Home » Blogs » Mike's blog

Living without antivirus software

Submitted by Mike on Tue, 02/17/2009 - 9:24am
Posted in

Ok, I'll admit it. I've been living dangerously for the last several years.

To be blunt: I refuse to install any kind of antivirus or personal firewall software on most of my computers. This includes a Windows XP Home system that was used by my children as a web surfing / email / game system. I've suffered zero infections during this time. (The only time I ever suffered a malware infection was before, when I did rely on Norton Antivirus to protect the kids' computer.)

Why do I refuse to use these massively popular widely-used products? Simple. I am convinced that in my case, they may cause more harm than good, and that they foster a false sense of security - leading some users to engage in riskier behavior. Further, antivirus software is almost always behind the curve - by definition, the antivirus people are playing catch-up with the malware writers. It's a good living for them, but I choose not to contribute to it.

As a software developer, I cannot afford any downtime due to buggy software, and yes - antivirus software has bugs. Not long ago, one major antivirus package ran amok, causing widespread damage by deleting harmless user data and programs.


Preinstalled software is evil

Brand new Dell 1501 system tray loaded with with an obscene number of running tasks

Two of my children received inexpensive Dell Inspiron 1501 notebooks for Christmas.

They were loaded up with an incredible amount of preinstalled software, including Norton Internet Security, Google Desktop, Microsoft Office(!) cruft including a version of MS SQL SERVER(!), AOL, QuickTime, ITunes(!), three (!) wireless network 'helper' apps, the damnable Installshield updater, several modem 'helper' apps, some kind of 'digital content discovery application' (whatever that is), a DVD creator application, to name only those that come to mind. No description of what most of these do, when they are needed, or an automated removal tool to put the machine back to a standard XP installation state.

Most of these do absolutely nothing for a new user. We don't want or need the loathsome AOL (which, by the way, hooks itself into your network stack, in order to 'help' AOL repair your internet connection). MS SQL Server? WTF? Required by the latest MS office, I'm sure. Ok, I can see the user wanting a DVD creation application, since XP can't make a DVD without some help.

Point is, when most people buy preconfigured systems they are up against a tangled mass of junk that really should be removed before using the computer in earnest. Does Dell have a clue about the kind of support load they are creating with this stuff? Or do they make money off the misery of the customer victim? I can only assume that Dell (and other vendors) are getting kickbacks or other consideration in exchange for polluting these low-cost systems.

I helped remove most of the garbage from their new systems, naturally. Why start off with an overloaded system?

See: Keep your icons out of my system tray!

Think about it: antivirus software has to intercept many system functions, monitor, detect and deter malicious activity - even if the software is flawless, which it isn't, it will slow your computer, and consume memory and other system resources. And let's not forget that you must now pay a recurring fee in order to feel safe - it all adds up to one big steaming pile of bullshit.

I have little patience for it. You may feel differently. And of course, some people are unable to protect themselves, and need whatever protection they can get.

How can you live without antivirus software?

Here are the things I've learned over the years:

  • Note: Some of the following items apply only to Windows XP. Windows Vista and Windows 7 offer additional security enhancements that may make the suggested tactic irrelevant.
  • Learn how to tell if your computer is running unnecessary software: this means you must learn how to tell what belongs on your computer, what should be running: download and learn to use the holy trinity: Autoruns, Process Explorer, and RootKit Revealer, all available free from Sysinternals (now owned by Microsoft). They're extremely high quality, and they are absolutely essential tools.
  • Your computer isn't a toaster. If you want to pretend that it is, I expect that you will have a lot of trouble with it. If you own and use a computer, you really ought to learn some of this stuff. It's not that difficult. If you don't want to be bothered, find someone local who really knows about Windows, and pay him or her to help you. In the long run, it's cheaper and more satisfying than paying Symantec or some other company a subscription fee in exchange for partial 'protection'.
  • Install a quality hardware firewall between your internet connection and the rest of your network. Ensure that all incoming ports are blocked. This is one exception to my "no personal firewalls" rule - if I traveled a lot, or used public WiFi hotspots, I'd probably install the simplest, most robust software firewall I could get my hands on - but it would not be something bloated like Norton Internet Security. Try Kerio Personal Firewall (I've not used it in a while, so I don't know if it's still lean and mean.) See this page for recommendations.
  • Run as a non-admin user most of the time. This is known as Least User Access, or LUA. Windows users typically log in with full administrative privileges (at least, in versions up to XP and Server 2003) - exposing those users to severe security risks.

    I log in as an administrator only when necessary to change system configuration or install trusted software. The added hassle actually reminds me that I need to think before I make a change to my system, or install some random software I just downloaded from the 'web.

  • Use good judgment in deciding to install software, visit a web site, or open an email.
  • Periodically run a free, online virus scanner - check your system every once in a while to see if you have an infection.
  • Download and use Ad-Aware or Spybot S&D (or better yet, use both) from time to time - like just after installing a new bit of software on your machine, or just after your kids have visited the latest MySpace or ringtone site.

Web Browser or Email specific guidelines

  • Think before you open that email! Your email software should be able to tell you, before you open the email, if the email is bogus. I look at the following bits:
    • Size, attachment, recipient (TO) address, subject, sender (FROM) address
    • If the sender or recipient looks strange, I don't open the message in my email client - I take steps to view the message's raw source (the technique varies depending on the email software) and look for telltale signs of malware. (This is worthy of its own discussion.)
  • Not sure about a web site? Check before visiting - go to www.stopbadware.org and see if the site is a reported malware site. Or, you can visit SiteAdvisor.com and see what it has to say about the site.
  • Configure Internet Explorer to use the highest level of security for normal internet browsing (set the 'Internet Zone' is to maximum security) - this will break many web sites that rely on advanced features of Internet Explorer, but this is the price you have to pay - I get around that by manually adding selected, trusted sites (the few critical sites that I really need to visit using Internet Explorer) to the "Trusted Sites Zone"
  • Keep Internet Explorer and Outlook or Outlook Express (or whatever email client you use) up-to-date with the latest patches.
  • Configure Outlook / Outlook Express to read all emails in plain text by default
  • Disable the "preview panel" if you must read email in HTML (rich text) format - the preview panel (combined with un-patched or improperly-configured systems) is one of the most dangerous features of Outlook or Outlook Express, and if you receive a malicious email, it can infect your computer just by appearing in the preview panel.
  • If you want to use the preview panel, or view HTML mails, set Outlook Express to display emails as plain text by default. Check the email information (sender, to:, etc.) before viewing it as HTML. Don't view suspicious emails (especially those having attachments) in HTML format... Just delete the damn things.
  • Configure Outlook / Outlook Express to use the 'Restricted Sites' zone
  • Use the latest FireFox or Mozilla browser as the default browser (thus avoiding Internet Explorer most of the time)
  • Use Mozilla Thunderbird or other email reader as your default email reader.

Aaron Margosis of Microsoft agrees that it's critical to run as a non-administrative user. And my experience proves that it is possible to live, and live comfortably, without the aid of antivirus software.

Related

On our web site

Aaron Margosis:

Other

Norton, Symantec, and Norton Internet Security are trademarks of Symantec.

Anti-Virus Malware

Submitted by ed (not verified) on Thu, 01/25/2007 - 9:24pm.

No way! You too? I thought I was the only anti-anti-virus hack out there. I have something like seven or ten computers that I use and/or am responsible for, and I have been chronically negligent in the area of virus protection. My story is the same: The only computers I've had any problems on had anti-virus protection. I've been running my XP lappy now for 18 months in bare naked form, with no problems whatsoever. I think it's about as simple as, "Don't open unsolicited attachments, and Never say YES unless you went looking for what you're about to say yes to." Works for me...

anti-anti virus

Submitted by killjoy (not verified) on Sun, 04/05/2009 - 1:36pm.

I agree to most of your opinion, like you said anti-anti virus sounds better, as of now, i try not to use any anti-anti virus, it makes my computer sick, try it to be vulnerable, the anti-anti virus will get tired some how, or even, i try to dowload different virus, you will never tell how each virus fought to each other inside ur computer......the best choice i ever made, not to use or install anti-anti virus in my whole wide world...

Thanks for post

Submitted by Cris (not verified) on Thu, 02/15/2007 - 12:04pm.

I've always wondered about stuffing too much antiviral software into a computer. However, I have had a virus destroy my computer after the subscription expired. But, it was because my young adult son was surfing and downloading around some pretty shady territories. He denies it - but I've got a few thousand emails and a busted computer that shows different. ;)

Anyhoos, in reference to the antivirus software that ran amok, I found a story on it.

http://www.eweek.com/article2/0,1895,1937154,00.asp
http://www.eweek.com/article2/0%2C1895%2C1938898%2C00.asp

Thanks! Cris
[edited 2/15/2007 to use original sources for news reports]

Finally - some sanity

Submitted by Shreds (not verified) on Sat, 02/17/2007 - 12:22pm.

The anti-virus software industry is a far bigger hoax than any spam email I've ever received. I'm amazed how many reviews of anti-virus software never get into how much they slow down/screw-up browsing, installs of OEM software (stuff like printer drivers), and hog up CPU usage.

One more tip for the folks who go commando when it comes to the anti-virus world:
Use an email account at Yahoo or other Google - they scan all email on their servers so you don't have to. You should rarely have to download email to your physical machine.

You know that sound of your hard drive going crazy and you're not even using the computer - that's the sound of anti-virus software slowing you down.

But...

Submitted by Guest (not verified) on Sat, 07/26/2008 - 8:24pm.

make sure you patch your system...not patching and no antivirus plus a direct unfirewalled connection to the Inet = infection...user interactionless infection

anti-virus software

Submitted by Guest (not verified) on Mon, 10/06/2008 - 7:53pm.

Can anyone help me?? I have a computer at home but any NOT linked to the internet. I have McAfee antivirus installed on it when it was purchased but now it is telling me i need to 'fix' a problem but it won't 'fix' it cause i am not connected - what do I do????

LUA - think twice

Submitted by David T. (not verified) on Wed, 11/12/2008 - 3:58pm.

Running as a non-admin is a good idea in theory but real-world it doesn't work... some software vendors do all their dev and qa on admin-level accts. I do technical support for a company that uses SQL Server in their training software in such a way that you have to install and run the software under a single admin account.
Programmers are really bad about writing and modifying system-wide info with abandon.

@Guest Re: anti-virus software

Submitted by Znock Twinkle Bumkins III (not verified) on Wed, 01/21/2009 - 8:11am.

I don't know where to start :)

You are just so wrong

Submitted by Guest (not verified) on Thu, 03/05/2009 - 3:48am.

Yes you are just so wrong mate. In some case this is true. I have computers don't have any antivirus.
My office computers if dont have an antivirus, it will screw up big time coz we are constantly exchanging files. And the antivirus catches virus all the time. And I mean real virus, not false positives.
Im also a blackhat who have to run shady programs often from other developers. Antivirus pick up a few bad stuffs.
So to sum up, yes in some occasions, if you know what you are doing, you dont need antivirus. But to say that Antivirus is hoax is just so screwed up.

Confused

Submitted by Mike on Thu, 03/05/2009 - 10:40am.

I never said Antivirus was a hoax (although one commenter did). I said they are, in my judgment, a cure worse than the disease, if you are competent and vigilant. If you aren't, or if like to play in dirty sandboxes, then, yes, antivirus might help prevent an infection. Maybe. Or not. Good luck with that.

Yes, most office computers need an antivirus / antimalware package, because office environments are sometimes polluted with poorly-maintained machines operated by people with little or no regard to security measures.

If you must operate your computer in an untrusted environment, then sure, you might benefit from such software.

But: When discussing the merits of any product or technology, one must assess the cost/benefit ratio, and I've decided that the continuous cost of 'buying', installing, running and maintaining (along with the periodic ransom payments for signature/software updates) is just too high a tax to pay.

So: I'll continue "living dangerously" (and being very careful about the software I install and web sites I visit).

I find that, on the subject

Submitted by GK (not verified) on Sun, 03/08/2009 - 9:13pm.

I find that, on the subject of bad websites, etc, that instead of visiting www.stopbadware.org, you could instead set your DNS entries to the ones specified at OpenDNS (opendns.org). They have automatic filtering of phishing and malware websites, and have been able to block the latest 'Conficker' infection. You can also use it to restrict which sites and categories of sites are viewable from yoru machine/network.

Good article. It's a major pity that I can't run this way here at work. Stupid (L)users :-(

Gud ONE!

Submitted by Guest (not verified) on Thu, 04/02/2009 - 2:25pm.

The same I Do... Login as Admin when you want to install and uninstall the softwares on the PC. being a user is the best way to avoid the gud virus program by any user.

Plz check if I am correct.

Create a user with limited access(do not have rights to install/uninstall softwares, create files on C: drive and Windows/system folder)

Login into user account and open regedit and right click on all the keys HKEYS and select Permission >> set "Read" option for user.

That is all.. Now the virus program will not effect anything if you willingly click or execute the virus program on your PC (When logged in as user) GURANTEE..!!

The power behind virus program is Windows Registry. I hope I have contributed to NO ANTIVIRUS software lovers who do not want to waste money and efforts by installing the craps..

Thank you - I absolutely agree!

Submitted by Alexander Ewering (not verified) on Mon, 04/06/2009 - 6:11am.

A very valuable article you've written there, thank you.

Antivirus software definitely does more bad than good, and is the Top 1 reason why customers call me because of computer problems. One also cannot emphasize enough the EXTREME slowness it brings to computers. On average, I'd say that computers go 2 to 3 (three!) TIMES slower when running the average anti-virus software. There are exceptions, for example, I've seen offices who ran KASPERSKY, and their computers (running intensive CAD applications over the network etc.) were COMPLETELY UNUSABLE until I uninstalled KASPERSKY.

The bottom line: Run as non-priviliged user, use Firefox, don't use E-Mail, use AUTOMATIC UPDATES at all times, and if "possible", don't visit MySpace, filesharing networks, or MSN/ICQ and the other crap that nobody needs.

Using FireFox? Don't forget NoScript!

Submitted by Mike on Mon, 04/06/2009 - 6:51am.

Thanks for the feedback!

If you are using FireFox as a way to increase browsing safety please install and use the excellent NoScript FireFox extension for an added level of protection. It disables all web site scripts by default, until you enable them on a per-site basis.

Perfect!

SysInternal, Firefox, NoScripts

Submitted by forgetme (not verified) on Fri, 04/17/2009 - 2:12am.

I also feel "living without antivirus in own PC" is better for me after I was familiar with MS Sysinternal suite for PC and Firefox+noscript add-on for net.

Sometimes I don't know about a new site, new files or file extension, I Google first and check what is happening about that on the Net. But most of the people those without knowing how to use these tools and techniques, how to remove unnecessary programs and services in the Task Manager (for Windows users) may still need to use those Anti-Virus softwares.

In my opinion, innocent users are just the battle ground between Virus creators and Anti-Virus developers. Another thing we should consider is we cannot see the real relations between those Virus creators and Anti-Virus developers. (Anyone can be an Anti-Virus developer at Office and Virus creator at Home ;-) . )

Without antivirus does not mean dangerously

Submitted by SecureGear (not verified) on Tue, 11/17/2009 - 8:39pm.

Linux (Ubuntu flavor), Firefox and not running anything as root keeps me antivirus - free for a couple of years now. Well, I mean, I can still pass it onto Windows users in an emails of course, but that's another story

Anti virus stuff

Submitted by Tan (not verified) on Wed, 11/25/2009 - 1:12pm.

I agree that stuffing your home pc with these programs can seem like it leads to probs but like Mike says if you art careful and don't download crap it should be ok. A def. must though for any office environment - people just don't care there.

Living without antivirus software

Submitted by Kerry Reid (not verified) on Fri, 01/08/2010 - 10:10am.

Mike,coming from an antivirus company I must say that I agree with you in principle. Skilled users who know how to maintain their machines and do not open file attachments like "clickonme.exe" etc will not have many problems. Malware is getting more and more intelligent by the minute, second or whatever. The fact remains that it is impossible for any AV vendor to claim that they have 100% detection. Maybe it's similar to having a bulletproof vest. There are bullets that can kill you even when wearing one, but it gives you peace of mind. I think the AV industry should move towards a peace of mind industry where we produce, easy, fast and simple to use software that protect those users that feel they need it. Those users that do not feel they need it should not use it. It's as a simple as that.

We agree more than you might think

Submitted by Mike on Fri, 01/08/2010 - 2:53pm.

@Kerry:

I agree that some users do need help. My original post is written from my point of view, and that is certainly not the same as a typical consumer perspective. My goal was to get people to think about the true price they pay for using the typical (popular) antivirus/firewall suites:

  1. The purchase price (if any) and subscription fees (if any)
  2. the performance degradation during everyday use
  3. being lulled into a false sense of security encourages people to download and install whatever they like, or answer 'yes' to any prompt they get while browsing the internet

Do typical users need tools and education to protect themselves against malware? Yes!

Will I use anti-malware software to protect myself when necessary? Yes!

Will I rely on heavyweight anti-virus and 'internet firewall' suites to do so? No! (at least not on my daily use systems...)

I became far less willing to use Symantec and other mainstream antivirus vendor systems when the switched to a subscription-based model. I understand why they did it, and they have every right to do so, but I choose not to be one of their subscribers. That move, along with the monstrous bloat and unacceptable performance hits caused me to rethink my reasons for using these systems in the first place, and to learn more about securing my daily-use systems.

So: If one wants (some) peace of mind, and wants to delegate responsibility for system integrity and security to someone else, and live with the costs and consequences of that delegation, I encourage you to do so. Just don't be surprised that it turns out to be a mixed blessing.

Linux

Submitted by Spencer (not verified) on Fri, 01/08/2010 - 10:03pm.

Or, you could just install Linux and not worry about viruses or security exploits. Way better and easier than installing anti-virus software or being always extra careful (of course, you still should be careful on Linux, but you can put a lot of your guard down).

Would be nice..

Submitted by Mike on Fri, 01/08/2010 - 11:29pm.

I can just see the typical Windows user, trying to deal with Linux. Has Linux become so easy to use that they'll never have to open and edit some obscure configuration file?

I think Windows and Microsoft are in a long, slow decline, and at some point Microsloth will be irrelevant. I don't think we're there just yet.

As for myself, I've been doing LAMP development for several years, and have abandoned Microsoft's Office applications in favor of OpenOffice. The only thing keeping me on Windows for the time being is the lack of viable alternative applications to replace some of the other ones I'm still using in Windows.

I've decided not to support Microsoft any more than I must in order to earn a living.

Anti Virus divorce

Submitted by Guest (not verified) on Sat, 02/20/2010 - 1:14pm.

I had Avast! and then i didn't download the currrent version etc. All of a sudden i got this message from Personal Security......god what a nightmare. Finally i disconnected from the internet and was able to delete it. Now I deleted Avast and have nothing as anti virus and the computer is running fast and no problems.

Props

Submitted by Guest 4040 (not verified) on Sat, 02/27/2010 - 4:15pm.

Excellent article.

(Yes, ok, we all know we could use Linux, or just get Unix with GUI aka Apple. But we're talking PCs here, which, like a super hot chick, is prone to lots of viruses but has sufficient redeeming qualities that we're willing to deal.)

So:
My only contention is to recommend Malwarebytes. Spybot S&D has sadly become dated.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <h3> <h4> <br> <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options