It Might Be Time To Stop Using Antivirus

[Megalith]

While I am already way ahead of him, an ex-Firefox developer is reminding us how terrible antivirus software is and how you should uninstall it immediately. You can’t really argue with that; he notes that a lot of this software actually opens up new attack vectors, and their developers don’t even follow security practices. But he does point out that if you can’t sleep without having some kind of antivirus software running, it better be Windows Defender.

What's really insidious is that it's hard for software vendors to speak out about these problems because they need cooperation from the AV vendors (except for Google, lately, maybe). Users have been fooled into associating AV vendors with security and you don't want AV vendors bad-mouthing your product. AV software is broadly installed and when it breaks your product, you need the cooperation of AV vendors to fix it. (You can't tell users to turn off AV software because if anything bad were to happen that the AV software might have prevented, you'll catch the blame.) When your product crashes on startup due to AV interference, users blame your product, not AV. Worse still, if they make your product incredibly slow and bloated, users just think that's how your product is.mIf a rogue developer is tempted to speak out, the PR hammer comes down (and they were probably right to do so!). But now I'm free! Bwahahaha!

 

[M76]

This is some second level bullshit. There is no way in hell the average user will be safer without an AV app than with one. I mean even my ass was saved once or twice by an AV app, and I'm nowhere near the level of incompetence of the average soccer mom with browsing the net.

Sure there are some shitty antivirus software out there, I've seen fake antivirus as well. This is like advising SWAT to go in without bullet proof vests because they might slow them down because they're heavy.

 

[Ultima99]

Count me in as skeptical. I'm a fan of AV Comparatives and they consistently rank MS as a mediocre compared to other offerings.

For my personal machine and those who want to pay for AV I recommend Eset Nod32.

For those who want a free AV product I have recently started recommending Avira (replacing Avast) as my go to.

 

[viscountalpha]

i've been on some sketchy parts of the internet and eset has kept me safe. They usually intercept an infection before it hits me and when it updates and is linked to the servers, the entire set of computers react to the latest AV update.

I've been against symantec,norton,AVG,avast. ESET really does what it claims to do and doesn't fuck me over.

 

[Jim Kim]

This is some second level bullshit. There is no way in hell the average user will be safer without an AV app than with one. I mean even my ass was saved once or twice by an AV app, and I'm nowhere near the level of incompetence of the average soccer mom with browsing the net.

Sure there are some shitty antivirus software out there, I've seen fake antivirus as well. This is like advising SWAT to go in without bullet proof vests because they might slow them down because they're heavy.

Exactly, that's irresponsible reporting at its finest. Although if folks would stop using anti virus I would have to hire some more employees. hmmm, on second thought...

 

[DrLobotomy]

Another vote for Avira and a vote that this guy is taking the wrong meds.

 

[MrTryfe]

The issue with AVs is that they need to be complemented by another piece of software, such as MWB. They're painfully inadequate at dealing with zero day exploits. The AVs I've used seem to be weeks, and even months, behind in terms of whats out there in the wild.

 

[M76]

i've been on some sketchy parts of the internet and eset has kept me safe. They usually intercept an infection before it hits me and when it updates and is linked to the servers, the entire set of computers react to the latest AV update.

I've been against symantec,norton,AVG,avast. ESET really does what it claims to do and doesn't fuck me over.

One of the sites I visit from time to time is lacking in security and if not for AV I'd have walked right into that.

 

[GotNoRice]

I have to agree with the recommendation overall. Stuff like AVG used to be good but now it's among the worst bloatware, taking advantage of people's ignorance to scare them into subscribing or paying more money when it's actually the AV software that is slowing their computer down...

Windows Defender + manual scans using malwarebytes is enough for 98% of computer users.

 

[gigaxtreme1]

Don't forget adblock too. So many clickbait and popup sites out there.

 

[Mad Maxx]

I used ESET for a long time until my license expired, this month. Trying BitDefender and haven't had any issues. It caught a few things ESET missed.

 

[Lunas]

Yeah this guy might as well rolled his face on the keyboard for all that article was worth nothing but click bait when he should have said most av are turning into worthless garbage.

I tried avira a long time ago it was not good when I last used it and I found avast to be better but as of lately avast has been nortonizing their product.... A few more updates and avast will be garbage...

 

[viscountalpha]

I used ESET for a long time until my license expired, this month. Trying BitDefender and haven't had any issues. It caught a few things ESET missed.

What things did eset miss?

 

[AaronGant]

as someone who gets calls from anyone who knows me with their computer trouble, it's usually the person who didn't keep their AV installed or let the free trial of their new computer lapse who gives me a call when everything isn't working.

 

[Twisted Kidney]

So we should advise our dear relatives and laymen in general to forgo potential problems in favour of guaranteed problems?

Brilliant! I love fixing people's shit for free!

 

[BulletDust]

Avira is a great product as far as AV goes, light on resources yet actually appears to work. Personally, on my own machine I just use Windows Defender.

The issue I find with Antivirus isn't specifically the introduction of even more attack vectors, that I've never seen, it's the issues that arise when the AV literally takes over your PC. The number of times I've had issues installing software only to find that it was the AV that was at fault, and it's not enough just to disable it for an hour, that doesn't fully disable it - You have to physically stop the software from starting at boot in order to work around the issues.

The other issue with AV software is that a great deal of the time it's a major resource hog.

 

[illram]

I've been using Malwarebytes seemingly forever based on high recommendations a long time ago. Is it still decent?

 

[Ultima99]

Yeah this guy might as well rolled his face on the keyboard for all that article was worth nothing but click bait when he should have said most av are turning into worthless garbage.

I tried avira a long time ago it was not good when I last used it and I found avast to be better but as of lately avast has been nortonizing their product.... A few more updates and avast will be garbage...

I used to promote Avast but as you stated it has gone downhill so I looked for a replacement. In my research I found that Avira had seemed to be improving and it has been working well for those I've put on it.

As far as Eset goes they aren't at the very top for catching everything anymore, but they're still close with zero false positives on the last AV comparatives and fairly low resource usage.

 

[Ultima99]

I've been using Malwarebytes seemingly forever based on high recommendations a long time ago. Is it still decent?

Yes but it is still great, but I would say it is best used as a supplement to a primary AV program.

 

[BulletDust]

I've been using Malwarebytes seemingly forever based on high recommendations a long time ago. Is it still decent?

Malwarebytes is more of a malicious software scanner than a virus scanner, having said that it's still a great package, recently updated to a newer version and became even better. However after running Malwarebytes I always run an additional scan with another package just to be sure.

 

[illram]

Yeah I basically just spot test things here and there with it which is sort of the extent of my AV, aside from Windows Defender. I'm pretty boring these days when it comes to my online activities.

 

[SighTurtle]

stop using AV a few years ago, just keep Windows Security Essentials cause MS likes to push it with Windows Updates. I dont seem to have problems, so meh.

 

[madweazl]

If the user cant control where he/she roams, they may want to use an a/v. As for actual defense, they're absolutely useless.

 

[Krenum]

Stopped using that crap a years ago.

 

[Deleted member 245375]

Only thing I run is MSE for years now, nothing else. Every so often I'll do the following:

- a full system scan with TrendMicro HouseCall
- a full system scan with Eset's NOD32 Offline Scanner
- a full system scan with Avira
- a full system scan with MalwareBytes
- a full system scan with SpyBot
- a full system scan with HitmanPro

I do that basically every few weeks for the past oh, maybe 5 years, and to this day the only thing that's ever been discovered was a handful of tracking cookies. Now, one has to understand that as someone that's been "online" since the 1970s I do end up visiting some places "online" that the vast majority of folks would be better off not only avoiding but not even thinking about in most situations, and after all these years I've only had one actual virus infection (thank you Symantec, you bastards, for not releasing the virus signature that would have protected my system and instead held it off for 6 more days before pushing it with LiveUpdate, fuck you very much). While AV-Comparitives might not consider MSE worthy of their higher ratings, for me I can't find any holes in my system even when I manually test it with other products that do get high ratings from them so, I don't know what to make of all that except perhaps there's some kickbacks happening to get the high ratings which obviously translate to more sales for the AV software producers.

I can't speak for others but as Microsoft obviously knows more about Windows than anybody else ever could (and they don't ever let anyone see all the APIs fully) then I'm ok with using Microsoft Security Essentials (which is based on their ForeFront code used for enterprise clients but I think that's been discontinued at least in terms of the naming). Third-party tools can only guess at actually getting the job of protecting the OS correctly because of working with incomplete info, almost like playing poker, and none of them will ever truly be effective - you can't do much of anything about most exploits till they've been put into action anyway.

 

[M76]

If the user cant control where he/she roams, they may want to use an a/v. As for actual defense, they're absolutely useless.

Yes because you know before clicking on a site that it will be infected by a malware. Even large sites with good reputations can get hacked and a malware injected. You don't need to go to shady sites for that.

 

[serious]

Antiviruses are like condoms, you really should not wear them 24/7, and just because you wore them does not guarantee that you will be clean after being dirty.

 

[Chupachup]

While I am already way ahead of him, an ex-Firefox developer is reminding us how terrible antivirus software is and how you should uninstall it immediately. You can’t really argue with that; he notes that a lot of this software actually opens up new attack vectors, and their developers don’t even follow security practices. But he does point out that if you can’t sleep without having some kind of antivirus software running, it better be Windows Defender.

WTF!? And again, WTF!?!?

Umm... no! Simply put, there are a host of crappy AV/malware products out there. There are also some decent ones. Running no protection is like going to Haiti without your shots or a condom and Defender alone is about as useful as using a condom with a tear in it.

My Aunt, listens to her daughter and only runs manual scans (no active scanning) "every so often" and can't figure out why her computer is always slowing down, locking up and needing to be factory reset all the time. This after having the same problems through two desktops, three laptops and twenty years of me telling her she needs to enable active scanning and leave it enabled on whatever AV product was decent at the time.

She and I haven't talked much since I fixed her last laptop two years ago as I told her I wouldn't be wasting anymore of my time fixing preventable issues for free if she couldn't follow my advice. She called me a week later because her computer locked up "the same way" again. I told her it was going to cost her $35/hr for me to fix or she could tell the one (points at cousin) whose tech advice she keeps following to get it running again. I heard from my Mom a few days later, my Aunt bought a new laptop rather than get the other one taken care of.

In a house with my wife and two kids, using Avast on my game rig, laptop and four other systems, I have not had an infected system in over a decade. I've also had my parents listening to me, and with the exception that they're of the age they can't help but fall for certain click bait traps once every other month, their computers have been mostly virus free and running fine.

So, with those many years of practical experience on the homefront and many more spent supporting large scale corporate IT infrastructure as a profession, I'll say with certainty- You're a fool if you're NOT at least making a good effort to run some kind of AV product beyond the crap Microsoft provides.

But, hey! It'll be you, not me, squirming when your system gets as hosed a Tijuana hooker and your mates are left wondering why you can't make your weekly scrim match or raid night because you can't bear to tell them what you let happen- right?

 

[Ultima99]

Only thing I run is MSE for years now, nothing else. Every so often I'll do the following:

- a full system scan with TrendMicro HouseCall
- a full system scan with Eset's NOD32 Offline Scanner
- a full system scan with Avira
- a full system scan with MalwareBytes
- a full system scan with SpyBot
- a full system scan with HitmanPro

I do that basically every few weeks for the past oh, maybe 5 years, and to this day the only thing that's ever been discovered was a handful of tracking cookies. Now, one has to understand that as someone that's been "online" since the 1970s I do end up visiting some places "online" that the vast majority of folks would be better off not only avoiding but not even thinking about in most situations, and after all these years I've only had one actual virus infection (thank you Symantec, you bastards, for not releasing the virus signature that would have protected my system and instead held it off for 6 more days before pushing it with LiveUpdate, fuck you very much). While AV-Comparitives might not consider MSE worthy of their higher ratings, for me I can't find any holes in my system even when I manually test it with other products that do get high ratings from them so, I don't know what to make of all that except perhaps there's some kickbacks happening to get the high ratings which obviously translate to more sales for the AV software producers.

I can't speak for others but as Microsoft obviously knows more about Windows than anybody else ever could (and they don't ever let anyone see all the APIs fully) then I'm ok with using Microsoft Security Essentials (which is based on their ForeFront code used for enterprise clients but I think that's been discontinued at least in terms of the naming). Third-party tools can only guess at actually getting the job of protecting the OS correctly because of working with incomplete info, almost like playing poker, and none of them will ever truly be effective - you can't do much of anything about most exploits till they've been put into action anyway.

While you are generally correct, I'll take exception with some of it.

Microsoft has never been that great with security. Are they better than they were years ago? Absolutely.

About Microsoft knowing more about Windows than anyone. Yes, they have the source code that nobody else gets, but they didn't hire Mark Russinovich for no reason now did they?

 

[dvsman]

Browse the (offbeat) web on a non-admin account w/ java script blocker + Windows Defender + Malware Bytes Pro + Spybot S&D.

I also have Super AntiSpyware Pro running on a few machines (MWB is run non-resident on those).

So far, so good.

 

[M76]

Antiviruses are like condoms, you really should not wear them 24/7, and just because you wore them does not guarantee that you will be clean after being dirty.

Not really.
With the risk of repeating myself. Antivirus software are like bulletproof vests. You don't need them all the time, but you're fucked if you didn't wear them when you needed. And you don't know when you'll need it.

 

[ChefJeff789]

I must be imagining the times that Malware Bytes and Hitman pro have removed the malware from my relatives computers... I agree that bloatware AV is crap, but if you own a computer and don't know that, you're not exactly reading tech articles on the 'net either.

 

[blkt]

I use the free scanner/removal tool method combined with MalwareBytes and sometimes SpyBot.

Here's the free scanners that I use recently (I'm still clean, insert STD joke here):

Trend Micro HouseCall: http://housecall.trendmicro.com/
ESET NOD32 Online Scanner: http://download.eset.com/special/eos/esetonlinescanner_enu.exe
Kaspersky Virus Removal Tool: http://devbuilds.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe
Bitdefender: Browser Plug-in Scanner: https://www.bitdefender.com/scanner/online/free.html
Bitdefender: Free Antivirus with Real-time Protection (this one will do an install and you will create an account): https://www.bitdefender.com/solutions/free.html

But yeah, common sense helps too (what dvsman said with non-admin, script blockers, up-to-date flash/java if you must have those, disable unnecessary services, a real firewall configuration etc). Eliminate all PEBKAC issues and if you know some can't be avoided, configure the system accordingly.

 

[blkt]

This is some second level bullshit. There is no way in hell the average user will be safer without an AV app than with one. I mean even my ass was saved once or twice by an AV app, and I'm nowhere near the level of incompetence of the average soccer mom with browsing the net.

Sure there are some shitty antivirus software out there, I've seen fake antivirus as well. This is like advising SWAT to go in without bullet proof vests because they might slow them down because they're heavy.

But, we all run faster with our knife out!

 

[Meeho]

I've never had Eset Nod32 interfere with other software and it has always been light on resources. I see no reason to stop using it, even if I can't remember the last time I truly needed it (family members did, though). It's not worth the potential risk.

 

[Deleted member 126051]

Run with no AV but Windows Defender?

Yeah. Howsabout "fuck that noise".

 

[umeng2002]

I even disabled Windows 10 Defender with registry edits.

Up to date software + NoScript + Common Sense 2017 = good

 

[madweazl]

Yes because you know before clicking on a site that it will be infected by a malware. Even large sites with good reputations can get hacked and a malware injected. You don't need to go to shady sites for that.

Yawn...

Yes because you know before clicking on a site that it will be infected by a malware. Even large sites with good reputations can get hacked and a malware injected. You don't need to go to shady sites for that.

By the time your A/V has a signature, so does the host. If it makes you feel better, run one.

 

[scojer]

Don't forget adblock too. So many clickbait and popup sites out there.

Just make sure you whitelist this site!

 

[KarsusTG]

I think this is crap. A good paid AV like Bitdefender or ESET is far far better than nothing, especially when ran with Malwarebytes. That with Noscript, ghostery, adblock, and lastpass in your browser.