Anti Virus Discussion

[jchunk]

I use procexp, procmon, and auto runs to moniter. I don't truly trust the results of av scans. And the argument that UAC answers the Trojan problem is not accurate anymore. Viruses are being written to run in user mode now. I do use mbam, super anti spyware, hijack this every week so for good measure but i get so much more joy and security from digging under the surface and learning why something does what it does and were its going and what its trying to do. In fact viruses are the whole reason i got into computers. I didn't like things ruining my system that i didn't understand and in trying to understand i got sucked into the rabbit hole of information that is IT.
 So i guess i prefer the fire-walled secure network familiar with OS search for anomalies approach.

[BC_Programmer]

I use procexp, procmon, and auto runs to moniter. I don't truly trust the results of av scans. And the argument that UAC answers the Trojan problem is not accurate anymore. Viruses are being written to run in user mode now. I do use mbam, super anti spyware, hijack this every week so for good measure but i get so much more joy and security from digging under the surface and learning why something does what it does and were its going and what its trying to do. In fact viruses are the whole reason i got into computers. I didn't like things ruining my system that i didn't understand and in trying to understand i got sucked into the rabbit hole of information that is IT.
 So i guess i prefer the fire-walled secure network familiar with OS search for anomalies approach.

Some Other posts/threads:

http://www.computerhope.com/forum/index.php/topic,70980.msg749397.html#msg749397


http://www.computerhope.com/forum/index.php/topic,117649.msg782503.html#msg782503

Ahh here is the one I was originally looking for.

It is not possible to write most malware in a way that runs in a limited user account. Some malware can, but generally with severely limited functionality.

[jchunk]

  Quite a heated debate! http://technet.microsoft.com/en-us/sysinternals/gg618529 and http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA302 are my sources for my opinion, that coupled with the simple concept that malware authors will always evolve. Zero days threats and random key generation of existing threats compound the av scan issue. Flame was proliferated with a stolen certificate thus duping everyone for a while. My point is as i think you agree, is that intimate knowledge of a system and sound use of good tools will better equip one to mitigate new attacks. I to want control over my system and prefer  spending an evening hunting a treat than trusting a "quick fix" automated solution. AV is great for the masses but there's always an exception to the rule, and if that exception is on your system and all you know how to do is hit scan the game is already lost. The cloud and security are the new "boom" niches IT in my opinion and the more "paranoid" and eager to learn we all are the better we will evolve. Great links i'm going back now into the debate LOL!

[Allan]

Please do not use this tread to debate or argue the merits of your choices. Just post your preferences here. If you want to have further dialog about it please do so in a new thread. Thank you.

[BC_Programmer]

AV is great for the masses but there's always an exception to the rule

It boils down to people thinking they are above-average in this way. "I'm not normal, I'm TOO SMART to use Anti-Malware".

Mark Russinovich Wrote Process Explorer, Process Monitor, etc. I think it's safe to say he's a lot smarter than Either one of us and has a FAR more intimate understanding of the Internals at play when it comes to malware.

Being able to watch him apply that knowledge does not bequeath the viewer with that knowledge, anymore that watching a Chef prepare a world-class meal makes you a world-class chef. And- World-class chef's don't generally prepare world-class meals for themselves, either.

[patio]

At any rate if you get really good at stopping zero day threats and not having to rely on "quick fix" solutions we'll probably be reading about you in the cutting edge IT publications and you'll be a wealthy man...

[jchunk]

I'm definitely not claiming a deep understanding of internals, forensic analysis, or above average anything in relation to my skills. My opinion is based on the opinion of one who i highly respect, so im going to use his findings as a reference point in my learning and studies. I'M JUST cautioning over dependence on av scanners not demoting there important, sorry if that was not clear.
  To not use AV crazy, even if you had the forensic skills it like trying to build a house without a hammer or nails, I GET IT!

[Allan]

Split to separate thread for discussion.