Still using antivirus?
- Thread starter Bumpyride
- Start date
I think not using AV and a real firewall on an critical computer is silly. Even with gateway AV, hardware firewalls, anti-spam servers with AV and the like I still had a zero-day infection at the office (came in over email and through a previously unknown Outlook vulnerability) that beat the AV update by literally 42 minutes and hosed some database files about three years ago. Nightly backups had everything server-wise fixed within an hour, but the client took some time.
What I do now is gateway AV (CheckPoint Vstream), FW-1 hardware firewall, barracuda AV on the spam server (clamav and their own engine), another AV on the mail server and Sophos on about 2/3 of the clients and ZoneLabs on the others. All told 5 different AV engines touch email and a minimum of two touch all web traffic. This has been bulletproof so far.
At home all the critical stuff is on my Linux box.
What I do now is gateway AV (CheckPoint Vstream), FW-1 hardware firewall, barracuda AV on the spam server (clamav and their own engine), another AV on the mail server and Sophos on about 2/3 of the clients and ZoneLabs on the others. All told 5 different AV engines touch email and a minimum of two touch all web traffic. This has been bulletproof so far.
At home all the critical stuff is on my Linux box.
Yeah, I have AV on my work computer. I don't think the IT department would let me do anything else. I've never had a virus on that computer either, but it's definitely a more critical system. I'm mainly talking about a home computer that's used mainly for web-surfing and gaming.
Keep in mind that your home computer (for many people) does have critical information cached - credit card numbers used for online purchases, passwords for bank accounts and the like. People have had ID stolen through intrusion or even recovered old hard drives.
Personally I think disabling scripts, never saving passwords and hard disk destruction are key. That, plus online credit report monitoring to let you know of any changes to your credit report.
I use my work PC for doing online orders and the like -- Vista Enterprise domain member with EFS, Bitlocker, UAC in credentials mode and SEP. If anything is placed on or removed from ths machine, I know about it.
Very wise, but most people don't or can't. It's trivial to block virtually all e-stores and online banking with a cheap web filter appliance and more companies are doing it. That leave more people doing all their shopping and banking on home machines running expired "trial" copies of Norton Internet security that came bundled...
Well, that's "those people".
The question was asked of us in this forum, and I doubt there are very few of "those people" partaking in this forum on any sort of regular basis
The question was asked of us in this forum, and I doubt there are very few of "those people" partaking in this forum on any sort of regular basis
Well, that's "those people".
The question was asked of us in this forum, and I doubt there are very few of "those people" partaking in this forum on any sort of regular basis
Point taken.
Guess I should get my sisters and Mom to read B3D so I don't have to continually fix* their computers *request relative's credit card, DL latest TrendMicro security (insert favorite), purchase 3 year subscription to aforementioned security, set up everything for no prompts to minimize "what should I do" calls, fly home and cross fingers.
not using any kind of AV or Firewall for something like 2 years and had no sign of a threat yet.
Had enough trouble with resourcehogs, settings I`d need but would have upgrade to "nonfree" versions, windows popping up while im playing games (and as I was on a ATI-Card - often crashing it as sideeffect). I rather peek around the insides myself from time to time - I have little trouble catching suspicous stuff ( which I often do on alot other computers, despite having AV&FW ).
The key is not to use Outlook & IE
I dont have critical stuff to loose tho, most important things are backed up on DVD. And theres not much to hide from the outside.
Had enough trouble with resourcehogs, settings I`d need but would have upgrade to "nonfree" versions, windows popping up while im playing games (and as I was on a ATI-Card - often crashing it as sideeffect). I rather peek around the insides myself from time to time - I have little trouble catching suspicous stuff ( which I often do on alot other computers, despite having AV&FW ).
The key is not to use Outlook & IE
I dont have critical stuff to loose tho, most important things are backed up on DVD. And theres not much to hide from the outside.
I don't run a continuous scan anymore, it was really hurting my compile times (eating > 15% of my CPU when compiling).
I do have antivirus software installed and I do run mannual scans every week or so.
I do run explorer and outlook for the most part and I've only ever had one virus, it was my fault and I realized 2 seconds after I was infected.
I do have antivirus software installed and I do run mannual scans every week or so.
I do run explorer and outlook for the most part and I've only ever had one virus, it was my fault and I realized 2 seconds after I was infected.
djskribbles
Legend
+1. i've used AntiVir for years.
The problem is that they really don't use "minimal resources". I've tried a lot of the AV software out there and although some are a lot better than others, you generally take a 5-20% hit on stuff like loading/compiling/high-IO (and it seems like ERP has had similar experience). Even with Vista's IO priority system AV software eats a chunk of my performance that I'm not willing to give up... IO is already slow enough!
Couple that with the fact that I've had no trouble with viruses or malware on my machines for the past 6 years (with no AV software) I don't feel compelled to reform. Granted I probably don't surf and download as much as many of you, but that may be the answer to your question in and of itself
The final nail in the coffin for AV software in my situation is that any critical files, etc. are backed-up offsite in addition to nightly backups of the whole computer (Windows Home Server is pretty cool for this!). Thus if I had to wipe the computer for any reason it would be little more than an inconvenience.
So while there's always a "chance" of virii getting through, in my experience nowadays they come in almost exclusively through downloading/MSN/e-mail/etc, which is easily managed by an experienced user. I have full confidence in Firefox and even IE7 to handle security in standard web browsing, etc. tasks. And hell you'd have to click through a lot of "Allow" menus to get a virus installed in Vista
And how does that make something more secure? Any directory could theoretically be a host for a virus-containing executable. You should see what Symantec 10.2 does to EFS-encrypted files
My primary office workstation (and my few test Vista boxes) are painfully slower on boot, on application startup, (definitely on Outlook), and on just about almost every disk-accessing task I have. All of my home Vista workstations are, comparitively, light-speed ahead of my office boxes. My main home goes from POST-complete to desktop in about 12 seconds; my fastest office box (which is relatively hardware-equivalent to what I have at home) takes almost a full minute.
Oh certainly... and file types, and heuristics, etc. etc. The point is that every bit of scanning your doing *does* slow things down, and I work with a lot of performance-critical applications every day. Sure if you're just surfing the web and reading e-mail you probably won't notice, but I *do* notice.
Certainly it's a trade-off, but at the moment running a virus scanner - however configured - falls into the category of reducing productivity for me, at least until I get a virus that causes days of productivity loss.
I think a reasonable trade-off would probably be to scan just downloaded items to be honest... the scanning time there is negligible compared to the download time and that's probably the most likely place to get viruses nowadays. I don't download too much, so it isn't an issue for me either way. On-access scans of the local file system are total overkill for me though and just serve to slow things down.
Running a Virus Scanner real-time but configured to exclude "~/workspace/" hierarchy and your temporary compile-time scratch pad is infinitely more secure than Not running a Virus Scanner real-time.
As for boot times, my work PC boots incredibly slow compared to my home PC, but its from having the P.O.S. Symantec AntiVirus installed in addition to forced group policies applied in addition to scans for any critical system updates and from having dreadful entire drive encryption applied. I really wish they'd switch over to TrueCrypt and some lesser form of evil for AntiVirus.
Yes, I realize it's a tradeoff. I was just throwing suggestions out there to enable others to reach some/any level of reasonable compromise between performance and protection.
I think scanning on download, email receipt, office document opening, and insertion of removable media (usb keys, cds, dvds) is usually enough.
As for boot times, my work PC boots incredibly slow compared to my home PC, but its from having the P.O.S. Symantec AntiVirus installed in addition to forced group policies applied in addition to scans for any critical system updates and from having dreadful entire drive encryption applied. I really wish they'd switch over to TrueCrypt and some lesser form of evil for AntiVirus.
Yes, I realize it's a tradeoff. I was just throwing suggestions out there to enable others to reach some/any level of reasonable compromise between performance and protection.
I think scanning on download, email receipt, office document opening, and insertion of removable media (usb keys, cds, dvds) is usually enough.
If you hang out in the Politics and Ethics of Tech forum here on B3D, we talked about that USB deal several months ago -- I actually started the thread. A virus scanner wouldn't have found it, because it wasn't a "virus in the wild" that anybody has written defs for. I doubt that a company as large as that bank runs their PC's without realtime AV scanning in place on each and every workstation.
And that's a perfect example why AV isn't really the catch-all that people assume it is. Someone earlier mentioned "multi-tiered" approach, and in truth, that's the best way to go. I also know you're alluding to that, and you're generally right.
But for my workstations at home where I don't check email, don't insert random USB drives, and generally use it only to play games directly from DVD / CD and download windows updates or new drivers -- there's not enough for me to protect to warrant the cost.
Bouncing Zabaglione Bros.
Legend
Kaspersky should have picked up the keylogger aspect of that particular attack trying to hook into the OS, and firewalls would have spotted the outgoing connection from an unknown application.
As you say, every little bit helps, and not using one of the better virus scanners does leave loopholes that can catch you out. It's always a question of considering what is at risk and how much damage losing it would be to you. You might not care if there's nothing important and you've got a few weeks worth of backups across the network. If there's personal or customer data, bank details, logins/passwords, etc then you're taking a risk with that data.
Which is why, at work, all my machines are armed to the teeth.
But I didn't think we were talking about our work machines in the original posters' question
Similar threads
