Lazybit

Behind every easy solution stands a great mind's effort
 
« Are better password recovery mechanisms really better?Password Carrier 2.04 release notes »

Why I don't use an antivirus

Why I don't use an antivirus

Many years ago I decided I was not going to use an antivirus for my computer. My friends and colleagues find this unbelievable, but they are more surprised when I tell them that throughout the years this decision never came back to haunt me.

The #1 reason was to get rid of the performance penalties that are an obvious consequence of an antivirus that runs in the background and checks all the files that are being accessed. The second reason was that [at that time] I did not have a permanent Internet connection, so I was always sure that I never had the most recent updates. In other words, I was aware of the fact that my antivirus would probably miss a threat or two. In those circumstances it was obvious that

  • I have to live with permanent performance issues;
  • And in spite of that, there is a great chance I'll get infected anyway.

Naturally, I decided to remove the antivirus. This sounds like a crazy decision, but it is not, if you analyze the problem. Think about the sources from which viruses come:

  • Emails with attachments
  • Things you copy from CDs, DVDs or USB flash drives when you exchange data with friends
  • Files downloaded from Internet sites
  • Source-X (you'll find out below)

Now, let's deal with each item:

Email - this is not a real threat, as long as you follow some basic rules:

  • Don't run programs that came in attachments;
  • If the attachment comes from a trusted person; either ask them if they really sent that file, or simply ignore the email because (see below)
  • Normally people don't send programs (EXE files) via email. Usually we exchange photos, documents, movies... why would we suddenly change the pattern and send a program?

Files copied from various media - the same logic applies: photos, movies and texts are not executable files, hence they pose no harm. If the CD or DVD is from a store, then we can trust the vendor made sure there are no infected files there. If it comes from an unreliable source, then try to obtain the same file from a trusted one.

Files downloaded from various web-sites are the ones more likely to be harmful, especially if they come from P2P networks like eDonkey or Kazaa. As in the previous case, you are pretty safe if you ignore EXE files and only use the .mp3 or .avi ones - they are not executable programs, so they can't cause trouble. (Note, if you're the "download stuff off P2P networks" type, you might find PD FileMove useful)

As you can see above, most of the times you can get away by simply taking a look at the type of the file and making sure it is not a EXE. An antivirus is not needed for that, all you need is to think for a second before double-clicking a file.

Now, what if you received a file from a friend, and they confirmed they really sent it, so it's supposed to be safe... but your defensive instincts tell you that the file might be harmful, what then? The solution is to use an antivirus which is not resident, i.e. it does not permanently reside in the computer's memory and you only use it when you think you need it.

I do have an antivirus on my computer, a free program called ClamWin. If my "psychic virus detection" skills are not convincing enough, I can right-click the suspect file and scan it:

clamwin-scan

Knowing that I can do this, gives me the psychological comfort of feeling protected. But here's the funny thing - in no less than 5 years of not using an antivirus, I used this option no more than 10 times. Each time I used it, the antivirus confirmed that the suspect file was indeed malicious - but I was able to determine that myself just by analyzing the file (its name, extension, size, the date it was created).

In other words, I have empirical evidence that life without an antivirus is not only possible, but also very successful. Of course, this requires rather advanced computer-oriented thinking (not everyone can guess that a file is a spyware program just by looking at it), but even this has a simple solution - don't mess with unknown EXEcutable files.

This story would be incomplete, and misleading, if I didn't mention that I am using a firewall, and I am pretty sure that my firewall is the second most important layer of defense (the first one being my intuition; the term 'intuition' is not very good, but discussing its appropriateness is beyond the scope of this story).

This occurred to me in the days of MSBlast, when many people suddenly found themselves with a "System is shutting down in X seconds" message on the screen. That's when I learned that threats don't necessarily come in the form of a EXE file which I must run; an unprotected system with known vulnerabilities can easily become the target of an attack. Afterwards files can be run on the system without my permission, so I can get infected. The obvious conclusion is that there is another source of threats - network connections (this is what "Source-X" referred to). And the other obvious conclusion is that I needed a firewall. Nowadays Windows comes with a built-in firewall, so we've got this attack vector taken care of. Note that this firewall does not monitor outbound connections, and is not very flexible, but choosing a perfect firewall is beyond the scope of this story.

Finally, there is another layer of defense, the one which never fails, the one that gives me the greatest psychological comfort (i.e. if everything else lets me down, I can be 100% I am not totally lost). What I'm talking about, is Disk Firewall. The defensive strategy is simple and very easy to implement:

  1. Separate system files from your personal files (see the 4th message in the forum thread);
  2. Store your personal data in a virtual encrypted disk, restricting access to the data using Disk Firewall and a list of trusted applications.

In this case, even if your system was compromised, you can be sure that your data are absolutely intact. Moreover, if you've implemented the 'separate system from personal data' approach - restoring your system to a stable state is "one-two-threasy" :-)

Conclusions

  • Life without an antivirus is possible;
  • Most of the security threats can be dealt with by simply being attentive to details;
  • If you insist on having an antivirus (which you will rarely use), why pay when there is a free alternative?
  • If your antivirus program comes with a built-in firewall, perhaps you can make your system faster by leaving only the firewall enabled, disabling the resident scanner and manually scanning files that you think are suspect;

Secondary conclusions

  • I save money because I don't pay for an antivirus, nor I pay for updates;
  • I never complain about my system being painfully slow (unlike some of my colleagues, who are so well-protected that they can't even use their computers for any real-world tasks, other than watching progress bars ;-)
Share/Save/Bookmark
Tags: antivirus, security
PermalinkPermalinkCategories: Support highlights27 comments »

27 comments

Comment from: P Daddy [Visitor] Email
I haven't use any antivirus for over five years now. I four computers and their on line all the time. The proformance hit is a waste of time for something that isn't needed. But still so many people are conned into using antivirus protection.
2007-08-12 @ 11:20
Comment from: gettowar [Visitor] Email
great article...to bad i dont have that "intuition" developed in me. I still put my trust in the anti virus even though it slows my computer
2007-10-24 @ 20:52
Comment from: Anti-Antivirus [Visitor] Email
Amen to good article.My computers online all the time and I don't use anti-virus either- and I'v done some messing about with questionable files/programs. I had one virus in a year- a quick restore solved that. I watch friends+family have trouble with antivirus- install/reinstall, its blocking their programs, slowing down the machine, etc, etc. However a lot of computer stores, techs, etc., promote it because they are affiliates, and get a small chunk of the sale.
2007-12-10 @ 18:08
Comment from: Danial [Visitor] Email · http://www.dollardaysplus
I agree with much of what you say but
I use an adaware program and I rarely
have any problems not using a firewall and
and an antivirus program but I do use
alot of prompts so I am warned if some
thing unusual pops up I say yes or
no whether to accept it or not! a
computer repair guy told me I should
atleast Non-resident Antivirus that's
happens to be what I'm looking for
is clamwin a good program or does it
mess with emails? I often get product pictures attachments in my emails

in my email
2008-01-14 @ 19:03
Comment from: Alex [Member]
Clamwin is a good choice, it integrates into the context-menu and it will only scan what you tell it to scan (as shown on the screenshot). When you install it, there is a checkbox that allows you to choose whether you need "Outlook integration" or not. I disabled that, not only that I don't use Outlook, but I just don't want anyone/anything to mess with my email. I'm smart enough not to run attachments that came from a questionable source.

Finally, pictures are pictures, not programs; so I really don't understand why people want an antivirus to scan their email. I'd rather invest into a good spam-filter and nail two problems in a move (as most viruses come with spam email, at least in my case).
2008-01-14 @ 21:34
Comment from: Mark [Visitor]
I haven't used one for years either. I keep system and data files on 2 different drives also, and have backup images using Acronis TrueImage. Even if I try a questionable downloaded program, and it's a very bad virus, all I have to do is restore my system including the mbr using the image. It's pretty bulletproof. I used norton a long time ago but the time spend hasseling with it was worse than a virus! About half of torrents are virus-infected....
2008-08-10 @ 04:03
Comment from: Nate [Visitor] · http://www.UnrealProductions.weebly.com
You are a fucking idiot.
Simple things like Internet Explorers ActiveX, usually something you would think you need, can contain a virus.

And sometimes it can be accidental... Its always good to have an anti virus making sure you didnt.
2008-11-08 @ 21:58
Comment from: Bob Dobbs [Visitor]
Back when I first started using the Internet I got an Antivirus package. I thought it was something you had to do. Then, one day, I got a virus. The AV didn't spot it, but my intuition told me it was a bad file. I trusted the AV, and I suffered for it.

It was a real wake-up call.

I abandoned AV software forever after that. It was 10 years ago. I've never had another virus.

Granted, this may not be for everybody, but for a techhead of even moderate knowledge it's a surefire defense.
2008-12-02 @ 03:32
Comment from: Bob Dobbs [Visitor]
Nate:

Clearly you need AV because you haven't the sense to abandon Internet Exploder.
2008-12-02 @ 03:35
Comment from: Alan [Visitor]
Same here. Never used anti-virus and never will. It's not necessary for the experienced. I have taken the time to setup my PCs to store all user data on a network drive which makes automatic backups. Each PC simply has the OS and some programs installed. Keep an image of the hard drive. Get a virus, simply restore the image and you are back in business in less than 30 minutes. Maybe another 10 to get the latest updates from the time the image was cut.
2008-12-17 @ 17:35
Comment from: Alexander Ewering [Visitor] Email · http://www.instinctive.de
While I completely agree with the general attitude not to use anti-virus software and instead using common sense, I must warn you that pretty much any filetype can contain executable code (which is also executed if appropriately crafted). There have always been various programming errors in stuff like JPEG decoders, MP3 decoders etc. that would make these programs EXECUTE stuff in a JPEG instead of displaying it (just an example).

So, yes, opening a JPEG in an attachment (or merely the E-Mail which embeds the JPEG) can cause you harm.
2009-04-06 @ 15:54
Comment from: Daniel C. [Visitor]
I use the exact same strategy. In many years, the only time it has failed me was when someone passed me a pendrive with a malicious autorun. Not that it was a big problem - if you have an image of your clean system and a disk for your personal data, getting rid of a virus is faster than running the antivirus' check.
2009-04-17 @ 03:23
Comment from: Edith B. Taylor [Visitor]
I also stopped using anti-virus (after an anti-virus update screwed up my computer and ruined my gaming time); for me the choice to stop using them was an easy one. Realized that I didn't need anti-virus because I surf safely in the first place. I exercise some common sense about opening files or going to certain websites.
2009-05-14 @ 22:34
Comment from: Matt [Visitor] · http://www.bebo.com/106Owner
I used anti-virus for a year when i first got Windows 98, and after that decided it brought the computer to a crawl, and i haven't used anti-virus since, except once when someone used my comp and didnt practice safe computing. If you are an adequate user, you should find life without Anti-Virus a delight! Your system can realise it's specs, the HDD LED doesnt constantly flash, it won't utilize 100% cpu as often, and best of all, it won't keep giving you stupid ass pop up windows (COUGH NORTON). Simple, just be observant with what files you download and you should be perfectly fine, if not, i keep my documents on a seperate partition, so i can always restore the OS if need be. I don't need AV as i restore my system every 3 months anyway as windows can get slower and slower in time. Just remember to practise safe computing and look out for anything suspicious.
2009-07-22 @ 01:35
Comment from: IMP1953 [Visitor] · http://www.facilita.co.uk
I stopped using AV a couple of years ago on my 2 home and several work computers and have never had a problem. If you are sensible about what you run you are highly unlikely to have a problem.

Since the beginning of PCs I have ony had one virus and then the AV didn't find it. A work and home we are always being a firewall. We have many servers and test PCs always on at work and have never had a problem.
2009-08-01 @ 21:37
Comment from: Eddie [Visitor]
I have not used antivirus for years as well, very good article.

People think I'm crazy or that I really don't know a s%%%t about computers when I tell them I don't use antivirus, really!

I like the thrill actually... Makes me feel like a badass guy. LOL
2009-08-13 @ 22:14
Comment from: Dean [Visitor]
Same here. My firewall has kept me protected from viruses that roam the net, when my PC misbehaves I always check the running Processes for dodgy files, I don't open EXEs from anywhere that I am unfamiliar with, and life has been a pleasure. Not one virus, bug, or odd infection has plagued me, and I am convinced antivirus software prices are a tax on people that don't know how to browse the web intelligently.
2009-08-18 @ 11:48
Comment from: Ryan [Visitor] Email
I just use 2 computers. The crappy one on the internet and the good one not on the internet. The connected computer only has the OS and Firefox. My downloaded stuff (movies, games, music, e books), I scan for viruses then transfer to my good PC via USB hard-drive. This way all my stuff is safe and sound and if my internet PC gets infected I just reinstall the OS, Which has never happened, ever. I like this system because I can be as frivolous as I want with no worries because all my stuff is on another machine. Is this dumb?
2009-09-05 @ 14:31
Comment from: smythrj [Visitor]
For all those thinking they don't have a virus because they can't see it.
Keyloggers, rootkits and the serious virus', the ones that setup botnets and DDoS you wont know about till the federales are confiscating your PC cause its been spamming google.

Just cause you cant see it doesn't mean its not there.
2009-10-05 @ 08:21
Comment from: Alex [Member] · http://www.dekart.com/
Smythrj, you bring a good point, but I must say that it doesn't mean that a consequence of that should be the installation of a cumbersome antivirus that can convert a modern system into a turtle.

The article advocates the use of common sense - which is a 100% positive thing to do.

"Just cause you cant see it doesn't mean its not there."
Nor does it mean that it is there. Using the same logic one could argue that god exists simply because we don't see him/her/it.


Alexander Ewering, you bring a very good point. You wrote yourself that the problem is in the software that is not handling the data correctly. It is a matter of software design - those who write programs that naively assume that they receive "good" input will eventually get what they deserve.

So the morale of the story is that people should be picky about the programs they use.

Nate, as another reader pointed out, you shouldn't be using Internet Explorer in the first place. But even if you do, the installation of an ActiveX component requires human intervention - you have to click on "yes, install it". Clicking on things without reading about them is stupid, but a minimal dose of common sense cures that.
2009-10-07 @ 19:31
Comment from: Frostbite [Visitor]
I haven't used it in over 5 years myself either. I just did my once a year scan and found 35 "infected" files which just turned out to be modified cheat engines I use. I don't really have a need for antivirus, ever since the update back in XP that added a mandatory firewall I haven't had any issues. Also helps to have a router.
2009-10-31 @ 03:43
Comment from: Wizard Prang [Visitor] · http://www.wizardprang.com
Lots of good info here (even you, Nate);

In the past, I have used AVG Free, though I use Firefox w/NoScript for most of my surfing.

Those who are disciplined with where they go and what they allow on their machine can manage with an AV; for those who can't control their surfing habits, a dualboot with Linux might be a good idea.

I've started using Microsoft Security Essentials, which is free, and doesn't seem to have an appreciable effect on machine speed.
2009-11-25 @ 16:18
Comment from: fromusofa [Visitor]
I 've never used any antivirus or any other type of security software...nor I have any firewall(hardware or software) installed on my computer..and no automatic updates, no indexing, no bullshit, no unnecessary services or programs running in the backgroun that I don't regularly use ...I just load core OS, an internet browser snd classic media player...and just read my emails, news, watch few videos...including porn and that's it. never had any trouble but if things ever go wrong I can just re image the machine in few mins and I am back online again...so why bother with rest of bullshit....my machine is ready to browse the web in less than 30 secs after turning it on and when I shutdown it gets turned off in 10 secs or less....bye bye.
2010-03-05 @ 11:34
Comment from: sdfsd [Visitor]
There are plenty of free anti-virus programs, and they're not all bloated and slow like Norton.

Avast for example is effective, free and relatively light weight.
2010-05-28 @ 15:05
Comment from: ron smith [Visitor]
I had a lecture I gave all of my CAD/CAM students about viruses. I had them bring the wort baddest most nasty thing the could find and put it on a CD. They about flipped when I put all of those files in a folder marked "do not execute". At the end of the semester I deleted the folder and ran an antivirus scan. Of course nothing.
The above article is a very good piece and it should be mandatory for sisters and mothers who freak over such things like ten year olds.
The only thing I would add to the article is a bit on Norton Ghost, which should you make a mistake and get infected, has daily recovery points by which you can go back to some period that was known to be clean and then "completely" rebuild everything bit by bit without any interference from Microsoft.
2010-06-01 @ 02:47
Comment from: Jose Manuel - [Visitor] · http://www.irisel.com
Agree 100% with what you say.
I work on IT since 95 and never used AV, they are "worse than viruses", because freeze the system when you most need it :) round-the-clock.
Despite all precautions, just browsing "untrusted" sites, eventually my computer gets infected. I notice this pretty quickly because the system runs slowly, then I use task manager to identify the process and autoruns to analyze the programs started automatically and that's it.
2010-06-20 @ 02:03
Comment from: mobile phone [Visitor]
Yea I have never had a anti virus. Actually because i couldnt afford it (I didnt know about free ones) and I got sick of all the updates and popups from the antivirus free try that came with my computer. So far my computer runs better than my husbands breand new laptop whch has anti virus software on it. That and you can go on the internet and read mail on your phone and those dont have antivirus software.
2010-06-25 @ 22:47

Leave a comment


Your email address will not be revealed on this site.
(Line breaks become <br />)
(Name, email & website)
(Allow users to contact you through a message form (your email will not be revealed.)

You should get it for less

PC/SC compliant smart card reader, compatible with SIM and USIM cards (2G, 3G), as well as CDMA and Nextel cards PC/SC smart card reader + SIM Manager 2
List price: $39
Price: $35.10
You save: 10%

Shipping worldwide

Buy SIM card reader with a discount

Categories

Search




Reading material

Recent comments

Tags

2g 3g address book admin administrator authentication backup beta bsod cdma clone data domain employment encryption file system fingerprint google contacts gsm internet keeper linux logon mobile office password password carrier phone portability portable privacy private disk reader release reverse engineering ruim security seven sim sim card sim manager smart card software tips token troubleshooting usim vista windows wiping

Subscribe

What is RSS?

powered by b2evolution free blog software