Why you not need any Anti-Virus product(s) [2016 Edition]

Discussion in 'Serious Discussion' started by CHEF-KOCH, Dec 22, 2016.

  1. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,192
    1,185
    60
    #1 CHEF-KOCH, Dec 22, 2016
    Last edited: Jan 28, 2017
    This is an very detailed overview why you not need any AV product.

    Depending on the environment I'm not saying that scanning could't help/prevent from an infection in the first place but what I do say is that there is no guarantee that such products can hold what they promise which then makes the software useless.


    Main problems:
    * AV stops the industry to find/implement better ways into the OS.
    * Paying for products without really using it?
    * It also can cause even more security problems into your Browser. Which also holds the Browser developer/industries back since they need to 'waste' time to find workarounds for this.
    * AV may introduce security holes by itself, popular story was Freak/LogJam attack.
    * They are not protecting against router attacks.
    * Software security is impossible.
    * Zero-Day is overrated by itself but an good argument to play with fears. Because most attacks require additional bypasses, such as ASLR, Stack Cookies, memoy bypasses and additional control-flow integrity attacks.
    * Fixing the user isn't an good idea.
    * Sandboxing or Application whitelistening makes more sense. E.g. via Applocker.
    * Some malware/spying tools working before the OS boots. The AV tool can only check for manipulations, but not for additional hidden sectors, if the OS not recognized it.


    Suggestions:
    * Use an free AV solution (if you really want such a program).
    * Better thing about in general about using a whitelist or sandbox.
    * On high sensible security locations not use any tools, since each tool can include more holes and also could send stuff back like telemetry. The goal here would also be to only allow whitelisted programs.


    Research:
    * https://security.googleblog.com/2015/07/new-research-comparing-how-security.html
    * https://www.indevis.de/files/inhalt...rotect-yourself-from-AntiVirus_WhitePaper.pdf
    * https://bugs.chromium.org/p/project-zero/issues/detail?id=908
    * http://www.wsj.com/news/articles/SB...79542140235850578?mod=WSJ_TechWSJD_NeedToKnow
    * https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&cat=SIRT_1&actp=LIST
    * http://securitywatch.pcmag.com/security/323419-symantec-says-antivirus-is-dead-world-rolls-eyes
    * https://community.rapid7.com/commun...7755-juniper-screenos-authentication-backdoor
    * https://gist.github.com/CHEF-KOCH/e82b03438d3c6b6a94105780babf11cb
    * https://esposystems.blogspot.com/2016/08/the-death-of-commercial-av-products.html
    * https://www.yahoo.com/tech/delete-antivirus-says-ex-firefox-175055537.html
     
  2. Katzenfreund

    Katzenfreund MDL Expert

    Jul 15, 2016
    1,373
    831
    60
    Many people claim to get on fine without AV, but they’re very experienced users. And though I agree they’re not perfect at catching everything and also have some disadvantages, for the average user they’re a necessary evil.

    I fully agree that you don’t need to pay for premium products, there are fully capable free ones.

    And watch you don’t go to the other, paranoiac, extreme of constantly scanning with a multiplicity of tools, as you’ll inevitably get false positives, whose deletion can damage the system.
     
  3. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    7,897
    10,733
    240
    @CHEF-KOCH thanks for the heads up dude, your thread is very useful for several users and I agree if user need some AV free is the better option; well I don't use AV I think it is useless I believe that with Adguard Premium + Firefox + (extension) download virus checker is ok only my 2 cents :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,770
    295
    60
    Simply add a malwarebytes check, maybe every weekend...

    Any real threat will almost without exception always be a zero-day-threat, which neither a free nor a paid-for av software can detect.

    I am amzed how often I have to explain to people that there is a differnce if an e-mail attachment is a .exe file. The one important thing is never explained, maybe that is intentional?
     
  5. imgwhirl

    imgwhirl MDL Novice

    Jul 13, 2014
    49
    12
    0
    Another Lame Spelling Randomization :p
     
  6. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,575
    15,645
    270
    #6 Mr.X, Dec 23, 2016
    Last edited: Dec 24, 2016
    :eek::busted_red: ALSR | ASLR | ARLS | ARSL :haha:
     
  7. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    7,897
    10,733
    240
    @ThomasMann yep I forget this app :eek:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. brosmith

    brosmith MDL Novice

    Dec 26, 2016
    8
    5
    0
    #8 brosmith, Dec 26, 2016
    Last edited: Dec 26, 2016
    I disagree with the premise that you can get along fine without any anti-virus software if you are extremely careful. A user would never know if and when their computer is infected (except in the case of ransomware which holds your computer hostage). Scanning does not prevent infection, it only checks for infections. Anti-virus (or better yet Anti-Malware) software needs to run live in order to protect against infection.

    To me the best Anti-Virus product is Malwarebytes Anti-Malware Pro (which is now Malwarebytes 3.0 Premium). I have a lifetime premium subscription and I never have to pay for it again (I only paid $15 a few years ago). It incorporates 5 levels of protection: Anti-Virus, Anti-Malware, Anti-Rootkit, Anti-Exploit, and Anti-Ransomware. It is a complete Anti-Virus product but I would also recommend installing K9 Web Protection (which is free for personal use). K9 will block popups and unwanted online material (such as pornography). It also has some Ant-Malware blocking capabilities.

    I would not take an unprotected computer online. You are definitely asking for trouble. One more thought. If you are going to sandbox your online activity then I would recommend Sandboxie. I have a lifetime license for this as well and have not had any problems using it. An online user needs to have protection against those who trying to take you down!

    Sincerely,
    brosmith
     
  9. Katzenfreund

    Katzenfreund MDL Expert

    Jul 15, 2016
    1,373
    831
    60
    Something often overlooked is that many ISPs scan and filter for malware the traffic thru them. This particularly helps those not using their own resident AV. So the main threat that remains, as usually, are the zero day viruses.
     
  10. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,522
    2,093
    120
    I believe many that post here do not need an AV, but AV's are for those peeps that click on any advert on a web page, or are gullible to believe any email they get. They get something from "Apple ID" and you must go to this "link" to confirm your ID log in....so they believe and do that or end up on a malicious web page
    These are the peeps that need and should have a good AV
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. sebus

    sebus MDL Guru

    Jul 23, 2008
    6,354
    2,026
    210
    Any normal user (Joe Blog) should have some for of AV to defend them again ... mostly themselves!
     
  12. karachidude

    karachidude MDL Novice

    Sep 29, 2009
    12
    1
    0
    well i wasnt using anti virus or any kind of digital protection for the last two three years, until a few days ago a malware or bug of some type infected my browser, when ever i click a web link a separate page opens which loads with ads and then the original reloads, have a to click 3-4 times to open a page , its a mess i installed kaspersky and adguard the problem still persists, i dont know where i got it from because i dont usually browse strange sites :confused:

    i guess it could have been avoided if i had a anti virus of some sort on
     
  13. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,192
    1,185
    60
    I suggest to use a sandbox for Browser instead. :mushy:
     
  14. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    7,897
    10,733
    240
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,192
    1,185
    60
    #15 CHEF-KOCH, Jan 27, 2017
    Last edited: Jan 28, 2017
    (OP)
    The Browser based sandbox not protect you against:
    * XSS attacks, aka manipulated login fields (Not even NoScript fully protects you against all of 'em)
    * Not against malware on the system by itself, e.g. USB or other drive-by which might compromise your Browser as well
    * Against fake downloads like Browser and other things which might need admin rights for the installation
    * ...

    Of course Firefox now working on a big thing, but that's for years and user in meantime switched to Chrome and they love it. And it has the same stuff Mozilla is working on now since the first day (almost).

    A OS based Sandbox is still the best solution because mentioned reasons. Try to isolate all processes which require internet connection and then (theoretically) there are less attack scenarios.
     
  16. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    4,617
    1,340
    150
  17. TairikuOkami

    TairikuOkami MDL Expert

    Mar 15, 2014
    1,171
    1,052
    60
    I do not use AV nor a firewall, I do not believe in malware, therefore I can not get infected by something, that does not even exist. :pardon:
     
  18. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,575
    15,645
    270
    And what you call or what it is for example, Petya or Virlock?
    For the record I don't use any sort of A/V program.
     
  19. TairikuOkami

    TairikuOkami MDL Expert

    Mar 15, 2014
    1,171
    1,052
    60
    #19 TairikuOkami, Jan 28, 2017
    Last edited: Jan 28, 2017
    Scareware. :uvdns:
     
  20. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,575
    15,645
    270
    So in your own concept, a software that encrypts my files and asks for paying to recover them, that very action is only a scare? Isn't it an action of doing malicious activities to cause harm to the victim?

    For me, scare is very different to do malevolent actions. So I still don't get your concept.