Is this security routine overkill?
Aug 23, 2010 | 10:58 am
#16
FlyerTalk Evangelist
Join Date: Sep 2000
Programs: BA, AA, DL, KLM, UA
Posts: 37,489
I am completely opposed to using any program that requires itself to be continually running in the background for AV / security. I haven't run any in at least 5 years and have never once found anything even remotely suspicious on any Windows PC I run. I do one-off scans every few months as a precaution but I've yet to come across anything to be concerned about.
The number one priority has got to be to stop running IE. With a modern OS (eg: Win7) plus a modern browser such as Firefox, you really have to go out of your way to let any sort of spyware get onto a PC. A few generations back (XP / IE7 / FF2) I'd only recommend this approach for people who were very aware of what they were doing, but these days I think the situation is somewhat different.
The performance drain caused by any of these "active" scanners is still simply too great, even on a relatively high-performance machine, IMHO.
The number one priority has got to be to stop running IE. With a modern OS (eg: Win7) plus a modern browser such as Firefox, you really have to go out of your way to let any sort of spyware get onto a PC. A few generations back (XP / IE7 / FF2) I'd only recommend this approach for people who were very aware of what they were doing, but these days I think the situation is somewhat different.
The performance drain caused by any of these "active" scanners is still simply too great, even on a relatively high-performance machine, IMHO.
I'd feel perfectly safe without it, but I don't mind running something that doesn't bother me.
Aug 23, 2010 | 11:07 am
#17
In Memoriam
Join Date: Feb 2000
Location: Easton, CT, USA
Programs: ua prem exec, Former hilton diamond
Posts: 31,801
To me that's like saying you will only put your seatbelt on when you get into an accident, there's no need for it the rest of the time as you have gone years without needing it.
In the case of virus and malware, it's way better to deal with it before it gets to your machine, than it is to try to fix it later. I'm all for prevention instead of cure in this case.
In the case of virus and malware, it's way better to deal with it before it gets to your machine, than it is to try to fix it later. I'm all for prevention instead of cure in this case.
Aug 23, 2010 | 11:11 am
#18
FlyerTalk Evangelist
Join Date: Sep 2000
Programs: BA, AA, DL, KLM, UA
Posts: 37,489
To me that's like saying you will only put your seatbelt on when you get into an accident, there's no need for it the rest of the time as you have gone years without needing it.
In the case of virus and malware, it's way better to deal with it before it gets to your machine, than it is to try to fix it later. I'm all for prevention instead of cure in this case.
In the case of virus and malware, it's way better to deal with it before it gets to your machine, than it is to try to fix it later. I'm all for prevention instead of cure in this case.
I know where malware and spyware comes from, so if I don't drive into it, It won't infect me. I keep up to date on things that need patching.
Aug 23, 2010 | 11:16 am
#19
Join Date: Feb 2010
Location: Italy
Programs: ITA Executive Per Sempre (RIP); LH SEN; BA Silver
Posts: 1,955
You can know your machine is not BLATANTLY infected by COMMON malware. Which is a completely different thing than being sure you are not infected at all
You would be surprised at how some things out there are nasty, stealthy and quite good at tricking people into infecting themselve.
Aug 23, 2010 | 11:18 am
#20
Join Date: Apr 2006
Location: on the Llano Estacado
Posts: 2,652
To me that's like saying you will only put your seatbelt on when you get into an accident, there's no need for it the rest of the time as you have gone years without needing it.
In the case of virus and malware, it's way better to deal with it before it gets to your machine, than it is to try to fix it later. I'm all for prevention instead of cure in this case.
In the case of virus and malware, it's way better to deal with it before it gets to your machine, than it is to try to fix it later. I'm all for prevention instead of cure in this case.
I'm glad MSE looks at both and seems to take little or no toll on performance. But I'm not yet certain how good it is, as I haven't seen it take on a serious Trojan or rootkit infestation. So I continue to recommend MSE with a weekly run of MalwareBytes.
Aug 23, 2010 | 11:19 am
#21
Join Date: Feb 2010
Location: Italy
Programs: ITA Executive Per Sempre (RIP); LH SEN; BA Silver
Posts: 1,955
To me that's like saying you will only put your seatbelt on when you get into an accident, there's no need for it the rest of the time as you have gone years without needing it.
In the case of virus and malware, it's way better to deal with it before it gets to your machine, than it is to try to fix it later. I'm all for prevention instead of cure in this case.
In the case of virus and malware, it's way better to deal with it before it gets to your machine, than it is to try to fix it later. I'm all for prevention instead of cure in this case.
A good security practice would be to run a less-common operating system (say, Linux, or BSD), possibly with a browser using a no-scripting extension.
Sadly, antiviruses today are less and less effective. A single antivirus will catch, on average, more or less half of the threats you may run into.
I could lecture on this for hours, mind you. It's my job
Aug 23, 2010 | 11:50 am
#22
Join Date: Feb 2010
Location: Italy
Programs: ITA Executive Per Sempre (RIP); LH SEN; BA Silver
Posts: 1,955
Let's say that, from what data I have, it is at very least in the league of all the major vendors.
Aug 23, 2010 | 1:14 pm
#23
Suspended
Join Date: Jan 2001
Location: ORD / DUB / LHR
Programs: UA 1K MM; BA Silver; Marriott Plat
Posts: 8,240
How do you know, exactly ? Unless you are running a weird operating system where most malware cannot work (say, a customized version of QNX), possibly on customized hardware as well, or unless you never put any media on your machine and never, ever connected it to the Internet, there's no way on Earth you can know your machine is NOT infected.
You can know your machine is not BLATANTLY infected by COMMON malware. Which is a completely different thing than being sure you are not infected at all
You would be surprised at how some things out there are nasty, stealthy and quite good at tricking people into infecting themselve.
You can know your machine is not BLATANTLY infected by COMMON malware. Which is a completely different thing than being sure you are not infected at all
You would be surprised at how some things out there are nasty, stealthy and quite good at tricking people into infecting themselve.
Believe me - the risk of being infected by malware, on a modern OS kept up to date, with a modern browser kept up to date and on a typical LAN connected behind any half decent router running NAT is tiny. I really do mean it - you'd have to go out of your way to end up with malware on the PC.
To ScottC - interesting point about MSE - I'd looked at it when it first came out and was somewhat sceptical, I may re-visit this though.
Aug 23, 2010 | 2:12 pm
#24
Join Date: Feb 2010
Location: Italy
Programs: ITA Executive Per Sempre (RIP); LH SEN; BA Silver
Posts: 1,955
Believe me - the risk of being infected by malware, on a modern OS kept up to date, with a modern browser kept up to date and on a typical LAN connected behind any half decent router running NAT is tiny. I really do mean it - you'd have to go out of your way to end up with malware on the PC.
http://www.symantec.com/connect/blog...-0-day-exploit
Those were all up-to-date pcs, running corporate antiviruses, behind a firewall and NAT.
Some of those were on state-of-the-art corporate networks (e.g., Google).
You are working under severely misguided assumptions. In today's corporate world, zero-day drive-by downloads are common and scary.
This is what I study for a living ;-)
Aug 23, 2010 | 2:52 pm
#25
Suspended
Join Date: Jan 2001
Location: ORD / DUB / LHR
Programs: UA 1K MM; BA Silver; Marriott Plat
Posts: 8,240
False. Witness the aurora incident:
http://www.symantec.com/connect/blog...-0-day-exploit
Those were all up-to-date pcs, running corporate antiviruses, behind a firewall and NAT.
Some of those were on state-of-the-art corporate networks (e.g., Google).
You are working under severely misguided assumptions. In today's corporate world, zero-day drive-by downloads are common and scary.
This is what I study for a living ;-)
http://www.symantec.com/connect/blog...-0-day-exploit
Those were all up-to-date pcs, running corporate antiviruses, behind a firewall and NAT.
Some of those were on state-of-the-art corporate networks (e.g., Google).
You are working under severely misguided assumptions. In today's corporate world, zero-day drive-by downloads are common and scary.
This is what I study for a living ;-)
We could debate this all day, but the fact is that for the type of event you mention above, you have virtually the same issue regardless of what security software you are running (or not). And further to that - the risk is kept small by applying general common sense with regards to what links are clicked on, what websites are visited, etc.
On that basis, how are my assumptions misguided?
Aug 23, 2010 | 2:56 pm
#26
FlyerTalk Evangelist
Join Date: Sep 2000
Programs: BA, AA, DL, KLM, UA
Posts: 37,489
You're obviously free to make your own risk assessments, but you seem to be working on some seriously wrong assumptions:
False. Witness the aurora incident:
http://www.symantec.com/connect/blog...-0-day-exploit
Those were all up-to-date pcs, running corporate antiviruses, behind a firewall and NAT.
Some of those were on state-of-the-art corporate networks (e.g., Google).
You are working under severely misguided assumptions. In today's corporate world, zero-day drive-by downloads are common and scary.
This is what I study for a living ;-)
False. Witness the aurora incident:
http://www.symantec.com/connect/blog...-0-day-exploit
Those were all up-to-date pcs, running corporate antiviruses, behind a firewall and NAT.
Some of those were on state-of-the-art corporate networks (e.g., Google).
You are working under severely misguided assumptions. In today's corporate world, zero-day drive-by downloads are common and scary.
This is what I study for a living ;-)
Aug 23, 2010 | 3:06 pm
#27
Original Poster
In Memoriam
Join Date: Jun 2000
Programs: Honors Diamond, Hertz Presidents Circle, National Exec Elite
Posts: 36,111
Didn't realize this would provoke such a colloquy
I also didn't mention that I don't use IE (but do use FF) because I simply can't imagine why anyone who is serious about not catching crap would ever use such a virus/malware magnet.
I also didn't mention that I don't use IE (but do use FF) because I simply can't imagine why anyone who is serious about not catching crap would ever use such a virus/malware magnet.
Aug 23, 2010 | 3:24 pm
#30
Join Date: Feb 2010
Location: Italy
Programs: ITA Executive Per Sempre (RIP); LH SEN; BA Silver
Posts: 1,955
What I take issue with is the other part of your assumption:
And further to that - the risk is kept small by applying general common sense with regards to what links are clicked on, what websites are visited, etc.
I.E. you would never be allowed anywhere near a network whose security policies I write