Is AV software necessary?

[john]

For some time I've been questioning the use of AV software. I work in IT
support and I really couldn't count the number of perfectly good Windows
installations I've seen borked by Norton AV or any of the other bloated
virus suites. The performance hit from installing these things with
always-on protection is lamentable, both in terms of boot up time and the
general responsiveness of the OS, and for what?

Thesedays, viruses spread faster than the AV companies could hope to
spread updated virus definitions. So for a critical length of time, AV
software is completely powerless to protect your system when any
particular worm or virus is at its peak on the Internet.

AV has disappeared from my home machines and - guess what? - no viruses.
This is because

(1) I login to the systems as a limited user, not the administrator
(2) I don't open email attachments
(3) I don't download, install or run software from disreputable websites
(4) I don't use IE or OE - these programs are virus distribution clients
(5) I use an ADSL firewall router and not an ADSL modem

My opinion is that AV software fixes nothing that common sense couldn't
fix. Common sense has the additional advantage that it doesn't turn my
512MB P4 system into a 64MB P2 with an endlessly grinding hard disk.

Nevertheless, at work, I still have to deal with the endless problems
caused by AV software. I still have to knowingly cripple nice, clean
installations by installing Norton bloatware. I still have to mess around
ensuring that the AV definitions are up-to-date, even though essentially
they will always be out of date when it really matters.

Is AV software necessary? IMO, no. It should be avoided like the plague.

 

[Roger Abell]

Hi John,

My own experiences and mostly, opinions, follow those
you have expressed.
These days one needs to set the corp AV updater to check
almost hourly and distibute immediately changes to the sig
files and engines.
I find a number of commercial (mostly the big names) AV
products are pure dogs, bloated hogs that gobble up a system
and are all too eager to get in the way of anything they should
be able to recognize as allowed to go full-tilt without any
meddling.
I have also found some AV is much more light-weight, but it
is still there waiting to "blow up" or "blow something up"
at just the wrong moment.
I have one of my heavy use (for internet access) systems set
with no AV as an experiment (actually a hold over, as I
resisted using any auto-start AV for year after other called it
a necessity due to the infectous nature of the network) and
I have not been infected. In fact, know on wood, I have never
had a system infected, not ever.
Your 1,2, 3 is about all there is to it, well, one actually can use
IE/OE if you set things (like ActiveX) to disabled (or prompt
and then use good, common sense).
The problem is that your 1,2,3 is beyond the ability of most
people to enforce on all users of their machine ;-(

 

[john]

Your 1,2, 3 is about all there is to it, well, one actually can use IE/OE
if you set things (like ActiveX) to disabled (or prompt and then use
good, common sense).
The problem is that your 1,2,3 is beyond the ability of most people to
enforce on all users of their machine ;-(

True. Although I'd like to kick Microsoft in the gonads for (1) since this
should never have been an issue. In Linux, you use a limited account as a
matter of course and running as root is simply inconceivable.

 

[Guest]

I disagree with the linux comment, thats a USER CHOICE.
granted, most linux users will not run as root, but then
again, most educated windows users will not either. But
the pretense is that linux is better somehow, when really
its so hard to use that only experts bother, making the os
safer from stupidity, coupled with its being unpopular
enough that virus writers dont really bother to attack
it. (I dont dislike unix, but the community hype against
windows is amazing, when their os cannot even begin to
recognize most modems, printers, and modern hardware
including tapping the real features of graphics cards,
sound cards, etc. No os is perfect folks...)

OE is fine if you turn of the 'preview' and/or view all
messages as text only. I have never caught a virus from
it. IE is a mess, almost unusable.

I use a free virus program, mainly to block common virus
activities(modify boot sector, etc) as compared to
catching a specific virus. I dont run the full disk check
unless I have a problem and dont even update the
definations often. The final blocker of most worms and
stuff is my router, which rejects a lot of the senseless
commands that a hard IP computer would execute (it has a
firewall of sorts, older model).

I dont run the "big" AV stuff, but among freeware
protection, the software firewalls have given me more
trouble than AV, because it takes a fair learning curve to
get them to let the "good" stuff in and keep "bad" stuff
out. A delicate balance, mine is off most of the time.

 

[Unknown]

Finally someone with intelligence. I agree with you 100%. I have never had a
virus and have never used an AV program. Following these newsgroups, I see
thousands of problems caused by AV programs rather than preventing problems.

 

[MS]

It's true, you don 't "need" AV, however finding such an
opinion and supposed experience from a supposed IT Pro is
definitely "interesting". Either most of those peeps don't
access the 'net and are very lucky, or they are real newbies
with little real world experience.
In general, problems resulting from AV (and other SW) are
usually unnecessary and easily prevented. Norton and McAfee
run great and have excellent records/histories.

It will be futuristically interesting because it won't be
that long before each of these folk are back, asking whether
it's a trojan, worm, virus or adware problem, if they get
enough experience, and whining about how awful Microsoft is
because it created an OS that is so widely used that it's
the target of any intelligent digital crook and mud slug.
It's like blaming your car mfg for selling you a car that
crooks like to steal, or leaving the car sitting at the
curb, unlocked.

See ya later fellas.

 

[Unknown]

You think they'll be back before long? I doubt it. They have the right idea
and procedures. I'll be willing to bet they'll have far fewer problems than
others using Norton or McAfee. I haven't ever had a virus, trojan.or worm and
I don't use any of the Norton or McAfee junk. You state Norton and McAfee run
great and have excellent records/histories. I think that is absolute hogwash.
Just read all the problems in these newsgroups caused by them. Users are even
warned to shut them down when updating or downloading. Post where you get
their excellent record data.

 

[D.Currie]

For some time I've been questioning the use of AV software. I work in IT
support and I really couldn't count the number of perfectly good Windows
installations I've seen borked by Norton AV or any of the other bloated
virus suites. The performance hit from installing these things with
always-on protection is lamentable, both in terms of boot up time and the
general responsiveness of the OS, and for what?

Thesedays, viruses spread faster than the AV companies could hope to
spread updated virus definitions. So for a critical length of time, AV
software is completely powerless to protect your system when any
particular worm or virus is at its peak on the Internet.

AV has disappeared from my home machines and - guess what? - no viruses.
This is because

(1) I login to the systems as a limited user, not the administrator
(2) I don't open email attachments
(3) I don't download, install or run software from disreputable websites
(4) I don't use IE or OE - these programs are virus distribution clients
(5) I use an ADSL firewall router and not an ADSL modem

My opinion is that AV software fixes nothing that common sense couldn't
fix. Common sense has the additional advantage that it doesn't turn my
512MB P4 system into a 64MB P2 with an endlessly grinding hard disk.

Nevertheless, at work, I still have to deal with the endless problems
caused by AV software. I still have to knowingly cripple nice, clean
installations by installing Norton bloatware. I still have to mess around
ensuring that the AV definitions are up-to-date, even though essentially
they will always be out of date when it really matters.

Is AV software necessary? IMO, no. It should be avoided like the plague.

AV software may not be necessary IF you can operate your computer in a
completely risk-free manner. But some people can't (or won't).

For instance, I know better than to open attachments from strangers, but it
wasn't that long ago that I found a Word macro virus embedded in a document
I was expecting from a known source. Without AV software, I wouldn't have
known about the virus. There's no way I can get around opening those sorts
of files unless I have people mail the documents to me, and I retype them,
or scan and OCR them, and I'm not about to start doing that.

That's an example that might apply to common users. But even more critical
for me is that I repair other people's computers, and there are plenty of
times when I have to attach their hard drive to my test machine (to copy
files off of a non-booting drive, for instance) and there have been plenty
of times that my AV software has alerted to viruses on their drive.

And although plenty of people claim that they never open attachments, etc.,
I clean off a lot of viruses, and I can pretty much guarantee that the
majority of those computers either don't have AV software or they have
expired AV software. The rare one with up-to-date software usually comes in
with the complaint that they know they have a virus, but they just can't get
rid of it, and those will usually have one virus as opposed to the multitude
that are on the unprotected computers.

If you know enough about computers, you'll know what processes are supposed
to be running, what seems suspicious, and how to protect your computer. But
most users don't know any of that. They install "free" software that's laden
with spyware, they click on attachments because it came from a friend, and
they have no interest in learning any better. So AV software provides a
necessary layer of protection.

Oh yeah...and you probably have your files backed up so that if something
sneaks in, you can reformat your drive and start over without much pain.
Most people have no idea what they'd do if they had to start over.

 

[billh]

I use AVG free AV ware and prior to that I used McAfee and found that their
impact on my systems performance to be negligible for my purposes. I get
less than 1 virus per year even though I don't practice paranoia computing.
I use IE because every site works with IE, I use Outlook because it works
just fine for both mail and newsgroups and they gave it to me with the OS. I
open attachments when I get them from friends without phoning them up and
asking if they sent it intentionally.That's real progress - phoning people
up to confirm or deleting what they sent you! I run with ActiveX enabled
because I got sick and tired of messages popping up on sites telling me that
it may not display properly etc.

IMO, Microsoft had the right idea. Make the damn computer easy to use so
anybody can operate it without wondering what port 80 is. You don't need to
know how an automatic transmission works to drive a car and that's the way
computers should be. Unfortunately, there seems to be a bunch of social
misfits more intent on disrupting computers than automatic transmissions.

I consider running AV ware to be worth any minor bother.

Billh

 

[Gordon]

For instance, I know better than to open attachments from strangers, but it
wasn't that long ago that I found a Word macro virus embedded in a document
I was expecting from a known source.

I seem to recall seeing a statistic somewhere recently that something like
70% of all infected attachments come from known sources - rather like most
murders are committed by people who know the victim!

 

[joust in jest]

If, as you insist, AV is wholly unneeded an problem inducing, rather than
waste your time venting on a MS new user newsgroup, put your words into
action:

Remove NAV from your workplace. If you haven't the authority to do so
directly, bring your evidence and your arguments to the IT Director. Your
arguments, being so well reasoned and logical, will easily win them over to
the rightness of your cause.

steve

 

[David Candy]

I don't use it. But only advanced users can get away with this. I don't agree with 1, 2 (I can tell what is and isn't a virus), or 4 on your list. For 5 I use the inbuilt firewall which is good enough.

 

[MS]

You think they'll be back before long? I doubt it. They have the right idea
and procedures. I'll be willing to bet they'll have far fewer problems ...
Just read all the problems in these newsgroups caused by them. Users are even
warned to shut them down when updating or downloading. Post where you get
their excellent record data.

....
Hmm, for a moment I was tempted to actually respond to you
as you asked, but your comment

"Users are even > warned to shut them down when updating or
downloading"

reveals your ignorance and the shallowness of your
knowledge, if any, on the subject. Either that or it
reveals an idiot who likes to argue for the sake of
arguement, which is fine with me. Or, I suppose another
alternative is that you never connect to the net, don't use
email, and never install any software.
You're certainly allowed to have your opinions, but you
will regret forming those opinions based on ignorance and
not even enough kjnowledge to be dangerous. It would
behoove you to do some research based on facts and to stop
listening to others who speak with as little or less
knowledge than even you. Being a follower will hurt you in
the long run.

Pop

 

[MS]

That's a good synopsis, and I agree. Might I also add the
common possibility of spam viruses sent in dictionary
attacks? Even the most immune systems have been targetted
and caught by them, unfortunately.
Unfortunately, these discussions are with a closed minded
person who asked a question full well knowing it was stupid
and who will not listen to any advice since that wasn't its
intent. IMO, anyway. Seems like it's troll-feeding season.

Pop

 

[MS]

I use AVG free AV ware and prior to that I used McAfee and found that their
impact on my systems performance to be negligible for my purposes. I get
less than 1 virus per year even though I don't practice paranoia computing.
I use IE because every site works with IE, I use Outlook because it works
just fine for both mail and newsgroups and they gave it to me with the OS. I
open attachments when I get them from friends without phoning them up and
asking if they sent it intentionally.That's real progress - phoning people
up to confirm or deleting what they sent you! I run with ActiveX enabled
because I got sick and tired of messages popping up on sites telling me that
it may not display properly etc.

IMO, Microsoft had the right idea. Make the damn computer easy to use so
anybody can operate it without wondering what port 80 is. You don't need to
know how an automatic transmission works to drive a car and that's the way
computers should be. Unfortunately, there seems to be a bunch of social
misfits more intent on disrupting computers than automatic transmissions.

I consider running AV ware to be worth any minor bother.

Billh

100%. I have never had
a

....

There can be one tiny grain of truth in the "hit" one can
take from NAV and McAV and that's where the user installs it
and then goes completely off the deep end where, without
bothering to RTFM, they turn on scanning every bit that
changes state in the computer. These are the folks that
never take the defaults and never rtfm because it's not
"macho".

FWIW, you are a refreshing voice in the sea of chaos. Well,
relatively speaking anyway ... <g>.

Pop

 

[MS]

LOL!! Thanks! Enjoyed that!

Pop

If, as you insist, AV is wholly unneeded an problem inducing, rather than
waste your time venting on a MS new user newsgroup, put your words into
action:

Remove NAV from your workplace. If you haven't the authority to do so
directly, bring your evidence and your arguments to the IT Director. Your
arguments, being so well reasoned and logical, will easily win them over to
the rightness of your cause.

steve

 

[Greg R]

I disagree with the linux comment, thats a USER CHOICE.
granted, most linux users will not run as root, but then
again, most educated windows users will not either. But
the pretense is that linux is better somehow, when really
its so hard to use that only experts bother, making the os
safer from stupidity, coupled with its being unpopular
enough that virus writers dont really bother to attack
it. (I dont dislike unix, but the community hype against
windows is amazing, when their os cannot even begin to
recognize most modems, printers, and modern hardware
including tapping the real features of graphics cards,
sound cards, etc. No os is perfect folks...)

OE is fine if you turn of the 'preview' and/or view all
messages as text only. I have never caught a virus from
it. IE is a mess, almost unusable.

I use a free virus program, mainly to block common virus
activities(modify boot sector, etc) as compared to
catching a specific virus. I dont run the full disk check
unless I have a problem and dont even update the
definations often. The final blocker of most worms and
stuff is my router, which rejects a lot of the senseless
commands that a hard IP computer would execute (it has a
firewall of sorts, older model).

I dont run the "big" AV stuff, but among freeware
protection, the software firewalls have given me more
trouble than AV, because it takes a fair learning curve to
get them to let the "good" stuff in and keep "bad" stuff
out. A delicate balance, mine is off most of the time.

My programs won't run on a limited accout. So I have use admin.
account.

Greg

 

[Ron Martell]

For some time I've been questioning the use of AV software. I work in IT
support and I really couldn't count the number of perfectly good Windows
installations I've seen borked by Norton AV or any of the other bloated
virus suites. The performance hit from installing these things with
always-on protection is lamentable, both in terms of boot up time and the
general responsiveness of the OS, and for what?

Thesedays, viruses spread faster than the AV companies could hope to
spread updated virus definitions. So for a critical length of time, AV
software is completely powerless to protect your system when any
particular worm or virus is at its peak on the Internet.

AV has disappeared from my home machines and - guess what? - no viruses.

This is okay in your case because you have sufficient computer
knowledge to understand the problem and to know how to protect
yourself. However for at least 99 and 44/100% of the other computer
users out there (or at least those that come into contact with through
my business) this is not the situation and they need all the help they
can get. Very often this is just to protect them from the
consequences of their own deliberate stupidity.

This is because

(1) I login to the systems as a limited user, not the administrator

Okay except that in Windows XP certain functions and activities
require administrator level permissions.

(2) I don't open email attachments

I do, but not automatically. I save them first and then scan them
with antivirus. I have to receive attachments because of my business.

(3) I don't download, install or run software from disreputable websites

How do you determine that a website is "disreputable"? Especially one
from a new vendor or manufacturer?

(4) I don't use IE or OE - these programs are virus distribution clients

I have to use IE and OE, at least occasionally, because I must
maintain familiarity with it so as to be able to support my clients
who do use it. As you can see, I use Agent for my main newsgroup
work.

(5) I use an ADSL firewall router and not an ADSL modem

I have a separate router (Microsoft MN500) with NAT connected to my
ADSL modem. It has never failed me.

My opinion is that AV software fixes nothing that common sense couldn't
fix. Common sense has the additional advantage that it doesn't turn my
512MB P4 system into a 64MB P2 with an endlessly grinding hard disk.

There are a number of antivirus products that are reliable, frequently
updated, and which do not have the "who dropped the anchor?" effect on
computer performance. AVG and eTrust are my personal favorites in
this regard.

Nevertheless, at work, I still have to deal with the endless problems
caused by AV software. I still have to knowingly cripple nice, clean
installations by installing Norton bloatware. I still have to mess around
ensuring that the AV definitions are up-to-date, even though essentially
they will always be out of date when it really matters.

Is AV software necessary? IMO, no. It should be avoided like the plague.

Norton 2004 *is* a virus.

Good luck


Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

"The reason computer chips are so small is computers don't eat much."

 

[Lil' Dave]

Really depends on what and how you use the PC as well. And, all it takes is
one mistake in one's precautions to introduce a virus. And, its seems every
few months, another method is found to sneak a virus or bug in the system.
You against real-time bug-stoppers too?
How about a software firewall that prevent nasties from sending data out
your system?
Who logs on as the administrator as you said you never do?
Won't respond to your troll on virus definitions.

 

[Lil' Dave]

Yep. There's many out there using such AV software. How you determined a
large majority have problems, I don't know. How you determined these
problems were not root user problems, I don't know. How you determined that
one or two widely used AVs that may cause problems, is also true for all, I
don't know.

Saw this 70's model Ford pickup lose its tire and wheel going down the
highway the other day. What can you conclude about the maker of the truck,
trucks in general, tires, wheels, and highways using the above statement?
Nevermind, I don't want to know.

You sound like people I've heard that say its safe to drink and drive as
long as you use the proper precautions.