Who here uses AV or similar?

[FireXtol]

So how many people use installed anti-malware, registry cleaners, or similar? Do you think these are necessary?

I haven't had any AV(or 'cleaners') installed for over a decade. I use online scanners(mainly jotti) occasionally and that's it.

AFAIK I've only gotten one infection in that time, and I'm fairly certain it came from using FireFox(vulnerability, remote), so I uninstalled it. I was easily able to identify the malware, as it basically maxed CPU usage and also spiked network traffic(afaik it was a SPAM trojan). Unlocker assistant easily deleted the file. Problem solved. Only use Opera now.

What vectors are you most concerned about? Vulnerable/exploitable software, manual execution, protecting your system from other potentially naive users(children, spouse, friends), or perhaps something else?

My basic "detection routine": Open task manager, sort by descending CPU Time(another good one is page faults), and go down the list. If it's not using CPU then it's likely not doing much of anything, and likely isn't malware.

I suppose the closest app I use is Secunia PSI, which is a great way to get an overview of what apps need updating(or uninstalling) on the system.

[oceanebelle]

Microsoft Security Essentials ftw.

[mendhak]

I haven't had any AV(or 'cleaners') installed for over a decade.

That's because you're probably using the ultimate defense - "common sense".

[Shaggy Hiker]

I am seeing lots of security spoof things popping up, of late. They seem to show up tied to any site (even this one), and on any computer. It seems to be the attack of choice these days, and they are getting pretty close to actual alerts.

[TheBigB]

I run avast with pretty much only the file system shield.
Don't even notice it's running.

[chris128]

I havent used any AntiVirus etc for the last few years and have never had any problems... until about a week ago. It was my own fault, I was on some dodgy websites but I was quite surprised it managed to just dump a load of executables to my PC without me having a choice - I went onto one page and suddenly got a ton of UAC prompts and each time I clicked no it just re-prompted me so I pulled the power from the PC and rebooted it thinking that nothing had actually managed to install but when I logged in I got one of those stupid fake anti virus programs appear. Only took me a few minutes to get rid of it all but I felt a bit stupid for having got it in the first place

[Icyculyr]

I don't use anti-virus on OSX or Windows XP, Vista, or 7, no issues so far.

[akhileshbc]

I use Kaspersky Internet Security 2010.

[akhileshbc]

I don't use anti-virus on OSX or Windows XP, Vista, or 7, no issues so far.

I bet there'll be atleast a single virus in your PC. Try a quick scan with any available tools

[chris128]

I bet there'll be atleast a single virus in your PC. Try a quick scan with any available tools

I dunno, if you are sensible its quite easy to avoid viruses. I scanned my PC with a couple of different AVs about 2 months ago (this is after having had the PC for about a year with no AV on) and they didn't find a thing.

[chris128]

AFAIK I've only gotten one infection in that time, and I'm fairly certain it came from using FireFox(vulnerability, remote), so I uninstalled it. I was easily able to identify the malware, as it basically maxed CPU usage and also spiked network traffic(afaik it was a SPAM trojan). Unlocker assistant easily deleted the file. Problem solved. Only use Opera now.

I dont think Opera is particularly secure to be honest - I love it as a browser and use it all the time, but that is what I was using when I got that malware I mentioned in my previous post the other day.

[Icyculyr]

I bet there'll be atleast a single virus in your PC. Try a quick scan with any available tools

Nah, their won't be. XP isn't currently connected to the internet (development machine), nor did I really browse the web, or download much. Vista is, but wasn't for a long time, I also don't download much on it either. Windows 7 wouldn't likely have any viruses, although, I do download many games and applications like GPU-Z, CPU-Z, etc.

I never browse the web anywhere even slightly suspicious or dangerous.

[akhileshbc]

I dunno, if you are sensible its quite easy to avoid viruses. I scanned my PC with a couple of different AVs about 2 months ago (this is after having had the PC for about a year with no AV on) and they didn't find a thing.

Nah, their won't be. XP isn't currently connected to the internet (development machine), nor did I really browse the web, or download much. Vista is, but wasn't for a long time, I also don't download much on it either. Windows 7 wouldn't likely have any viruses, although, I do download many games and applications like GPU-Z, CPU-Z, etc.

I never browse the web anywhere even slightly suspicious or dangerous.

That's interesting...

Do you guys have any tips/tricks for keeping my PC virus free, even without any AV installed ?

[kregg]

That's interesting...

Do you guys have any tips/tricks for keeping my PC virus free, even without any AV installed ?

• If you happen to be visiting dodgy websites, look carefully. Some try to mask the real downloads with a big obnoxious button which will just end up redirecting you to a site which will try its best to either download virus/trojan/malware/etc, or just try to exploit weaknesses in your browser. Some don't even offer you the choice of downloading said dodgy stuff
• Only visit sites you are 80-100% sure that you can trust. Anything on that site you can't trust, don't click, not even for curiosity sakes.
• If you use social networking sites, instant messaging programs, email, or any way to communicate to others that allow embedding links into messages, be careful when receiving messages from friends whom you've never met before, especially when they ask you to go to a website for some reason. It doesn't matter the reason, just don't go.
• With email, don't download attachments you aren't sure about.
• If you want to download a program someone has suggested, but doubt its intentions, look around the internet for reviews of that software. If search results keep coming back with bleak looking results (e.g. majority talking about the program being a potential trojan, etc), just don't touch.
• Keep browsers up to date. Google Chrome is pretty good with this since the browser auto-updates in Windows, but some people see that as a nuisance (me included)
• If you are used to using pirated software, consider getting into opensource software. Most of the time they do pretty much the same thing. The massive upside to this is the code is out in the open, so any malicious intent can be immediately open to scrutiny. Sure, it lacks the spit and polish of proprietrary software, but that's the consequence of getting software written by a community of hobbyists programming in their spare time. Another alternative would be to just buy the damned software.

That's all I can think of at the moment.

[akhileshbc]

Thanks kregg...

[TheBigB]

My best advice is don't use IE.

[FireXtol]

I dont think Opera is particularly secure to be honest - I love it as a browser and use it all the time, but that is what I was using when I got that malware I mentioned in my previous post the other day.

Opera is easily one of the most secure browsers. It's also the world's fastest browser according to numerous meaningful benchmarks, and also extremely feature rich while not feeling bloated. And the customization-potential for a 'mainstream' browser is unmatched. In my mind no other browser even compares(I'd say overall, FireFox is easily number 2). You also have to understand that it allows unsecure programs(plugins) to run like every other browser(Flash, WMP, Java, etc... come to mind).

Opera, realistically, is simply not a target. Even if it had the most known vulnerabilities(it doesn't! FireFox, Safari, and IE are battling for that title), there's little motivation for targeting it. Opera is extremely quick to fix any holes. They truly shame the 'big names' in their responsiveness to potential issues.

When I got malware from FireFox it was still at version 2.5(which was the latest at the time). Even now that version(2.x) has at least 3 unpatched vulnerabilties.

All 'current' versions of IE(6,7,8) have unpatched vulnerabilities, as does the current(and older) version of Safari.

Basically, it doesn't matter how secure the browser is when it runs insecure plug-ins. Chrome might be fast and secure, but it's feature-lacking(anemically so for version 5.x now! Compensating for something, Google?).

My main concern for attack vector is clearly running secure software(especially the browser).

[FireXtol]

Do you guys have any tips/tricks for keeping my PC virus free, even without any AV installed ?

If you want to be hardcore about it...

For web browsing:

• Uninstall Flash(if installed)
• Uninstall JRE(if installed)
• Disable Javascript(if not already)
• Check Secunia(or download PSI for automated checking) to ensure your software is reasonably safe

Clearly, don't run programs(or other executables) from untrusted sources. Use a firewall(hardware would be best). Make sure you check for patches regularly for all your software, especially Internet applications.

That's the best advice I can think of right now.

[chris128]

I think you might have missed the part where I said I like Opera and use it all the time... you dont have to defend it to me. Mouse Gestures alone make it better than any other browser, then there are all the other nice little touches and the speed etc. However, I dont recall ever seeing them say anything about security on their website or in any adverts for Opera etc, where as FireFox and IE etc are all always mentioning all of the security features they have. All I was saying though was that I was using Opera (latest version) and as soon as I clicked a link I got a load of EXEs downloaded to my PC without my consent - surely that is a security flaw in Opera? It should at least tell me that something is being downloaded, especially an executable. I'm not saying it would not have happened in any other browser, I'm just saying that its still very easy to get malware using Opera if you go to dodgy websites.