ghacks post: "Why I decided to uninstall my Antivirus software"

[mouser]

Martin over at ghacks writes about why he still uses an antivirus program occasionally but no longer keeps one running in the background.

It's not a crazy idea, and i've been tempted to do the same.  In the end I've opted to keep an antivirus program running in the background and just accepting the small performance hit and occasional system slowdown from antivirus scanning.

The truth is though, as Martin points out, i know that my basic system is safe, and scanning all my files all the time seems wasteful.  When new files come in the mail, i would know enough to scan them manually even if i didn't have a background resident scanner.

Anyone else out there sufficiently brave and confident in their security policies to not run an antivirus tool?

http://www.ghacks.ne...-antivirus-software/

[Lashiec]

My experience is that people who went "I don't need antivirus software" for a time came running asking for antivirus software. Of course, this changes depending on the usage you're giving to your computer, but even being prudent like Martin suggests and refraining yourself of taking up risks can give problems. Recent attacks to security forums show this, and considering that malware can be sent along normal JavaScript is better to be safe than to be sorry. Being a somewhat paranoid guy with something behind to protect you if disaster strikes it's the better thing to do IMO.

Apart from that, a well written post that does not fall in the anti antivirus zealotry (or trolling)

[mouser]

It may be misleading to advocate *uninstalling* an antivirus tool.

In my mind, the interesting debate is whether you should have one running all the time as a background resident scanning process examining every file opened, or whether you should just use an antivirus as an on-demand scanner.

[Lashiec]

I suppose that you would have to decide between the convenience of having something guarding you against performance impact and wether your antivirus affects your work on the computer to the point that you'll prefer having it disabled. Of course, you also have to take in account personal preference, hardware, computer literacy and antivirus software.

[nontroppo]

mouser: because you can't know if your OS or applications have vulnerabilities. Perhaps just visiting a web site may be enough to trigger something. It is not only about running unknown applications, but that your known apps may have issues waiting for exploits.

And don't forget gremlins can often surf illicit sites while you are asleep...

[Deozaan]

If I knew no one else would ever use my computer or have any direct access to it, I'd feel really confident about not having anti-virus software running in the background.

But if you have a shared computer or a computer on a network, and some of the people you share your computer/network with are somewhere on the verge of computer literacy, I'd keep it running.

Most people know enough to download screensavers, games, and other crap, and how to install that crap. What they don't know is how to recognize dubious sites, dubious programs, dubious attachments, etc.

One example is when I found my computer infected by a virus, I knew I hadn't infected my own computer, so I asked my mom to scan hers.  Turns out my mother had opened an attachment on her computer, it didn't do anything (or so she thought) so she ignored it, and it infected the rest of our computers because we had mapped network drives for easy file sharing across computers.

You're only as secure as your weakest defense.

[Eóin]

I never have and never will run an antivirus program in the background. Anything halfway suspicious I will test in a VM but I firmly believe that if someone can get malware to run on my pc then the battle is already lost, I don't trust antivirus solutions to catch the real threats.

I realise that sounds naive but the odd time I full a full scan the pc has turned up clean.

[f0dder]

I've run with antivirus for long periods of time, and I've run without for long periods of time. Currently I run without. It's either completely without, or completely with (including always-running on-access scanning, but no scheduled full system scans, those are silly).

Eóin, you're almost 100% right in that "if someone can get malware to run on my pc then the battle is already lost", this is the argument I use against outward firewalls... Thing is, you can't guard yourself 100% against os/browser security holes, even if you use a NAT router etc. But the kind of malware that can creep in through such a relatively narrow hole is relatively limited in size, so should be able to be caught by decent on-access antivirus (especially something that also has behavioral blocking).

The nasty stuff that attacks your firewall and antivirus products tends to be those big malware bundles that people get through clicking olsen_sisters_nude.scr...
 
Since I don't have anybody using my computer regularly, and I pay a lot of attention to what happens on my system, I feel safe enough about running without antivirus software.

EDIT: but I wouldn't run without antivirus if it wasn't for adblock. Why? here's why.

[Lashiec]

Eóin mentioning virtual machines reminded me of something. The use of something like Sandboxie could be a good alternative for when you're browsing the Internet, and you don't want the antivirus scanning (and slowing down) your traffic. Heck, I would even say that it's more secure than an antivirus.

Actually, I encountered one of those fantastic redirections f0dder links to last week, while browsing in Firefox. As it's not my primary browser, I have no extensions installed there. Now I have AdBlock Plus, just to be sure.

[f0dder]

I've been meaning to try out Sandboxie and/or altiris svs... seem like nice ideas, but I just haven't bothered yet. I wonder if either of those are good alternatives to using a fullblown vm for testing shareware apps etc. (ie., lighter on resources, less bother, but still enough encapsulation that you can entirely remove the stuff again).

Just remember that even things like sb/svs aren't 100% foolproof, afaik there's been exploits for both... but generic exploits probably won't target that kind of stuff.

[wreckedcarzz]

I personally don't have any security software installed, Windows Defender is off, and Windows Firewall is also off. All I have is my hardware router's firewall, and Sandboxie for unknown software (IMO, f0dder, Sandboxie works great- I have run a virus or two in it, and all is fine). I don't see a point in security software. Even if something totally trashed my machine, I save all my install files to a backup partition, so a reformat/re-setup takes like 2 hours.

I run the occasional online virus/spyware scan, and I am always clean. It just depends on what, where, and whom is surfing, I guess.

[f0dder]

If your machine is never connected to a LAN (and friends never bring over laptops/whatever), and you only selectively forward ports on your router, I guess you're mostly fine. But why turn off windows firewall? Does it impose a significant hit on your machine:

Backup partition won't help you much against nasty viruses if it's on the same machine... but fortunately most threats today is in the trojan/malware category, not viruses.

[nontroppo]

The achilles heel of SBIE is personal data - it is still possible for an app to read a file from your OS and then dial that info out onto the web. So although SBIE is very good at isolating your system(I saw a great technical review of it but can't remember where now), it cannot protect personal data in its default configuration.

[vegas]

I haven't had a full-time virus scanner running in 5+ years.  The only thing I ran was Nod32 for a month or two (which wasn't bad, but it's less intrusive with no scanner running)

I use a router as my firewall.
I do not open email attatchments in outlook express (if I get any that might be worth reading I forward them to a webmail account).
I run AdMuncher on all computers at all times.
I will occasionally run Autoruns, SpywareBlaster, and check for viruses once a month or so,  I have only ever had one virus or problem in the last 5 years running like this. 
I keep a LAN icon on my desktop so I may disable my network connection when I am away for extended periods of time (sometimes I use it, sometimes I don't).
Note I do not surf to porn, or other questionably trusted sites, only reputable software gets installed. I do not use filesharing programs or the like (with the rare exception of uTorrent when needed).  Most of that is what the newsgroups are for.

Essentially just using general common sense, I think can keep you protected most of the time. And don't forget to backup occasionally!
On a side note, if there is a solid virus scanner that can be run from a usb/portable drive, could someone give that a mention, cuz that would be handy for when I use other peoples computers and move files around.\

edit: grammar (as usual)

[f0dder]

Essentially just using general common sense, I think can keep you protected most of the time. And don't forget to backup occasionally!

-vegas (December 08, 2007, 04:58 AM)

Until you get hit by a rogue banner ad that admuncher for some reason didn't filter... *boom*. And when that happens, it's going to be nasty.

But no, I don't run antivirus software either

[tinjaw]

On a side note, if there is a solid virus scanner that can be run from a usb/portable drive, could someone give that a mention, cuz that would be handy for when I use other peoples computers and move files around.\

-vegas (December 08, 2007, 04:58 AM)

I use ClamWin Portable.

[PhilB66]

On a side note, if there is a solid virus scanner that can be run from a usb/portable drive, could someone give that a mention, cuz that would be handy for when I use other peoples computers and move files around.\

-vegas (December 08, 2007, 04:58 AM)

I use ClamWin Portable.

-tinjaw (December 08, 2007, 05:11 AM)

You may also want to check out ClamWinPortableDBUpdate for automatic updates of virus definitions database in your ClamWin Portable installation.

[terribleterryc]

I shut off spyware on older machines.  With 2GB memory and dual core CPU almost the norm I question if leaving virus/spy/malware installed and turned on to cause any problem at all? It doesn't seem to on my systems.

I feel much safer with Sandboxie when getting off the safe paths.  The paid version, which costs very little, is much easier for me to use.

[justice]

The problems is not viruses, but trojans imho. they could be sending your credit card details out if you're not careful and leaving them on your system for a day already compromises you.

[brownstudy]

Jeff Atwood at the Coding Horror blog (in the linked posts below) advocates doing away with anti-virus, not running as administrator, and using virtual machines. (I don't know about Sandboxie, but the Altiris SVS wouldn't be a good solution for this scenario.)

Coding Horror: Choosing Anti-Anti-Virus Software
http://www.codinghor...archives/000803.html

Coding Horror: Trojans, Rootkits, and the Culture of Fear
http://www.codinghor...archives/000929.html

[Ralf Maximus]

The problems is not viruses, but trojans imho. they could be sending your credit card details out if you're not careful and leaving them on your system for a day already compromises you.

-justice (December 08, 2007, 09:39 PM)

Sounds like some girlfriends I've had.

[dlagesse1992]

When I boot Windows, I do something similar: one scanner running, and start more if I get suspicious. In Ubuntu (my main OS), I don't need one...

But, having more than one antivirus running at a time is just a waste of battery and speed to me.

[Ralf Maximus]

Jeff Atwood has valid points, and I treasure his Coding Horrors site.

However, until VM support is integral to the operating system, running by default... I don't see that as a valid strategy for typical users.  One of the reasons I keep VMWare so busy is trying out new stuff I download, just in case it turns unexpectedly evil. That's not practical on my laptop, with its weenie 80GB drive and pokey processor.

If you're a road warrior, and go around plugging your latop into foreign networks all the time, then it makes sense to run the standard stuff (firewall, defender, virus scanner).

I keep Nod32 running on my primary workstation for peace of mind.  Its threat detector has triggered maybe a dozen times in three years, and most of the time it's a false positive or something embedded in a spam I had no intention of opening anyway.  But that 7% performance hit is well worth the alternative: always wondering.

[wasker]

I cannot recall when I ran antivirus last time. Like five years ago?.. But I don't work as admin.

[GiorgosK]

I have not had a resident antivirus or firewall running for about 5 years
with no major disasters or formats

its my personal laptop and no one else is using it

I do run Spybot, HijackThis, Autoruns, once in a while
I do use Firefox instead of IE
and I do scan my files with either AVG or BitDiffender
and sometimes I don't even run some files that are labeled "clean"

I have had to clean some malware and spyware manually in the past
that respected antivirus products could not detect
and that is when I have lost my faith in them
and gained trust in myself 

I think the most important thing when disabling the antivirus
is knowing which files and sources to trust and which not to