first:
many new or technically inexperienced users read these threads and think it's okay to run a system without an AV. IT IS NOT okay. In the long run (or even not so long) you are asking for trouble.
I couldn't agree more. Unless you know what you are doing or feel confident that you can mop up any possible messes, people should use an Anti-virus, plain and simple.
aside from a single case of Virut, and yes, that is the proper spelling- I had no problems running without an active AV for the past 7 years.
Of course I did get the occasional infection, but as long as it's not a File infector (like virut/Sality) then for me it's a quick run of process explorer to suspend the tasks involved (all of them at once, since they generally "look out" for one another, if one get's killed it respawns it etc), then terminate them one by one, and delete the registry entries.
If that doesn't work then I just write down the names of the infectious files and reboot into recovery console and delete them.
The only reason this didn't work for virut was because it infected all my executables that I touched, which includes all the windows system dlls and executables. so I reformatted my system drive, reinstalled XP and then did a del /s *.ocx *.dll *.exe on my data drive.
problem solved
Now, of course, if I had an "active" AV I might have been able to stop the initial infection- And I won't contest that- but at what cost?
I'm sick and tired of "having" to run a million bloody programs in the background. In fact it is because I keep my process list trim that allows me to know almost instantly that I'm infected- and in 90% of cases, MBAM removes it all.
"how can you be sure?" you ask?
I know what keys to check. I know all the standard infection vectors. I don't need a program to say "your clean" I can do the same thing myself. most of the time I can just run PossumFix to get rid of the simple infections- but infections are so few and far between it's hardly worth the effort.
The key here- the virus HAS to get ONTO the PC somehow. the only way is through downloaded programs, or if I was to run IE....
if I was using IE, I definitely would not be running without a AV, otherwise I'd be infected quite a lot more often then I am now, browsing should not be something that can EVER do anything without consent. However, apparently when MS added ActiveX technology to IE3 they kind of forgot the fact that it's a Executable Binary that can do anything it wants... and it took,
three versions for it to be disabled by default.
the main problem I have with AV software is the maintenance cost. Updates. definitions. All of this has to be kept up to date. Why? Because AV software is just a glorified blacklist. Not only do
blacklists not work but there is the whole "in your face" attitude that AV companies seem to have. "hey, I just installed an update" I don't care. I shouldn't be notified when there is an update to a program that is essentially designed to stay up to date. Windows- yes, it get's away with it, since updates may contain driver software and other essentials that are core to the functionality of the PC. but the AV program shouldn't basically pop up and say it did what it was supposed to. Now if it was
unable to update, that would be an acceptable popup.
And let's not get started about the "changes" in recent iterations of AV software. Slow, slovenly performance bogged down by fancy graphics and flashy update screens. All of this in addition to their decision to not only show the aforementioned "update" notifications, but just in case I'm not looking, some of them will TELL me about it too. because apparently they are spending more time creating flashy graphics and sound then on making a heuristic analysis system that actually works.
I shouldn't be notified when something is working. I should be notified when it isn't. take the network connection as a prime example. unplug it- windows notifies you about it. Does it notify you through-out the day that the network connection is working? No, because it's not useful information- it's the way is should be. the day software has to notify the user that things are working as they are supposed to be is the day that they're apparently not supposed to be working- because it's not noteworthy otherwise. It's almost as if the PC itself would be amazed, "hey- this amazing- your network connection is STILL up!"
other posts:
http://www.codinghorror.com/blog/archives/000929.htmlhttp://www.codinghorror.com/blog/archives/000803.htmlto revisit though-
"I've never used an AV and never had a problem". First of all, I find it very hard to believe they've never had a problem unless they don't have an internet connection
This depends wholly on the definition of the word "problem", In my eyes- my approximately once every 5 months or so removal of some basic badly written and woefully inadequate piece of malware wasn't a problem. heck it wasn't even a challenge. Worst case scenario I lose a couple minutes or so rebooting into recovery console and deleting the affected files. (and restoring the originals if they were System files) and then taking a gander at the RUN and winlogon/Notify keys to delete the now missing references.