seanmcgpa

Giving up on Antivirus software

Recommended Posts

For experienced computer users, I don't think A/V software is necessary.

I'm experienced and I use AVscanners on all my machines. The AVscanner is always working in the background.

*gasp*

Why? Because I want to be able to receive mails people send to me and because I'm not interested in shutting my system off from the outside world completely or effectively disabling half the features of my PC.

Share this post


Link to post
Share on other sites
For experienced computer users, I don't think A/V software is necessary.

I'm experienced and I use AVscanners on all my machines. The AVscanner is always working in the background.

*gasp*

Why? Because I want to be able to receive mails people send to me and because I'm not interested in shutting my system off from the outside world completely or effectively disabling half the features of my PC.

Funny, I can recieve all of the e-mails that I want, and I don't run A/V software. Is there some correlation that I should be aware of, that limits the ability to recieving e-mail only when an A/V scanner is running in the background?

Let's ask a rhetorical question - "Is it possible to get infected by a virus from e-mail"?

My answer, would be "no", period. (Even without A/V software.)

There are two possible ways that I could see (on the MS Windows platform) for the answer to be yes:

1) The user is using an e-mail client that allows such a thing to happen, for a specially-formed e-mail message to be able to infect the system automatically.

This is a security risk, with or without A/V software, and is due to Administrator Error (in allowing that e-mail client to be used, and to pontentially compromise the security of the system).

2) The user intentionally launches an attachedment or other executable content contained/embedded within an e-mail message.

This is a security risk, that can only be partially mitigated by A/V software. This is due to User Error. (The risk that cannot be mitigated, is one-off Trojans, which are easily written, and not detected by A/V scanners.)

So really there are two possible scenarios here - user is in the "at risk" category, or not. If user is, then A/V software can mitigate some potentially dangerous situations, but it cannot eliminate them. The only way to eliminate the risk, is to move the user out of the "at risk" category altogether, possible by changing the software, and/or user behavior (depending on which item(s) place the user "at risk").

I am not "at risk", so therefore do not feel the need for additional software to mitigate (non-existant, for me) security risks.

If only there were some way to be not "at risk" for the reciept of SPAM e-mails. sigh. To those I am certainly not immune.

Share this post


Link to post
Share on other sites

1) OE is the de facto standard email client. Do you expect everyone to actually know that there are other alternatives? Frankly I don't care about the alternatives. The ones I've used weren't as user friendly as OE and I have better things to do than wasting my time trying a couple dozen emailaclients.

2) What's wrong with opening attachments? Sending attachments is one of the things that makes email interesting.

Share this post


Link to post
Share on other sites

Just configure your AV software to be less agressive. I use NAV 2003 at home and NAV Corporate at work and don't have problems with performance being adversely affected.

As far as not using AV software? Not in this day and age!

Share this post


Link to post
Share on other sites

Latency's the issue, huh? Like for some reason when I save a file it doesn't get written to RAM first where it ends up being scanned, and obviously it's the AV doing file IO rather than it scanning once it's into RAM. And, then again, if latency is such an issue perhaps I should stop my UPS monitoring software that uses more CPU time than my AV.

Want to stop your UPS monitoring software? I didn't think so. So why should I disable my AV?

Share this post


Link to post
Share on other sites
Latency's the issue, huh?  Like for some reason when I save a file it doesn't get written to RAM first where it ends up being scanned, and obviously it's the AV doing file IO rather than it scanning once it's into RAM.  And, then again, if latency is such an issue perhaps I should stop my UPS monitoring software that uses more CPU time than my AV.

Want to stop your UPS monitoring software?  I didn't think so.  So why should I disable my AV?

Well, yes, latency is a big issue. For example this thead is a discussion how to reduce the "load time" for games and levels, which is largely the same as this discussion WRT the overhead of "real-time" virus-scanners.

As for the CPU time issues, as monitored by Task Manager, those aren't really relevent. (Rather, they are unrelated to the latency issue of any particular operation.) In truth, your UPS monitoring software should take more CPU time than real-time A/V software, if you aren't actively using your computer, because the UPS software generally has to poll the status and charge level of the battery. Much like Motherboard Monitor does, to poll temps and HD SMART info. Real-time A/V software shouldn't actually do anything, until such time that you open/close/execute files. At which time, it then has to take an additional step to scan the file, before being allowed to complete the operation.

AFAIK, all A/V software, when scanning files being saved, will in fact waiting until the application saves the entire file, which may take some time for larger files, and then scans the entire file by reading it back in, before allowing the application to continue. The lower-level block-oriented disk-cache and associated disk drivers handling the caching aspect, so hopefully the same recently-written blocks are still also in the disk-cache, and will be used to fulfil the disk requests for reading the file again (for scanning). But on a system with heavy disk activity, or not a lot of spare RAM that can be used for disk cache (or a large file being saved), then the A/V scanner will most likely have to read the file off of disk again, which can add considerable latency to the overall operation.

Short form: more RAM for disk cache is needed, when running real-time A/V scanning software, to avoid serious performance issues (by allowing it to effectively scan RAM instead of disk).

Share this post


Link to post
Share on other sites

Wow, lots of arrogant-sounding advice here. Lots of "unless you're an idiot, you don't need AV protection" sentiments as well (and don't tell me I'm off-base with that interpretation; words very much like that were used in one particular post).

While some of the people who brag about never using AV protection say they have had "only one or two viruses for as long as I've used computers", I have never, EVER had a virus, worm, trojan, or other malware activate on my system. I have downloaded perhaps two or three of them over the years, but I've never activated one--whether or not it would have done harm. This isn't because I haven't been around long enough, or because I don't download software.

Saying "shucks, I got a virus once, but it didn't do any harm" is missing the point. Saying "gee whiz, I can reformat" is just as bad. The reason is simple... what if your next malware isn't a virus, but a remote-access trojan (RAT)? What then? You'll do your proud reformat after some 14-year-old scumbag has scoured your entire system?

I run PC-cillin 2003, and I detect no performance loss whatsoever. Maybe I could detect a minor slowdown if I tested with two identical systems side-by-side, the only difference being the presence or lack of PC-cillin. Maybe. But even then, the minor slowdown would only apply to application launch. Show me the benchmarks that prove otherwise.

I do understand the frustration, and the ill will. I've suffered with crap AV software. I suffered crash after crash with Panda, weird system behavior and lack of reliability with Norton, nonexistent trojan detection with EZ Antivirus, and so on. But I didn't give up entirely.

You guys who advise against running AV protection are being irresponsible, as far as I'm concerned. You should run AV (and sometimes also AT) software on any system that ever has new software installed on it--no matter how safe you think the source of that software is. The reason isn't because "well, I'm a moron; I better use AV protection!", but rather because any responsible security approach involves layers. And "gee whiz, Mah, I think that shareware site is legitimate" does NOT cut it.

Share this post


Link to post
Share on other sites

I highly recommend the AVG virus scanner. It is unoffensive, lightweight and causes very little performance degredation. At the moment, I am using the free version, but I intend to buy the pro version to support/encorage the company making this high quality virus software.

I used to not use virus scanners, due to their effect on system performance. However, I decided that it was a good idea to have a virus scanner because:

1) virii exist that damage hardware, eg overwrite bios chips. While it would be very rare to catch such a virus and actually have it damage my hardware, I simply can't afford to replace hardware if it does occur.

2) I value my time, and I like my current settings. While it is possible to reformat/reinstall, I don't want to simply because a virus wipes/damages my computer.

3) I cannot fully control/isolate all the sources I get data from. Any disk/executable file/script file can have a virus on it, even if they are aquired from trusted sources. And lets not start on files obtained from educational institutions. :) To fully control all the sources I get data from, I would have to be a lot more careful, and use different programs for webbrowsing/email, which I am too lazy to do.

Share this post


Link to post
Share on other sites

This sure seems to be a "hot" subject so I'll just share my experience and thoughts and let people make their own decisions...

I have used NAV on (3) different PC's with Win'95 and NT4 Workstation and have never experience a slow PC as a result. I just built a new PC with W2K Pro and NAV will be installed on it too. Therefore I would guess that there is some conflict or setting in your PC or NAV that needs to be changed as you should not experience any noticeable performance change in a properly configured PC as a result of adding anti-virus software and specifically NAV which is excellent as is McAfee.

FWIW, I have had numerous virus ladden e-mails sent to me by people whos browser was compromised. And for the record Microsoft has actually sent out official Service Packs with a virus in it and there will be more! I have several protection schemes in place as I conduct Biz online. NAV and McAfee have spared me countless viral headaches and trapped many a virus for me. From experience I can tell you what part of the World a new virus starts in within hours...

In contrast my brother who is a (retired) certified PC tech has had at least (4) virus do a ton of damage to his PC files. He knows better and should have taken precautions, but he figured "it'll never happen to me". Well it has happened numerous times because of other peoples browsers being compromised and sending out a flurry of infected e-mails to everyone who's e-mail address in their address book. He finally ended up using McAfee as it was installed as OEM on the last PC he purchased.

IMNHO the situation is only going to get worse with script kiddies looking to demonstrate they can beat the system. And in reality they can for a period of time. I update my anti-virus subscriptions DAILY for NAV and I'm thankful Symantec/Norton stays on top of this very nasty aspect of the Net. With anti-virus software being so inexpensive I can't see anyone NOT using it. If system performance has been compromised I'd figure out why and correct the issue as you should not need to live with 486 performance just from installing NAV or similar products.

Anyone who has a desire or need to use the Net had better take precautions with all the crap that's out here !

Share this post


Link to post
Share on other sites
Saying "shucks, I got a virus once, but it didn't do any harm" is missing the point.  Saying "gee whiz, I can reformat" is just as bad.  The reason is simple...  what if your next malware isn't a virus, but a remote-access trojan (RAT)?  What then?  You'll do your proud reformat after some 14-year-old scumbag has scoured your entire system?

I do understand the frustration, and the ill will.  I've suffered with crap AV software.  I suffered crash after crash with Panda, weird system behavior and lack of reliability with Norton, nonexistent trojan detection with EZ Antivirus, and so on.  But I didn't give up entirely.

You guys who advise against running AV protection are being irresponsible, as far as I'm concerned.  You should run AV (and sometimes also AT) software on any system that ever has new software installed on it--no matter how safe you think the source of that software is.  The reason isn't because "well, I'm a moron; I better use AV protection!", but rather because any responsible security approach involves layers.  And "gee whiz, Mah, I think that shareware site is legitimate" does NOT cut it.

I'm not really sure how to do an inline reply with this new board software, since the quoted portion is in a sepeperate input box from my reply now, but I'll do my best to reply point by point here.

I'm not sure how much of your post was directed at my replies, or just in general. When I was talking about A/V, I was speaking about viruses only, not trojans, since most A/V scanners DO NOT detect trojans, except for a few old, well-known ones. They do not and cannot protect against new and unknown ones.

As for your suffering through problem after problem with resident A/V software, isn't that the point? That's why I stopped running A/V software.

But as far as trojans go, the best protection is: 1) backups, and 2) knowing the behavior of your system inside and out, as much as you can. If there is a marked change in behavior, then you can use that to diagnose the problem, which may be a virus, a trojan, a worm, or perhaps even hardware or configuration problems.

It gets back to the "at risk" issue. As far as trojans and worms go, I run a local software firewall, and I wouldn't dream of connecting to the public internet without one. I run W2K currently, and there are known and unknown security holes in various subsystems, including the TCP/IP stack and default listening services. Not to mention, potential outbound connections from trojans or "spyware".

In terms of viruses in e-mail attachments, I can remove myself by the at-risk catagory, by using a "safe" e-mail client, and by my own behavior. I cannot do that for the OS-level TCP/IP stack and low-level system services. Thus unless I change the entire OS, I do run firewall software to mitigate that risk.

And yes, you are right, good security involves layers. I learned that lesson when I was using a (freshly re-installed) system at a friend's house, at a LAN gaming party, behind a cable-sharing NAT router. I thought that the NAT would be an effective inbound-blocking firewall, thus I didn't bother to install/configure a local software firewall at the time before connecting to the LAN. Well, I got r00ted by a worm ("randon", I think) while I was away from my machine for a few hours. It turns out, the NAT router was mis-configured, with the "DMZ" IP set to one of the IPs allocated by the DHCP server, and my machine had ended up with that IP for some time. Networking russian roulette, anyone?

So now I don't connect anywhere without a local firewall running. One single trusted layer, is not enough. If that layer "breaks", there is no security.

(The way I detected it was, I noticed a few strange things going on in my system, and a copy of mIRC installed, that I didn't install myself. Normally, I do, but I hadn't gotten to it yet, being a fresh install. Also, I got a bunch of "Messenger Spam" pop-ups, which I normally never get.)

It could be argued that using A/V software would provide an additional layer of security, in terms of backup, should the user ever make a mistake and launch executable content from an e-mail attachment that contained a virus. However, the reasons that you mentioned above, about problems with A/V software, is what precludes me from doing that, and why I still think that the "cure" is worse than the problem itself.

If A/V software were truely: stable, unobtrusive, and didn't noticably negatively affect system functioning and performance, then I might re-consider it. However, I also do development on this box, and as one of the previous posts mentioned, that tends to make resident A/V scanning software go crazy.

So maybe I'm not really arguing against using *any* A/V scanners, just resident ones. Scanning unknown downloaded files before running them is a good idea, and I used to do that in the DOS days when downloading demos.

One other way is to download the same file from multiple sites, and do a full binary-compare against them. That can at least establish that the download hasn't been infected by any particular site. I also don't share tapes/floppies/CDs with anyone. That's probably one of the biggest viral infection vectors, besides e-mail attachments.

Share this post


Link to post
Share on other sites

This is my 3/4 $ of this topic:

If you are connected to internet: use an AntiVirus program :lol:

If you install any programs: use an AntiVirus program :lol:

If you don´t install any programs and your computer is not connected to internet: you don´t need an AntiVirus program :P you probably don´t need a computer ;)

Share this post


Link to post
Share on other sites

Since I'm back from the weekend now, I can say difinitively that running the AV program does not increase file latency by that much at all. For a quick and dirty benchmark, I opened and saved and closed to another disk an AutoCAD file slightly under 4 GB. With the AV on it took so little additional time that when I used my stopwatch it was within human reaction time for error, and in one test actually with with AV was actually a second faster. Times were with: 34/67 and without: 35/67 (time in seconds). 4 GB is clearly over the size of my RAM (and in any event is very much clearly over the size of virtual RAM available to AutoCAD) and given those times nearly all of the file was loaded. The file was stored sequentially on the disk as well, and the "save to" disk was actually a slightly faster disk but it was transfering from the outer zone on the read disk to the inner zone on the write disk so that affected performance a bit. All of this was done with writing to the same area on the disk, roughly.

This is on a Windows 2000 system with dual Pentium III-S 1.4, 1 GB RAM, three disks and a FireGL. This latency issue isn't squat, comparatively. I turned off my UPS software and it actually shaved three seconds off of the disk read times (no effect on writes, I suspect it was due to PCI bus contention or disk limitations).

A good antivirus software scans the file while it's in blocks in RAM and has good hueristics so it doesn't need any additional scanning almost at all.

Share this post


Link to post
Share on other sites

NAV CE is really very fast, I am using the 8.x version, and set it up to scan new files only (create or modified), I just want to avoid getting a virus, even I know that I am "clear", I didn't know my friend if he is or not. I always get virus from my friend, and very obvious, they all use outlook.

tell from the task manager of windows, the NAV CE does only use a very little cpu time even for few days running

Share this post


Link to post
Share on other sites

What's wrong with using no resident app at all? Just scheduling a liveupdate @ 2AM and a full system scan @ 3AM? You may get a few files infected from time to time, but IMO the slight risk of infection isn't worth the handicap of "live" scanning.

Share this post


Link to post
Share on other sites
This is on a Windows 2000 system with dual Pentium III-S 1.4, 1 GB RAM, three disks and a FireGL.  This latency issue isn't squat, comparatively.  I turned off my UPS software and it actually shaved three seconds off of the disk read times (no effect on writes, I suspect it was due to PCI bus contention or disk limitations).

A good antivirus software scans the file while it's in blocks in RAM and has good hueristics so it doesn't need any additional scanning almost at all.

Well, that's a pretty decent dually system there. :) Those can definitely help with responsiveness and cutting latency of pretty much any system operation.

But you're a little wrong on the RAM thing, that's all dependent on the OS system disk cache functionality. The A/V software can't start scanning a file until it has been fully saved out to disk (on a write operation), although it can optimize slightly on a file open/read operation, as it can scan sequentially (in most cases, I would think), and pass that already-loaded page of the file onto the OS's cache-manager, so it doesn't have to read from disk twice. (Actually, I'm sure it's a lot more complicated than that, it probably hooks into both the lower-level disk block device and the higher-level OS filesystem device drivers as a filter driver. I don't code NT filter drivers so I can't give a more detailed explanation, but I'm pretty sure I understand the basic principles.)

Maybe I am slightly jaded, NT-based OSes offer async-IO, amoung other things, and true pre-emptive multitasking. The last time that I used resident scanning A/V software, was on a Win9x OS, which has neither of those features, so the A/V software tends to "stall" the rest of the OS while it is scanning.

I still wonder though, what about things like browser cache files? Having to scan 100s of files in short order, surely there will be page-loading latencies encountered in that case.

Btw, is it even possible for an AutoCAD file to contain any sort of viral material? Perhaps the A/V scanner was just "passing through" the data, and not scanning it at all. I would think a more realistic test might be unzipping several large .EXE files from a .ZIP or .RAR archive, and see what kinds of differences there are. (A really good example would be the free GTA game offered for download from Rockstar Games. A 300MB RAR file, with several nested compressed self-extracting .EXE files within.)

Maybe we should have hardware sites perform A/V scanning benchmarks, besides just Quake3 640x480 FPS scores. :)

Share this post


Link to post
Share on other sites
Another vote for AVG.  It doesn't hog resources like McAfee, and it detects virii unlike Nortons.

I have been using it too.

Share this post


Link to post
Share on other sites
I'm running XP Pro SP1 with all the latest updates (except for infamous 811493 security update).

I had been running McAfee VirusScan Pro 7.0 but had been noticing odd lockups.  Sometimes the computer would not shut down properly.  Somtimes programs that I use frequently would just hang for no apparent reason.  And the whole system seemed a litle... sluggish.

So maybe it's my virus software.  I backup, reformat and reinstall XP from scratch, and install Norton AntiVirus 2003.

All of a sudden my Duel Xeon system is a 486.  Everything creeps along.  Windows open after long pauses, opening up directories is excruciating.  Can this really be what Norton does to Windows?  Symantec tells me to download some patch and make a registry mod, which I do.  It does seem a little better, but still painful.  My mighty PC has been castrated.

Wow, I long for McAfee's sluggishness as opposed to Norton's painful Windows experience.

So I reformat and reinstall XP from scratch, and start doing some research on other Virus Software.  In the mean time, Windows screams, everything opens the way I like it and want it to.  No hangs.  No crashes.  Bliss.

And now I'm thinking, do I really need Virus protection?  I know it sounds ridiculous in this day and age ... but do I really?  Outlook won't let me open any attachments that contain exe or scripts.  I don't use IRC or Kazaa. 

Should I risk a virus to have fast computing in the year 2003?

Why do you call it the infamous 811493 security update?

I also have Windows XP and noticed that update is installed. Now you have me wondering if I should remove it via Add & Remove Programs?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now