Skip to main content

Is AntiVirus Software Really Necessary?

More
19 years 2 weeks ago #11639 by ZiPPy
Replied by ZiPPy on topic further
Could you guys go into more detail of why Unix systems don't need AV programs?


ZiPPy

ZiPPy
More
19 years 2 weeks ago #11644 by reaper
It's because Linux is more of a modular OS than Windows is, everything is based on modules. Also in Linux if you run a program you run it as an ordinary user mostly not root like you do in Windows. If you get control of one part of the OS it doesn't mean you can get control of the others because they don't have access to each other. These factors greatly enhance the security in Linux. Windows Vista will be the first Microsoft OS that will have the ability to install and run programs as a regular user, at least that's what the're saying :wink:
More
19 years 2 weeks ago #11663 by Rockape
Common sense and users :? Interesting concept, but in my own experience, doesn't happen too often.

I have both firewalls and AV software running on all my machines (Laptops and home machines). I don't find them in anyway inconvenient. With AVG, it updates the virus pattern the second I logon to the Internet, so I don't have to do any changes. ZoneAlarm does exactly the same. In addition, I have installed Microsofts (beta) antispyware, which again updates automatically. All of the above run in real time. And inform me if they find anything, and give me the option to deny the stuff access.

Back to user.

I look after some PCs at the Nursery that my wee boy goes to. None of the women in the place have any real computer skills, and therefore, would quite happily download virus after virus. I have setup ZoneAlarm and AVG to automatically update themselves. Since I have done this, they have had no more problems with their PCs. Prior to that, they used to have all sorts of strange things happening.

So, I would have to say that I'm firmly in favour of normal users having Anti Virus software installed. I also believe (personally) that as my time is precious. Anything that makes my life quicker and easier is a benefit. So, if there is something out there that will help look after my machines, great bring it on.

Cheers

Rockape
More
19 years 2 weeks ago #11667 by nske
Hehe talk about saved time! Yesterday I was called by a friend of my uncle because Norton A/V was poping "stupid messages" all over the screen, in all of the office's 5 workstations. In his despair he even bought and installed the new version of Norton, as well as did a full system scan but nothing changed and the results came clean. When I went there I, realized there was some sort of worm sending emails rapidly, the connections for which the NAV proxied and popped the information "scanning" message. All of the emails were found clean btw. At first I tried to find and kill the worm to stop this mess, before I try to clean the systems. However that proved impossible, using Foundstone's Fport only the Capp program of Norton was visible and conducting email activity and no suspicious process appeared on the task manager. Also, no suspicious process was loading on startup through the registry or otherwise.

Anyway, I just switched off outgoing email scanning from norton and proceeded to make a full system scan confident that Symantec's 200-pound gorilla would smash the tiny little piece of sh.. eh malicious code that was screwing the network!
But dr. Norton had other plans.. The definitions were old and the LiveUpdate software was failing with a "no connection" error, no matter how many times I reinstalled the suit. Even worse, the "Worm Protection" option was disabled and could not be activated by Norton. No matter what, I downloaded and installed manually the latest definitions and live update program and proceeded to do a full system scan. Live update worked right after I installed it's new version, full system scan came after an hour with "21 Virus threats" that were cleansed.
I rebooted with a smile, expecting to return home soon... After the reboot everything seemed fine, live update was working, "worm blocking" was active and "protection center" did not complain for anything other than the disactivated outgoing email scanning option. Well, once I activated it.. same old story! An other full system scan returned clean, all other manual checks came ok. no suspicious proccess was reported to run, but the worm was running and laughing the hell on NAV's face :P

Time was 19:00, I'd been wasting my time for more than 6 hours and everything were on the same petty status I found them (well I don't know what the 21 virii were about, at least they where stealthy :P). I added a drop rule to filter out all smtp traffic, suggested the owner to find a real windows expert to clean the systems (good luck on the poor guy!) and went on my way wondering why although I don't use windows personally, I always find myself wasting so much time trying to fix windows systems. It must be the Microsoft curse to non-windows users.. :P

Long story, short lesson:
Every day there are about 100 or more new virii released. In a play-ground OS like windows, any of them can infect you in a moment of vulnerability, and get so deep into your system that you just can't remove it. You can't rely on any software for protection, common sense is your best chance!
More
19 years 1 week ago #11752 by ZiPPy
Replied by ZiPPy on topic so
NSKE, so would you recommend Norton as a A/V to use, or maybe I should take a look at something like Kaspersky? I am looking for a good A/V other than Norton or McAfee, or maybe you recommend I stick to one of those.

But I do agree with you about common sense. But for some reason, correct me if Im wrong, common sense isn't always around for some reason. :lol: I hope these worm and virus creators are having fun, because when I get them or you get them, we surely aren't having fun. But like our moms have always told us, or at least mine, "what goes around comes around"


ZiPPy

ZiPPy
More
19 years 1 week ago #11765 by sahirh
I find a/v software completely useless these days. Even when updated frequently, they are useless. Here's why:

1. Worms -- Infection vector is vulnerabilities (so that means you missed patching) or weak file shares (so that means you didn't harden the box).

2. Custom malware -- Your a/v won't catch this stuff at all

3. Rootkits -- Hahahaha, see the point above

4. Browser based -- This means you use an insecure browser, or didn't update it, or just have bad surfing habits.

Thus you can see that if you:

1. Patch regularly, automatically, and update your software.
2. Take basic precautions such as using an admin password (sheesh, this one is terrible, it shames me to write that ;))
3. Act smart when surfing

You should never get a virus.
If you run around downloading arbitrary binary files and running them for fun, you might get burned though :P

Of course, it never hurts to have the extra protection.

Oh, heck mate, just use Linux ;P

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.146 seconds