antivirus software

G

Guest

Should a person ever briefly disable their antivirus when they down load security updates...
wendy
 
J

Jupiter Jones [MVP]

Yes, in fact it is a good idea.
Also disable all other unnecessary applications.
Be sure to enable anti virus when completed.
 
B

Bruce Chambers

Greetings --

No, no, a thousand times, no.

Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
 
B

Bruce Chambers

Greetings --

I'd have to disagree in the strongest possible terms. I know of
no instance in which a properly designed antivirus application
interfered with an update.

Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
 
T

Todd Hobdey

I've never seen AV software interfere with updates, but I have seen it
interfere with software installations. At the very least it will cause
things like an Oracle install to take an order of magnitude longer to
perform.

My basic philosophy is that unless what I'm installing has a known issue
with AV software, I'll leave it running during the install. If it causes
installation problems I'll disable it temporarily. Not an ideal solution,
but you have to do what you have to do.
 
J

Jupiter Jones [MVP]

Whether you agree or not is not relevant.
I have seen this many times.
The fact is AV applications sometimes cause issues while installing
updates.
Whether it is the AV application alone or a combination with other
applications is elusive.
Most likely the second since not all users of an AV application have
the issues.

Since updates are from a known trusted source, there is no problem
disabling the applications unnecessary for the task...this includes
AV.
A great many Windows Update installation issues are prevented by
simply disabling the AV.
My self and others have recommended disabling AV and I will continue
to do so as long as there are no ill effects.

Since Windows update issues can be a problem and the risk from
temporarily disabling AV is minimal, it makes sense to prevent an
issue before it starts.
 
J

Jupiter Jones [MVP]

Your lack of explanation as to why you say no stands high and alone.
Why?
 
B

Bruce Chambers

Greetings --

I should have thought that it was obvious. Given today's
widely-publicized and well-known hostile Internet environment, only a
fool or a masochist would go on-line without _both_ a firewall and
antivirus protection. People really shouldn't need to be told to use
a firewall or an antivirus application, no more than they should need
to be told not to stick their hands into an open flame.

How many posts have we seen by people who got hit by Blaster,
Welchia, or Sasser the very first time they connected to the Internet?
There are 3 preventative measures they could have used: a firewall, a
good antivirus application, and all patches installed. Given the fact
that almost no-one thinks to turn on a firewall first, they're left at
the mercy of their antivirus software (which may well detect and block
virus-like behavior even if it doesn't have the very latest
definitions), or the very patches that they're trying to download and
therefore have not yet installed. Since I have _never_ seen an
antivirus application cause a problem during the downloading and
installation of hotfixes (or service packs, for that matter), and
since I've provided client support on networks where such patches (and
even applications, on occasion) are pushed out via SMS or ZenWorks to
hundreds of machines on a regular basis, I can't see any point in
removing a layer of protection just because something might
theoretically go wrong.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
 
J

Jupiter Jones [MVP]

Bruce;
Your first paragraph does not even apply in this situation.
We are not referring to surfing the internet.
We are referring to a trusted site, Microsoft.com.

I never even suggested disabling the firewall.
Your entire second paragraph assumes no firewall.
If they do not have a firewall, they have worse things to worry about
than what may happen because of the AV being disabled.
Especially since they are getting updates and may not have an update
that protects against a particular vulnerability.
I also have seen many catch Blaster, Sasser etc immediately after a
reload.
Never because lack of AV.
Always because of lack of properly configured firewall or appropriate
patches.
Since updates what is wanted and not currently installed, that leaves
the protection to the firewall.

If AV is disabled before installing updates, then enabled after
updating, nothing you said applies.

You are safe to download from a trusted site such as Microsoft.com
with AV disabled.
However some people download the patches manually and check for
viruses.
Then they disconnect from the network, disable AV before installing
updates.
As I stated before, I have seen far to many issues, many in the
Windows Update newsgroup, where the AV was the cause of installation
issues.
 
B

Bruce Chambers

Greetings --

That's not on the Internet? I'm not suggesting that Microsoft is
the source of any viruses, but a PC must be connected to the Internet
in order to reach Microsoft's sites.

Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
 
J

Jupiter Jones [MVP]

Bruce;
Obviously it is the internet.
But Microsoft.com is not a questionable site with questionable
content.
Since the firewall is keeping everything out, there is nothing for the
AV to alert.

As was already stated, the important thing is to have AV and other
unnecessary applications disabled during installation.
You can also download the updates, disconnect from the network
Then disable everything.
Since the network is disconnected, disable the firewall as well.
Install the updates, reboot to enable as necessary.
 
B

Bruce Chambers

Greetings --

Jupiter Jones said:
Bruce;
Obviously it is the internet.
But Microsoft.com is not a questionable site with questionable
content.
Since the firewall is keeping everything out, there is nothing for the
AV to alert.

You're assuming that the firewall is always enabled. It certainly
should be, but until new PCs start shipping with WinXP's SP2
pre-installed, this is an unsafe assumption.
As was already stated, the important thing is to have AV and other
unnecessary applications disabled during installation.

It's been stated, yes, but not proven. In fact, the assertion is
contrary to my direct experience and observation, over the past
several years.
You can also download the updates, disconnect from the network
Then disable everything.
Since the network is disconnected, disable the firewall as well.
Install the updates, reboot to enable as necessary.

Only under these conditions would I deem it safe to disable the
antivirus. Safe, but still unnecessary.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
 
G

Guest

Okay, here is my .02

I've only been in the IT industry for 16 years with a focus on security for
15 of them. I remember the days when we disabled AV for installations,
upgrades and updates but in today's world of threats and vulnerabilites it is
highly discouraged. Especially if the update or upgrade is done over the
network or internet. I don't care if it is a "trusted" site or not. There
is such a thing as application hooking. Look it up and then tell me if you
still think it is okay to disable AV for a download.

The only time I would ever recommend disabling AV is when you are installing
from a known clean disc and the machine you are installing to is disconnected
from the network.

I will gladly argue this further if you would like. But you better arm
yourself with facts about network threats and vulnerabilites, application
hooking, viruses and worms.
 
B

Bruce Chambers

chipmeister said:
Okay, here is my .02

I've only been in the IT industry for 16 years with a focus on security for
15 of them. I remember the days when we disabled AV for installations,
upgrades and updates but in today's world of threats and vulnerabilites it is
highly discouraged....


Not to mention, almost always completely unnecessary....

Especially if the update or upgrade is done over the
network or internet. I don't care if it is a "trusted" site or not. There
is such a thing as application hooking. Look it up and then tell me if you
still think it is okay to disable AV for a download.

The only time I would ever recommend disabling AV is when you are installing
from a known clean disc and the machine you are installing to is disconnected
from the network.


Agreed, in spades.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Is life so dear or peace so sweet as to be purchased at the price of
chains and slavery? .... I know not what course others may take, but as
for me, give me liberty, or give me death! -Patrick Henry
 
S

sarah5211314

The firewall of NIS is two-way. The easiest way to judge a procedure meets threats or not is Heuristic technique. This technique can establish a virtual host environment, inducing malicious procedure to reveal its true features. The heuristic technique of Norton is called Bloodhound. Bloodhound is Symantec's heuristic technique. Bloodhound will establish a virtual safe environment. In this environment the virus will reveal its features, but not affect the operation of the computer. But SONAR can only operate in the virtual environment. Once the virus enters into the real computer, "behavior defense technology" have to be used. Behavior defense technology will analyzethe doubtable procedure's behavior, and prevent in advance. SONAR is the best one. Most protection is very passive. However, Norton will defense actively.
http://www.antivirusprice.co.uk/
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top