In reply to a post by RiffRaff:

I would rather have a malware on my machine

What strange logic.

sure is. I know some security software can slow a machine down, Norton was one of the worse, but they are better now.

But, even a basic security software is better than nothing, I did use Comodo, but it have problems, so I have now gone back to Avast,

not really.

There seems to be an assumption been made that if one doesnt have real time file protection (an anti virus that scans everytime you do anything such as opening notepad.exe) then they going to be swamped with malware.

Essentially you dont need a software firewall if you have a router or hardware firewall, if a software firewall detects something dodgy going out then its too late you infected. That same infection can then of course control your software firewall, thats the reason I dont bother with software firewalls, its just downsides with questionable upsides.

This leaves http and email scanning, as well as document scanning, all these are covered by seperate modules in the best anti virus programs which leaves the real time file-scanning as a duplication that can have severe downsides.

The worse thing about all this is people buy into it, they will buy norton, kaspersky or whatever, turn everything on and think thats it job done. Malware bytes and some other programs will detect many things these anti viruses do not, so it pays to regular on demand scans with these programs.

So given that I have not been infected in over a 10 year period, any anti virus I have ran has only ever detected TWO viruses in a 10 year+ period from normal use (both over email) I think I would rather have the slim chance that I could pick up a malware, and then format and reinstall afterwards then put up with the slowdowns and incompatabilities of an agressive anti virus.

Many malware will typically be far less disruptive than an antiv virus program as well. Most malware is harmless.

I have known people who have caught viruses, all of them have kids, who install any software they come across, toolbars etc.

If you wonder what do I do if someone sends me a file over msn or irc or something similiar then the file is scanned using a on demand checker by myself.

Some anti viruses arent too disruptive such as nod32 v2.7 others are aweful, my dad runs norton and I expect a machine with 10 viruses on would run faster than his.

So yeah I prefer having malware (for a short period) then dealing with anti virus protection issues, however its not a choice I make since I dont get malware in the first place.

If I setup someone else's pc for them, I set them up with something like nod32 v4 everything turned on or if they not willing to pay for an av then avast (defenitly not comodo). I will then put something like spywareblaster in place on top of that and some adblocker combo. Tighten up their cookie/javascript/activex settings and tell them to use opera or firefox for browsing. Then hope for the best.

I myself I use nod32 v4 (recently just jumped from 2.7) with http/doc/email scanning enabled and on agressive settings, currently real-time file scanning is also on but is possible I will turn it off as I am already seeing things I do everyday been slowed down by it. Now I have configured it so it detects more stuff. Meaning my nod32 setup even without file scanning will detect more than a out of the box nod32 because out of the box advanced heuristics is disabled. In addition I block various malware links in my hosts file, disable a load of insecure activex stuff, tighten up my IE settings so only sites I add to my trusted zone can use javascript etc, use firefox with adblocker, use proximitron to block ads and dodgy code, manually scan anything I download, keep my software up to date, block all cookies without approval, all flash content will not play in any of my browsers without me approving it. My email is converted to text by default, and I do regular scans with both nod32 and malwarebytes. I do some other things as well and I expect I will be far less likely to get anything than joe bloggs who downloads big security package, turns it on and thats it. I also dont really use removable media much, anything burnt is what I burn myself and my usb stick is just used as a boot device and file backups.

So the question is since I scan everything that is inbound to my computer and I then run regular scans to check for infections, why do I then need to scan every file open/execute? There is a lot of FUD been spread around but again it is down to simply been aware of what you doing and how malware works.

Microsoft Security Essentials isnt too bad for a free program, I did find the performance impact too noticeable so wont use it myself now but will likely at some point start putting it on others machines if they not willing to pay for a better anti virus.

Everyone I know who has had an infection (not many people) all ran anti virus's with default settings. These apps do reduce the risk but thats it they dont protect against human error.

Edited by Chrysalis (Sat 17-Oct-09 12:22:29)

In reply to a post by Chrysalis:

Essentially you dont need a software firewall if you have a router or hardware firewall, if a software firewall detects something dodgy going out then its too late you infected.

Actually, that's a dangerous combination of arrogance and complacency.

A router (of itself) will not prevent an external attack. A hardware firewall, as found on most broadband routers, is intended to offer protection from an external attack only. It doesn't care what goes out from the internal network.

Having a software firewall helps to identify, isolate and prevent unauthorised or unwanted outbound traffic. The PC may not necessarily already have been infected; the outbound connection may be an agent "dialing home" in order to obtain the infective payload.

In reply to a post by Chrysalis:

So given that I have not been infected in over a 10 year period, any anti virus I have ran has only ever detected TWO viruses in a 10 year+ period from normal use (both over email) I think I would rather have the slim chance that I could pick up a malware, and then format and reinstall afterwards then put up with the slowdowns and incompatabilities of an agressive anti virus.

Like I said, complacent in the extreme.

In reply to a post by Chrysalis:

So yeah I prefer having malware (for a short period) then dealing with anti virus protection issues, however its not a choice I make since I dont get malware in the first place.

...that you know of...

I also installed the new microsoft security application on my laptop/vista and desktop/ xp. I am happy to report that so far no problems with my systems. In fact I removed Norton from my desktop despite having 3/4 month still to run. I am hoping to avoid the occasional conflict between applicatios and the antivirus software I had before.

and how can you get infected from from traffic going out from your own pc? as I said if something is doing that then it has already got itself on the computer and needs cleaning (infected).

The firewall would simply be either blocking or making it harder for it to communicate with its controller, but of course if its a good rootkit it can easily bypass the software firewall.

I am not complacent I just know that there is different ways to stop infection than real-time file protection and that real-time file protection on a/v that scans http/email is typically duplicated checking. In fact its complacent to think thats all you need to be protected.

Of course this is me, for others there is different scenarios such as when children would be accepting files over msn and on removable media.

Edited by Chrysalis (Wed 21-Oct-09 22:22:35)

In reply to a post by Chrysalis:

and how can you get infected from from traffic going out from your own pc? as I said if something is doing that then it has already got itself on the computer and needs cleaning (infected).

Not necessarily. Believe me I've seen it done; some form of applet is executed as a consequence of viewing a web page, this connects out to "home" and provides a mechanism for the PC to be compromised. HTTP scanning doesn't pick it up.

In reply to a post by Chrysalis:

The firewall would simply be either blocking or making it harder for it to communicate with its controller, but of course if its a good rootkit it can easily bypass the software firewall.

If a "good rootkit" is involved, your AV scans aren't going to be worth a lot anyway. But something is better than nothing, and if the firewall does alert to unusual outbound activity then it may help to catch things early rather than late.

In reply to a post by Chrysalis:

I am not complacent I just know that there is different ways to stop infection than real-time file protection and that real-time file protection on a/v that scans http/email is typically duplicated checking.

For all that it costs in terms of CPU time or memory usage, I'd rather have the "belt and braces" approach.

In reply to a post by Chrysalis:

In fact its complacent to think thats all you need to be protected.

I never suggest it was all that one needs, it was you who suggested it wasn't required at all!

In reply to a post by Chrysalis:

Of course this is me, for others there is different scenarios such as when children would be accepting files over msn and on removable media.

Of course, this is your view, and maybe it works for you. But it's dangerous to offer it to others as a strategy given that they may not be as "savvy" as you, may not appreciate the full extent of the risks out on the Internet, and that their PC may be used by other members of the family.

In reply to a post by Babylon5:

Of course, this is your view, and maybe it works for you. But it's dangerous to offer it to others as a strategy given that they may not be as "savvy" as you, may not appreciate the full extent of the risks out on the Internet, and that their PC may be used by other members of the family.

and this is why I deploy security software different configuration on other's machines (typically everything turned on that isnt going to cause compatability problems). I have never been arguing the point everyone should turn something off, just that there is a reason for some of us to turn it off.

Not necessarily. Believe me I've seen it done; some form of applet is executed as a consequence of viewing a web page, this connects out to "home" and provides a mechanism for the PC to be compromised. HTTP scanning doesn't pick it up.

If you trying to tell me a app can download over http not be picked up as a virus but then when it executes it is picked up as a virus then to me that can only be one of two things. Either the http scanner of the a/v is poor and not working properly (or not configured properly), or that the user has approved something to allow that app to be downloaded in a different manner perhaps not using the http port. (such as dodgy activex installation). Or even could be a bad browser configuration which is too lax.

Edited by Chrysalis (Sun 25-Oct-09 08:50:39)

Well, I keep seeing that there are new posts about Microsoft Security Essentials, and I have a look because I'm interested in what people have to say about that - but this thread seems to have become a largely unrelated duologue. Perhaps the duo concerned would like to change the subject title?

p

I think you're overreacting, they've made a couple of posts each on a discussion forum...