Solved

Do I really need an antivirus software?

Posted on 2006-11-14
41
580 Views
Last Modified: 2010-08-05
Personally, I truly don't see the point of having an antivirus software installed. Can somebody explain to me how, by having it install, would it reduce my chance of getting an infection??? It's not immunization, is it?

To have a good firewall, a spam filter, a email filter is way more useful than the AV.
0
Comment
Question by:PaperTiger
41 Comments
 
LVL 9

Accepted Solution

by:
JamesTX10 earned 66 total points
ID: 17939224
Hi PaperTiger,
Why have air bags in a car? Good driving, good brakes, and seat belts will prevent injury. Right?

the more things you have protecting you the better you are. I would not pass up AV software as the system usage of the AV program is worth the time saved if you did get a virus.

JamesTX10
0
 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 62 total points
ID: 17939285
Is your 'email filter' not already an antivirus? I think it is.
Then what you are probably asking is active scanning on the desktop. This is indeed immunization. But remember, nothing is perfect or absolute.
You could choose to not having an active AV on your desktop, but I would only do it under the following conditions:
- You are using best practices. Running with least user priviliges (no admin!)
- You have an active antivirus on your gateway.
- You are very certain that nothing will slip in, in other ways (notebook users, memory sticks, rogue acces points ...)
- You are willing to take the risk.

J.
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 62 total points
ID: 17939298
Don't do it.  When you get infected, you can curse yourself for not using one.

Antivirus software protects you ("immunizes") from any threat the virus definitions are aware of.  It can then protect against SOME viruses, through hueristics, that the definitions aren't aware of.  We all know that SPAM filters are not 100%.  Nor are Firewalls.  Got a friend who comes over and might be a USB flash drive?  Floppy disk?  Do you ever buy software - it's not unheard of for a vendor to get an infection and distribute it in their software unwittingly.  (It is rare, but not unheard of).  

You do what you like... You may be ok - if you don't do stupid things and get lucky... you might never see a message that a virus was caught.... but what if the one day you let your best friend 'MetalTiger' come over and and write up a resume and while they do that, they check their email, download an infected jpg image and next thing you know, all your documents are gone?
0
 
LVL 8

Author Comment

by:PaperTiger
ID: 17939326
No no, you guys misundersood. The keyword here is "prevent". The current antivirus is a cure, if that. Not really to prevent.

The email filtering is NOT antivirus. All it does is to drop every executable attachment.

The airbag anology is not good because airbag prevents you from getting hurt. Does AV software prevent me from being infected?

0
 
LVL 9

Expert Comment

by:JamesTX10
ID: 17939345
YES. If your AV is working good then it will prevent MOST (read - not all) infections.

JamesTX10
0
 
LVL 8

Author Comment

by:PaperTiger
ID: 17939384
Guys, not true. AV software does NOT stop infection!!!! it merely REMOVES the infection AFTER you get infected. This is a very critical point!!!!
0
 
LVL 9

Expert Comment

by:JamesTX10
ID: 17939408
I would disagree.

AV catches the virus once it is on you but before it is activated. Much like washing your hands helps you to not get sick. It does not prevent germs from getting on you but it kills them before they can attack you.


JamesTX10
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 17939427
Sorry PaperTiger, I must disagree with you.
James is right.

J.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 17939441
PaperTiger, your point is only true when you use only planned scans, not when you use active monitoring or realtime scanning (or whatever a AV vendor wants to call it).

J.
0
 
LVL 8

Expert Comment

by:jako
ID: 17939479
PaperTiger, You may have a point. Once I was a client of S******c and used their N****n Antivirus product. Since it's not the most efficient software written (one might think about the opposite) it hogged the resources on the computer I thought was mine. About 4 years ago I finally came to my senses and switched away to a better antivirus and prevented it from running in the background.

BUT: In exchange to the CPU cycles I won I now have to be extra careful scanning stuff manually whenever there is doubt or the faintest of possibilities that smth might be infected. I also polished my backup schedule and backup retention.

Remember the "Security vs Usability" chart? The same function applies to the "Having an Antivirus Transparently Scanning All Your S**t vs Worry About the Virii" :D
0
 
LVL 8

Author Comment

by:PaperTiger
ID: 17939619
Even if the virus comes over the network share?
0
 
LVL 8

Expert Comment

by:jako
ID: 17939662
it doesn't come over the network share. I have my firewall locked down and all the other pieces of equipment in my home run some form of GNU/Linux :D

but yes, you have to be ever watchful if you intend to move from the "Having ..." end in the aforementioned chart and thus the worries. It is easy to figure out. try it for a day or two. If you find the worries troublesome, you need the antivirus to alleviate them ;) It is all about the comfort point. Alas, the comfort point often shifts with the first incident :P
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 17939808
Antivirus software scans whatever file you are about to access to confirm it is not a known or suspected virus.  It acts like a crossing guard that checks for oncoming cars before it allows you to cross the street.

Viruses appear in many different forms - word macro, boot sector, email, etc.  But in each case I'm aware of, before they can run, they must be "unpacked" from a file somewhere... the antivirus software, when you ask to access ANY file, scans it to confirm it is not a virus.  Then the passive scans check for viruses that may have been placed on your computer through other means.
0
 
LVL 19

Expert Comment

by:simpswr
ID: 17939892
Just spend a few days surfing the web without an antivirus and decide yourself if it is worth having
0
 
LVL 8

Author Comment

by:PaperTiger
ID: 17939934
I am running a company with more than 300 computers across NA. Since I took the position 4 years ago, there has never been even one incident of virus in our company.

0
 
LVL 34

Expert Comment

by:PsiCop
ID: 17940199
Do you cancel your life insurance because you haven't died recently?
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 17940215
Lets see how fast you can lose your job - dump the antivirus software.  I was part of a company of 1000 employees, 600 using PCs.  We went 4 years without an outbreak... then got hit... THANKFULLY, we had McAfee and the updates came out quickly.  We were cleaned and back to "normal" without a major long term outage... then we were hit again I think 2 months later.  But then clean the next 5 years.  And this was at a research institution/university type setting where the IT department has little control...

Yet other companies, like the one I consulted for 2 months ago and a different one 4-5 years ago were hit (both using Symantec and NOT what I recommended).  One was of 25 people the other of 100 people.  

for yourself, if you want to risk it at home, go ahead... but it's foolish to risk it in a business environment - especially a large business environment.  "Penny wise and Pound foolish" not using AV software at all.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17940347
> Can somebody explain to me how, by having it install, would it reduce my chance of getting an infection???

No.

> It's not immunization, is it?

No.

It is detection, diagnosis, after the fact.

If you are in habit of getting strange emails from strangers that have unknown attachments that you actually want to execute on your machine with superuser privilege, then a virus scanner could be used first on the specific program that you want to run.

If you are in the habit of loaning your PC to 10 idiots a weeks then you might really want to scan the unit when you get it back.
0
 
LVL 24

Assisted Solution

by:SunBow
SunBow earned 62 total points
ID: 17941292
PaperTiger > To have a good firewall, a spam filter, a email filter is way more useful than the AV.

Disagree just a little. Number one is to upgrade ASAP since the malware increases as soon as the vulnerability (patch|upgrade) is announced. Second is that firewalls can be overrated, overtrusted, yet they do remain critically essential, just ensure you get the kind that works in both directions, not just the inbound, and remember HW better than SW, specialist better than the suite provider. eMail filters are not that great, about as bad as spyware and adware defense, so I'd place anti-virus ahead of spam defense. If the AV does both, so much the better.

But the concept of continually scanning your system every minute is really too redundant, can be counterproductive, and further, in my experience at work and at home, there's been more downtime due to the antivirus package than due to the virus.

JamesTX10 > Why have air bags in a car? Good driving, good brakes, and seat belts will prevent injury.

You miss the point that A/V is not a protection, not a prophilactic, it is detection, like going to a doctor who has invested in a stethoscope to find out why you are coughing and sneezing.

> the more things you have protecting you the better you are.

again, not a protector

>  I would not pass up AV software as the system usage of the AV program is worth the time saved if you did get a virus.

Not in my experience, where the AV means downtime, as time marches on.

The deal is, what to do once infected, and you do not need A/V for that, you need first the backup/restore and disaster plan.

PowerIT > Is your 'email filter' not already an antivirus? I think it is.

Not as worded. Spam is not virus, even if typical defense is similar (such as filtering by subject, essentially by string like A/V do for detection). Either way you do get false positives and red herrings, and need to address that up front as well, or end up losing more than you gain.

> active scanning on the desktop. This is indeed immunization.

Not. Other than for opening some programs that have already been scanned.

> - You are using best practices. Running with least user priviliges (no admin!)

:-))     Bingo!

Too many like to spoil themselves and be superuser all the time, which MS has always encouraged. No other OS is like WIndows in attracting the that. Major rule for going on net is, to NOT be giving away superuser privilege.

> - You are very certain that nothing will slip in, in other ways (notebook users, memory sticks, rogue acces points ...)

Agreed, if you support many people, beware of those "self-important" people in the front office who know a little, but enough to break the corporate network

> - You are willing to take the risk.

Sure thing - at home. Major difference at the office where too much is missing in terms of control. I had companies like MCI continually sending viruses even after warning them and getting some of their systems patched, their reluctance was to stop the source.

leew > Don't do it.  When you get infected, you can curse yourself for not using one.

That's ok too. Learn by mistakes, like when we forget to make a backup right before deleting that very important file.

> It can then protect against SOME viruses, through hueristics, that the definitions aren't aware of.

I do not know of (popular) one that has any heuristics worth thinking about, other than to beware of (like when they delete the OS).

>  it's not unheard of for a vendor to get an infection and distribute it in their software unwittingly.  (It is rare, but not unheard of).  

Yes, unheard of, forget about it. I've personal experience and it happened to be when I was finally 'sold' that virus was no longer a toy but was becoming major issue. Thanks to MS that trend has continued

>  but what if the one day you let your best friend 'MetalTiger' come over and and write up a resume and while they do that, they check their email, download an infected

and - jpg's & txt's should not be carriers. But along those lines, the upgrades from MS take too long, and are too frequent, that about two years ago the process was completed to enable an infection to occur while you were getting the update to stop it. Boo! Still an issue.

PaperTiger > Does AV software prevent me from being infected?

JamesTX10 > YES. If your AV is working good then it will prevent MOST (read - not all) infections.

Not in your lifetime! <sorry>

PaperTiger > AV software does NOT stop infection!!!! it merely REMOVES the infection AFTER you get infected. This is a very critical point!!!!

Actually, as a detector, the removal part is optional. and from product to product may be somewhat incomplete, leaving some users here to question, to shop around.

jakopriit > Since it's not the most efficient software written (one might think about the opposite) it

Most popular, and good in many ways, I do agree. They also do not always clean well, even when told to, even when under major contract (with obligations)

>  I also polished my backup schedule

:-)

leew > Viruses appear in many different forms - word macro, boot sector, email, etc.  But in each case I'm aware of, before they can run, they must be "unpacked" from a file somewhere... the antivirus software, when you ask to access ANY file, scans it to confirm it is not a virus.

Nice thought, but I've also taken virus and moved them around and the scanner refuses to continue to ID them, givent their expectations and anticipations.

simpswr > Just spend a few days surfing the web without an antivirus and decide yourself if it is worth having

Been there/done that.  

PaperTiger > Since I took the position 4 years ago, there has never been even one incident of virus in our company.

:-))

You have a network of good employees. Get them to help you draft the next 'good practices' memo.

A BTW, most of the newer ones affect only newer releases of MS_wares, so you might be also telling us your people specialize in running older programs.

leew > for yourself, if you want to risk it at home, go ahead... but it's foolish to risk it in a business environment - especially a large business environment.  "Penny wise and Pound foolish" not using AV software at all.

I agree. Not that it is that necessary functionally, but as CYA. Although we run the ones you do not recommend, so I may not be disagreeing as much as it appears.

Concerning major outbreaks, for more years than I can remember there have been continual offering by companies to detect and/or clean it for free, obviously a marketing strategy for them, but a further contingency if you need one.

At work, computers are now cheap enough to be as expendable as printer ribbons or toner.

Either rebuild from scratch or throw it out (with the baby).
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 57

Expert Comment

by:giltjr
ID: 17943352
Anti-virus software prevents a computer from being INFECTED by a virus.  It will not prevent it from getting ON a computer.  A file getting on a computer and the computer getting infected are two different things.

You can't prevent a file with a virus from getting on a computer, as it must get there before it can be scanned and taken care of.
0
 
LVL 5

Expert Comment

by:darrenakin
ID: 17943358
Papertiger, if you are running a business without AV, you have no business running the IT department
0
 
LVL 8

Author Comment

by:PaperTiger
ID: 17943494
Same as fire, you cut off the source. Email, webpages, floppy disks etc. The only thing that is really hard to do is USB drives.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17943538
> you have no business running the IT department

- and the like...

Sorry peeps, but part of answer is also what kind of business is being run, what software is chosen for OS - if there are desktops, are there suites, whether or not security controls are set up and used effectively, privileges permitted, etc.

If yours does not have sets of superusers running MS-Word with macros enabled, then of what concern is a word macro? If you do not run it or use it, the concern is not, and that will be very telling shortly. If you do not use IE, why care about a new virus for IE that NO A/V can defend against or even detect unless it were also author. MS was first spyware deployer, but only for MS SW.

These issues apply not to mainframes, unice, Netware, etc. Nor to WordPerfect or any ware that does not treat text files as valid executables where all users have to also be superusers, nor does it apply to proprietary wares developed in-house.

Those who dictate that corporations and space programs should be run on MS only platforms are the ones in the wrong business, for they are also the same ones who refuse to properly fund the security of their business, nor to fund staff where more are required wher MS is introduced. Checkout the approaches made by places like Houston.

And for any who missed it, MS has again moved posture from funding anti-unix movement v IBM and Novell et al, to funding Novell's Linux in effort to appease the naysayers and appear to be more open and compatible (at expense of RedHat and a few select others).

PaperTiger did not open the question declaring what platforms needed defensive strategems, it is a fallacy to always presume answer should be about a fad.

Although it is also fallacy to presume that it is impossible to defend the leakiest OS even if it is by design, the answers remain in what parts of what systems are enabled, disabled, and who gets to do what. That is what security is about, helping to form or reform such policies and actions, when underfunded.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17943553
btw, even for MS I am pro on FDs, always make a bootable one for OS. My only surprise is they quit on sizing them up with everything else.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17943575
> The only thing that is really hard to do

It also helps to have control,, or at least a semblance of it, for the platform used, at least some effort should be made to make all similar units alike and under central control with centralized management, at least to point of supporting the support functions.

A USB port could be used to run unix to patch up a Windows platform, supposedly economically.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 17943743
--> Same as fire, you cut off the source. Email, webpages, floppy disks etc.

Sure and we know that there are no fires in the world.

Actually the ultimate source is electricity.  Cut it off and you will not get infected.

But on the serious side, you can't cut of all sources, that is why we still have virus.    You know even MS has delivered software on CD's that were infected with Virus.  As long as you have to open a file, does not matter what type (word doc, pdf file jpeg), you have the possibility of getting infected with a virus.

In some cases you maybe able to cut off e-mail, Internet access, floppies, and even USB devices.  However you have to get software installed and it must read data.  In this day and age no e-mail and no Internet access normally means a very locked down enviroment, which probably covers less than 10% of desktop enviroments.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17943936
giltjr > Actually the ultimate source is electricity.  Cut it off and you will not get infected.

:-))
Actually, first step is go off-net - no more surfing at work <sheesh>
Next is to not turn anything on
next
0
 
LVL 8

Author Comment

by:PaperTiger
ID: 17947713
OK, I think the q is which AV do you guys recommend?
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 17947782
Now there's another can of worms!

A similar question was just asked - though for home use, there are few comments relating to Corporate solutions, including mine and legalsrl.
http://www.experts-exchange.com/Applications/Viruses/Q_22061056.html#17946636

In summary:
I like McAfee Enterprise, but it DOES use more system resources than it needs.  I despise Norton - virtually all the serious outbreaks I've had to work on have been running Norton or Symantec.  Based on reviews, Kaspersky may offer the best product overall.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 62 total points
ID: 17950603
I've not read all the post's... there are too many :)
AV is a band-aid on a cancer, while they can prevent via known virus signatures, heuristics, there is still the possibility of 0-day viri. Also, M$ and AV vendors especially seem to miss one very important mitigating factor, ---->Admin rights<----- 99.999999% of the time, you can't get infected without admin rights. There are exceptions, as I outline in this blog: http://richrumble.blogspot.com/2006/08/anti-admin-vs-anti-virus.html
Our company didn't get hit with IluvYou, Melissa, Sobig, Nimbda, welchia etc etc... because our users are not admins. M$ knows this is the key to finally securing thier OS, Unix, Mac, BSD, Linux have known this for 20+ years... M$ just caught on:
http://www.betanews.com/article/Allchin_Suggests_Vista_Wont_Need_Antivirus/1163104965
http://www.eweek.com/article2/0,1895,1826269,00.asp
http://www.matasano.com/log/332/matasano-interviews-ie-lead-pm-christopher-vaughan/ (IE in a protected mode)

An alternate browser such as FireFox, Opera can also prevent 99.9% of spyware. I'd say you do need to run AV on an email server still.
For AV, McAfee get's my vote.
-rich
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17952379
For AV no one has my vote. (In case you could not tell). My recommend here is typically, that you should run the one you can understand best, and thus use the best. Too many here are way too high on stuff that is too cheap. OTOH, Outside of the question, for other 'friends' here, some rough numbers on the more popular Sym*, fully bown, for about 130k users, we get about 300 a day without updates for over a month, that'd be about a 1K, or slightly under 1% recorded, which may not be so bad for small shop. Of those, maybe 1% get infected before patched properly. What is really going on I've yet to learn, some amount remains nonsensical. In other words, we probably pay more than all of you and M$ combined to ensure the better support.

All A/V has problem, any can help. No 'features' are worthwhile if not used, so my vote is that you try some of the top ones, and of what you understand, select features that will enable you to make it one of your more useful tools.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17952499
I once had a position to recommend, came up with a top six, and of those a top three and a top one. The company went with one I had not considered: Detect Plus. Cheap and does more than everyone else, and soon everyone will want it as well. Oh. It got to fill up a lot of closets and garbage cans for the ensuing year.
0
 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 62 total points
ID: 17982985
PaperTiger, my friend, may be you are a little confused with the way AVs works. they prevent you from getting infected, for example if you try to download an infected file... but only if you have it properly set up.
i don't think there is "the best AV of all", all of the most important ones have their good points and bad points. i agree with sunbow, use one you know exactly what all those settings means and try to set him up the best you can to avoid viruses and to avoid getting your machine stucked.
if the AV is for your company try some enterprise edition with a good centralized console for administration, reporting and AV's list manteinance.
0
 
LVL 8

Assisted Solution

by:jako
jako earned 62 total points
ID: 17985328
Alright. I don't usually take stances in this sort of product recommendation questions but I felt like one AV that has fresh new features with its new major version (6th), that deal with the file hash checking and as such make them really fast, is worth mentioning: Kaspersky. Their products usually have small memory footprints just as well. Check them out at: http://www.kaspersky.com/products . Don't settle with a simple trial but have their experts explain you their iCheck/iSwift technologies.
0
 

Assisted Solution

by:boksburgbishop
boksburgbishop earned 62 total points
ID: 18194781
Listen carefully. Anti-virus software is there to protect your personal data from being accessed wihout you knowing it. Also by having a virus- it slows down your PC.
Here is my solution. Download the following anti-virus software at www.avira.com. Click on downloads on the left hand-side. Choose the free classical edition.
The best anti-virus on the planet is now yours. Deutsche Vorsprung Technic.
BoksburgBishop
0
 
LVL 8

Expert Comment

by:jako
ID: 18364270
Tolomir,
do try to consider the analogue with "security vs usability" chart proper for the question is of subjective character - "Do I ...?". I find the comfort point to be determinative in whether the user needs an AV product or not. Also note the noted imminent shift of the comfort point after the first and each subsequent incident.
respect.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18462711
I will leave the following recommendation for this question in the Cleanup topic area:
   Split: JamesTX10 {http:#17939224} & PowerIT {http:#17939285} & leew {http:#17939298} & SunBow {http:#17941292} & richrumble {http:#17950603} & mahe2000 {http:#17982985} & boksburgbishop {http:#18194781}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Tolomir
EE Cleanup Volunteer
0
 
LVL 8

Expert Comment

by:jako
ID: 18475475
I do object. I fail to see the reason why my answer to the question was excluded Yet, it was precisely directed to answer the question ("Do I really need an antivirus software?") and onto the point with proper analogue drawn from the information security subject the asker seemed to have some familiarity with.

Let us (in EE) please not get political with enforcing the "everybody must deploy AV because it is good practice" by smothering alternative views on the issue (even more when the asker seemed to have his mind already made up about it).
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18477730
Well actually I don't like these questions at all, that is these where the asker abandoned the thread.

I mine eyes one should always use an antivirus solution on windows. One cannot check each byte of an exe manually. Of cause one might not catch all hand crafted virii, but a decent heuristic but be the key. (Using nod32 on my computers)

It seems like I missed to mention you, jakopriit in the split, so


Would an Mod please add jakopriit {http:#17985328} to the split.

Thank you.

Tolomir
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now