What are you using for Win7 Internet Security Software?

[DeaconFrost]

but in the end, personal preference on personal systems.

It could be my personal decision to get drunk, and then sit in a lawn chair in the middle of a local highway, but that certainly doesn't make it a good decision. Again, the largest point is missing. The software is free, and has no performance effects on a system. There's simply no way to argue against that....there's no downside to running one, and given the fact malware is evolving daily, even by the hour, there's again, no reason NOT to be running something. Be that as it may, that recent OSes are more secure, but how long, honestly, do you think it took for malware to circumvent that?

 

[rflcptr]

It could be my personal decision to get drunk, and then sit in a lawn chair in the middle of a local highway, but that certainly doesn't make it a good decision.

That may be true, but it's hardly comparable to using your system without an AV. Hardly.

The software is free, and has no performance effects on a system.

If I'm offered a kevlar vest to wear around school, am I stupid to not to accept and use it? I mean, a shooting/stabbing could happen. Again, personal preference.

Be that as it may, that recent OSes are more secure, but how long, honestly, do you think it took for malware to circumvent that?

It is simply not possible for software to be run in kernel mode without administrative consent. If a Ring 0 attack occurs, it's because the user initiated and consented to it.

 

[DeaconFrost]

We can go back and forth on this for days, and in the end, it will just be the same weak arguments and analogies. We've seen it hundreds of times. Any point can easily be shot down and blown apart with a qyuick counterpoint of what AV software should be installed. In the end, it is your system, and no one else can tell you what to do with it, but keep in mind one thing. People come here for help and advice. It's arrogant and careless to talk about not running AV software, and can easily lead other people down the wrong path. So, if you want to make this decision on your own, so be it...but keep in mind the point of these forums.

Besides, as further proof it's a weak argument, even Apple is suggesting that their cultists, err I mean customers run AV software. It evolves everyday, and the malware writes adapt to any safeguards put in place. If Apple, the *cough* most secure OS around *cough* is telling their own to install AV software, why take the chance?

 

[rflcptr]

In the end, it is your system, and no one else can tell you what to do with it, but keep in mind one thing.

That's what I'm saying. If you understand the potential of your actions on your system and what risks exist, and importantly, how to avoid them, the question of whether or not to use AV comes down to personal preference.

People come here for help and advice. It's arrogant and careless to talk about not running AV software, and can easily lead other people down the wrong path.

I never once advocated blindly running without AV.

Besides, as further proof it's a weak argument, even Apple is suggesting that their cultists, err I mean customers run AV software. It evolves everyday, and the malware writes adapt to any safeguards put in place. If Apple, the *cough* most secure OS around *cough* is telling their own to install AV software, why take the chance?

Most likely because Apple has come to the conclusion that there's a subset of all users that will click on and subsequently try to install anything. But we both know this isn't exclusively an Apple thing. I totally agree with running AV software on business/school systems (unless there's some esoteric one that never touches a network that needs all the CPU and memory resources it can get, without interruption).

 

[TechieSooner]

but the security model Vista, and subsequently 7, is based on, removes the possibility of getting anything system breaking

Two things:
1) Viruses can still run in user-mode. UAC is NOT Anti-Virus and never will be.
2) The computer has to do what the user tells it to. If the user runs a virus with Administrative rights (Trickery/Social Engineering/Phishing are reasons here...), it's going to get run with Administrative rights.

If I'm offered a kevlar vest to wear around school, am I stupid to not to accept and use it? I mean, a shooting/stabbing could happen. Again, personal preference.

Have you ever worn one? It's not something I would want to wear on a daily basis unless I'm a policeman in a rough neighborhood all day...

Running AV is more like putting on sunscreen. Once it's there, you don't notice it... It won't affect the system, and protects you from the shit out there.

 

[rflcptr]

Two things:
1) Viruses can still run in user-mode. UAC is NOT Anti-Virus and never will be.

Never said it was, never said it will be. What I did say is that UAC will prevent a process from entering kernel mode without the user's consent. If it does so, you're outta luck. Under user mode, it at least can't make system wide changes and break the system.

2) The computer has to do what the user tells it to. If the user runs a virus with Administrative rights (Trickery/Social Engineering/Phishing are reasons here...), it's going to get run with Administrative rights.

I already addressed this, thoroughly. What's your point?

 

[TechieSooner]

Never said it was, never said it will be. What I did say is that UAC will prevent a process from entering kernel mode without the user's consent. If it does so, you're outta luck. Under user mode, it at least can't make system wide changes and break the system.

Yea, but it can still gather financial documents, account numbers and passwords.

I don't know about you, but I'd much the hell rather have a virus crash my system than one that transmits that information out the door.


Hence again- Running AV is a need.


Also a virus turning your computer into a member of a botnet sucks for everyone. If you have a computer online, it needs to be running AV.

 

[rflcptr]

Yea, but it can still gather financial documents, account numbers and passwords.

If you're using software or services that store that sensitive information locally, in an unencrypted form, then that's another big issue, yes. But processes can't reach into other processes' memory space, so seeing the raw data before it's written to disk in an encrypted form isn't an issue - without kernel privileges. And keyloggers have to be in kernel mode, as well, since direct hardware communication is handled only in the lowest levels of the kernel.

Hence again- Running AV is a need.

Only if you aren't aware of what constitutes risky behavior and suspicious acitivity. Any software install requires elevation, a UAC prompt - if I handle each one with a keen head, what issue remains? Keep in mind, I'm arguing on a personal basis and not on a scale that would include enterprise/education.

Also a virus turning your computer into a member of a botnet sucks for everyone. If you have a computer online, it needs to be running AV.

The world isn't about one-size-fits-all approaches. In the end, it comes down to user responsibility, even with AV protection. I think we can agree here.

 

[TechieSooner]

If you're using software or services that store that sensitive information locally, in an unencrypted form, then that's another big issue, yes.

We're talking about Average Joe here, not Corporate IT Admin Bob.

So this is still an issue.

The world isn't about one-size-fits-all approaches. In the end, it comes down to user responsibility, even with AV protection. I think we can agree here.

And I'd claim bullshit. You can be the most responsible user in the world and still become infected once a legitimate source becomes compromised.

 

[rflcptr]

We're talking about Average Joe here, not Corporate IT Admin Bob.

So this is still an issue.

If by Average Joe, we're talking about a user that isn't as aware as you and I, then this is where I agree. I'm not advocating blindly running AV. The most knowledgeable of people don't have to be IT admins, either.

And I'd claim bullshit. You can be the most responsible user in the world and still become infected once a legitimate source becomes compromised.

Let's suppose that your legitimate site was compromised, in a way that is going to attempt to place malware on a user's system. Granted, for any decent site this isn't happening often, if at all, but let's just suppose. Firstly, the usual, it's software and a software install requires elevation. Secondly, any legitimate software will have a digital signature carried into the UAC prompt so the user can verify the source. These certificates are incredibly difficult to falsify. If the user, such as myself, understand these things and that hitting 'Cancel' on the prompt averts an installation and subsequent infection, then I think we're good.

I suppose you define Average Joe to mean someone less fluent than this, to which I agree completely, AV is necessary. I've installed AV on my girlfriend's Win7 system, when she asked me to setup and configure it for her. I don't expect her to understand the intricacies of secure computing, so I believe I acted responsibly by doing so. For myself, though, it's purely redundant.

 

[Nenu]

...It is simply not possible for software to be run in kernel mode without administrative consent. If a Ring 0 attack occurs, it's because the user initiated and consented to it.

Your arguments are are naive.
Have you ever heard of privilege escalation?
Some information for you, but judging by your comments, you wont read this either.
http://en.wikipedia.org/wiki/Privilege_escalation

 

[Vermillion]

It is simply not possible for software to be run in kernel mode without administrative consent. If a Ring 0 attack occurs, it's because the user initiated and consented to it.

Never said it was, never said it will be. What I did say is that UAC will prevent a process from entering kernel mode without the user's consent. If it does so, you're outta luck. Under user mode, it at least can't make system wide changes and break the system.

Actually you're wrong and this is why AV is so necessary today on ANY system.

Under Vista UAC did the split token to pseudo separate Admin and User. Some malware got smart and actually threw up a window that looked like a legit UAC window to get people to just click Yes all the way through because of the supposed "too many prompts issue" with UAC. So yes that required a user to interact.

Under Windows 7 UAC is weakened by default thanks to those people who complained about how under Vista it supposedly popped up every time they did something. So now by default some things are whitelisted so they auto-elevate to admin mode to avoid the UAC prompt. This has opened a security hole that will allow something to infect Windows 7 by remote code execution without you knowing a thing. Meaning you can get infected by a compromised website and you wouldn't even know it. A keylogger making use of this security hole could run on Windows 7 without your knowledge.

Here's the link to the website of the guy who found the defect complete with source code of the flaw, which he released recently because MS has come out and said it isn't a problem. Oh and keep in mind that this flaw could allow legit programs to install stuff without causing a UAC prompt as well.

http://www.pretentiousname.com/misc/win7_uac_whitelist2.html

To correct this issue you have only two options.

1. Increase the UAC slider to the maximum.
2. Run as a complete standard user and use fast user switching in case you need administrative privileges to do anything.

While users like myself probably boosted UAC to the maximum before this flaw was even seen when Windows 7 hits the market in October and it starts getting installed how many of the Average Joe users do you think will go in and setup either option I listed above? My bet is less then 1%. Meaning plenty of machines that can be compromised.

Hell I'd like to know how many people here on the [H] even know about this security hole.

 

[quadnad]

Back on the topic.... NOD32.

 

[pxc]

Use AV? Naw.

 

[rflcptr]

Your arguments are are naive.
Have you ever heard of privilege escalation?
Some information for you, but judging by your comments, you wont read this either.
http://en.wikipedia.org/wiki/Privilege_escalation

I read a lot of things, every day. What made you think otherwise?

Under Vista UAC did the split token to pseudo separate Admin and User. Some malware got smart and actually threw up a window that looked like a legit UAC window to get people to just click Yes all the way through because of the supposed "too many prompts issue" with UAC. So yes that required a user to interact.

Which still, as I said, came down to the user providing consent.

Under Windows 7 UAC is weakened by default thanks to those people who complained about how under Vista it supposedly popped up every time they did something. So now by default some things are whitelisted so they auto-elevate to admin mode to avoid the UAC prompt. This has opened a security hole that will allow something to infect Windows 7 by remote code execution without you knowing a thing. Meaning you can get infected by a compromised website and you wouldn't even know it. A keylogger making use of this security hole could run on Windows 7 without your knowledge.

On my personal basis, I have UAC set to the highest setting. I strongly recommend this for anyone using Vista or Windows 7. I also strongly recommend migrating to either of those from XP.

1. Increase the UAC slider to the maximum.

Yep, I've done this since the beginning.

While users like myself probably boosted UAC to the maximum before this flaw was even seen when Windows 7 hits the market in October and it starts getting installed how many of the Average Joe users do you think will go in and setup either option I listed above? My bet is less then 1%. Meaning plenty of machines that can be compromised.

As I've said again and again and again and again and again, AV protection for what you define as the Average Joe is necessary. I'm not arguing with you here!

Hell I'd like to know how many people here on the [H] even know about this security hole.

I was aware of it, but since it was a non-issue for me...

Back on the topic.... NOD32.

We need a GDI32, complete with Ion Cannons, Mammoth Tanks, and Disc Infantry. Those damned stealth tanks keep destroying my harvesters.

 

[DarkStryke]

I'm running MSE after two years of NOD32. I see no reason to continue with ESET as the MSE solution will be fine enough. User habit is much more important to safeguarding a computer, something no AV can fully protect against.

 

[quadnad]

We need a GDI32, complete with Ion Cannons, Mammoth Tanks, and Disc Infantry. Those damned stealth tanks keep destroying my harvesters.

Holy shit I nearly laughed out loud at that (and I'm at work). In all honesty though, I've always found NOD32 to be extremely lightweight and effective.

User habit is much more important to safeguarding a computer, something no AV can fully protect against.

I completely agree -- it's much easier to safeguard a system when the user's habits aren't "lets go download and execute all the attachments in my spam inbox."

 

[TechieSooner]

Let's suppose that your legitimate site was compromised, in a way that is going to attempt to place malware on a user's system. Granted, for any decent site this isn't happening often, if at all, but let's just suppose. Firstly, the usual, it's software and a software install requires elevation. Secondly, any legitimate software will have a digital signature carried into the UAC prompt so the user can verify the source.

Other than those that already talked, you are assuming that every damned piece of malware tries to break into the system-level directories, and it ain't so.
Malware can run in user-level space, require no popups, collect user-level documents, and transmit them out the door with zero user consent.
You also keep assuming that everyone is running UAC, which isn't the case.

Under Windows 7 UAC is weakened by default thanks to those people who complained about how under Vista it supposedly popped up every time they did something. So now by default some things are whitelisted so they auto-elevate to admin mode to avoid the UAC prompt. This has opened a security hole that will allow something to infect Windows 7 by remote code execution without you knowing a thing. Meaning you can get infected by a compromised website and you wouldn't even know it. A keylogger making use of this security hole could run on Windows 7 without your knowledge.

And I've complained about this since day 1. Apparently not enough people submitted Beta feedback to Microsoft about it. I did daily.
The user needs to make a conscious decision to make themselves more vulnerable. It doesn't need to be in a vulnerable state to begin with!

It's my only real complaint with Windows 7.

 

[Nenu]

I read a lot of things, every day. What made you think otherwise?
...

The way you clearly didnt read what I posted for one, as in your very next statement you still think it only comes down to user consent.

 

[rflcptr]

Other than those that already talked, you are assuming that every damned piece of malware tries to break into the system-level directories, and it ain't so.
Malware can run in user-level space, require no popups, collect user-level documents, and transmit them out the door with zero user consent.

Running or installing software within or through IE, not explicitly allowed by the user through exceptions, requires consent.

You also keep assuming that everyone is running UAC, which isn't the case.

Of course it isn't the case for everyone. And I'm not applying a single solution to everything, either. I'm talking about my personal preference; I know I use UAC, so it's a safe assumption.

It's my only real complaint with Windows 7.

Agreed.

 

[Vermillion]

And I've complained about this since day 1. Apparently not enough people submitted Beta feedback to Microsoft about it. I did daily.
The user needs to make a conscious decision to make themselves more vulnerable. It doesn't need to be in a vulnerable state to begin with!

It's my only real complaint with Windows 7.

Same here. Fed them feed back from three different computers a couple times a week. At least there's an easy fix for it. Too bad it'll take a nasty virus to infect 10 million computers by using this flaw before MS will close the security hole.

 

[TechieSooner]

Running or installing software within or through IE, not explicitly allowed by the user through exceptions, requires consent.

Not everyone uses IE
Not everyone uses IE7+
Not everyone uses UAC

Your argument is pretty weak. Face the facts in that no matter how "careful" of a user you are, you can still get hit by a compromised legitimate source, with ZERO knowledge of it unless it comes from your AV product (or non, with lack thereof).

Same here. Fed them feed back from three different computers a couple times a week. At least there's an easy fix for it. Too bad it'll take a nasty virus to infect 10 million computers by using this flaw before MS will close the security hole.

I hope not.
I'm kindof hoping when July 13 comes around that they have this in the final build...

 

[rflcptr]

Not everyone uses IE
Not everyone uses IE7+
Not everyone uses UAC

Those are perfectly safe assumptions, since I'm referring to my personal preferences and habits.

Your argument is pretty weak.

Being fixated on your one-size-fits-all approach would give you that impression, unfortunately.

 

[Vermillion]

I hope not.
I'm kindof hoping when July 13 comes around that they have this in the final build...

To my knowledge the flaw still exists in the latest 7264 build. Although it would be nice to see them drop a bomb with the RTM build and have this secured. Whether they do it via changing the default or closing the hole with the current default I don't care but would be nice if they did it.

Honestly though I don't expect them to.

 

[TechieSooner]

To my knowledge the flaw still exists in the latest 7264 build. Although it would be nice to see them drop a bomb with the RTM build and have this secured. Whether they do it via changing the default or closing the hole with the current default I don't care but would be nice if they did it.

Honestly though I don't expect them to.

I'd rather them change the default. When you start poking holes into ANYTHING, it opens a potential for exploit.

 

[Vermillion]

I'd rather them change the default. When you start poking holes into ANYTHING, it opens a potential for exploit.

I'd rather them fix the exploit AND set the default to the highest level. That way those who wish to lower their protection can but it doesn't open such a serious flaw when that is done.

 

[TechieSooner]

I'd rather them fix the exploit AND set the default to the highest level. That way those who wish to lower their protection can but it doesn't open such a serious flaw when that is done.

True, however... Again, when you poke a little hole in a wall, someone will always find a way through it. They can patch this one, but someone else will discover another hole.
Hence I'd rather them just set it to 100% on and be done with it.

 

[AbJ32]

We're talking about Average Joe here, not Corporate IT Admin Bob.

So this is still an issue.

Actually, we're talking about rflcptr and myself. We aren't 'Average Joe' users, and we understand the Security concepts necessary to properly protect our machines without the aid of anti-virus software.

The average joe user doesn't know the difference between a .doc and a .dll, or a .xla and a .exe and will be quick to fall for the clever tricks employed by malware developers. If the malware comes to their door disguised as the pizza delivery guy, they won't hesitate to let him in.

rflcptr and myself, on the other hand don't click yes on every UAC prompt we see just to get them out of the way, or download and run some sketchy file on some sketchy site because our co-workers said we should. We take our computer security seriously, and have decided after extensive consideration that we don't need anti-virus software on our machines. I'll let rflcptr speak for his own experiences with doing that, but since I've started I have not had one problem yet. If you want to argue how we're wrong for that, go ahead, but you'll be wasting your breath. It's not like we haven't thought this through; we have, and we don't see it necessary.

 

[Joe Average]

/root:inject_AverageJoe.W32.trojan.~

There, you're infected...

Only one man can express what I want to say right now... only one, and he just happens to be dead, go figure. And no, remarkably it's not George Carlin this time... a picture is worth a thousand words...

 

[JustLong]

Nothing.
I have a hardware firewall and leave UAC on so IE runs in protected mode.
I stay away from untrusted sites unless using a VM with undo disks enabled, deleting changes on shutdown. I also don't plug other peoples usb drives in my machine, too much crap out there that infects USB drives.

I've run without active Antivirus software since 1998 and haven't been infected yet.
I check for viruses and root kits any time I rebuild my machine, just to be sure.

AV software just gives you a flase sense of protection anyway. If a new virus hits you before the AV vendor knows about it you are SOL. If you browse smart and don't put yourself at risk you arn't likely to get infected.

 

[DeaconFrost]

I check for viruses and root kits any time I rebuild my machine, just to be sure.

What's the point of checking on a new system? Without running an active scanner, you wouldn't know you were infected.

AV software just gives you a flase sense of protection anyway.

Yes, in some ways it does, but that doesn't make them useless. You still need one, combined with good computing habits, and common sense. If you drop any one of those three, you are at risk, no matter what you do, or how smart you think you are. There's absolutely no logical, rational reason to not run one, and the arguments against are piss-poor, at best. The bottom line is, if you truly know how this game is played, you know why they are needed. That's it, simple as that. This debate gets more foolish each and everytime it is held.

 

[TechieSooner]

Well, I guess this is an upside and a downside.

Downside is obviously that having these Botnet networks of people that think they don't need to run AV: Bad.

Upside is these people are (unfortunately) running networks somewhere, and I can make money by coming and cleaning up their mess

 

[AbJ32]

too much crap out there that infects USB drives.

Heh, I remember USB hacksaws back in the day.

Well, I guess this is an upside and a downside.

Downside is obviously that having these Botnet networks of people that think they don't need to run AV: Bad.

Upside is these people are (unfortunately) running networks somewhere, and I can make money by coming and cleaning up their mess

You'd be more successful if you tried blaming people who think they can rely entirely on Anti-Virus software, and don't learn or practice good computer/internet habits because they think Anti-Virus software makes them invincible. A Kevlar vest can stop a bullet if it needs to. It's not going to do you much good, however, if you run into a mine field full of armed people who want to kill you. You still have to practice good security habits, regardless of whether or not you're running Anti-Virus software, and a lot of people don't seem to understand that.

 

[JustLong]

What's the point of checking on a new system? Without running an active scanner, you wouldn't know you were infected.

I should have been more specific. I scan my drives before tearing down the machine to rebuild.

Yes, in some ways it does, but that doesn't make them useless. You still need one, combined with good computing habits, and common sense. If you drop any one of those three, you are at risk, no matter what you do, or how smart you think you are. There's absolutely no logical, rational reason to not run one, and the arguments against are piss-poor, at best. The bottom line is, if you truly know how this game is played, you know why they are needed. That's it, simple as that. This debate gets more foolish each and everytime it is held.

Bah. Antivirus software is a virus that people choose to install their machine. When I learned why AV vendors were mad about kernel patch protection I was floored at how their products actually work.

In Xp/2003 an earlier A/V software would overwrite the file i/o fuctions in the windows kernel in memory and route ALL file operations though their driver. I was amazed that this didn't destabilize the OS more than it does.

 

[heatlesssun]

You still have to practice good security habits, regardless of whether or not you're running Anti-Virus software, and a lot of people don't seem to understand that.

Bingo!!!! In fact AV software with out more fundamental security practices such as least privledged user is kind of like a screen door on a submarine. Not all that useful really.

A simple thing like least privledge user stops about 80% of known malware from something I remember reading on Zdnet a while back.

 

[TechieSooner]

Antivirus software is a virus that people choose to install their machine.

JustLong must be short for Justin Long the Mac guy, because the only thing coming out of you is FUD.

 

[DeaconFrost]

When I learned why AV vendors were mad about kernel patch protection I was floored at how their products actually work.

You are really reaching to find some sort of justification for not running AV, aren't you?

 

[logilogger]

I preferred AVG. It works without any problems. And it's also free.

 

[Cmustang87]

You are really reaching to find some sort of justification for not running AV, aren't you?

It really appears that way.

I can't believe how many times this topic has been brought up.

Really, JustLong if you think AV software isn't needed you should see the difference of SMB systems that use it, and the ones that don't.

 

[DeaconFrost]

I preferred AVG. It works without any problems. And it's also free.

Thread necroposting? All to tell us you are using a slower, bloated AV solution?

All kidding aside, look at Avira, or the new top dog, Microsoft Security Essentials, aka MSE. Both are free, and better.