September 26th, 2004, 06:57 PM
Lets get a discussion going on general Antivirus practice.
It seems many people have different perspectives on AV, heres a few:
-No AV is necessary
Some would say that no AV is necessary if you are configured and updated like you should be. I personally think this is valid in a sense but after the MS04-028 GDI+ vulnerability, it makes me wonder. What would happen if the vulnerabiltiy went unreported? There is no way to secure Internet Explorer from it, unless you don't load images. (btw would MS04-028 effect FireFox?)
One might think that running multiple AV's would check the results of the other, but that can lead to errors while checking files and severe performance issues.
One strong AV solution to protect your box.
My opinion is that a single AV is necessary on mail and file servers. On a workstation, could a multiple AV solution work out? Clamwin doesn't have realtime protection AFAIK, and would not interfere with software like Norton that uses realtime protection. Would there be any benefit to running a realtime AV like Norton, with a sidekick AV like Clamwin? I understand and believe running two realtime AV's like McAffee and Norton isn't smart for reasons stated, but I don't think Clamwin would interfere with performance of another AV?
Anyhow, what are your Antivirus setups, or do you think they aren't necessary?
//me goes to chipotle
My setup is one AV, Clamwin. It is lightweight and the defs are updated well. If you want, you can make your own defs, which rocks. I like Clamwin a lot, I might write a tut to support it.
September 26th, 2004, 07:01 PM
I believe in a single A/V solution (one that is proven to work thoroughly and effectively) with updates and definition's that are able to be downloaded at any given time. As long as I stay on par with updates and definitions (my A/V solution must have those capabilities) then I'm comfortable and believe that I can't be infected (well, that and using common sense with certain things).
This solution (the one I use) has never failed me and I can't even remember the last time I was infected with a virus.
September 26th, 2004, 07:17 PM
I do get infected every so often. Usually because my wife goes to alot of puzzle and game sites that usually offer something for 'free' that she just has to sign up for.
But I am using the Avast free AV and it is working great. It catches most of the infections before they get on the box and every thing else with in an hour or so. I run Trend's Housecall about once a week and it has never found any yet that the avast has missed. I am very content with the way I have my boxes set at present, but then again I am always looking for something better ( and free also).
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
September 26th, 2004, 07:28 PM
No one single AV will be able to catch all viruses (especially 0 day nasties!) but I think that as long as people are security minded they will update their signatures regularly or allow the program to update itself. Companies are always on the look out for something new that hasn't been discovered yet and they are doing their best to patch their software in a timely manner. Good surfing habits and keeping in the forefront the ideas that AV software is only as good as the latest and most up to date files should protect the majority of us from getting to infected.
There wasn\'t any paper used here, but millions of electrons were terribly inconvenienced
September 26th, 2004, 08:30 PM
My personal opinion is that a single AV suite is suffice:
My background is that I'm not too educated IT wise, and so, I bought the Symantec NetSec 2004 suite. [ A name I had heard of, and a complete package ]
that is, it covers everything, and each part is compatable with the rest [allegedly]
No one will catch zero day exploits.
No one single AV will be able to catch all viruses (especially 0 day nasties!)
Because they are zero day............
But the AV providers will get something ready ASAP. [allegedly]
55 - I'm fiftyfeckinfive and STILL no wiser,
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
September 26th, 2004, 08:44 PM
I don't believe one will catch all zero day exploits, however combine it with knowledge/wisdom of the subject, common sense, and always updated updates/definitions and you got a pretty good strategy. One that has never failed me..
September 26th, 2004, 08:54 PM
I Use Norton Anti-Virus ...
as part of Norton Internet Security 2003. It hasn't let me down, as far as I'm aware! I update it every time I go online, it's the first thing I do!
I'm with SecGod in that whatever Anti-Virus software you use, it's only as good as it's last update.
As for Zero day exploits, there's no guarantee but heuristic analysis may catch one or two? Norton has heuristic analysis, so to me that is a good thing.
As for Norton being intrusive of your system? Well yes it is, but that is due to the in depth level that it works at! Yeah, I could utilise an Anti-Virus package that is less intrusive, however, this requres the user to be competent and security minded. Other people use my home PC, so I have to consider my needs to protect my home PC from them! lol
You pays yer money (or don't (in the case of free personal editions)) and takes yer pick!
Tomorrow is another day for yesterdays work!
September 26th, 2004, 08:57 PM
Simple Simon: I'm just wondering, but in what ways are Norton intrusive on your system?
September 26th, 2004, 09:03 PM
FAO Spyder32 ...
Perhaps intrusive is not the right word, more intense? It runs a number of processes which can be resource intensive! An example being it scans incoming and outgoing emails by default! This causes a slight delay for me and the other users when reading or sending emails, however, to me this is a small price to pay for the protection it affords.
Tomorrow is another day for yesterdays work!
September 26th, 2004, 09:10 PM
Hrmm, I must not have that package or whatever (mine doesn't scan my e-mail's, whether outgoing or incoming). I'm interested in the processes that run with Norton, I know of a few but can you share some of them with me (particularly the one's that take up the most resources) and which one of them are not needed to be run. If they are taking up resources, I'll close them/turn them off because obviously I need to conserve resources on the system.