How many of you run Windows machines with no anti-virus software? I do at home, I’m the only one that uses the machine and I have it locked down pretty well. Plus I don’t do the dangerous stuff like use Outlook & IE, and I don’t click on every crappy screensaver or mouse pointer link I see. I do run a software firewall though.
At work I run anti-virus just to be safe, but it’s never caught anything.
Supposedly Vista will be much better at resisting viruses (Allchin Suggests Vista Won't Need Antivirus) but that remains to be seen. I think there are just too many avenues of attack and Windows is too large of a target.
The only installation of Windows I’m flying naked on is the one that’s running on my Mac in Parallels. If it gets clobbered, all I need to do is trash it (as a virtual machine, it’s nothing more than a big file on the Mac’s hard drive) and put a copy of its original self in its place. The process is rather like ghosting with a disk image, but much faster.
I guess if you were the only one who used the machine and didn’t ever hit dodgy sites, you could get away with it–or if you formatted your HD and reinstalled frequently–but it is risky.
Or you could use the special scanners to sweep your system like McAfee’s Stinger which targets the 100 most virulent viruses only. They update it weekly or so as I recall.
I use Firefox normally, and if I hit really dodgy sites I use Opera. I mainly don’t run AV for performance reasons. I’m also a gamer and don’t want to turn the AV off every time I launch a game.
The thing with avoiding dodgy sites is: sometimes even legitimate sites can be hacked. We have twice gotten viruses downloaded from legimate sites: the first tim, we knew the site owners and they took prompt action when we notified them; the second time we got a nastygram back from the site owner saying that there was NO WAY we could have gotten a virus in that manner and clearly our computer was infected through some other means (it wasn’t, and we’ve avoided that site ever since, and they’ve lost revenue as a result).
So long story short, you reduce your risk a lot if your browsing habits are as described, but it’s not completely safe.
I just realised earlier today that my ZoneAlarm has been switched off for three weeks (since my trial period was up - when it switched to free version it did not load at startup). I’ve had AVG and Spybot running though, and weekly runs of Adaware and ewido, and I don’t seem to have any problems. A scan with rootkitrevealer didn’t throw up anything sinister either. I’m just glad that I haven’t been anywhere especially dodgy for ages.
I have a VM running '98 that has no antivirus and doesn’t really need it. My laptop is also not running an antivirus, but that laptop isn’t used for E-Mail or anything of that nature and it’s protected from independent intrusion by the firewall in my router anyway. My main computer runs it though, and I won’t run without it. Viruses have numerous vectors – E-Mail and downloaded files are just two of them, so I’m not taking any chances, even though I’m quite conversant with safe Windows operation.
Just now I went to YouTube and searched for David Bowie. I was on the 3rd page of his video lists when all of a sudden the page disappeared (closed) and my Virus program popped up telling me that a script was executed by iexplore.exe, but my virus cheker blocked it. The script was called JS/Exploit-BO.gen. I looked it upand it’s defined as a Trojan. A fairly low-threat trojan, but a trojan nonetheless. According to McAfee’s page:
Personally, I like knowing when something is trying to be put on my system. And it was YouTube!! I was just perusing, not downloading or clicking on anything except the page number. Unless you never ever visit any web pages ever, you’re running a risk. You don’t use IE, but others might, and that “you” is general. As far as trusting Firefox, malicious people are probably trying to come up with something that will get you sooner or later. Good luck.
With adequate firewalling, and most importantly, runnning as a zero privelege user, AV is unnecessary. Using safe email & browsing clients helps.
All the more so if you avoid dangerous sites & software. As noted above, that isn’t 100% foolproof; legit sites can get hacked. but your risk of getting something from XYZ corp’s site is many orders of magnitude lower than from (made up url) wwww.hotchix.ru.
My home machine runs no AV nor sotware firewall. And Outlook 2003 & IE 6. The hardware firewall / NAT keeps out the scanners pushing malware, and the zero privilege & safe habits keep out the downloaded malware. It ain’t that hard.
No AV for me since my copy of Norton 2002 expired. (It was a gift.) It was a pain in the ass and a nag, and common-sense security has always worked well enough to avoid problems. I don’t use any of the commonly exploited applications, keep Windows pretty tight by disabling any unused weak points and strict firewalling, don’t run any executables that I don’t trust, am very cautious with my downloading in general, and keep up on the security bulletins.
For me, there’s no percentage in having a TSR running 24/7 for a tiny bit more security. The chances of something getting through without virus protection are more-or-less exactly the same as something getting through – if I’m going to get infected, it’s going to come from an unexpected quarter, it’s not going to be because I allowed some stupid javascript to run from a “warez” server in Russia or opened an unexplained or unlikely attachment in my mail.
I used to run my system with no anti-virus, for the same reasons listed in the OP. Then I needed to set up a system for some computer neophytes, and needed an anti-virus solution for it. I’d heard of AVG, so I installed the free edition to try it out.
…and left it running. It has no noticeable effect on my computer’s speed, limits it’s scanning to when I’m not using it, and is generally silently unobtrusive. So it’s not worth the effort to uninstall, especially on the off chance it might find something. I haven’t had a virus anywhere except sitting unexecuted in my e-mail attachments folder for 15 years or so; now I don’t even have those–AVG integrates with my mail program (even though it’s Eudora, not a Microsoft one), and scans the incoming messages, deleting the virus attachments.
I’m actually so happy with it that I might even replace it if it got uninstalled somehow. I don’t know what anyone still uses Symantec – Oh wait! It’s because it’s all but impossible to uninstall, isn’t it?
I don’t run without an anti-virus program. You’re just courting disaster. Things do happen to people who don’t think anything can possibly happen to them. I ran with no AV and got that virus - I can’t remember the name right now - that shuts down your PC after you’ve been online for one minute. I had to reformat the hard drive. And I hadn’t been on any kind of risky site, wasn’t downloading from a P2P or anything else. I use aVG, it’s free, has regular updates, so why not? It’s caught a couple of trojans trying to install themselves and let me remove them without compromising my system. Also, Firefox is not entirely invulnerable, either. Last year, a security hole in Firefox 1.5 was revealed. It has since been patched, and FF 2.0 supposedly doesn’t have any flaws, but you can’t take anything for granted. You’re much safer with an AV program than without, in my experience.
Fear of degrading performance isn’t a very good reason not to run AV. As TimeWinder said above, AVG will run on a Windows box with no noticeable difference in performance. And it’s free.
I got disgusted with McAfee after being disgusted with Norton and then discovered AVG in the computer question sticky in GQ. I’ve converted several friends in the meantime without a single complaint. It’s an excellent anti-virus program that is built to play well with everything on your PC (what a concept!).
If it’s the one I’m thinking of (can’t remember the name), your failure wasn’t AV software, but not having a firewall running. I’ve managed four years and counting without AV software, but keeping updates up-to-date, and keeping a check on firewalls.
It could be. I wasn’t running a firewall at the time either. Now I run XP’s built-in firewall, although I know there are better alternatives. I still run AV software in addition, because it has protected my computer on a couple of occasions. No need to tempt fate.
I now remember what the type of worm was also. It was the Blaster (or Lovsan) worm, and you were correct, it exploited vulnerabilities in the Windows system that can be mitigated by running Windows Update on a regular basis.