Associate
- Joined
- 30 Apr 2009
- Posts
- 688
Any need for virus scanners anymore?
- Thread starter PMKeates
- Start date
I use this.
And I hope the default is set to disallowed
Then just have it so that you can only either write or execute from a folder, not both, and you're laughing
Most apps work fine like this, the occasional one that needs write access you can set permissions specifically for, but never give full access
Permabanned
- Joined
- 14 Jun 2009
- Posts
- 1,110
I haven't used an AV for years too! Do the occasional scan but all ok.
Soldato
- Joined
- 18 Oct 2002
- Posts
- 3,418
- Location
- North
I ran my laptop for a year an a half without an antivirus - that also was my download PC and had no viruses at all when I ran an AV.
I use Avast on my Media centre now - the other day I had to go to my work website - Council... and Avast detected a virus on it and I had to shut the page down!
Im careful but sometimes AV's can help.
I use Avast on my Media centre now - the other day I had to go to my work website - Council... and Avast detected a virus on it and I had to shut the page down!
Im careful but sometimes AV's can help.
If you working looking after AV and there's hundreds of infections a day you should be fired for doing a poor job.
If your an experienced internet user it's pretty safe to run without an anti-virus program. The two main areas people run into trouble are
- pr0n
- t0rrent
Man of Honour
- Joined
- 17 Oct 2007
- Posts
- 3,871
Very much agree with what theheyes has just said above. Computer security is about taking a defense in depth approach meaning having multiple layers of defenses to protect your system. One of the more important ones though, is running with least privilege access, so as a limited or standard user. It completely limits your exposure and protects system level files. Not to mention, it also protects your anti-virus solution and firewall from being turned off freely by some nasty malware.
As well as the above, another great way to mitigate the risk of malware is to run your web browser in what effectively is a sandbox. In Windows Vista and Windows 7, Internet Explorer by default runs as a low integrity process with only write access to a few specific locations which are also low integrity. Though, if you prefer to use Mozilla Firefox, a couple of commands will also make it run as a low integrity process.
Just open up a command prompt with administartor privelges and type the following (or copy and paste):
You can then download Process Explorer, once it is installed, make sure it is set to show the "integrity level" tab by just clicking on where it saids "Process" along the top (or anywhere along that toolbar) and the "firefox" process should be shown as running as "low".
Just something that eXor kindly highlighted in his post here which needed to be added.
I have just compiled all of the information on running Mozilla Firefox as a different user in this post here.
I dont think there is anything wrong with no antivirus, its simply an after the fact detection anyway. If you goto a website and a virus warning pops up then the file is already on your computer in your browser cache, possibly already been executed. I've seen on many occasions people who have AV installed and get constant warnings because it picks up only 1 file from a virus when in fact its installed 8, and the one file keeps getting redownloaded
If you had AV and had the other appropriate protections and the common sense to never see these alerts then its not really giving you an extra benefit
I have never run AV on a pc i've owned, i have it on my work PC because its mandatory and i cant rule out someone else on the network getting infected and spreading it to my machine over a LAN connection. Truth is though that combined with the full disk encryption it makes the machine unbearably slow.
Worst case if i suspect a file i upload it to virustotal.com and if its suspicious i dont run it. Or if i think its misdetected like anything packed can be i run it on my personal laptop first, and if it does happen to be a virus... i have enough experience in dealing with them on the laptops of sales people to know how to get rid of them properly, not relying on spybot and such to do half a job
If you had AV and had the other appropriate protections and the common sense to never see these alerts then its not really giving you an extra benefit
I have never run AV on a pc i've owned, i have it on my work PC because its mandatory and i cant rule out someone else on the network getting infected and spreading it to my machine over a LAN connection. Truth is though that combined with the full disk encryption it makes the machine unbearably slow.
Worst case if i suspect a file i upload it to virustotal.com and if its suspicious i dont run it. Or if i think its misdetected like anything packed can be i run it on my personal laptop first, and if it does happen to be a virus... i have enough experience in dealing with them on the laptops of sales people to know how to get rid of them properly, not relying on spybot and such to do half a job
I wasn't happy with setting the TEMP directory to low integrity because other applications use it, and letting an internet facing application write there poses a security risk. Protected Mode Internet Explorer has its own TEMP directory, and cannot write to the main one.
If TEMP remains at medium integrity, stuff breaks in Firefox. Bookmarking e.t.c.
My solution was to run Firefox as a different user and set that user's TEMP directory to low integrity. ( RUNAS or PSEXEC )
I ended up with something like this :
Last edited:
Surely anyone working as an IT 'techy' would use an antivirus. It would be stupid not to. The risk you run by not having one is ridiculous especially if you use online banking or anything else using secure passwords.
To say you've never been hit when you've not been running an antivirus is bizarre as you'll never know. Running an A/V check afterwards to check is not a good solution as any decent trojan / virus will hide itself. It will also know you're A/V checking and take action to hide.
M.
To say you've never been hit when you've not been running an antivirus is bizarre as you'll never know. Running an A/V check afterwards to check is not a good solution as any decent trojan / virus will hide itself. It will also know you're A/V checking and take action to hide.
M.
Man of Honour
- Joined
- 17 Oct 2007
- Posts
- 3,871
Right, that makes sense. I have added that to my post pointing that you had highlighted that. Hopefully that's OK with you.
Though, I'm having a bit of a job running Mozilla Firefox as a different user. I can't seem to execute it as a different user. How are you going about setting up yours out of interest?
A good techie will be better capable of handling the issue than a non-techie, imo every non-techie user should have AV. Otherwise its just asking for trouble
Theres is always a gamble even switching on your pc that it will go wrong. I've owned a PC 10+ years and been using them for much longer and so far not gotten a virus with no AV. So while i might get caught out one day i consider the small chance of that happening an acceptable risk compared to making my machine constantly run worse than it should running AV
I have a pretty solid knowledge of security, Just because i think its an acceptable risk for me though i wouldnt recommend it, but at a certain level of savvy you can get away with it
Last edited:
Agreed they will be better capable but a virus such as the MS Blaster worm that infected millions of people because it was sent out as soon as you connected to the net.. well without AV you can't really do anything about that. Even the patch came a few days after release so you needed a very up to date A/V to catch it.
M.
M.
The user accounts in this example are as follows:
homer - A member of Administrators
lisa - A Standard User
lisa.web - A Standard User
Lisa is our day to day account, where we spend most of our time.
We log in as homer and create a new, passworded, standard user account. We can give it any name. In this example, lisa.web
Firefox needs to be initially started with medium integrity because it needs write access to a medium integrity directory, in order to create the user profile directories. If it is set to low, start an Administrator Command Prompt and change it back with the following command:
We log in as lisa and modify the existing Firefox shortcut ( or create a secondary one ) :
We run Firefox by clicking the shortcut. When prompted, type lisa.web password. If password prompts are unacceptable, a utility named psexec allows the passing of a password in the shortcut. The password would be plaintext, which is arguably undesirable.
Close Firefox.
Log in as homer, open an Administrator Command Prompt, and enter the following :
The /t switch causes the command to apply the settings recursively on objects within.
Log in as lisa and run Firefox by clicking the shortcut. Test to see that it behaves as expected.
I should start a blog.
Last edited: