
(1) Oh I wouldn't need any of that - I run OS X - GameFreak
(The ; after the src= was added by this comment box when mangling the URL, I did the <img alt="..." src="..." title="..."> structure correctly.) - CesarB
This is flame bait. - Andrei Rinea
Linux and Macs get viruses too, they're just not common. - Fake Name
Linux gets viruses, agreed, but there are about 30 know wild variants, so it isn´t really a big problem. Besides, most people who use linux run as a regular user, not admin, which negates some of the risk - D'Arvit
+10 if I could. - D'Arvit
3
[+16] [2009-07-15 09:48:44] moobaa

I have AV installed, but only scan things manually.


(5) this is a good solution as well. most of the AV perf cost is the real time scanning - Jeff Atwood
4
[+11] [2009-07-15 09:25:56] nik

For a desktop used across multiple people in a family,
I have always used and recommended an anti-virus installation.
It also helps to leave out administrative privileges for most users.


+1 for no admin privileges - D'Arvit
5
[+7] [2009-07-15 11:49:03] Brian Knoblauch

I do install it just as extra insurance, however, I only use AV software that has low impact to performance. I'm a big fan of ClamWin/ClamAV right now due to it's minimal impact on system performance. Can't even really tell it's there. It doesn't scan on every single file access, just specific ones.


6
[+5] [2009-07-15 09:54:32] Svish

I do recommend having one. And I do also recommend to not be cheap and to get a great one, even if it is not free.

Personally I use ESET NOD32 and put it in silent mode (Only bugs me if it needs me to do something). Doesn't slow my system down (that I can notice at least). And although you might be careful, you will be VERY happy that day when something suddenly sneaked up on you and got stopped. For example late at night, tired and bored, when a good friend "sends" you a link and you Just Click It without really looking at it...

Better to be safe than sorry I would say.


7
[+5] [2009-07-15 09:27:12] Stefan Thyberg

AVG [1] works very well and does not hamper the performance of my computer in any way as far as I can tell. It has found a few viruses for me over the years and I consider it worth the hassle of reinstalling it each time I reinstall the OS.

[1] http://free.grisoft.com

(3) My only problem with AVG is that it seems to require that you manually download and install new versions. This might not be a problem, but it's a bit irritating. Especially if it is someone elses computer (like less computer-litterate family members). - Jonas
It's only for major versions and I believe that holds true for a lot of other antivirus programs. There's also a nice grace period where you will still get updates although it's not updated. It would be nice if they could automate it though. - Stefan Thyberg
(1) I've been using AVG (free) for quite some time, but changed to Avira (free) primarily because AVG only blocks spyware and some lesser-intrusive-trojans when you run the paid version. - Stijn Sanders
I've been using the free version of AVG, but just discovered that it allowed a crapload of stuff through. I don't know if this is a free-vs-paid difference, but to me this is like a trial version refrigerator allowing your food to spoil every few days: How do you know that the paid version won't have the same problem? - Kyralessa
8
[+4] [2009-09-02 12:28:58] Ilari Kajaste

This really depends a lot on how you use your computer.

If you really know how computer programs work in relation to operating systems, and are absolutely sure you, or any of your programs, are not allowing unverified foreign code to be executed on the machine... well, you're free to leave the AV software out of the picture - but it's a bit useless to mention this, because if you indeed do understand the issue you knew this already.

So if you have no idea what I'm talking about, or even if you are not sure whether you understand it well engough, then yes, you should install a good AV software. Sure, it eats a bit performance and might cause some trouble in extreme cases - so what? The downsides are mostly trivial. Malware infection causes a lot more trouble than an AntiVirus software, and you should expect that you will get infected.

However, if you are pretty sure what you are doing, and really, really don't want the performance hit (for example on an old system), do get an AV but turn off real time scanning, or even automatic startup. You'll have to always remember do the manual scans for any source of threat - that's would be pretty much any foreign data. It's also a good idea to do a manual scan on the whole system once in a while, just in case something has managed to sneak through.

Also, if you actually do know enough about computers to be safe without AV, but just don't want to bother analyzing for each and every Windows installer or such whether you can trust the source, the distributor, whether the connection was secure or not, if there was a hash check, if that could have been compromized or not, etc. - just get an AV software. It's easier. That's what I do for my Windows machine.


Me and Jeff Atwood won't agree with you on "it eats a bit performance"; twice as slow disk access is not a bit, 10 times is much more common: goo.gl/2gj9 - iconiK
I assume you don't have any of the autoscan stuff enabled -- except perhaps letting the browser automatically run the scanner on completed downloads? - SamB
@iconiK: You and Jeff Atwood, have an overly geek mindset to answering the problem. Sure, an VM approach or a good backup & restore system of system file area would work. But those require a lot of setting up to use, and I consider that all more trouble than dealing with the performance hit from an easy to install AV software. (Although I agree 10x is a big slowdown, and I wouldn't recommend AV software that does that.) And I do also agree with Jeff on the what would be a good direction in the future of computing safety... keyword, sadly, being "future". - Ilari Kajaste
@SamB: No, I do have real time scanning enabled, so I don't have to manually perform an inspection every time a file that's a possible threat enters my system. - Ilari Kajaste
9
[+3] [2009-07-16 15:18:15] unforgiven3

No.

I am in no way confident that any AV package will be able to stop the next new virus that takes advantage of some previously unknown security hole.

It's like trying to protect against meteors. The best you can do is try and clean up the mess after it happens.

Good backup habits are my AV.


So because the chicken pox vaccine doesn't guarantee that you won't get chicken pox, you refuse to get the shot? - musicfreak
That doesn't make sense. - unforgiven3
10
[+3] [2009-07-15 09:26:22] Mark Pim

I have my system set up so that the system drive, OS install etc. are disposable, I can reinstall them without losing anything - all my actual data is on external drives and backed up. So, as you say, if I do end up with a virus then the damage it can do is limited.


11
[+2] [2009-07-15 09:28:00] Diago

I have been using Avast for ages and have never had performance issues.

In corporate environments it is extremely rare to not have either McAfee or Norton deployed on the network, and I will admit between the two Norton does have a huge performance impact. I have also found that some system administrators believe that 12:00 midday is the perfect time to run full system scans, which tend to be a major issue.

However I have spent enough time removing viruses from machines to recommend that you do use one, as long as you have tested that it works for you. Anti-Virus software is as big a religion as the OS Wars.


(1) do you use visual studio? have you ever had problems with avast slowing vs down, especially when compiling? - second
@second Not at all. I find Avast the most unintrusive Anti-Virus application I have used yet. I will admit I have not used AVG or any of the others since I used Avast and was very happy. Norton did however cause problems when compiling. - Diago
12
[+2] [2009-07-15 09:47:28] W_P

Every computer I fix/setup for someone else has these 4 programs on it:

  • AVG Free
  • Spybot Search & Destroy
  • Malwarebytes
  • CCleaner

You have to caution a user about CCleaner, as it can do some registry damage if you don't know what you are doing.

I put these programs on a lady's laptop that was running vista with only 1GB of RAM and a 2.26GHz processor. AVG and Spybot both run in the background at all times and neither her nor I noticed a significant slowdown.


Same here, but avast instead of AVG. I find the new interface and automatic updating of the program and definitions make it easier to use, plus you can see statistics - D'Arvit
13
[+2] [2009-07-16 21:50:49] Stijn Sanders

I've been using Avira [1] for some time and haven't had any problems whatsoever. As far as I can see it doesn't even require much resources and updates are loaded smoothly.

Only downside perhaps is that every boot and update a message inviting you to buy the full version is displayed.

[1] http://www.free-av.com/

You can disable the ad by blocking the service with your firewall. - musicfreak
Ouch! You mean preventing the update from getting through?! That's not good. - Stijn Sanders
No, the service that shows the ad. I read it somewhere, but I don't have a link right now. - musicfreak
Oh that. Yes, I don't think it's a service, but I also found it somewhere and don't have the link right now cough. - Stijn Sanders
Just block avnotify.exe and you'll never see that ad again. But you knew that already, didn't you? ;) - musicfreak
14
[+2] [2009-07-16 22:16:50] musicfreak

I use ESET Nod32 and have never had any performance problems with it. Honestly, I hardly notice it's there most of the time. Yes, I could probably do without an antivirus, but if I'm not losing anything by having it, why not? The extra security layer is always nice.

Disclaimer: I don't have any means of backing up my entire hard drive, so I have more reason to be cautious than most people. Yes, my documents, photos, music, etc will be safe, but I don't want to have to reinstall all the applications I currently have installed.


15
[+1] [2009-09-04 02:52:27] Registered

If you have no AV/Firewall and your box is landlocked, you probably don't need any of that crap. If you are the average user, you will definitely need that:AV and other supplements to help protect your PC.

If you know how to do backups, you probably don't need AV or other supplements.

If AV is free, sure, use it, it's signature based and anyone can write custom code to bypass your Kaspersky or Nod whatever; however, some AV is better than no AV for the average user, so every little bit helps, especially if you run some variant of Windows.

There is also people that do stuff like, I: dual boot operating systems, run OS(es) in Vmware, and run abstract 0S(es) like Unix and Linux not to mention the Mac fan boyz.

So that question is really dependent on the user and what you use your box(es) for and the level of technical savvy or geekness.

I don't take chances, just cause I have backups and Vmware or I run Unix or Linux, if it's free I use it, that's my philosophy.


16
[+1] [2009-09-04 03:39:11] Raymond Martineau

I prefer not using AV software, because of the (minor) performance hit. Previous iterations of AV software sometimes froze the computer for a few seconds, which was enough to drop an internet connection, and even earlier AV software was ineffective at picking up the NYB virus that prevented formatting floppies.

I use the built-in firewall to prevent most inbound attacks. AV is handled by not downloading from highly questionable sites, and not running a browser that is highly prone to exploits (e.g. old versions of Internet Explorer.)

My desktop computer has AV software, but my laptop does not.


17
[+1] [2009-07-15 09:31:39] Simon P Stevens

I never use it on my personal PCs. Like Mark Pim any important data isn't stored on the local PC's hard drive, and is regularly backed up.

I always install something on friends and family PCs that I set up for other people. Currently I tend to go with AVG.


18
[+1] [2009-07-15 09:46:23] Christian Davén

Yes, I run anti-virus software. I think of it as insurance. It's not free, but the premium (making my computer a tad slower) is far less than the cost of data loss or the time it would take for me to restore my computer after an attack.

If you think anti-virus makes your computer too slow, buy some more memory or a faster processor. It's still much cheaper than dealing with a virus infection.


(2) As other answers have noted, if you have your files set up properly the risk of your data loss is virtually nil. As I also mentioned, I haven't had antivirus for years without any problems. The one or two times something nasty got on my computer, I was able to quickly take care of it. My computer is quite powerful, but why slow it down unnecessarily when there's no need to? I guess my risk tolerance is higher than some... - Paolo Bergantino
(1) If your time is worth a lot of money, you don't want to lose any. I value my time highly nowadays, so I think using non-intrusive anti-virus is well worth it. I don't think that any company or sole proprietor would want to wipe their OS partition, reinstall every single application and try to replicate all Registry and ini file settings. In exchange for not having to run anti-virus. That's madness. - Christian Davén
You value your time highly enough to be participating in the superuser beta? I'm talking about a few hours a year troubleshooting the odd peculiarity versus sitting around waiting for scans to finish and applications to load while your virus hounds you about whether or not it's safe to let it open... - Paolo Bergantino
19
[0] [2009-07-15 09:27:25] Oscar Reyes

I use to have it disabled until I've got my computer unsuable.

It turns out it somehow delete my system restore which was pretty much what I used when a virus attacked.

Now I have it always running and updated.


20
[0] [2009-07-16 15:04:32] Scott

I run Symantec Endpoint, which has no crippling effect on my machine. You'll hardly notice it's running, particularly if you configure it to run stealth (no systray icon, no report after scan). It scans every night while I'm sleeping and usually just finds a few tracking cookies. Auto-Protect has saved my bacon a few times.

Whether you're running no antivirus or some other antivirus (coughAVG*cough*), chances are better than 90% that Endpoint will find something on your computer. Running without antivirus is just foolish and asking for trouble.


Symantec Endpoint, in my opinion, doesn't count as AV. I find that it isn't effective (I have tested it; 2 of the 3 other machines in my family run it) and slows the machine a ton. - D'Arvit
21
[0] [2009-07-16 10:18:34] Bastien Léonard

An anti-virus isn't guaranteed to stop viruses, so I consider it as a last resort when I think a machine is infected.

If you don't run as administrator, install security updates and use a firewall you shouldn't have any problem.


22
[0] [2010-06-28 08:09:18] goblinbox

I run Norman AV [1] on (l)user's boxen because its sandbox looks for virus-like behavior, and has actually quarantined zero-day exploits right in front of my face.

Of course, it's also a resource hog.

On my own machines, I run AVG with half the features turned off.

[1] http://www.norman.com/

23
[0] [2010-06-28 08:43:30] Ian Turner

I do run anti-virus software, but don't have it scanning all the time, just set it to scan overnight when I'm not usually doing anything else. My logic is:

  • I'm on Mac OS X so not that exposed to viruses etc.
  • I can keep for the most part keep myself protected by sensible practises
  • I still believe I could get one accidentally and not realise it. By running a scan (in y case with two different vendors software) at least I'll find out if I have something if the scans spot it.

24
[0] [2009-09-04 03:01:40] Registered

Even if I was runing Mac OSX, with Windows XP VM, I still put some free AV in there just in case. Just cause you run a Mac is still no excuse for not using free AV or paid AV.

I run Linux and Unix, but that does not warrant me telling you that I do not run AV, cause I do, my grandmother does not run Linux or Unix and sometimes those attachments will be received on a Windows box, so I do need to scan them somehow whether I am on Linux or Unix, just saying you are on some planet that does not use AV regardless if it's free or not is not really a real world solution.

Not everyone can afford Mac's nor do they have the time to be setting up a FreeBSD(Unix) box for grandma, nor does grandma want to learn to use BASH.


25
[0] [2009-08-06 22:03:10] Paul Nathan

I run without AV on my desktop Vista PC. However, it is behind a firewall and I'm pretty careful about where I go online. Naturally, my desktop Mac doesn't have an AV. :-)

My laptop, however, has AVG on it. I consider it to have a need to be "hardened".

My work machine(which is maintained by an IT department) has Symantec on it, and it interferes with our work on a moderately regular basis.


26
[0] [2009-08-06 23:00:35] Cory

I don't run anti-virus software on my PC but I do have it installed on a virtual machine. When I come across something that I think might be questionable I copy the file into the virtual machine and run a virus scan there. This way the anti-virus software doesn't bog down my system.


27
[0] [2009-08-06 23:18:21] nagul

No. I moved to linux mainly so I wouldn't have to run anti-virus software.


28