anyone not use an antivirus program?

[etilit]

i deleted my norton from my comp..just was tired of it..and than tried avg..its a free antivirus program...and man...it fucked my comp big time..had to wait like 30mins for it to load...so i deleted it to..and now i have no virus protection...but im thinking..do i need it?

 

[XMan101]

You won't be online very long without it!

 

[ton]

There's a good chance your computer gets infected with a trojan or virus if you run your computer unprotected and your operating system is either windows or mac os. There are millions of malicious programs out there, just waiting for unpatched, unprotected windows systems. People make a living out of spying out bank account data or hijackig other people's computers for spam, ddos attacks and so forth. If you want to be a bit safer, install at least a free solution (i.e. Avira) or switch to Linux or FreeBSD.

 

[prinz4ming]

I use avg... have done for more than 3 years now and its been absolutely fine. Hate Norton... used to drive me nuts. Was a bit OTT.

 

[brmstn69]

I've always wanted to ask someone who is into bareback sex if they would surf the net without virus protection...

 

[etilit]

me babe...and its fun

man you guys are so backwards..antivirus is dead hahahahaha

ok ok ram me in the ass I like it

 

[slimjim]

I also recommend AVAST.. it's free, updates itself automatically, and runs in realtime in the background blocking malicious sites and giving instant warnings about them.

 

[gb2000ie]

i deleted my norton from my comp..just was tired of it..and than tried avg..its a free antivirus program...and man...it fucked my comp big time..had to wait like 30mins for it to load...so i deleted it to..and now i have no virus protection...but im thinking..do i need it?

Do you run Windows?
Do you browse the less-savoury parts of the internet?
Do you use email?
Do you use Internet Explorer?

If the answer to any of these is 'yes', then you absolutely need AV! This is tripply so if you do ANY online purchases or banking on the machine. To do any financial stuff at all on a Windows machine without AV is just irresponsibly dangerous!

ATM - I think the best free Windows AV is the one from Microsoft themselves. It's definitely not Norton or McAfee, both of which do much much more than just AV - and hence destroy performance. The MS AV is wonderfully simple, it's just an AV, and it just works!

For now - Mac users can still responsibly use their computer without AV - but that could change at any time. For now, there are no Mac viruses in the wild, just Mac Trojans. What's the difference? A virus spreads itself, and Trojan is an app that's pretending to be one thing but is really another, and you have to download and install it yourself. ATM - the most likely way to get one is by downloading a 'codec' from a porn site, a poker game from a gambling site, a free screensaver, or pirated software. If you only install software from trusted sources on your Mac, you're OK for now without AV.

All users of all OSes, even Linix & Mac, need to be on their guard for phishing attacks though - phisging doesn't attack the computer, it attacks the squishy organic bit between the keyboard and the chair! We're all human, so we're all targets, and none of us are immune from stupidly clicking a link in an email etc.. Always check the URL before entering passwords etc, and always check for the lock icon.

Oh - I work in IT in an organisation with about 4,000 computers - I see a lot of what's going on in both the Mac and PC world first hand.

There is a lot of very dangrous stuff out there - you really need to be careful and take steps to protect yourself - running Windows without AV is very dangerous.

B.

 

[loveless92]

I use a mac so no, but I do on my windows partition, I can't remember what it's called though, I think it's avast.

 

[KCinLA]

No Norton

1997, first Apple computer brought into my home. :heart:
Now using my 5th newer model, an iMac.

No Norton :no:

Still waiting for first virus.

Guess you get what you pay for.

Don't have a Sears TV or a Korean car either.
Why do so many buy a cheap computer?
Apples run both Windoz and OSX, does yours?



Just my $.02. Kevin

 

[Behrluvr]

Do all your surfing on a Limited User account. Very tough to get infected. The only virus I can think of that can get by a limited acct is blaster. And thats only if you have no firewall and are unpatched.

I've been on a limited acct for 11years and I've yet to get a single infection. That includes dl'ing off warez sites, and torrents. I use either FF or Chrome, rarely IE. Also by this time you should be able to instantly recognize a bogus email link or Facebook link so there is no excuse for getting an infection that way.

BTW, AVG works great, if it screwed up your computer you have other issues going on there, probably already infected by something blocking an AV.

 

[gb2000ie]

Do all your surfing on a Limited User account. Very tough to get infected. The only virus I can think of that can get by a limited acct is blaster. And thats only if you have no firewall and are unpatched.

I've been on a limited acct for 11years and I've yet to get a single infection. That includes dl'ing off warez sites, and torrents. I use either FF or Chrome, rarely IE. Also by this time you should be able to instantly recognize a bogus email link or Facebook link so there is no excuse for getting an infection that way.

BTW, AVG works great, if it screwed up your computer you have other issues going on there, probably already infected by something blocking an AV.

A limited account doesn't really offer that much protection. Anything you can do in that account malware could do too. So - if you have any files in there, the malware can get at those, if you do any online banking, the malware can spy on you.

In theory a limited account stops a system-wide infection. It does nothing to stop that account being riddled with crap, crap which can see anything you do, and do anything you can do. That of course leaves out the reality that the world is just full of privilege escalation vulnerabilities - which turn limited accounts into full system/admin accounts.

The barrier raised by a limited account is not zero, but it's not that big either.

THE most important thing is to keep your OS up to date. That protects you from all the stuff that has been fixed, so at least only very new stuff can hit you.

Another big thing is avoiding IE and Outlook also helps a lot.

These days people have gotten better at updating their OS - so the attackers are turning their attention to third-party apps which people are WAY less good at updating. Adobe are THE big targets these days - no matter what browser you use - be sure to keep your Flash and your Acrobat updated!

If you do all that you're a lot safer than you would be otherwise - but you're still far from fully safe. An AV adds a lot more security - but - even that's not a guarantee of protection - it only protects you from things that are known about - and how do they get known about? They successfully attack people! So, even with AV you can still be one of the unfortunate ones to get infected before the AV has been updated with a definition for what ever got you.

Finally - in the past, when we connected our machines directly to the internet, firewalls were VITAL, now, they're WAY less important because we all have routers - which are uber-firewalls because they use NAT which literally acts as a one-way valve on the internet. Having said that - what Firewalls do still protect you from is other people using the same router as you. If you're in a college dorm or something this can be VERY important, but even at home it helps to protect you from your less careful family members!

Avoiding AV on Windows is a risk - no two ways about it.

B.

 

[iSlut]

If you're surfing porn sites and you have no virus protection, then you're sitting on a ticking time bomb.

 

[Behrluvr]

A limited account doesn't really offer that much protection. Anything you can do in that account malware could do too. So - if you have any files in there, the malware can get at those, if you do any online banking, the malware can spy on you.

In theory a limited account stops a system-wide infection. It does nothing to stop that account being riddled with crap, crap which can see anything you do, and do anything you can do. That of course leaves out the reality that the world is just full of privilege escalation vulnerabilities - which turn limited accounts into full system/admin accounts.

The barrier raised by a limited account is not zero, but it's not that big either.

B.

Just about every piece of malware shares one common trait, they are executable code. As a Limited Account is unable to run executables, just about everything is stopped. Only accounts with administrative privledges can run executables. Since they can't run, they can't deliver their payload.
.
.
One execption was the blaster family which infected the computer through an unguarded port 135. However even that worm needed to run under windows update, a process forbidden to limited users, thus stopping it cold.

I have not ever been infected by a virus in the past 11 years which includes lots of surfing on disreputable/warez/etc web sites. I've also set up a couple of friends and family members on LUAs who are hardly computer savvy. None of them has had an infection since. (I know as I fix their machines, do updates, add hardware.)

 

[etilit]

grow up...antivirus is dead hahahahaha

its 2011 guys and gals...your isp is makeing all your desisions for you now

helloooooooo...hahahahahaha

lol

 

[gb2000ie]

Just about every piece of malware shares one common trait, they are executable code. As a Limited Account is unable to run executables, just about everything is stopped. Only accounts with administrative privledges can run executables. Since they can't run, they can't deliver their payload.

I'm sorry but you are flat-out WRONG! Of course limited accounts can execute code - otherwise you could not run any programs. You clearly have no understanding of how malware works.

One of the most common attacks are so-called buffer-over-runs, these work by injecting the malicious code into the running program, so that the running program does what the attacker wants, not what the programmers intended. A limited account does NOTHING to prevent that. NOTHING.

One execption was the blaster family which infected the computer through an unguarded port 135. However even that worm needed to run under windows update, a process forbidden to limited users, thus stopping it cold.

Where are you getting this nonsense from? Blaster can infect computers without anyone even being logged in - just having the computer booted is enough! Limited user accounts don't stop blaster cold - they have no effect on it AT ALL!

I have not ever been infected by a virus in the past 11 years which includes lots of surfing on disreputable/warez/etc web sites. I've also set up a couple of friends and family members on LUAs who are hardly computer savvy. None of them has had an infection since. (I know as I fix their machines, do updates, add hardware.)

Two things - how do you know you don't have an infection? Modern malware does it's very best to hide. This is 2011, not 1991, viruses don't destroy your data make a mess, they hide, and use your computer to do thier bidding, be that spying on you, or using you to send out their spam or what ever. If you don't run AV, and if you have a modern infection, you wouldn't have a clue!

Perhaps you have indeed been lucky - and perhaps you are not infected, but, that would just be pure luck. There are people who sleep around without condoms who never get an STD, that does not make it safe to avoid condoms, and that does not mean others should follow their example.

You are safer with AV than without. It is imperfect, it is not 100% protective, but it is a LOT better than no protection at all!

B.

 

[gb2000ie]

grow up...antivirus is dead hahahahaha

its 2011 guys and gals...your isp is makeing all your desisions for you now

helloooooooo...hahahahahaha

lol

Err - I sincerely hope this is a hilarious joke that I just don't get.

How, in even the wildest, most insane conspiracy theory, do you suggest your ISP have somehow taken over the role of AV?

It is indeed 2011, and it is indeed true that in a corporate environment it is not acceptable to only depend on AV - but we are not talking about a corporate environment, we are talking about ordinary people's home computers. When you're at home you don't have corporate IT watching your back, you're on your own, so, the imperfect help of AV is, well, helpful, it's a heck of a lot better than having nothing!

If you were serious in your belief that your ISP is acting as your AV, could you perhaps explain the mechanism for me? And yes, I do want a technical explanation, because I see through hand-waving BS easily.

B.

 

[Behrluvr]

I'm sorry but you are flat-out WRONG! Of course limited accounts can execute code - otherwise you could not run any programs. You clearly have no understanding of how malware works.

An Administrator must first install any program in order for a Limited User to run it. The LUA is prohibited from doing so. Once a legit program is installed only then does a LUA have the needed permissions. Same with malware, you must be an Admin for the malware to first run. A LUA does not have the rights to run any executable code.

One of the most common attacks are so-called buffer-over-runs, these work by injecting the malicious code into the running program, so that the running program does what the attacker wants, not what the programmers intended. A limited account does NOTHING to prevent that. NOTHING.

The LUA runs up against the wall of permissions. Malware is executable code, in order to invoke the buffer over run, it must have permission to execute. This can only happen under an Admin. LUAs are prohibited to run .exe code. Malware attempting to inject an over run lacks the needed permissions unless within an Admin acct.

Where are you getting this nonsense from? Blaster can infect computers without anyone even being logged in - just having the computer booted is enough! Limited user accounts don't stop blaster cold - they have no effect on it AT ALL!

Blaster must first invoke a restart before it can install- this is the first red flag, an uninvoked restart. Blaster throws this unmistakable sign up. You have the opportunity to easily remove Blaster at this point, with no ill effects of the infection. It is a trivial removal at this stage.

Then Blaster must initially run from within Windows Update. A LUA is not allowed to run Windows Update. Only Admins can do so. Blaster will install and deliver its payload if you are an Admin. If within a LUA , Windows Update will balk and require you to shift into an Admin acct. Exactly as happens in a legitimate Windows Update session.

Furthermore, Blaster requires entry through an open port 135. If your computer is sitting behind a router or a software firewall, I don't see how its possible for Blaster to gain entry.

Two things - how do you know you don't have an infection? Modern malware does it's very best to hide. This is 2011, not 1991, viruses don't destroy your data make a mess, they hide, and use your computer to do thier bidding, be that spying on you, or using you to send out their spam or what ever. If you don't run AV, and if you have a modern infection, you wouldn't have a clue!

Well, if after 11 years, if there is no visible effects, no misbehavior, no financial accounts compromised, no unauthorized communications, no open ports, never any results from any antiviral, antinspyware, antiadware, antirootkit, CWShredder scans, no observable botnet behavior whatsoever. If I am somehow infected then what is the point? Doesn't malware have to do something? If it just sits there and exhibits no observable or measurable behavior then why did the author write the code to begin with?

Perhaps you have indeed been lucky - and perhaps you are not infected, but, that would just be pure luck.

What has luck got to do with it? I deliberately use a system with settings which prohibit 99.999% of executable code from installing and / or running. There may be some peculiar exceptions which exploit vulnerabilities such as Blaster, but even so an infection has to manifest itself eventually. When it does I will instantly see the behavior and immediately research and remove. As of yet , I have never needed to do any such thing.

There are people who sleep around without condoms who never get an STD, that does not make it safe to avoid condoms, and that does not mean others should follow their example.You are safer with AV than without. It is imperfect, it is not 100% protective, but it is a LOT better than no protection at all!

I assume your advice applies to the Unix family and the Mac family as well?

 

[umpalumpa]

I don't have a anti virus program on my pc. Used to have one, but never needed it.
So I know whaht I'm doing on the internet and didnt had any viruses for years.

 

[gb2000ie]

An Administrator must first install any program in order for a Limited User to run it. The LUA is prohibited from doing so. Once a legit program is installed only then does a LUA have the needed permissions. Same with malware, you must be an Admin for the malware to first run. A LUA does not have the rights to run any executable code.

In a buffer overflow attack the program the person is legitimately running is tricked into doing the malware's bidding. The executable file doing the damage is iexplore.exe or acrobat.exe. Not allowing an LUA to install it's own software is irrelevant, iexplore.exe IS allowed run, hence, the malware gets to do it's thing if it exploits a flaw in that exe.

An LUA DOES NOT protect from buffer overflow attacks.

The LUA runs up against the wall of permissions. Malware is executable code, in order to invoke the buffer over run, it must have permission to execute. This can only happen under an Admin. LUAs are prohibited to run .exe code. Malware attempting to inject an over run lacks the needed permissions unless within an Admin acct.

No no no no no - you clearly have no idea what a buffer over flow bug is, or how it works.

A program like IE is running. It has a bunch of stuff in RAM, a mix of data and code, all of which is has permission to execute, because it put it there, and because it is a program that is allowed to run. With a buffer overflow you write data beyond the end of where it should have gone, and over into the bit of RAM owned by IE where IE is keeping it's executable code. IE then runs that code, assuming it is it's own code. The RAM belongs to IE, is edited by IE, and is executed by IE. It has all the permissions IE does.

In short - a LUA provides zero protection.

Blaster must first invoke a restart before it can install- this is the first red flag, an uninvoked restart. Blaster throws this unmistakable sign up. You have the opportunity to easily remove Blaster at this point, with no ill effects of the infection. It is a trivial removal at this stage.

Then Blaster must initially run from within Windows Update. A LUA is not allowed to run Windows Update. Only Admins can do so. Blaster will install and deliver its payload if you are an Admin. If within a LUA , Windows Update will balk and require you to shift into an Admin acct. Exactly as happens in a legitimate Windows Update session.

What are your sources for this? It does not tally at all with my in-the-field direct experience with this worm, or any doentation I have read.

The blaster worm exploits a flaw in the RPC service which is on by default, and runs with system level privileges. It doesn't matter a JOT what user is logged into the system, or what level that user's account has, Blaster does not enter userspace, it works at the system service level. User accounts literally don't enter into it. Like I said - Blaster can infect a system WITH NO ONE LOGGED IN AT ALL.

I get the impression you do not understand how modern multi-user operating systems are architected at all. There simply is no link between low-level services and regular user accounts.

Furthermore, Blaster requires entry through an open port 135. If your computer is sitting behind a router or a software firewall, I don't see how its possible for Blaster to gain entry.

Thankfully routers are now the norm, so our exposure to worms like Blaster and similar worms is massively limited. We are only at risk from people local to our network, so, family and friends at home, co-workers in work, and fellow customers in hotel and coffee shop wifi. This does not mean the danger is over, but that the danger is less. The fewer open ports we expose to the network, the better.

Well, if after 11 years, if there is no visible effects, no misbehavior, no financial accounts compromised, no unauthorized communications, no open ports, never any results from any antiviral, antinspyware, antiadware, antirootkit, CWShredder scans, no observable botnet behavior whatsoever. If I am somehow infected then what is the point? Doesn't malware have to do something? If it just sits there and exhibits no observable or measurable behavior then why did the author write the code to begin with?

I thought you didn't run any AV? So how exactly do you expect anti viral software to pick it up? If you are running all the software you list above then it's hardly realistic to say you don't run AV! Also - Window automatically runs a malware removal tool behind the scenes as part of Windows Update these days. So goodness knows what has been cleaned up after you that you're just not aware of.

That and you could be lucky. You have been doing the equivalent of sleeping around without protection. Not everyone who does that gets an STD, and not everyone who fails to run AV gets nobbled. Luck exists, it is real.

What has luck got to do with it? I deliberately use a system with settings which prohibit 99.999% of executable code from installing and / or running. There may be some peculiar exceptions which exploit vulnerabilities such as Blaster, but even so an infection has to manifest itself eventually. When it does I will instantly see the behavior and immediately research and remove. As of yet , I have never needed to do any such thing.

No that you know of anyway. And luck has everything to do with it. Not everyone who does something dangerous gets killed. You are doing something dangerous, so far you seem to be OK.

I assume your advice applies to the Unix family and the Mac family as well?

Much of my advice does, though not all.

ALL COMPUTER USERS should keep their OS up to date.

ALL COMPUTER USERS need to keep their web plugins up to date - THE MOST IMPORTANT one to watch is Flash.

ALL COMPUTER USERS need to keep their PDF apps up to date, Adobe have a very very bad track record with security, but they are no alone, Preview on the Mac has also had a lot of PDF related bugs, as have other Windows alternatives like Foxit Reader.

ALL COMPUTER USERS need to keep their media player apps up to date because they can be automatically triggered from the web by embedding a media file in a page or tricking you into downloading them.

ALL COMPUTER USERS need to keep their firewall up when ever they leave the house.

WINDOWS USERS need to run AV.

INEXPERT MAC USERS need to run AV. Why only inexpert Mac users - because there are no Mac viruses actually in the wild at the moment. But there are ever more Mac trojans - which the bad guys try to trick people into installing for them in some way. If you're not an expert user, and you ever install anything, then you should run AV, because Mac users ARE getting infected with shit - I've seen it first hand twice last year in work.

MAC & LINUX POWER USERS should consider running AV to protect Windows users who they may share files with. This is really more of an issue in corporate network TBH - and on servers like email servers.

B.