Is antivirus software really necessary?

[therenegade]

Wouldnt the cost(by this I mean everything,time taken to install,update,used resources et al) be worth it?Admittedly,0 day viruses cant be caught by AVs but these viruses(any virus in fact),stick around?Whats to say a user wont accidentally click on an attachment?How'd such a scenario work on your network for instance catch?ten years without infection is impressive
Why hasnt anyone gotten round to giving round one complete package...not a suite..one program..with a built-in firewall,an AV with both heuristics and pattern matching?Would it consume more resources than all the applications we currently use?or is my question too general?

[Und3ertak3r]

My own experience..

ALL the machine I removed Trash from in the 3 week to the 21st of April.. had an Anti-virus..

the problems were more related to Spy/adware..

two years ago I would have argued against Soda and catch.. I do tend to agree today..

on my own machine.. the only reason I have an antiVurus is to catch any emails that I may have stupidly not filtered out on the ISP (I currently run Mailwasher at home and work..that is pending my building a custom home mailserver)..

personaly.. with a smoothy(soon to get a squid mod), spam filtering, a email scan, add block hosts file, Firefox, ..oh and patches applied at regular intervels.. ALL progs.. not just the OS..(I have a CTD..(crash test dummy) that all updates are installed on first.. run for a day or three.. before applying to my other systems..
I visit some low life locations.. and AO.. I have very few problems.. no virus/worm/adware problems for well over 10mths (I did stupidly download then accidently run..netsky.p.. instead of placing it in the farm pen)..
so anti virus?.. for home users who dont know what to block or settings to change.. they bloody need it..
For fully managed systems.. it certainly is a question if needed or not.... and if your a performance (read.. rev head) user then the less that is useing CPU cycles the more black rubber on the road for your fav apps....

as for the perfomance vacuums like Symantecs NAV and McAfee (hey how about this one.. http://forums.maddoktor2.com/index.php?showtopic=4267 ) .. I'm dumping them every day..

My time is money.. and so is the cost electricity.. extra power used by the cpu during a scan or running scanns after hours so it all costs.... is good policy and prevention more cost effective than the added cost of owning, maintaining and loss of performance of an antivirus..


Loss of performance... a second or two longer to get a calculation done... bad?.. no not realy.. but waiting 20 or 30 second for a AV scan of a file your about to open is costly on business.. and those 1 or 2 seconds add to several minutes in a day that adds up..


i ramble on.. too much

[DISLEX]

You must keep in mind the 99% of todays viruses are mass mailing ones. Your computer may not seem to mess up, but the mass amounts of mails you may be helping to go out affects mail server around the world. Years ago a virus writters seemed to make viruses that harmed your PC. That's not so much the case these days. /2cents.

[netRealm]

Dislex, that's kinda along the lines of something I'm wondering. If you're not running an AV, how do you know you're not infected?

[catch]

If you're not running an AV, how do you know you're not infected?

If the virus isn't incurring a cost on your organization, why care? If it is incurring a cost, you should know how and how much.

Beside, if you have your system setup in a manenr that makes virus propigation not possible, why waste the time scanning?

cheers,

catch

[allenb1963]

As I read thru this thread I see a lot of good points from both sides. But I have to ask...in what context was the original question asked...was it referring to an enterprise environment, soho or a personal computer? And what is the experience level of the user? Would any of you seriously advise a newb to not worry about virus protection? For that matter, if you did give that advice, would you be willing to devote the amount of time needed to bring that user's skill level up to the point where he/she would be safe without an AV product?

It seems we all tend to look at these questions with our own little narrow POVs when we actually need to have a broader perspective in general when considering the question before us. But no...as usual a simple question sparks a debate.."you're wrong, I'm right...no I'm not...yes you are...blah blah blah". I just pity Raccoon because after he sifts thru all of this mess there still isn't a clear answer to be found.

[Raccoon]

Originally posted here by allenb1963
I just pity Raccoon because after he sifts thru all of this mess there still isn't a clear answer to be found.

Haha! It is good to see someone is looking out for the little guy. I have been keeping a regular tab on this thread but I haven't been able to really reply because I do not really have any knowledge in the field beyond that of personal computer use. I am glad to see my question sparked a good discussion/debate, but they did sort of stray from the topic at hand, didn't they?

Just an update on my situation. I ran NAV03 today and it came up with 6 virii. None of a high risk, but they were there. It did fix my 'computer lag' problem however..

[catch]

And what is the experience level of the user? Would any of you seriously advise a newb to not worry about virus protection? For that matter, if you did give that advice, would you be willing to devote the amount of time needed to bring that user's skill level up to the point where he/she would be safe without an AV product?

The experience of the user doesn't matter, anti-virus protection is flawed in concept and consequently should not be relied upon. Where is the sense in teaching two types of security, the right way and the common/easy way? Unfortunately this is the way it currently is and most people know ****-all about security until they get into an InfoSec graduate program and personally I find that to be a silly situation.

Why should I be expected to devote my time explaining everything to security neophytes in order to boost their skill? I set them in the right direction, which is more than most people do (just set them off to the status quo).

Why does this site need to focus on the newbies anyhow? I've said it before... the site's tagline is "maximum security" not "intro to security" until that changes I'm not going to give incorrect answers because they are easier for those new to the field to understand.

cheers,

catch

[HTRegz]

Hey Hey,

I had thought about avoiding this topic, and still do as I'm typing this... It's basically a 'Windows VS Linux, which is better?' question... it's a matter of personal preference.

At the bare bones of the question you get a very straight forward answer. 'Is AntiVirus software really necessary?'... No. Plain and simple... Antivirus software (for the most part... and as far as the and user is concerned) is reactive... In order for it to detect a virus, someone must already know about the virus and must have created a definition, which you've downloaded and installed. So what do you need? An up-to-date OS and a smart user... Viruses themselves don't spread between networked computers on their own... that's the characteristic of a worm... To spread a virus, you need an idiot... train them to properly use a computer (I.E. those morons on MSN) and you'll eliminate the spread of viruses. Now for worms... Someone creates a worm that exploits some inherent security risk. By the time the AV vendor has a definition for this, the OS Vendor, or some third party, will most likely have a patch or a work around for the security risk. So again your antivirus becomes moot... and again, you won't be protected until after you are infected. Unless you've got norton scanning archives you download, but then you are sacrificing CPU cycles for no reason. AV software is, as has been mentioned, a huge resource hog.. it's another check on the cons of AV..

So why would people use AV??? Because they're stupid and refuse to learn... While I agree with what you're saying catch, the big problem in your argument is the laziness of people.. I'm a prime example... I'm overweight and it's unhealthy... I've got about 20 free hours a week, but do I exercise or work out?? No... Do I try to eat better and diet??? No... Why? Because I'd rather play on the PC, watch TV or play Guitar.... and I'm always on the go and need my food quickly and nothing fast can be healthy... I'm lazy... plain and simple... End users are the same way... They don't want to learn the computer... they want it to serve it's purpose... This is a prime examle of why the ICDL (International Computer Drivers License) should be beefed up and become mandatory... but that's a completely seperate argument. Because of this ignorance, stupidity and laziness... AV has become necessary... People for some reason know that they should update their AV... they don't realize they should do it with their OS as well. In reality... updating their OS and at the very worst, running an application (read: firewall) that will detect networking activity (in and outbound... that firewall in my router **** is garbage for anything beyond enterprise type settings)... combined with effective computer practices is more than any user requires.... They don't want to take the time to learn this..

So what happens is a lot like sex (hopefully this doesn't offend anyone)... You could completely avoid pregnancy by practising abstinence but where's the fun in that... which means you get protection... initially it's just a condom... then eventually the girl goes on the pill... Two lines of defence... but sometimes people still worry.. Then you get people practising the pull-out method, or girls getting IUDs... spermicidal lube is used... the list is endless... Some guys double bag... This methods increase the comfort level of the people involved, but they don't necessary increase the safety level, in fact some common practices do exactly the opposite. We even have reactive measures for sex in the morning after pill and abortion... These don't exist because they need to (I'm not trying to start a big debate on this topic)... they exist because knowing that the option is there makes people more comfortable.. This is all antivirus is... AV increases the users comfort level... It can provide added protection but it could also be a detriment (double-bagging always seems to be bad :P)... Life is full of examples of this...

To answer your question Raccoon.... there is no answer.

Should you rely on AV as your only line of defence... never.
Can you? Well lots of people do.. but it's still not proper..
Should you educate yourself and therefore negate the need for AV?... definately.

In the end.. ask yourself... 'Do I feel more comfortable using my computer while AV is running?' If you can answer that yes.... then run AV.... there's no reason why you shouldn't... However, if the answer is no... then there really isn't a need to have it hogging your resources...

Remember that it's just like sex... Know the facts and know what you're getting yourself into... and remember that every action has a consquence, be it good or bad... Make the choice that's right for you.

Peace,
HT

[allenb1963]

Well catch, it's clear to me that we all need to have our accounts banned, set you up as the "gatekeeper" (oh great and powerful Oz) and let you judge who is or is not worthy of AO membership. That way there will be no "newbs" to insult your intelligence or waste your time by asking questions that you already know the answer to. Then when you die, all security knowlege will be lost to the mists of time and the whole internet will be undefended.

Why should I be expected to devote my time explaining everything to security neophytes in order to boost their skill? I set them in the right direction, which is more than most people do (just set them off to the status quo).

You shouldn't.

But by the same token, if you came to me wanting to learn how to read blueprints and I replied with "Everything is numbered and lettered in sequence so if you know your alphabet and can count you can figure it out" you'd still be pretty well clueless, wouldn't you? But hey, I've set you in the right direction so I've done my part. Good thing I don't have to live in a house you've built.


I'll freely admit that you know more about security than I do...by far and away a helluva lot more. I'm even happy to admit I've LEARNED by reading some of your posts. But, and I've said THIS before...you come across as one of the most condecending (ie abrasive) people I've ever seen. If you've got a problem with us "stupid people" asking questions then stay the **** out of our threads...cause until you BUY AntiOnline, we've got as much right to be here as you do. The original owner set this site up as a place to learn about and discuss security. The tagline may have changed but the concept remains the same. Deal with it.


BTW...kudos to you, HTRegz....out of all the replies to the initial post, yours made the most sense.