Antivirus software -- who needs it?

re: Antivirus software -- who needs it?

Aaron Margosis — Sun, 23 Sep 2007 07:29:53 GMT

And even when AV might offer value, is it worth it to run it if the AV software requires that you run as admin? (Short answer: hell no! wrote this a bit over a year ago:

http://blogs.msdn.com/aaron_margosis/archive/2006/06/02/614226.aspx

re: Antivirus software -- who needs it?

Justin Ho — Sun, 23 Sep 2007 08:51:56 GMT

Agreed.

Don't run as admin and surf the web. Antivirus won't do anything for you, no matter how up-to-date it is, if you click on every single link and run application you download.

re: Antivirus software -- who needs it?

Remo — Sun, 23 Sep 2007 15:18:58 GMT

How can I configure UAC to elevate without prompting?

Please help, Thank you

re: Antivirus software -- who needs it?

Peder Vendelbo Mikkelsen — Sun, 23 Sep 2007 16:46:52 GMT

Remo, check out the documentation on technet2:

Windows Vista User Account Control Step by Step Guide

http://technet2.microsoft.com/WindowsVista/en/library/0d75f774-8514-4c9e-ac08-4c21f5c6c2d91033.mspx

re: Antivirus software -- who needs it?

Forest — Mon, 24 Sep 2007 04:30:26 GMT

The point is well taken that malware's capability has outstripped AV software, but nonetheless I think you should always run AV - even software from reputable sources has been known to ship, inadvertently, with malware.

re: Antivirus software -- who needs it?

The Gort — Mon, 24 Sep 2007 22:53:07 GMT

Windows comes with malware included, even if you don't consider Windows to be malware. Install a fresh copy of windows and then you run adaware without connecting to the internet and it will detect malware right away.

re: Antivirus software -- who needs it?

Andy Dowling — Tue, 25 Sep 2007 07:10:57 GMT

Agreed.

I find that running as a limited user offers plenty of protection when you know what to avoid, and software restriction policies give a little more peace of mind when sharing your system with others.

re: Antivirus software -- who needs it?

cwoller — Tue, 25 Sep 2007 16:02:57 GMT

> "When's the last time your antivirus or

> antispyware detected anything?" Invariably,

> the answer is, "Never."

Hey - you folks tell me from time to time, that the fact, that my antivirus won't find anything does *not* mean that there isn't anything...

With this in my mind, I don't understand the above question.

More on the necessity of antivirus software

Steve Riley on Security — Tue, 25 Sep 2007 20:53:47 GMT

A few days ago, I wrote a brief post about my non-use of antivirus software on my own computers. A number

re: Antivirus software -- who needs it?

Doug Woodall — Wed, 26 Sep 2007 20:31:22 GMT

There are so many if's and's or butt's if you are online nowadays and want to insure your online safety.

I agree with steriley on the point that computer security products have created a huge market for themselves. Are they needed? Depends on your education I always say.

I never used anything, till,,,

I became a businessperson online. I quickly found as I moved about the net promoting my Biz that I was coming into contact with lots of threats. It became necessary to get a lil help if I wanted to get anything done.

So I started using a AntiVirus, AntiSpyware and a good Firewall, along with Firefox.

re: Antivirus software -- who needs it?

Application Security Reviews at www.securasys.net — Thu, 27 Sep 2007 23:31:00 GMT

Steve - I found your post interesting and while I dont necessarily agree, I do understand your point. I agree that AV is not a "silver bullet" in protecting against malware or worms, etc but I feel it is definitely a compensating control and should not be removed from workstations.

Its true that threats are increasing in sophistication - issues like botnets and data compromises are growing at an alarming rate - but I feel that a blend of defenses is necessary. Security awareness is core but there is always a need to create that layered approach to security. Firewalls, IDS, AV, HIDS, etc are all building blocks of those defenses. A well architected solution shouldn't be cumbersome but should compliment the system you're using.

Jesse

www.securasys.net

Application Security Reviews, Ethical Hacking, Compliance Gap Analysis, Network Security

re: Antivirus software -- who needs it?

AdamV — Tue, 02 Oct 2007 22:38:42 GMT

' "When's the last time your antivirus or antispyware detected anything?" Invariably, the answer is, "Never." '

This is what I describe as using anti-virus to keep away the elephants:

http://veroblog.wordpress.com/2007/10/01/using-anti-virus-software-to-keep-the-elephants-away/

re: Antivirus software -- who needs it?

Eric Kumar — Fri, 02 Nov 2007 07:54:10 GMT

Hi Steve, just stumbled upon your blog via google search. Interesting post… so I stopped by to comment. I think AV software (or anti-malware software) is an essential component and one of the many “defense in depth” strategies in order to protect computers, no matter how secure the OS “seems” to be. In the end, OS or other security products are still software - which means they are buggy, breakable and penetrable. Always better to have a layered defense, one of the components being an AV software.

In spite of all protection, the average computer user is still fallible due to their own stupidity or intellectuality, widely because the average user does not take computer security seriously. I recently posted a blog entry about this on my blog. Please visit if you get a chance:

http://fightmalware.blogspot.com/2007/10/average-computer-user-and-computer.html

Regards,

Eric Kumar

re: Antivirus software -- who needs it?

Steve Riley — Mon, 05 Nov 2007 09:58:38 GMT

Ah, "defense in depth." Eric, please don't take this personally at all -- however, I hate that phrase! It's been so overused that it's lost its meaning. I avoid it now completely...

Anyway, back to the idea at hand. Anti-malware is just one of many many choices we all have when it comes to securing our systems. But before making any choices, we must first understand the risks each of us faces and also have a feel for our individual "risk tolerances."

Not every security feature is good. And not every feature needs to be used by everyone. For example, I have long been recommending that folks not use account lockout, because it creates more risks than it alleviates, and you can satisfy the supposed threat by using long passphrases. Just because a security feature exists, does it have to be enabled or used?

Nowhere have I said that avoiding anti-malware is good for everyone. I said that I don't use it on my own computers because I am addressing the malware threats in other ways. And, as I wrote, it's working for me: I've avoided infections in all my machines for as long as I've been in computing (hint: who remembers the S-100 bus? haha)

Remember this important fact: for every threat, there are multiple mitigations. What works for one person might not work for someone else. It all comes back to building your own risk profile and understanding which threats you are vulnerable to (and which you can ignore).

re: Antivirus software -- who needs it?

Nick Brown — Mon, 12 Nov 2007 01:27:49 GMT

I've been saying for years that anti-virus software is unnecessary. Nice to hear it from a security professional. :)

Supporting your family, friends, and neighbors

Steve Riley on Security — Wed, 13 Feb 2008 20:45:42 GMT

By Steve Riley Senior Security Strategist Trustworthy Computing Group, Microsoft Corporation (originally

re: Antivirus software -- who needs it?

softwares — Sun, 23 Nov 2008 15:54:12 GMT

i think every computer user need it.

re: Antivirus software -- who needs it?

Peter van Dam — Sun, 04 Jan 2009 16:16:31 GMT

Antivirus and anti-malware tools these days use like 80% of CPU, slowdown your harddrive by at least 50% and annoy you all the time with unneccisary popups.

Why should I be asked if I want to allow an app like Internet Explorer 7, verified by Microsoft, signed and everything to connect to the internet. Or the same for Messenger. Such program should know better then me, not the other way.

And what about the bsods they are causing from time to time (looking to trend micro) or a total system failure (looking to AVG). Those issues are happening to many times, and those companies just see it as an "Oops", and can't be sued for anything.

A virus was something that slows down your system, annoys you frequently, and makes your system unstable, and are hard to be removed 100%. Well, most anti-virus software completly meet with those requirements.

I'm running Windows Vista for like 3 years now, had run OneCare in the first few months, but removed it. Never had any virus in these three years. Also, like you, I checked a few times to be sure I didn't have anything.

I recently visit a store to upgrade my pc. 5 people that visited during that time, had no internet, or other kind of issues, simply becuase firewalls or antivirus software blocked it. Including IE. It's just stupid how they work these days.

And why those sheduled scans all the time? When i'm about to use the file, your giong to scan it anyway, so why use my hard drive and cpu resources every week for absolutely no reason?

All those things make me believe that when you just keep UAC enabled, to simply remove any antivirus that runs real-time. And install scanners that simply can run on command, or prevent it, like spywareblaster.

Poll: do you use scheduled scans for malware?

Steve Riley on Security — Mon, 05 Jan 2009 23:04:00 GMT

An  interesting comment recently appeared on my older post about whether or not to use antimalware

re: Antivirus software -- who needs it?

reza — Sat, 10 Jan 2009 06:34:32 GMT

Damage to PC is only in a second, I have experiance before that one of my friend turn of his anti-malware and in that time he insert a Flash Memory and then PC infected. damage to PC is possible for everyone , you may leave your PC for a second and in that time your friend insert a Malware removable device. Anti-Malware will help Microsoft to build their next operating system.How? Anti-malware companies are member of Microsoft Security Alliance and they are discussing about new Malware and how to be protect. Let's see if you have new Malware in your PC and it will not detect by you AntiMalware , but it probably will send to your Anti-Malware vendor as suspect behavier (if you chose join the program to improve product) and they analyze and ty to find anti-malware path for this malware and other malware similar to this. What will happen next? Microsoft will review malware by type and how they damage then when they plan to build next product such as Windows they make it more secure which these Malware could not damage them easily. In Windows Vista what I say is you are in guest mode and admin mode!. If you are do your normal job such as watch movie,open internet explorer and etc, your are guest mode mean that if you visit malware website and it try to damage your PC then it will damage in low level unless you accept it by UAC. whenever UAC ask you do you want continue then you are doing admin job,else your are doing in guest job. Then if your friend send you a Picture with your email and when you click on it and it show do you want contine then... it is not picture because picture will not do something with admin mode. If you are like steve and you know how to when and what to download and install then thats fine without anti-virus. But , I if you are downloading several movie from bittorrent or always click on "Free..." and you open all the attachments and you always visit malware website then you must have anti-malware. Please note that if you our using non-genuine Windows then you never should think about protection at all because there is no solution for protecting non-genuine windows from Malware. If you are using non-genuine Anti-Malware then there is no solution to be protect your PC against Malware. remeber always look for license term and always try to download from main website of software vendors.

re: Antivirus software -- who needs it?

sunkumarspace — Sun, 12 Apr 2009 11:15:31 GMT

i think antivirus is must otherwise it will damage yours pc, may be as some say with sandboxie and other virtualisation tools youmay be safe even returnil sometime hacjks then i think if no antivirus then widos steady stse on is a ghood option

Throwing my words back at me

Get secure with Steve Riley — Mon, 15 Jun 2009 21:11:57 GMT

Have you ever tried feeding something you wrote into an online language translator, then doing it a second