Hello,

Allow me to introduce myself a bit. I've been developing websites and computer programs for several years and I've developed a reputation as a local computer wizard. I guess people figure they can pay me less than GeekSquad, so I've had several dozen odd jobs fixing or optimizing people's home computers. I've done various jobs including setting up wireless networks, installing hardware and software, reinstalling Windows and repairing corrupted programs and files.

Most of all, however, my task is to remove viruses, malware, adware, and other "crapware." I use various tools, especially Spybot S&D, Ad-Aware, and Hijack This. Then I finish up with some optimization: CCleaner, IOBit WindowsCare Personal, and Power Defragmenter. Everything generally runs smoothly after that.

~90% of the machines I've worked on have had an up-to-date Anti-Virus & Firewall, and around 50% were running Windows Defender or had Anti-Spyware built-in to the Anti-Virus.

Now let's look at my own computers....

I have 3 computers: 2 desktops and my personal laptop. None of them are running Anti-Virus or Anti-Spyware software, and each one has the low-profile Comodo Personal Firewall (which is excellent by the way). I've been running my computers this way for over 2 years, and only once have I had an infection (it took me 10 minutes to remove with Spybot S&D). I've used Windows XP Home & Pro and recently I switched to Vista Home Premium. All 3 machines are used almost exclusively as Internet browsers, and each one is screaming fast without the added bulk of security software.

What makes the difference? Over my years of experience of dealing with this stuff, the only significant thing that sets apart my computers from everyone else's is my enforced policy of safe browsing. Safe browsing is basically when you don't download the free 3d screensaver, or the EXE porn movie, or the mysterious mail attachment. It's when you use a modern browser with a Phishing Filter/harmful site blocker, and a safe web search such as Google, which warns about many harmful search results.

I've warned my family about unsafe browsing and they've gradually adapted to safe practices as I continue to remind them. Now we have virtually no problems whatsoever.

If people would start making an effort to use common sense in web surfing, would the need for an anti-virus disappear? Or is more practical to run an imperfect, bogged-down piece of security software (that really doesn't work too well, judging by my survey of people's computers) so that people can surf without thinking?

Anyone's comments are welcome...

I draw an analogy to driving a car, where the most important safety equipment is not the airbags, seatbelt, bumpers, etc but the driver's brain. Driving defensively and keeping your car in good operating condition are the most important things you can do to be safe. None of the above-mentioned safety equipment can help if the driver does something stupid like driving over a cliff or head on into oncoming traffic. The safety equipment can only really help you in limited circumstances when you or another driver has an occassional lapse in attention or judgement, which, being human, we all have.

Likewise it would seem to be for anti-virus software. If everyone kept their computers properly equipped (two-way firewall, etc), software updated, and practiced safe surfing, there shouldn't be any way for a person to have a virus on their computer. Yet we all screw up occasionally, that's why it's a good idea to have a backup, just in case. That's why I always buckle my seatbelt while driving a car, wear a helmet while on my motorcycle, wear a life-jacket while kayaking, etc.

I got to agree with Snib mostly.

If you look at systems that are constantly infected and those that never or seldom are, the difference is almost never about the quality of AV they use, or even whether they use AV.

I would say that safe hex + diligent patching of software would be more than sufficient for run of the mill threats which is the bulk of what people face anyway. One could also add on demand scans of downloads even from trusted sites using local scanners or online scanners to the list..

The two main ways people get infected seems to be

1) Downloading and running malicious content of their own free will
2) Exploits of vulnerabilities leading to automatic execution.

Doing safe hex + diligent patching of system will cover both.

The scenario when a trusted site is hacked (or serves ads that is malicious) is one that is still somewhat rare, but of increasing importance.

In such scenarios, it isn't certain that the safe surfer without AV will be screwed however. If it uses an exploit than it would depend on whether the exploit targets a known patched vulnerability. If not (and in my experience such a scenario is not very often, despite headlines you see), the AV might or might not be able to catch it.

Anyway in such scenarios I think a sandbox is much more solid and reliable than a AV.

Of course the argument that it is better to be safe rather than sorry, is one that is hard to refute. But I have seen people use this argument to load up their system until it is groaning under the weight of many diverse layers of security program.

Just wondering how you know that your systems are not infected? Running on-demand scans to check them out seems a fair 'performance hit' (probably a couple of hours downtime) to me.

Arguments against AV programs almost always include the obvious assertion that safe surfing is an important line of defense. That is true. And as soon as I convince myself that I am perfect and that I can perfectly predict the safety of any given site I visit, I may get rid of my AV. I congratulate those of you who apparently have attained perfection.

Also, the issue goes beyond comparing the time and hassle of repair versus the time and hassle of using an AV (and other protection). Leaving aside the fact that backing up on a regular basis may not always be the answer, there is also the pesky problem (no longer rare) of various nasties engaging in identity theft and other nefarious behavior. Talk to someone who has gone through that process and see if a few milliseconds of "waiting" for a download compares to the headache and expense of trying to regain those losses. Not having an AV and other protection is, IMHO, as foolhardy as not having liability insurance on your car because you believe you are a safe driver and could never be at fault in an accident.

Just when I thought I was invincible, the [insert zero-day vulnerability here] came and happened to me...

I got a PC for $4o No AV come with mark fun web , whenU hotbar starbar BonziBuddy so on fist scan 75 bad come up so it up to you.

FYI...

AV vendor AvSoft site hacked
- http://preview.tinyurl.com/3b5ddu
February 07, 2008 (Infoworld) - "The Web site for Indian antivirus vendor AvSoft Technologies has been hacked and is being used to install malicious software on visitors' computers... The download section of AvSoft's S-cop Web site hosts the malicious code, according to Roger Thompson, chief research officer with security vendor AVG. "They let one of their pages get hit by an iFrame injection," he said. "It shows that anyone can be a victim... It's hard to protect Web servers properly." The technique used on the site has been seen in thousands of similar hacks over the past few months. The attackers open an invisible iFrame Window within the victim's browser, which redirects the client to another server. That server, in turn, launches attack code that attempts to install malicious software on the victim's computer... The malicious software is a variant of the Virut virus family. McAfee Security Research Manager Dave Marcus believes that the site was compromised by exploiting a Web programming error, most likely in the site's SQL or PHP code. Security experts say that criminals have written automated programs that scour the Web for these types of flaws and then automatically infect sites, making this an increasingly common problem."
* http://seclists.org/fulldisclosure/2008/Feb/0095.html
7 Feb 2008

> http://annysoft.wordpress.com/2008/02/06/antivirus-company-website-is-infected/
8 Feb 2008 - "Malicious IFRAME has been removed... This all is used by the infamous (underground networks!!) tool 'IcePack'..."

I keep hearing that Linux and Macs are bulletproof... well Superman was bulletproof too and look what happened to him!