Lazybit

Many years ago I decided I was not going to use an antivirus for my computer. My friends and colleagues find this unbelievable, but they are more surprised when I tell them that throughout the years this decision never came back to haunt me.

The #1 reason was to get rid of the performance penalties that are an obvious consequence of an antivirus that runs in the background and checks all the files that are being accessed. The second reason was that [at that time] I did not have a permanent Internet connection, so I was always sure that I never had the most recent updates. In other words, I was aware of the fact that my antivirus would probably miss a threat or two. In those circumstances it was obvious that

• I have to live with permanent performance issues;
• And in spite of that, there is a great chance I'll get infected anyway.

Naturally, I decided to remove the antivirus. This sounds like a crazy decision, but it is not, if you analyze the problem. Think about the sources from which viruses come:

• Emails with attachments
• Things you copy from CDs, DVDs or USB flash drives when you exchange data with friends
• Files downloaded from Internet sites
• Source-X (you'll find out below)

Now, let's deal with each item:

Email - this is not a real threat, as long as you follow some basic rules:

• Don't run programs that came in attachments;
• If the attachment comes from a trusted person; either ask them if they really sent that file, or simply ignore the email because (see below)
• Normally people don't send programs (EXE files) via email. Usually we exchange photos, documents, movies... why would we suddenly change the pattern and send a program?

Files copied from various media - the same logic applies: photos, movies and texts are not executable files, hence they pose no harm. If the CD or DVD is from a store, then we can trust the vendor made sure there are no infected files there. If it comes from an unreliable source, then try to obtain the same file from a trusted one.

Files downloaded from various web-sites are the ones more likely to be harmful, especially if they come from P2P networks like eDonkey or Kazaa. As in the previous case, you are pretty safe if you ignore EXE files and only use the .mp3 or .avi ones - they are not executable programs, so they can't cause trouble. (Note, if you're the "download stuff off P2P networks" type, you might find PD FileMove useful)

As you can see above, most of the times you can get away by simply taking a look at the type of the file and making sure it is not a EXE. An antivirus is not needed for that, all you need is to think for a second before double-clicking a file.

Now, what if you received a file from a friend, and they confirmed they really sent it, so it's supposed to be safe... but your defensive instincts tell you that the file might be harmful, what then? The solution is to use an antivirus which is not resident, i.e. it does not permanently reside in the computer's memory and you only use it when you think you need it.

I do have an antivirus on my computer, a free program called ClamWin. If my "psychic virus detection" skills are not convincing enough, I can right-click the suspect file and scan it:

Knowing that I can do this, gives me the psychological comfort of feeling protected. But here's the funny thing - in no less than 5 years of not using an antivirus, I used this option no more than 10 times. Each time I used it, the antivirus confirmed that the suspect file was indeed malicious - but I was able to determine that myself just by analyzing the file (its name, extension, size, the date it was created).

In other words, I have empirical evidence that life without an antivirus is not only possible, but also very successful. Of course, this requires rather advanced computer-oriented thinking (not everyone can guess that a file is a spyware program just by looking at it), but even this has a simple solution - don't mess with unknown EXEcutable files.

This story would be incomplete, and misleading, if I didn't mention that I am using a firewall, and I am pretty sure that my firewall is the second most important layer of defense (the first one being my intuition; the term 'intuition' is not very good, but discussing its appropriateness is beyond the scope of this story).

This occurred to me in the days of MSBlast, when many people suddenly found themselves with a "System is shutting down in X seconds" message on the screen. That's when I learned that threats don't necessarily come in the form of a EXE file which I must run; an unprotected system with known vulnerabilities can easily become the target of an attack. Afterwards files can be run on the system without my permission, so I can get infected. The obvious conclusion is that there is another source of threats - network connections (this is what "Source-X" referred to). And the other obvious conclusion is that I needed a firewall. Nowadays Windows comes with a built-in firewall, so we've got this attack vector taken care of. Note that this firewall does not monitor outbound connections, and is not very flexible, but choosing a perfect firewall is beyond the scope of this story.

Finally, there is another layer of defense, the one which never fails, the one that gives me the greatest psychological comfort (i.e. if everything else lets me down, I can be 100% I am not totally lost). What I'm talking about, is Disk Firewall. The defensive strategy is simple and very easy to implement:

1. Separate system files from your personal files (see the 4th message in the forum thread);
2. Store your personal data in a virtual encrypted disk, restricting access to the data using Disk Firewall and a list of trusted applications.

In this case, even if your system was compromised, you can be sure that your data are absolutely intact. Moreover, if you've implemented the 'separate system from personal data' approach - restoring your system to a stable state is "one-two-threasy" :-)

Conclusions

• Life without an antivirus is possible;
• Most of the security threats can be dealt with by simply being attentive to details;
• If you insist on having an antivirus (which you will rarely use), why pay when there is a free alternative?
• If your antivirus program comes with a built-in firewall, perhaps you can make your system faster by leaving only the firewall enabled, disabling the resident scanner and manually scanning files that you think are suspect;

Secondary conclusions

• I save money because I don't pay for an antivirus, nor I pay for updates;
• I never complain about my system being painfully slow (unlike some of my colleagues, who are so well-protected that they can't even use their computers for any real-world tasks, other than watching progress bars ;-)