Choosing Anti-Anti-Virus Software

I used to think the VM solution was an answer. Before that I was even looking at write-protected flash memory that boots then creates, loads, and transfers control to a RAM drive (a stripped Win95 as a guinea pig). Usable for browsing and as a terminal client but that’s about it.

The problem is neither of these work unless you never pesist ANYTHING. Sooner or later your “data” partition (even a NAS share) will get infected. Rolling back to a “clean VM” is no help unless you trash all of your data outside (as well as inside) the VM.

So far the safest technique seems to be to locate machines behind a simple NAT device that doesn’t have known exploits, run something lightweight like AVG, delete all spam unread, browse with the highest security settings available, explictly request a scan of anything downloaded before using it, and run with a normal user account whenever possible. Running Defender as well probably makes sense… though pretty soon we’re right back where we were performance-wise.

Good post, but I still run W2K as I couldn’t stomach XP.

You didn’t list AntiVir, which I like a lot. Before I bought a router I would get the Code Red (?) virus regularly because I have IIS 5 installed.

When I moved and my cable company came over to hook me up, I asked if I should install my router first and they said “no, we have anti-virus software”. Well, after they left I found I had a nasty one, caught by AntiVir.

A router, Spybot (which catches stuff each time I run it), AntiVir, PestPatrol, Firefox and I have a very snappy machine with no re-installs in almost 2 years and hardly ever an issue.

John Pirie: There is a pretty good process-based performance monitor built in to Vista. Open up task manager, click the Performance tab, and click the “Resource Monitor” button.

However, do NOT follow these steps if you’re a non-admin user with UAC disabled. Task manager will go into a loop of restarting itself over and over as fast as possible and you won’t be able to stop it without rebooting.

Silly rabbit, dual core processors and gigs of ram is not for gaming, it is for that antivirus suite.

Here’s the thing, and I speak as a man that has used Mac (7,8,9,X.1,X.4), Linux (too many distros to list) and Windows (98SE, 2000,XP)… Anti-Virus software is only necessary if you’re a dumb-ass. Those same SysAdmins that look at you mouth agape also secretly harbor the opinion that you’re a knuckle-dragging moron that will click on every banner, download from every prompt and install every open-ended malicious piece of software you can get your mitts upon.

And if they’re a typical user who doesn’t understand saftey, well, they’re probably correct. Not that they mean to be that way, it just happens through lack of education. But if you’ve got a good knowledge of your system, understand what you’re downloading and from whence it comes, you’re pretty safe. If you’re unsure, run a virus scan pre-install and post-install. No need to have constant vigilance if you’re not installing some crappy new thing or another every single day.

I keep a copy of AVG Free 7.1, which I almost never allow to run its automatic scan. I know what I’ve installed on my system, I know what’s malicious and what isn’t. If it’s malicious, I avoid it. I use a closed browser, FireFox, with additional security measures added into the mix. I avoid file-sharing, gray-area downloads and the like. I don’t have virii on my computer simply because I don’t let them into my system. GMail protects my email (and it being web-based means I have access to it anywhere, any time, and as long as I’m using FireFox, I’m basically secure).

Most users, however, aren’t educated. I educated my parents: time and again I told them “If you aren’t sure, ask me. If you are sure, ask me. If you’re 100% positive, just ask me.” Then I explained. After awhile, they stopped needing to ask me. As far as I know, they never get viruses anymore. Of course, I pounded the basics into their head early. AVG, SpyBot, Ad-Aware, HijackThis. I make them install HijackThis, but they still have me look the list over before they disable anything.

Frankly, an informed user is a safe user. The only thing you really need is a simple firewall, because DoS attacks are just /so/ 1993.

I’d love to run without anti-virus and anti-spyware, but children (especially teenagers) are incredibly adept at filling any PC with trojans and viruses in a matter of minutes. They even know how to bypass most internet filter software. I sometimes think children are viruses!

Jimbo, set up their computer as a non-admin and your troubles will simply disappear. That is the main message in this blog post. But it seems to be lost on so many users and so-called “experts”.

Quit running as admins. Quit making excuses. After that, if you feel more comfortable using antivirus software as wel, then do so.

Matt - you’re assuming the children have their own computer! Back in the real world, there’s one family PC and it’s needs are too varied to have a single non-admin user. I tried the multiple XP users approach, and that was an appauling experience - I was forever trying to find lost homework for the kids!

I’m a developer, not a net admin, so the easiest of several approaches has been to protect the PC to the hilt (minus on-access scan), then turn it all off when I get a chance to play with it!

Jeff, are you running normally from an admin account, yourself? It sounds like you are. Because you suggest to turn off UAC, and if you run as a standard user, isn’t UAC effectively just a convenience allowing you to do admin-ish things without having to explicitly switch users over to the admin account? (That’s how I think it works, anyway, on my system. Otherwise, if a standard account could do admin-ish things without UAC and entering the password, it would essentially be an admin account.)

If you don’t run from a standard account, why do you expect everyone else to?

sometimes you have to protect your PC from your own family!

Wouldn’t it be easier/better to have virtual machines for each family memory? And inside the VM they are running as standard, non-privileged users?

The only risk in a VM is that any local data/content you’ve created would be lost or compromised in some way.

Great article!

Something weird with your site though , I can’t seem to select a single comment to copy. Just clicking and trying to select a comment selects all the comments from the top and not just the one I’m interested in. I was trying to copy a link from one of the comments when I noticed this.

Thanks for your blog. I enjoy it tremendously.

Sixteen times slower than what?

The second I can achieve 60fps in Supreme Commander under VMWARE, I’m virtualizing. Until then…I’ll take my chances.

Why is educating people seen as anathema?

Sometimes I love Mac OS X.

Oh but I don’t use AV/S software on my Paralells Windows XP Images.

Copy, paste, run, thrash.

WHat I don’t get is how comes that there’s SOOO much difference between Bloarton Antivirus and AVG. Is the latter not doing anything?

“Wouldn’t it be easier/better to have virtual machines for each family memory?”

Jeff,

I don’t know how VMWare works, but, in my experience, Virtual PC 2007 from Microsoft is much slower than running on the real machine (even using the Core 2 Duo’s virtualization capability). If you’re worried about the performance hit of running malware-protection software, then VPC seems to be out of the running. Also, VPC is limited to, I believe, 16 bit graphics and has no USB support (i.e., in all probability, no printing or scanning). From some of the comments I’ve seen, it looks like network data flow isn’t very smooth through the VPC, either.

To paraphrase from your RAID 0 blog entry, is it worth greatly increasing your risk for the sake of a small increase in speed?

Also, I have BIG problems with the methodology used to come up with the performance hits in the test you mentioned. The author of the test talks about it quite a bit. But, the fact is, he’s running those tests in a VPC. Plus, the VPC is limited to just one of his CPU cores and just 512MB or RAM. Dollars for donuts, if he ran those tests on the actual hardware (dual core AMD 64 X2 4800+ and 2GB RAM), I’d bet his perfomance hits would have been an order of magnitude smaller.

Jae - “Why is educating people seen as anathema?:”

Go to YouTube and search for “The Princess and Professor. The CPU switch.”

[ ed: http://www.youtube.com/watch?v=aY_CidIS8YM ]

Then get back to us on that.

Wouldn’t it be easier/better to have virtual machines for each family member? And inside the VM they are running as standard, non-privileged users?

I’m all for virtual machines, but you can’t seriously believe that your family members are going to use a virtual environment inside of a regular one, do you? Just so you could keep them isolated? Seems a bit ridiculous.

Jimbo, I’m not assuming that there is an account defined for each person using the machine. I am assuming that you would create two users:

Admin - The administrative account that only you login to. You obviously only use this for administering the machine.

User - a Limited User account that everyone logs into to use the computer.

I’ve been doing this for years and the pain level is actually much lower than trying to keep your kids from messing up your machine. I’ve even done this on Win 2000 for my in-laws! I used to get calls from them about every two weeks for some crazy computer problem related to them going to bad web sites. After setting them up as a limmited user account I haven’t had to fix a thing in 3 years!

So please don’t give me excuses. It can easily be done and you will be much happier for it. It irks me when computer professionals take the easy way out simply because they aren’t willing to take the time to learn.

Go here, read up, and never have to fix your kid’s mistakes ever again. And don’t take it personally. I will continue to beat this drum until every computer professional gets on board.

http://blogs.msdn.com/aaron_margosis/archive/2005/04/18/TableOfContents.aspx