share
Super UserWhy do I need an antivirus?
[+14] [14] flybywire
[2009-07-20 08:02:54]
[ anti-virus ]
[ http://superuser.com/questions/9033]

Do I still need an antivirus?

You probably still need an antivirus. My machine got infected in 1 day without a firewall, AV and router. Do you have any reasons for not running AV? - kishore
(5) "I don't automatically click 'yes' on every explorer confirmation dialog." And you have never ever clicked the wrong button by mistake? - Nifle
(1) Do you block JavaScript for all sites except for the ones you trust? - Peter Mortensen
(2) Peter – How could JavaScript possibly give you a virus? - Sidnicious
(1) Ask this to MSBlast victims. - Roubachof
[+18] [2009-07-20 08:09:52] Simon P Stevens [ACCEPTED]

See this question [1]. Many advanced users don't run AV on their personal computers. I personally don't use an AV on my home computer.

The question is do you trust yourself enough to never make a mistake. Also, how bad will it be if you do make a mistake (or something just gets through, which is always possible). I run my system in such a way that a full format and reinstall doesn't take very long (from an image) and nothing significant is lost.

If you do decide to go AV-less consider using a white list based script blocker like noscripts [2].

If anyone shares the computer with you though, do you trust them as much as you trust yourself.

[1] http://superuser.com/questions/561/do-you-run-anti-virus-software
[2] http://noscript.net/

(12) Also, not working as Administrator certainly helps in limiting the amount of damage something can do it it gets through. - Joey
(4) Noscript is a really good idea, also Johannes is correct running as a non admin user is definitly a good idea as well. - Mark Davidson
(2) @Johannes: That's quite an understatement. Working without admin rights is definitely the single most effective step against malware by a ridiculously long shot... - Oliver Giesen
Ever hear of drive-by downloads? That's about the only reason I've ever gotten a virus. Something is downloaded without your knowledge, or starts executing before you have a chance to stop it, and wham, you're done. It has less to do with yourself making a mistake, and more to do with protecting against stuff like that. Unless your computer is from the late 90's, you have no reason to not use an antivirus program. - Breakthrough
Also, just to continue my rant, there's also various vulnerabilities present in the operating system which you can usually do nothing about. These are what most modern viruses use to spread, and you can only protect yourself by using an anti-virus software and keeping your OS up-to-date. Again, it has nothing to do with being an "advanced user". - Breakthrough
1
[+10] [2009-07-20 08:11:35] balexandre

There are so many free AV (like AVG Free [1]) out there...

They are MUCH BETTER that all your procedures, let's just imagine, that your friend Annie (fictitious name) gives you a USB PEN with the latest version of your class work and, because she also don't have an Anti Virus (following your crazy process list) got if from a guy that she trusted and made the complete re-design of the presentation...

without her knowing she got a virus, and you trusted her ... you now got a virus...

in 2 days you could not even open the operating system ...

Do you really wanna trust your list?

[1] http://free.avg.com/

The issue is that if you don't follow any of my procedures then even an antivirus will not help you. Good luck running untrusted executables you receive by mail - flybywire
(2) I own a Mac ... no problem with Virus :o - balexandre
(4) Threats targeting osx: iantivirus.com/threats - Nifle
I can't wait till the day there is a really wide spread virus for OSX just so apple stop using it as their main marketing campagin. - Mark Davidson
(1) This is a good example of web of trust. +1 - user1596
...which is why I disable autorun on any Windows computer I set up. - John Fouhy
+1, only because it sounds like a class I took in high school, moral of the story....always use protection. - Tim Meers
2
[+7] [2009-07-20 09:05:09] ChrisF

I'd say yes if only for the increase in Trojans attached to web sites.

Now you'll say "but I don't click on dodgy links" or "I always check the destination first" & I'd say "I do that too", but with the increase of shortened URLs it's all too easy to click on one of those and land on a site you weren't expecting.

So unless you can trust yourself never to click on a link you shouldn't, or can rebuild your system in a couple of hours, install some anti-virus software.

I've just come across this answer [1] to the question " What is the best thing you ever got in trade for fixing someone's computer(s)? [2]" which, I think, illustrates my point that you can never be too careful.

[1] http://superuser.com/questions/8583/what-is-the-best-thing-you-ever-got-in-trade-for-fixing-someones-computers/13881#13881
[2] http://superuser.com/questions/8583/what-is-the-best-thing-you-ever-got-in-trade-for-fixing-someones-computers

If your running a secure and up-to-date browser this shouldn't be a problem. - Sam152
(5) @SAM <sarcasm>Yes, because all browser are patched for vulnerabilities before the threat is in the wild</sarcasm> - Nifle
Agree with both ChrisF and Nifle for this one. Its not worth the risk one click without thinking about it and AV might just save you hours of issues. - Mark Davidson
Clicking on what I should have realised was a dodgy link is almost the only time my AV software has kicked in - so I speak from personal experience. - ChrisF
(1) The risk still exists with sites you know and trust. A weakness or error in these can expose the site to malware that can cause you problems when you visit the site. - mas
"dodgy sites" are only nearly the only ones carrying drive-by downloads. Almost every single large, reputable site that allows any user-subitted content at all (myspace, facebook, ebay, amazon, you name it) has at one point or another been vulnerable to XSS attacks that could be exploited to have the site infect visitors. - Michael Borgwardt
3
[+7] [2009-07-20 09:46:43] DavidWhitney

Drive by downloads and zero-day vunerabilities could become your undoing.

That said, I have AV installed but I don't have it memory resident, I pick and choose when to scan / check things and for the most part, that's done the trick.


How does not having it memory resident protect you against drive by downloads? - Tundey
(2) I have my AV set to scan files as soon as they're done downloading, before I launch/open them. You don't need memory-resident AV for that. - Jared Harley
@Tundey - It doesn't. Bad phrasing on my part but those were supposed to be two independant points. - DavidWhitney
4
[+6] [2009-07-20 08:07:26] nik

Because there is a lot of malware around [1]?

[1] http://en.wikipedia.org/wiki/Antivirus%5Fsoftware

Sure, but who cares when 99% of that malware relies on the user having admin rights? - Oliver Giesen
(2) @Oliver, you sure of that? How do people consistently get a statistic like 99% :) - nik
5
[+4] [2009-07-20 12:24:24] bobby

I think this is a really funny question. Not so much the question itself as the answers it draws.

You've got the non-mission critical crowd, who are content with possible reformats and backup restores, then you have the mission-critical crowd that demands AV products.

I run AV software on my Windows installation, I do so because I hate installing windows, I hate downloading 100+ updates from slow servers, I hate downloading the newest version of the windows update activex, and I hate having to dig out dusty old driver CDs.

I do backups in Windows and Linux regularly.

Being in IT, I come across many infected computers/hdd/thumbdrives, and I know I'll get smacked with something again if I don't stay protected.

I use my computer for work, as well as programming projects and school. Therefore I require that it works all the time. The only failure I can't protect against is hardware failure, but I won't have data loss over another piece of software with ample backups.

With the crowd of people who scoff at AV software, or even claim to have not used it in years (in a Windows environment), I think they would be surprised to see what they've got running on their systems if they did run a reputable AV program.

Personally I am in the "buy a big name paid-for AV" camp. It's worth $5 a month to me to make sure my laptop and desktop are protected, and the company I use even lets me install it on 3 different computers per year for that $5 a month.

Linux is my main platform, and I never have had any virus problems ever. I've scanned with ClamAV with 0 results time and time again.

It comes down to the user, what they're doing and what they need their computer to do


That's the difference. I don't use my home computer for work. The only irreplaceable valuables I have on it are my pictures and movies. Those are backed up to an external hard drive. Everything else on the computer, I'll be pissed to lose but it's not worth $60 a year and the nag of AV programs. Now my work laptop, on the other hand, has corporate AV on it. - Tundey
If you were referring to my answer, I run Sysinternals Rootkit revealer, Autoruns and Process Explorer and Malwarebytes, Malcious Software tool etc regularly. While I don't pretend to know everything about what's on my system, I'm pretty confident I know enough. In other words I don't just rely on AV but instead take the time to understand the OS. - user1129
@ashh: As far as I'm aware SysInternals rootkit revealer is very out of date. I'm told it's used as the kind of benchmark standard by guys writing new root kits for what they have to hide from at a minimum. (Can't say for 100% certain, can anyone confirm this?) - Simon P Stevens
@bobby: I think you make a good point here about the difference between "mission critical" and "non-mission critical", but those who are saying their PC is critical are kidding themselves by using AV. AV is heavily dependant on signatures and is not 100% safe. (In fact, according to the most recent AV comparatives report - av-comparatives.org the best is only 69% successful at detecting new viruses). Rather than relying on AV to protect their PC, they should backup their systems, improve their ability to recover and remove the single point of failure that is their PC. - Simon P Stevens
6
[+3] [2009-07-20 11:12:33] Nifle

Because you cant even trust brand new hardware today HP ships USB sticks with malware [1]

[1] http://news.zdnet.com/2100-1009%5F22-196728.html

7
[+2] [2009-07-20 12:04:02] user1129

You don't "need" an anti-virus, but as a precaution they may be useful if your internet habits lead you to dubious places.

I don't run anti-virus software, just a software Firewall and Router based NAT. In the past 10 years I have picked up a total of 2 spy-ware infections, both times by deliberately downloading and accessing items from slightly dubious websites.

I knew exactly what I was doing and realised that there was a risk of getting infected. When it happened I simply restored a previously created disk image, updated Windows using automatic updates and made a mental note not to do that again.

Over the years I've read and listened to a number of security experts say that If you keep Windows updated with latest updates and do the same with your web browser and email client you are very unlikely to be infected. Also that if you do this and can stop yourself from going downloading from "dubious" web-sites the risk is just about zero.

Over the past 10 years I have seen this to be correct.


8
[+2] [2009-07-20 14:33:54] Oliver Giesen

There's a very important item missing from your list - actually it's so important that you can pretty much stop worrying about most of the other items on your list once implemented:

Do not work with admin rights!

Additionally, being behind a router should typically take care of the remaining 1% of risk that comes from potential security vulnerabilities in Windows services.

I stopped using resident AV about three years ago and only run a full scan every couple of months and haven't had a single infection during that time even though my machine is pretty much online 24/7. Even when I was still using the resident AV I was never once infected ever since I removed my primary user account from the admins group back in the times of NT4...

Working without admin rights used to be much more annoying a couple of years ago but since the release of Vista (which I do and will not use) the overwhelming majority of the relevant vendors have fixed their stuff to work perfectly fine without admin rights.

There are always a few exceptions but there are also a number of fine tools like ProcessMonitor [1] and LuaBuglight [2] out there that help you quickly identify the issues in a way that allows you to do minimal-impact tweaks to the permissions to make the idiot programs work nevertheless.

And obtaining admin rights when you need them also no longer requires logging off and back in again thanks to tools like MakeMeAdmin [3] or even better: MachMichAdmin [4] (sorry German language docs only - but works just fine on English systems as well). Just put the latter on your "Send to" menu and stop worrying.

[1] http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
[2] http://blogs.msdn.com/aaron%5Fmargosis/archive/2008/11/06/lua-buglight-2-0-second-preview.aspx
[3] http://blogs.msdn.com/aaron%5Fmargosis/archive/2005/03/11/makemeadmin-follow-up.aspx
[4] http://www.heise.de/software/download/machmichadmin/31780

9
[+1] [2009-07-20 16:28:52] phenry

Because you're not as smart, as alert, or as careful as you think you are.

That's not intended to be an insult. Most people aren't as smart, as alert, or as careful as they think they are.

Today's malware relies heavily on very sophisticated social engineering to spread. I'm constantly amazed at the tactics they come up with. Someday you'll receive what seems to be a legitimate message from a friend on Facebook, or you'll download something from what you think is a trusted source, or you'll stick your USB drive into the wrong computer, or even just buy the wrong picture frame [1]. And you'll happily go into admin to install your new software, because you trust it and can't see any reason not to. And that's how you get a trojan. Unless you have decent AV software that catches it in time.

Are you absolutely sure you wouldn't fall for the Conficker autoplay trick [2]? Even when you're tired, or in a bad mood, or something's distracting you?

Really?

[1] http://blog.trendmicro.com/yet-another-digital-picture-frame-malware-incident/
[2] http://isc.sans.org/diary.html?storyid=5695

10
[+1] [2009-07-20 12:52:50] Tundey

I'll say it depends. If you store your valuable data on a separate hard drive or in the cloud (Amazon S3 etc), you may not need an AV. Personally, I don't run AV programs on my computer because

  • most of them just nag (updates, subscription renewals, false positives etc)
  • they suck your PC's CPU. If my AV program is using anything more than 20% of my CPU, I don't want it
  • I don't mind re-installing Windows (in fact, I get a perverse satisfaction from wiping my computer clean and starting over)

20%!! If an AV program is using anything more than 2% of my CPU I don't want it. - Simon P Stevens
Come on! 2% is kinda drastic. Even your media players use more than that. Besides, who wants a puny AV that only uses 2% :) - Tundey
11
[0] [2009-07-20 18:00:00] hasen j

I don't run an anti virus myself, however, you should have an anti-virus ready just-in-case you do something stupid. Yesterday I did something stupid and a virus hit my windows OS [1].

If only I ran a scanner on that untrusted exe before opening it ..!!

Of course, I'm not suggesting you keep the AV running in the background; they tend to eat system resources. Just have it so you can right-click any file and scan it. Also, do yourself a favor and keep it up to date.

[1] http://superuser.com/questions/9385/cleaning-windows-viruses-from-linux

12
[0] [2009-08-06 20:58:29] DR

Short answer: No.

It sounds like you really only need NoScript for when you're browsing the web. Of course, at some point you will probably make a mistake but you can just reimage with Ghost or whatever. For what it's worth, I only have an antivirus program running on my netbook's Windows XP partition because other people use it sometimes.

I would, however, suggest that you only do important stuff like online banking or what-have-you on a Linux partition out of sheer paranoia. A lot of malware is designed specifically to hide and if you make a mistake you may not realize it (we're only human after all).


13
[0] [2009-08-06 21:02:51] Joe Philllips

I am experienced enough to know better than to run executables, allow ActiveX controls to run, and install plugins that aren't verifiably safe. I still do it anyway. Just because something 'seems' safe doesn't mean it is. We've all been tricked I'm sure. I recently started using Avast -- I disable it when I am being safe and I enable it when I am being dirty.


14