How important is antivirus software these days?

I hear similar statements yet when I research the topic, I find there are still no viruses that attack OS X. Perhaps there is an argument for running AV to catch infected files before copying them on to PCs. But that is hardly an indictment of the Mac. As far as I can find out, they ARE 100% immune to viruses. Can you tell us otherwise? What virus attacks OS X? Or are you referring to viruses that attack pre-Unix versions of Mac OSs?

Well, this isn’t true.

From Wikipedia:

In May 2007, a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PCs unable to boot.[25] Also in May 2007 the executable file required by Pegasus Mail was falsely detected by Norton AntiVirus as being a Trojan and it was automatically removed, preventing Pegasus Mail from running. Norton anti-virus has falsely identified three releases of Pegasus Mail as malware, and would delete the Pegasus Mail installer file when this happens.[26] In response to this Pegasus Mail stated:
“ On the basis that Norton/Symantec has done this for every one of the last three releases of Pegasus Mail, we can only condemn this product as too flawed to use, and recommend in the strongest terms that our users cease using it in favour of alternative, less buggy anti-virus packages.[26] ”
In April 2010 McAfee VirusScan detected svchost.exe, a normal Windows binary, as a virus on machines running Windows XP with Service Pack 3, causing a reboot loop and loss of all network access.[27][28]
In December 2010, a faulty update on the AVG anti-virus suite damaged 64-bit versions of Windows 7, rendering it unable to boot, due to an endless boot loop created.[29]

Also, in my experience, AV often interferes with various tasks like installing software and booting. Besides, it can be difficult to make work right. I have used Norton in the past, and keep hearing it’s my fault for using such a bad product. Yet last week I looked at and found it was the top rated current AV product according to customer reviews.

AV software is a mixed blessing at best.

OK, so let’s rephrase: There’s no downside to using good AV software. You’re misconstruing good with popular, by which standard nobody would ever be able to argue that there was a single operating system that could come close to challenging Windows’ obvious superiority. :smiley:

Though I suppose an argument could be made for system resources lost to running the AV, it does bring us back to the herd immunity concept: The more people who use AV, the less likely it is for a virus to spread enough to be a problem. If your system itself isn’t vulnerable, that doesn’t mean it can’t pass on an infected file to a system that is.

Most AV monitoring software will put a 5-15% hit on system resources on current PCs, on older, slower PCs the hit can be much more. Having said this it’s foolish to run without AV software if you surf extensively. 95% + of malware attacks are on MS Internet explorer and Google chrome browsers looking for free porn, free music, free software and related file sites. The vast majority of these malware attacks are fake AV warnings designed to sell you a removal tool for the malware they are installing. And lest you think these are random they are not. The free file sites are knowingly selling pop up access to these malware vendors so browsers on their sites can be attacked.

If you know enough to steer clear of those you can probably surf AV free without a lot of risk. The key word is “know enough”.

I don’t think the herd immunity thing is going to be a significant effect here - because some sources of infection are aggressive, explicitly targeting the vulnerability du jour, and the infection pathway isn’t necessarily via other members of the herd - it can be from sources that are dangerous not because they got infected, but by design (fake anti-malware arriving via ads or other content embedded in reputable sites such as this one).

In fact, we’ve had ads and third party content right here on the SDMB that contained malware - so if you’re posting in this thread to the effect that you don’t need any protection because you’re careful, you’re automatically wrong. (that’s the general ‘you’, not Raguleader)

I’m going to be frank, here. If you are not using adblock, then you really aren’t what I would consider security savvy. There is no reason code from a site you don’t know or trust should be running on your computer.

In fact, I am currently experimenting with leaving on-access antivirus software off all but one of my computers (the latter being a control), and only checking them manually every couple of weeks or so. So far I’ve caught nothing.

BTW, modern malware doesn’t tend to spread like a virus. Rarely will you catch something from a friend’s infected computer directly. There are still a few that send malware via email, but even those mostly use links to bad pages now. You really aren’t being irresponsible to choose to not run an antivirus, especially if you practice good computer hygiene. The only person infected will be you.

And, again, those of you who have caught things from ads: why do you see them? Flash ads are a notorious vector for malware, and the code is closed making it hard to screen out. It’s a bad, bad system. And, seeing as most places pay by click, you aren’t giving sites any money by not using it.

The only people that benefit from the lack of adblock use are people like me who get paid clean up other people’s computers. Use Adblock. I can’t repeat this often enough (Especially to non-customers).

Well, let’s extend the specifics on what is smart and what isn’t. Installing software from sites you can’t trust is not smart. What else?

If an unwanted site opens on my desktop and I click the exit X at the upper right of the window, and don’t click on anything within the window, am I risking anything?

Am I ever risking anything by merely opening an email, using a web mailbox (as opposed to a mail client running on my PC)?

Am I likely to have trouble if I merely click on links that are directly on,,,, my bank’s web site, or this site?

How much damage can you do by clicking on the worst links on the worst sites, if you don’t download and open any files using other apps, and don’t knowingly install any software?

In Unix, it is easy to work as a user without admin rights. Without an admin password, you can’t install anything. This seems like basic safety, and I do it. I’m a bit hazier how to do that on a PC; I don’t remember if you can withold admin rights from yourself. Can you? How much does normal use of a PC, i.e. using applications but not installing them, require admin rights?

Cite? Looking at task manager, MSE is currently using 5MB of 4GB of RAM (0.12%) and whatever CPU it’s using doesn’t rise to the level of being rounded up from 0. It might use 5-15% of resources while it’s actually downloading or scanning, but it only does those things when it sees the system is idle. I don’t believe this 5-15% number at all.

Clicking on an X does whatever the application wants to do with it.

Opening something in web mail is as risky, or not, as doing anything else on the web. As others have said, it’s vulnerabilities in plug-ins like Flash that will get you, even if you’re not a naive user.

It is more feasible these days to run Windows as a non-admin ( I do it myself). Failing that, by default admin accounts are protected by User Account Control, which is supposed to limit admin accounts until they need raised privileges, at which point the user is prompted for a password. The jury is out on how effective that is. I honestly don’t know, which is why I go a step further than relying on UAC.

But even then, malicious software that runs under a non-admin account can do some damage. It could delete all your personal files, for example. I have had user-land malware infections that presumably got in through web browser vulnerabilities (I suspect Chrome is the culprit - IE is actually supposed to be one of the more secure browsers these days). They can’t do system-wide damage, but they can fuck up your user profile until you get rid of them.

If you are using AdBlock, then you’re taking precautions, not just being savvy (by which, I mean, I think some of this argument is just people falling foul of each others’ terminology).

Indeed, but there seems to be a tacit assumption amongst the self-declared savvy set that this can only happen if you make an explicit mistaken action. That is not entirely the case.

Could you define the terms and scope here? What is good computer hygiene, in your view?
Do you use any kind of removable storage media with your computer (including cameras, MP3 players, etc)? Does each of the devices you use enjoy an entirely monogamous relationship with your machine alone? (if so, what is the utility of an external storage devices such as USB memory sticks to a computer user?)

It does if it’s an application, but in that case, it’s already running on your machine and doesn’t need any clicks at all to do anything.

If it’s a Windows dialog box, clicking the X closes it.

Agreed, for exactly the reason you give.

Nobody is saying that they don’t need any protection. I’m saying that AV software is not very good protection. I can’t get a virus from an ad on the SDMB because that would require (1) that the ads are loaded onto the page (AdBlock), (2) that the ad servers can even be reached by my computer (modified HOSTS file), (3) scripting is enabled for the page (it isn’t - NoScript), (4) the malware is able to access important areas of my computer (unlikely - SandBoxie).

Again, I’m not saying I’m immune from any malware. It’s certainly possible for me to get infected. I just think AV is highly overrated as protection. AV software is popular as a security measure because (1) people know what it is, unlike, say, SandBoxie; (2) it’s relatively easy to set up and use; it is not as “annoying” as NoScript or FlashBlock. People who use AV software instead of things like NoScript and AdBlock are choosing convenience over security, just like I am choosing a certain amount of convenience over a certain amount of security by running those but not any AV software on a regular basis. The amount of security they are choosing is (relatively) Low; the convenience (relatively) High. I’m closer to Medium / Medium.

How do we know it’s a Windows dialog box rather than a frameless window dressed up to look like a standard dialog?
Besides, are we sure that the “close” message doesn’t simply get passed to whatever application produced the dialog? To deal with as it sees fit?

Didn’t see this before posting - good point. I was assuming that being “savvy” implied taking precautions of some sort, but not necessarily AV.

If it’s one of those, where is the process producing the frameless window being executed?

A friend of mine inadvertently ran an exe from a Windows popup that was designed to look like a virus infection warning from her AV software (it looked generic enough to be believable). This thing then spent the next few days downloading about 90 nasty little buddies including a rootkit. Some of them hid out in her MP3 files. It took me two days to clean the fucker - absolutely amazing. There were several keyloggers in the package.

It’s gotten much better than it was in years past and 5% or so is hardly noticeable to most most users with fast systems, but in using a full AV suite like Nortons or similar full bore AV packages it’s a lot more than “.12 percent” in terms of the real world slowdown users experience.


Norton Internet Security 2011

Well, but, if it’s a popup, something that a web site made appear on my screen, isn’t it my web browser that’s the application?

Scenario: I’m looking at something - anything - on the web, and another window opens, maybe with what looks like an ad. If it looks enough like a browser window, I click i’s X. If it doesn’t look like a browser window, I click the X in the browser window that opened or loaded most recently. In either case, the new little thing usually disappears. If it doesn’t I use ctrl-alt-del to get task manager, and use that to kill the web browser altogether.

In this scenario, how great is my risk?

I guess I’m ignorant of how much a malicious site can make run on my computer, other than the browser, if I didn’t install anything new and didn’t open any downloaded files.

I’m not a Mac user, but I was referring to this small, but growth, area. This is a few years old, though. Perhaps the risks have reduced since.

Anything that has sufficient control to make the X on a dialog or native window do something other than close the dialog/window, doesn’t need to. Because if it’s already able to perform that privileged operation on your machine, it doesn’t even need you to click - it could just start modifying files, etc by itself.