ANTIVIRUS-Yes or No?

Viewing 24 reply threads
  • Author
    Posts
    • #3290
      Xen
      Participant

      One of the most common question that I see in Security/Hacking forums is-Do I need an antivirus software?
      The only answer I have to this question is-YES you do.
      Regardless of whether you are a novice or a pro in the security field everyone needs an antivirus. Antivirus is obviously not your first line of defense (Firewalls are) but they are an integral part of your computer’s security.
      As a student for some time in malware removal courses I have seen and helped people who have been infected to the extent that they wouldn’t even able to connect to the internet or faced regular computer crashes.90% of them are users who click every random pop-up that comes their way or download cracked software uploaded on random websites but the remaining 10% are users think they don’t need any antivirus as they -according to them – know a lot about security and never click on pop-ups and test every software firstly on their virtual machines befor transferring it to their main desktop. But what these people forget is that antiviruses help in early detection of known malwares and a regular scan (I prefer one scan every fortnight) helps to check any subtle infection.

      Of course, antiviruses don’t help with every infection and with malwares like Antivirus 2007,8,9 series or cool web search you need specialized tools but antiviruses act as an external support to these tools and help in removal of remnants of these infections.

      The other question that users ask after you convince them to use an antivirus is – Which is the best antivirus?
      Well, there’s a very thin line between an average and a good antivirus. And this thin line is often the scanning speed than malware detection. Most of the antiviruses don’t have much difference in malware detection rate and like I earlier said antivirus softwares help in removal of small infections only, for some malwraes you need specialized tools. So, having any antivirus is better than having none.
      There are some good free ones like  Avast , AVG and Avira antivir (Avast is my preference) and excellent commercial ones like Esset NOD32 and Kaspersky (I’m hearing some good reviews for the latest Norton antivirus too). The choice of using a free or a commercial antivirus depends on the user. I personally don’t feel like spending my money over a commercial one if a free antivirus like Avast does almost the same job.

      Now that I’ve written so much about antiviruses I think I should advertise the importance of firewalls, anti-spywares and hosts files too (Though I’ll be writing a document on how to keep your computer safe in the coming days)

      Firewalls -like I earlier said- are your first line of defense. They keep most of the pop-ups and hackers away. Windows firewall is a very basic firewall (No hard feelings microsoft). For better security you need a good firewall. An excellent free one is Comodo Firewall. Zone alarm is also a very good firewall though I would rather go for it’s commercial one.

      I won’t dwell much in to anti-spyeares except giving links to some good ones. A combination of Spybot and a-squared is believed to be a good choice to go for. I personally use Spyware Terminator and never had any problems with it. There are also good commercial ones like Spyware doctor but I would rather choose a free one like the case in antivirus.

      Lastly I would advice you to have a good hsts file. I’m using MVPS hosts file  which is the best hosts file available today. It block all pop-ups and random advertisements.And again it’s free ;D If you don’t want to follow my advice on antivirus, firewalls and anti-spyware atleast go with the hosts file.

      Using a good anivirus, firewall, anti-spyware and hosts file(MVPS) -preferably all free- along with a little common sense is enough to keep you computer safe.

      And if you still get infected there’s an excellent group of forums from  ASAP which help users with their malware issues and also train users in malware removal- all for free! 😀

      Now I just want you people to share you opinions with the rest of the community or just tell me was this useful. Any reply is greatly appreciated=P

    • #21812
      Michael J. Conway
      Participant

      Thanks for the post, Xen. I’m a big fan of the free things in life and would much rather use a free solution the cough up the $50 bucks a year a subscription service seems to run any more.

      Is there a reason you did not mention a hardware firewall like that included in most home routers? I have found this to be a great help when I have scaned form the outside and there was only one outbound port open and I could not “see” the inside network. What are your thoughts on that?

    • #21813
      KrisTeason
      Participant

      The post is useful Xen, I’m going to look into that MVPS tool for my Windows boxes when I get the chance (you may want to fix that link when you get the chance too).  I’ll also second sgt_mjc in saying, being behind a router/NAT Device puts you at a more secure level, I personally feel safer when I’m behind a router that has been secured properly then being directly connected to the internet.

    • #21814
      Michael J. Conway
      Participant

      Unix/Linux also has a hosts file and can usually be found in /etc/hosts.

    • #21815
      KrisTeason
      Participant

      sgt_mjc thanks for the info. Going to have to look into that when I get the chance!

    • #21816
      _jon
      Participant

      Great post Xen. I personally use ESET NOD32 Smart Security. The built-in firewall isn’t exactly novice-friendly, but you can configure it to your liking. Personally, I don’t use commercial antivirus programs, but I gave this one a shot, and have found it to be excellent. (free plug for ESET, lol)

      I’ll give the MVPS hosts file a look soon, and I’ve chosen the built in firewall with ESET versus the hardware firewall that comes with most routers. There’s definitely some useful information to be found in here, whether you’re a novice like myself or an expert like some others, everyone can find a use for it.

    • #21817
      Xen
      Participant

      @sgt_mjc wrote:

      Is there a reason you did not mention a hardware firewall like that included in most home routers? I have found this to be a great help when I have scaned form the outside and there was only one outbound port open and I could not “see” the inside network. What are your thoughts on that?

      Frankly speaking I don’t have much basic knowledge about hardware firewalls than I have about the software. But now that you have raised the question I’ll learn more about them and edit my article in some days.

      @KrisTeason wrote:

      The post is useful Xen, I’m going to look into that MVPS tool for my Windows boxes when I get the chance (you may want to fix that link when you get the chance too). 

      Thanks Kris I have now edited the links and they are working now.

      Again, thanks all of you for taking the time to read it and for your comments

    • #21818
      Jhaddix
      Participant

      Anyone hear of a good free app whitelisting program (not the Win7 one)? At SANS Sec West i saw a very convincing demo of how whitelisting will be the way of the future 😉

    • #21819
      Stifler
      Participant

      Great post Xen! I couldn’t agree with you more, and thanks for the hosts file info; I learned something new!

      So anyways, I thought I’d share a bit more knowledge of my own that may be helpful to some people. I’ve never had any schooling on computers but I’ve been using them since EGA monitors, 286 processors, 4MB HD’s, 2400baud modems, DOS, and Quickmenu were the best on the market. For those of you who have no idea what I just said, that was before Microsoft Windows was put on the market. Quickmenu was the windows for that era. So if anything I say here is wrong or inaccurate, please, by all means, tell me so I can learn more.

      Just like Xen talked about, I can’t stress enough how important it is to have a firewall, antivirus, and antimalware suite setup on your computer, especially in this day and age. I personally go beyond just those three because I’m such a security nut who values the life of my machine.

      Now… While it’s good to have at least one of the three defenses I mentioned above, you should know that no program is going to find and block absolutely everything. Not even the high priced commercial stuff; however, you can come pretty close if you build the right suite with the right programs. I shall demonstrate shortly. But 1st you should know a couple important things.

      1st. It is not always good to run more than 1 firewall or antivirus at the same time unless you find the right ones or unless you know how to set your options to make them work together, but you will still have bugs in most cases. Running more than 1 at the same time causes them to conflict and leads to an unstable system and eventually a nice crash to freak you out.

      2nd. You can never have too much security.

      3rd. You can never have too many antimalware programs. Just don’t run them all at once or you will be asking for a crash. Only have a maximum of 2 running and make sure they work well together too! The rest should be ran manually and be sure to shut down the ones you leave running all the time before you do, just to be on the safe side, but this isn’t always required.

      Moving on… So here is a list of what I use and some info about them.

      ***ZoneAlarm Internet Security Suite*** (Paid)
      This is an all-in-one suite that contains an easy to use set of security apps all in the same app. It has a firewall with built in intrusion detection that will tell you detailed info about any and all intruders trying to access your system. It has an enhanced but still traditional antivirus. By traditional I mean that it relies on a definition file that scans for distinctive signatures of known threats and therefore has a harder time picking up on anything that has not yet been analyzed and given a signature. ZoneAlarm has it’s own antimalware scanner and a nifty application control feature that will tell you of all programs on your computer that try to access the internet, and gives you the option to block or allow. It also has identity theft protection with encryption that allows you to protect sensitive data such as passwords and any personal info you choose. It has gaming mode that lets you halt all popup messages during full screen gaming. And my favorite of all, the halt all internet traffic feature that you can manually turn on or set it to turn on when the screensaver comes on. So you don’t have to worry about intruders when you’re away from the computer when the option is on, nothing comes in or goes out. And like any good security app, it has all sorts of privacy settings to play with and make you say wow.

      ***BlackICE PC Protection, Intrusion Countermeasures*** (Paid)
      This is a very simple but powerful firewall that focuses primarily on intrusion detection and program control. You do have the option to disable the program control portion of it because trust me, it gets annoying when the program is so powerful that it even recognizes and tries to block itself from  launching some of its own features. And even more annoying when you have to keep clicking “allow” on startup items to let your computer load up when you turn it on. Since I have program control on ZoneAlarm, I have it turned off in BlackICE to avoid annoyances and conflicts. Zones is more intelligent and knows the difference between safe and dangerous programs that try to launch, and therefore gives you minimal annoyances. BlackICE just blocks everything until you tell it otherwise, which can be good in some situations. I use it for the intrusion detection though because like I said, no single program will detect everything, 2 is always better than 1 when they don’t conflict.

      ***PC Tools Threatfire*** (Free)
      This is an antivirus and antimalware program that may be ran alongside another antivirus program, it’s even recommended though not neccessary. This antivirus is unique from others in that it does not rely on definitions or signatures to detect viruses or malware. Instead, it scans using behavior based algorithms. Meaning that it will be 10 times more likely to find a new and unknown virus than a traditional signature based antivirus will, all based on how viruses behave. Cool huh? It also uses the same technique for malware scanning and it has a cool system monitor feature as well. I highly recommend this app to everyone.

      ***Malwarebytes’ Antimalware*** (Paid)
      The name says it all. This is a very powerful antimalware app that will pretty much find it all, including some legitimate things if you’re not careful with it. I use to use Spybot and Adaware but when I got this app, the other two quit finding stuff so I got rid of them.

      ***Trend Micro HijackThis*** (Free)
      This is the antimalware of all antimalware apps. It is definitely not for the novice user. I don’t really use this one very much because even I am not skilled enough to recognize what it tells me. But I keep it on hand because there are numerous forums where you can go for malware support and most of them ask you to install this app, run it, and show them the log file that it generates after it scans so that they can tell you how to fix your problem. It’s that good…

      ***Advanced Systemcare*** (Free)
      This app is more for cleaning and maintaining your system. It has it’s own disk defrag, junk remover, history and tracks cleaner, and even an antispyware/adware feature. This is the app that competes with System Mechanic, and I must say it’s a worthy competitor, especially for being free. Though it does have a paid version which unlocks some features that the free version doesn’t let you use. I use it for the cleanup and the antimalware so I care not about the pro features.

      ***Hide IP Platinum*** (Paid)
      I’ll go ahead and mention this one even though I’ll be replacing it because my subscription is expiring soon. This is another one where the name says it all. It hides your IP address when you’re online and changes it to a new IP through anonymous proxies. Basically it makes you invisible to other people or machines on the net so that you are extremely hard to find or trace, making it safer for you to surf the net and avoid hackers.

      ***Keyscrambler*** (Free)
      This is a keystroke encryptor. It encrypts every button you type over the net and it only loads up when you open your web browser. It delivers peace of mind when typing personal info over the net because only you (the sender) and the receiver can see what you are typing. Anyone who tries to intercept what you type only sees a lot of encryption. And it’s not worth them trying to decrypt it when there are millions of easier targets to move onto. Anyways, this is definitely a must have for all security nuts.

      ***McAfee Site Advisor*** (Free)
      This app is another must have for security nuts. It adds a little box to your toolbar in your web browser that changes between 4 colors when you visit sites or do searches. These colors represent the safety level of the website. Think of it as a traffic light with an extra color. Red for stop (dangerous site), yellow for caution (site has both good and bad contents), green for go (safe site), and gray for unknown or not tested yet. When doing searches on the major search engines, it puts a little icon beside every result and can you guess what they are? Yep, they are one of the 4 colors so you know which results are safe to click on. You can mouse over the icons to get a tiny window with some more info about the result too, very useful for the caution icons.

      _______________________________________

      So there you have it, that is my “build your own security suite” for this year.  I hope it will give some of you who are here for advice on security apps some good ideas on what to try. Now there’s one more sort of important thing for beginners and novices to know here. Security apps (specifically all-in-one suites and antivirus apps) eat up system resources and slow your machine down significantly. There is no getting around it, especially on machines with low RAM (like below 1gb RAM). But there are steps you can take to help compensate for some of that speed loss. Thus, I proudly introduce to you…

      ***Regcure*** (Paid)
      This app allows you to scan, detect, and fix registry errors safely and securely even if you have no idea what the registry is. It also scans for junk files, broken links, invalid paths, and startup errors. Out of all the registry cleaning apps I’ve tried over the last few years, this one does it’s job very well and in a timely fashion unlike most others. After running this app, you will gain back some of the speed you lost from installing security apps. If you have less than a gig of RAM you will notice a difference, more than a gig you probably won’t notice anything but rest assured that it still did it’s job.

      ***XP Smoker Pro*** (Paid)
      This app allows you to tweak various windows settings that will optimize your windows xp to run at it’s fastest. It will optimize everything from your CD drives to the internet, to your system core itself so that everything runs as fast as your hardware allows. Use extreme caution with this app though and make sure you set a restore point before using the program everytime so that you avoid possible headaches if you mess something up by mistake. Very powerful app and well worth it to gain more speed and performance.

      With the size of my security suite, it slowed me way down, these two apps alone put my systems speed back to it’s normal speed it had before installing all my security. The only apps I leave running at all times are the ZoneAlarm, BlackICE, Threatfire, and Hide IP. The rest I run manually on a regular basis, although most of the time when I’m not surfing the web, I usually unplug the internet and shut down all my security except BlackICE, so I can enjoy even faster than average performance speeds. It’s great for watching movies or playing games, or just messing around with whatever when I’m offline and unplugged.

      Ok this book needs to end sooner or later or I’ll set here and talk about security all day. This post is intended for the beginners and novices out there who want to learn a few basic tips. But I’d like an expert opinion on my suite selection if possible.

      Later all, hope this helps!

    • #21820
      Xen
      Participant

      A good read Stifler 🙂
      Nice you explained all of these tools and also gave warnings regarding some (Hijackthis). Hijackthis is definitely not a tool for beginners. You should have a proper training to use this tool and I gave the link of ASAP websites which provide free training.
      I see that you are using Threatfire. It’s an excellent tool and I have also used it for about an year but it takes a lot of system resources and makea the computer slow. Perhaps that’s the problem with you too.
      Keyscrambler is good and I have tried it. The free version of malwarebytes is also good and I have it on my system.(Didn’t feel like buying it ;))
      However I would just like to advice you not to use two firewalls( I see you are running both Zonealarm and Blackice). Just having any one of them is enough for your system.
      Besides that I also got to know about some tools I didn’t know before. ;D

      Thanks

    • #21821
      pibe86
      Participant

      do you recommend use any antivirus  if you use linux at home?

      i use ubuntu 8.10 64bits and  i just have “firestarter” as firewall and not antiviruses and  i thing using linux without antivirus i am a little safer than using windows with antivirus

      this post is for all O.S and just for windows?

    • #21822
      Michael J. Conway
      Participant

      I would definitely have an AV even with Linux. there are a few out there that say that because there are so many distros running diffrferent cores that you don’t need it, but it is still another layer of protection. I have Clam AV on my Ubuntu box and have been happy with it.

    • #21823
      Ne0
      Participant

      thanx for the posts Xen, i am keen on learning how this works and how do they contact there hosts for updates, and i have been keeping myself updated on those, most of the guys just instal the antivirus and start scanning, but * most of don’t configure it which makes antivirus a lazy goose it just scan’s the ongoing packets , like NAV needs a bit tweaks in his box or it wil make ur system a hell box, i have been using AVG which is free and had been no issues with it for more than a year,

      but presently i am bit worried abt the worm Confickr aka downadup which has already spread more than 10 million PC’s many users are not even aware of it that the worm has already been there there doors, and getting contantly updated from its hosts, most of the antivirus or spywares are not  catching this conficker as its signature gets changed each time, the best way to stop it is opendns, more info –> http://www.opendns.com/

    • #21824
      Xen
      Participant

      @pibe86 wrote:

      do you recommend use any antivirus  if you use linux at home?

      this post is for all O.S and just for windows?

      I would definitely go for an antivirus even with Linux too. Linux though has small no. of viruses dedicated to it but it’s still useful to have some antivirus scanners and run it just for once every week or fortnight.
      Avast has a Linux version too but just as sgt_mjc said I would go with Clam AV with ubuntu.

    • #21825
      Stifler
      Participant

      @Xen wrote:

      I see that you are using Threatfire. It’s an excellent tool and I have also used it for about an year but it takes a lot of system resources and makea the computer slow. Perhaps that’s the problem with you too.

      However I would just like to advice you not to use two firewalls( I see you are running both Zonealarm and Blackice). Just having any one of them is enough for your system.

      Yeah I did realize that threatfire was eating up the most resources, but regcure and xp smoker compensate for it pretty well with exception of a slower shutdown time when shutting the computer down or waiting for it to restart, but that’s a price I’m willing to pay for added security. 🙂

      The 2 firewalls aren’t really a problem since I shut off the program control in blackice. So now it’s more like half a firewall, so to speak. The intrusion detection in both programs work very well together without conflicts and both detect different things. Whatever Zone doesn’t detect, Blackice does and vice versa. I’ll admit that I had problems at 1st and it took me a while to figure them out before I finally got them both running stable together. But I see your concern and I thank you for it, most people will just let someone find out the hard way and keep their mouth shut.

      Since you guys are on the topic of Linux, I have a couple questions. I’ve never used Linux before but I hear good things about it, so my questions are… Is it free like I’ve heard? Can it be installed on a computer designed for windows? And if so, where can I get it?

    • #21826
      Xen
      Participant

      @Stifler wrote:

      Since you guys are on the topic of Linux, I have a couple questions. I’ve never used Linux before but I hear good things about it, so my questions are… Is it free like I’ve heard? Can it be installed on a computer designed for windows? And if so, where can I get it?

      Most of the Linux distributions are free. Linux is more a kernel from which various operating systems have been designed. Each of these OS is called a linux distribution. Currently there are hundreds of distributions-both free and commercial.
      You can gather more info. at
      http://en.wikipedia.org/wiki/Linux
      http://www.linux.org/

      You can get all the Linux distributions at
      http://distrowatch.com/

      Since you have never used Linux I suggest you start off with Ubuntu which is a free Linux distribution. It’s very easy to use.
      http://www.ubuntu.com/

      The download link is here:
      http://www.ubuntu.com/getubuntu/download

      It’s a 700 MB iso. If you have a slow internet there’s an option of torrent download on the page too.

      It can be used with windows. However you have to partition the disk before installing it. Here are some links to help you out.
      https://help.ubuntu.com/community/WindowsDualBoot

      If you have problems in dual booting you can install Linux on a virtual machine.
      http://cmsproducer.com/Ubuntu-Linux-Windows-VMware-Server
      http://www.psychocats.net/ubuntu/virtualbox

    • #21827
      timmedin
      Participant

      @Stifler wrote:

      2nd. You can never have too much security.

      Not to be pedantic, but there is a “too much”. A pair of scissors will give you perfect security from the internet (cut the cable), but there are always trade offs. Similarly, there is a trade off with AV on your host. The question is, are you willing to accept the risk is the question. If I have a box that I only use for gaming and AV slows it down, then I am not going to install AV since the loss would be low (no PII and nothing to lose). I am not saying that people shouldn’t use AV, just that sometimes it doesn’t warrant it.

      I don’t use it on *nix, but I do use it on Windows. I don’t use it on my nix computer since I browse differently on that box, I have no personal info on that box, and the common exploits for my platform are rare.

    • #21828
      Ne0
      Participant

      according to the top notch security researcher’s and network audit engineers’ and security manager’s they are opting for going restart of Internet from begining, as the sql injections, clickjacking, spywares, virus, spams, botnets, are having there own virtual net and spreading each and every second , most of them should be knowing that an unpatched windows is not safe more than 5 min of its connection with net
      means and unpatched windows machine gets effected within 5 min, and the thing to worry abt the restart of NET is , how safe is our data, info and how is the world going to cop with the new security standards….
      we just need to wait and watch

    • #21829
      timmedin
      Participant

      Ne0 I don’t see that happening. Legacy stuff never goes away. Go to your bank or the the airport and look at the terminals they use from 30+ years ago. While the look of the web may change, getting rid of old stuff is painful.

    • #21830
      dalepearson
      Participant

      My response isn’t particularly a specific AV related one. Although I do believe it is still worthwhile, as yes it won’t catch everything, but it will catch what it knows about and surely this is better than nothing.
      Moving forward we will see things moving more and more to heuristics and behavioural based, as opposed to signature, but it will always have its place.

      As with everything, and especially with security what tools you use, and the level of tooling will should depend on the risks and associated cost.
      It can be difficult to strike the right balance, but availability and usability is something I feel people often overlook, just focusing on the confidentiality and integrity aspects.

    • #21831
      Michael J. Conway
      Participant

      Ne0 and Tim,

      Both of you have a good points. The Internet was based on trust from the very start. That really wasn’t a problem when you network was just you stuff. As it grew, and became the Internet we all know and love today, that trust never really went away. Take SNMP, telnet, or ftp for example. These protocols do a good job for their roles and work well when trust is not an issue. Today, though trust is an issue and needs to be incorporated from the start. Unfortunately, as Tim mentioned, it’s a painful thing to do away with legacy apps. Look at the issues Vista have with backwards compatibility when it first rolled out. Older networking equipment may only support ftp or telnet rather than ssh.

      Yes an AV helps with protecting systems form malicious crap. No, it is not the end all be all of security. Until we figure out how to “trust” in a responsible manner, it is a measure of protection that we all should have.

    • #21832
      Ne0
      Participant

      thanks for both Sgt and Tim, i know gov are still dealing with old IT structure they are least botherd for upgrading it cause they just have time and money for investing in physical security , but todays war is no more physical its more over virtual, gov’s have there more trust on there physical security at border or in some other continent, but wht abt the VIRTUAL, they need to trust there IT guys too who have been pointing there fingers towards there machine or network, todays world is taken over by SPAM, SCAM, TROJAN, BOTS, BOTS have become more clever and more tough, top ppl who sit behind the table have to open op there minds rust of there old brains and think towards todays senario. lets cross our fingers…

    • #21833
      timmedin
      Participant

      Ne0, it isn’t just gov that has legacy systems. If there a 24 hours shop or a mission critical system it is nearly impossible to upgrade, especially as the size increases.

      I’ve worked on the operational side of things and the most imporatant peice to the business is uptime. There is always a tradeoff with security, and there should be. It is always about the cost/risk or cost/benefit balance.

    • #21834
      Michael J. Conway
      Participant

      Ne0,

      On the government side and business side of things, there is a tradeoff between security and functionality. It cost money to upgrade hardware/software. And then depending on the environment, it must go through testing to ensure that the upgrade doesn’t break anything. Of course if there is a legacy application, it would need to be rewritten. That too costs money. Most businesses and even government contracts have a finite amount of funds budgeted for their projects. Then of course there is the trade off for down time to actually do the upgrade to the production systems. This cost money for the upgrade itself and cost money in lost productivity while the system is down and training time for employees once the system is back up.

      Think of the switch people made going from XP to Vista or Office 2003 to 2007. Users had to learn how to do things over that they used to do without thinking about it. This is lost productivity. We live in an imperfect world and we can only do our bests with regards to security. That’s why we are needed. We are there to keep things from getting too bad and impacting the businesses we support.

    • #21835
      Ne0
      Participant

      Tim & Sgt
      i really agree with both of you , we are saying the same points here, the Main thing is Gov shoudnt be late in upgrading there systems, by the time they take a ahead the technology will be 3 steps ahead of them …..

Viewing 24 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?