I have taken the advice from several Computer people I talk with online and removed ALL Anti-virus programs from my computer.
Runs tons faster and I haven't had any problems. Been 4 months now
Quote:
Originally Posted by Exfso
Jeez Ken, you are playing Russian Roulette. No way I would do that mate...
Russian Roulette with a bullet in every chamber.
4 Months, not bad but prepare for the worst. Keep- a good clean backup.
I have used and still use Microsoft Security Essentials, have done for years not a problem as yet.
Ken maybe playing Russian Roulette i guess, but it all comes down to where you go i expect.
BTW Colin - if you are I/O bound on your solid state drives - rather than RAID (stripe) them you might consider going to a REVO (PCI-express rather than SATA 2 or 3) attached SSD - these can give between double to triple the speed apparently of the SATA bus; so rather than 200 - 500 MB/sec you are looking at 700 - 1000 MB/sec ...
Anyone who takes no precautions can expect to be hacked within hours.
Here is a summary of the break-in attempts on my home network since Jan 2, as blocked by the border router. Service names where known, port numbers where not known.
Anyone who takes no precautions can expect to be hacked within hours.
Here is a summary of the break-in attempts on my home network since Jan 2, as blocked by the border router. Service names where known, port numbers where not known.
I have used and still use Microsoft Security Essentials, have done for years not a problem as yet.
Ken maybe playing Russian Roulette i guess, but it all comes down to where you go i expect.
Leon
Not really there are webots that trawl the internet looking for openings you dont have to go anywhere dodgy they will find any open computer and infect it without a doubt.
Not really there are webots that trawl the internet looking for openings you dont have to go anywhere dodgy they will find any open computer and infect it without a doubt.
Not if you are behind even the simplest of hardware firewalls, like those available in nearly every modem/router these days.
Troy is absolutely right. From memory the average time an unprotected internet connected computer is safe before it gets targeted (port scans which then escalate into a pattern of attacks) is between 2 - 3 minutes (source - a major Australian Bank's IT research department - time taken to target a newly built server)!
If you never net connect nor insert any drives, program or DVD or USB material - well its inert and not exposed to new risks. But it carries all the bugs that weren't know when the software was originally delivered. An example of this is Apollo 11; when it flew to the moon there were 4 known non recoverable software bugs in the programs. Triggering one of these bugs would have killed the crew - so they were studiously avoided. A more thorough examination of the code a few decades afterwards revealed there was (memory fails me) somewhere between 90 to 200+ of these bugs; talk about thin ice!
So if you don't patch you carry all these faults.
BTW Colin - if you are I/O bound on your solid state drives - rather than RAID (stripe) them you might consider going to a REVO (PCI-express rather than SATA 2 or 3) attached SSD - these can give between double to triple the speed apparently of the SATA bus; so rather than 200 - 500 MB/sec you are looking at 700 - 1000 MB/sec ...
Depends on the firewall setup. If ports are blocked, they're blocked. If they're open for some application that needs to have some port open, the weak point becomes the security of that application/daemon running on that port. That's not the firewall's fault.
You're going to need a pretty high end firewall to spot say DNS poisioning, which can be a pretty basic virus tactic. Once that DNS is compromised a man in the middle attack would fool nearly any firewall, regardless of your Stateful Packet Inspection techniques and there goes all your banking credentials for example. How many folk run a DNS check (e.g. TrustDefender aka ThreatMetrix) before they connect to their bank online to ensure the connection certificates are valid and no one intercepted their link before secure tunnels were set up?
I think layered security makes sense, hardware firewall + software ones, virus scanners, DNS checkers and if your really sensitive reverse proxies, smarter than average firewall rules and even a real or virtual honey pot PC behind your nextwork layer (so attacks channel to a fool's paradise machine rather than your real rig. The guy that used to head security for me at St George Bank did his own home security that way (bit overboard but he was ex-defence intelligence and really into it... Used to say for home PCs (this is back in 2005) ZoneAlarms was clear winner (not sure what he recommends now, could ping him if you're really interested?)
For anyone interested, a man in the middle attack diverts a secure web link to a real looking fake web site that simply collects your authentication details (copies them) and then logs you onto the real site - copying everying you do or worse executing its own commands on your accounts and only pretending to do your ones!
Say www.anz.com.au has real IP address 1.2.3.4, a simple man-in-the-middle attack creates a fake website say www.anzbank.com.au with IP address say 231.231.231.231 that looks exactly like the bank's webpage, it can easily disguise the URL so it looks exactly like www.anz.com.au. Next a virus or dirty webpage launches a payload (say you have java enabled, but there are many ways of doing it). In its simplest form this payload adds a single line to your hosts file c:\windows\drivers\system32\etc\hos ts (ARP Cache poisioning it) saying
Now whenever you type www.anz.com.au into any browser instead of landing at www.anz.com.au at IP 1.2.3.4 you land at www.anzbank.com.au with IP 231.231.231.231, looking exactly like ANZ. You login - it takes your credentials before secure tunneling is in place and acts as a man in the middle. Your firewall doesn't know this diversion is fraudulent, your virus scanner doesn't likely see anything wrong.
Do you check the site certificate of your bank's URL is the correct one for the real ANZ bank when you land there? That's what DNS and site certificate checking software does to detect DNS posioning attacks.
I have had a few issues over the last few days and from this I have learnt AVG isn't exactly as highly regarded as it once was hence the reason I am off to delete it after posting this. I was recommended to use avast which I have on my laptop so I figure no problem and it doesn't pick anything up at all either.
So upon further advice I install Malwarebytes which does a scan and sure enough it picks up 1 threat which turns out to be a known threat, I deal with it and it appears gone. However still I'm probably going to run another piece of software to do further checks to make sure the PC is clean before changing anything I have to.
I guess the moral of the story is no matter how good an anti-virus may be it will still miss things, I'd never of known if I hadn't run mwarebytes.
So anyway in answer to the original question posed my vote goes to AVG.
You're going to need a pretty high end firewall to spot say DNS poisioning, which can be a pretty basic virus tactic. Once that DNS is compromised a man in the middle attack would fool nearly any firewall, regardless of your Stateful Packet Inspection techniques and there goes all your banking credentials for example. How many folk run a DNS check (e.g. TrustDefender aka ThreatMetrix) before they connect to their bank online to ensure the connection certificates are valid and no one intercepted their link before secure tunnels were set up?
I think layered security makes sense, hardware firewall + software ones, virus scanners, DNS checkers and if your really sensitive reverse proxies, smarter than average firewall rules and even a real or virtual honey pot PC behind your nextwork layer (so attacks channel to a fool's paradise machine rather than your real rig. The guy that used to head security for me at St George Bank did his own home security that way (bit overboard but he was ex-defence intelligence and really into it... Used to say for home PCs (this is back in 2005) ZoneAlarms was clear winner (not sure what he recommends now, could ping him if you're really interested?)
For anyone interested, a man in the middle attack diverts a secure web link to a real looking fake web site that simply collects your authentication details (copies them) and then logs you onto the real site - copying everying you do or worse executing its own commands on your accounts and only pretending to do your ones!
Say www.anz.com.au has real IP address 1.2.3.4, a simple man-in-the-middle attack creates a fake website say www.anzbank.com.au with IP address say 231.231.231.231 that looks exactly like the bank's webpage, it can easily disguise the URL so it looks exactly like www.anz.com.au. Next a virus or dirty webpage launches a payload (say you have java enabled, but there are many ways of doing it). In its simplest form this payload adds a single line to your hosts file c:\windows\drivers\system32\etc\hos ts (ARP Cache poisioning it) saying
Now whenever you type www.anz.com.au into any browser instead of landing at www.anz.com.au at IP 1.2.3.4 you land at www.anzbank.com.au with IP 231.231.231.231, looking exactly like ANZ. You login - it takes your credentials before secure tunneling is in place and acts as a man in the middle. Your firewall doesn't know this diversion is fraudulent, your virus scanner doesn't likely see anything wrong.
Do you check the site certificate of your bank's URL is the correct one for the real ANZ bank when you land there? That's what DNS and site certificate checking software does to detect DNS posioning attacks.
This is correct ... as I have my Host File ' Locked '
I wish you luck if that is all you use but the people who want in will not be stopped by a hardware firewall they eat them for breakfast.
I have had a system up and running for over 3 years with just a hardware firewall, it hasn't had a single malware/virus/worm infection in that time.
If you understand this stuff, it is easy to keep the script kiddies with their port scanners at bay.
If someone somewhere decided for some unknown reason to target hacking just your particular computer, then sure, someone could possibly get in, but it isn't going to happen. Infections that come from just leaving the Windows machine connected to the internet are pretty basic ones, and easily stopped.
The middle attacks mentioned still requires you to have your hosts file unlocked (not recommended) click on a dodgy link in an email, or open a dodgy file i.e. have *you* deliver the payload. Using OpenDNS protects you from this sort of attack too and is easy to set up and great if you take your laptop on the road for example.
People get either too worried about this stuff, or not enough.
If you don't open odd attachments, do not download pirate software or dodgy videos and are clever enough not to click on links from dodgy emails, then a decent firewall and a once a week/month boot scan will keep you well and truly clean. Quite possibly in better shape than those who have their machine bogged down with permanently running AV suites.
Be sensible, have a decent firewall, use openDNS instead of your ISP DNS, do your backups and scan once a week or so from a boot CD/USB stick and you will be fine.
If you do end up doing something silly, your weekly bootscan will pick it up (whereas a full-time AV program might be compromised, the bootscanner won't be) and you can remove it quickly.
This is correct ... as I have my Host File ' Locked '
You mean you have it on read only media? I can do that on Unix by mounting /etc (where both hosts and resolv.conf reside) read only, but how do you do it on winblowsupinyourface?
Anything else just means it takes a smarter trojan.
Getting back to the original problem of a resource hog.
Has or does anyone run backup software for their laptop for instance?
A short while back I purchased a WD external USB 1TB backup drive for my laptop backup, now this has its own software installed and when connected to your machine it will install a mating program that will catalogue your files and then backup to the ext drive automatically when ever you connect it, runs in the background.
If you want a resource hog get one of these because even when not connected every time you boot up it starts a catalogue check looking for new or changed files.
Boot up time triples or quadruples to the point of being ridiculous and even having screen drivers not load for some time leaving a black screen.
I needed to shut the process down to get the computer to boot in a respectable time frame.
At the moment ... from ' pushing the on button ... to showing the ' desktop ' on my PC = 16 Seconds.
I do better than that with just a single vertex 2 (SATA2) SSD. My secret is I have a motherboard with practically none of the whizz bang features you never use, so there are no hardware drivers to wait for load and init. I'm still running an i7-2600.
We looked at Revo Hybrids yesterday but couldn't justify as we need > 1Tb and there are no reports of stripe working/performance on those hybrids on the net yet. The kinds of data we are loading could choke even a 100Gb SSD cache so we decided to stick with the tried and true stripe of 4 x 600Gb Velociraptor. Not quite as fast, but a known quantity with a 5 year warranty...
So far as home based AV goes, we've had just about everyone NOT in the enterprise using Microsoft Security Essentials for over a year now. No problems whatsoever and not a resource hog. The company is using Trend which I find inferior in threat detection to Symantec but it is not so much of a resource hog. Personally I'd rather a resource hog than a poorer performance in threat avoidance.
Anything that hangs in the memory doing not much - if nothing. For example all AVG live components. They can be switched off so that you have scanner/remover alone. Still will be taking some memory - as resident module is an "essential" part of system. All modern security suites are trying to play "big brother" for the computer soft.
What I have to have - a good firewall. It's a must for every Internet machine - as most of threats are net-based these days. Time of old program-infecting bits of code if not passed, coming soon. Plus, some pure scanner (sort of Spybot). Spybot is getting bigger, though - tries to become Norton or something?
Did not have virus infection in years - just used common sense not to open on my working machine anything that may be infected (checked occasionally by loading, scanning, then uninstalling some antiviral monster).
Also, found free program Ccleaner quite helpful. It may take a lot of resident memory hogs off startup list - speeds up all the system considerably. Plus takes rubbish out of the system and registry. Years of use did not find any "bad habits" in this free marvel. AVG sits residentially on my kid's computer, though...
I have taken the advice from several Computer people I talk with online and removed ALL Anti-virus programs from my computer.
Runs tons faster and I haven't had any problems. Been 4 months now
It's been close to 18 months with my new PC build and no AV software in all that time. No big deal. Not one issue. Zilch.
And ive never even thought of the prospect of AV on the Mac. Just works.
