Hugh Jass
Golden Member
- Nov 17, 2011
- 1,540
- 23
- 81
Why not?
Those of you saying you don't use AV and you don't get viruses... how do you know? You aren't running any AV.
A good analogy is cops wearing bullet-proof vests. Their head, sides, and legs all still expose their bodies to potentially fatal attack vectors. So why bother putting on the damn vest? Because the vest clearly protects against the most common, direct frontal deadly attacks. AV is exactly the same.
Signatures work, heuristics work. Making any program that's able to stop *all* threats is statistically impossible, and is something that every CS major has to learn about (called NP-Complete). AV solutions focus on what they *can* solve/prevent, and for the most part they do it fairly well. With multiple choices on the market that are cheap/free and have a proven track record of high detection coupled with minimal performance impact, I cannot see how *not* using AV is smart in any way, shape, or form.
Again, if you're not running AV how do you know you are virus-free? You don't.
For the same reason, I prefer to have ports closed and services shut unless I need something. I may run an anti-virus but that is pointless because... should I get seriously infected, I'd rather restore a backup. It's just quicker that way, somebody mentioned above that 0-day viruses can penetrate the majority of av software anyway. You take it as a calculated risk.Why not?
You feel that but it comes with experience. Basically, if you just follow what mechBgon posted earlier, it's good for a start.Those of you saying you don't use AV and you don't get viruses... how do you know? You aren't running any AV.
While I don't have an AV installed, I still actually use several AVs to scan my PC on demand from time to time. In the last ~6 years without an AV installed (mostly on XP, last couple of years on Win 7) I haven't had one piece of malware on my own PCs.Those of you saying you don't use AV and you don't get viruses... how do you know? You aren't running any AV.
Be aware that FF is missing some security tech these days. Chrome and IE9 both operate at a Low integrity level and feature their own flavors of sandboxing. FF has neither mitigation, which is rather odd since they've always claimed to provide security benefits. But if you like FF, you can use Sandboxie to sandbox it, and it's also possible to force it into Low-integrity operation (although this reportedly must be redone after every update).
If you like to control what sites can run scripts, NoScript works on FF, but IE has had that capability since IE5 back in 1999. They just don't have a catchy name for it Succintly: set the Trusted Sites to Medium-High security and add the desired sites to it, then set the Internet zone to HIGH or just cherry-pick what you don't want to run (Scripts, Java, ActiveX). Done.
Regarding the main topic, if you want a very powerful blanket defense that covers many popular angles of attack, then I suggest Software Restriction Policy if your Windows version supports it (Win7 Pro/Ultimate/Enterprise, Vista Business/Ultimate, WinXP Pro/MCE). Once you understand how it works, it's pretty easy to live with. Not much impact on performance, either.
If you can't use SRP, next best is the poorly-named Parental Controls on Vista or 7: enable program control, whitelist all the existing apps on the system, and then any new stuff will get blocked, including exploit payloads.
With either of these, make sure UAC is enabled and that your user account is a Standard User (create a separate Admin account just for Admin roles). If you're the only user, a password on the Admin account is not really necessary, making management easier.
Nope. Haven't for many years now and haven't gotten any viruses.
Of course, considering how many virus removals i've performed on other people's PCs, i'd like to hope i know better.
Basically all infections these days are user-induced, so if the user aren't installing the wrong things, viruses really aren't an issue
From personal perspective:
Depends on your mentality and how you approach things. You can learn so much more from the bad, viruses included. But when you intentionally put yourself behind the iron curtain, you could be missing out on new techniques and ideas. At the end of the day, it is your choice. I understand, that I am a minority here [as the poll suggests] but that's fine with me :awe:
Happy new year everybody and new viruses/trojans/exploits
Great points here. However, personally I always put a good password on admin accts. just in case there is something that can get around a weak or blank password in an admin acct.
I may run an anti-virus but that is pointless because... should I get seriously infected, I'd rather restore a backup.
There is no perfect strategy for all situations. Sometimes, an obvious shortcoming can become an advantage and vice-versa.a shortcoming of that approach is that if your system does get compromised, the bad guys may do damage that you cannot undo by restoring from backup. Mmorpg accounts and their associated virtual stuffs are a common target. Restoring from backup doesn't bring back your gold. And ask a victim of identity theft how much fun it is to try to clean up their credit rating after a compromise.