During the week 1 lecture Professor Mackey made the comment that and I am hoping I am quoting correct, “I do not run antivirus on any of my computers at home”. I am not a fan of antivirus or encryption software because it takes system resources away from the user experience however, this statement caught my attention. No matter what the operating system may be, it can still catch a virus. Granted that the virus has to be tailored to the OS that the user is using which will greatly reduce by the OS that you are using, Microsoft vs. Ubuntu as an example. I have always felt that antivirus is a necessary evil for a system to exist and it’s an insurance policy that catch a certain percentage of viruses and will stop known virus signatures. What I found interesting was that the industry standard is saying that traditional antivirus is dead however it’s still remains useful to a security approach. I would agree from a business and consumer of computer products perspective having antivirus will save hours of headaches. I like Professor Mackey’s home setup where running everything in a VM is a safer approach so not using an antivirus a bonus and we are starting to build this environment for this and other classes. The computer industry has been trending in that direction where we will have dumb terminals to access the internet, maybe I should redesign my home network?
http://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/
http://www.networkworld.com/article/2919111/security/traditional-anti-virus-is-dead-long-live-the-new-and-improved-av.html
Thanks for sharing Jon. Nice articles. I thought the most interesting part of the Krebs article was when he highlighted “The most important layer in that security defense? You!” When I think back to all the times that I had issues troubleshooting viruses (with anti-virus software), it was usually because of the user’s behavior. Peer-to-peer software such as torrents, phishing, and pirated software were some of the more common attack vectors for malware.
In our corporate environment, I’ve found the most reliable malware defense uses behavioral analysis to detect abnormal activity on the host (e.g. via agents) or on the network. Simply using signature based malware defenses is insufficient because of the crypting and zero-day threats. Does anybody any behavioral based software for personal use?
I’ll clarify. I do not run AV on the virtual machines I use. I do have AV on the base machine that runs Workstation, but that is mostly because it was free (comes with being a Comcast customer). My professional experience is that it is not that effective, and gets in the way of doing security research. AV will flag many of the tools we will use in class. The AV makers do not differentiate between hacking tolls and Malware.
Thank you for the clarification. I think its a great idea for a home workstation to be configured in a way where anyone at home can have their own virtual workstation. When the classes are over I may want virtualize my workstation and have a baseline OS to just access the VM.
Jon,
Great article. It is true that many antiviruses are ineffective in detecting online threats such as malicious websites. I personally use on my home PC Symantec Endpoint Protection which is provided by Temple University, however it is not a antivirus per se. It detects if any unwanted threats are on your PC so it works like a firewall and antivirus. This I believe is a more thorough way to protect a PC instead of just a standalone antivirus which would only detect something if you download a malicious file.
I made a habit of installing Avast anytime I do a fresh install of Windows or build a new computer. I can’t remember the last time I actually ran a scan using it though. Most of the time, when ever there is a malicious file trying to be downloaded or trying to access a high threat site, Chrome is doing the blocking for me. I think for now, I will continue to run Avast, as it gives me some sort of peace of mind. Maybe in the future, I will think of trying without it.
Chrome is also my first line of defense. There are several tools that stop malicious scripts from running automatically, pop-ups taking over the browser, or just obnoxious ads that hijack a page. Chrome’s default blocking of malcious sites can be wrong sometimes but I will never click through on a machine I care about. Those flags usually appear not from the fault of the site but of a 3rd party advertiser that decided to add something bad to their code.
I prefer Windows Defender to Avast as it already comes installed. I also think that virus scanners such as malwarebytes and spybot search and destroy are two tools that can be run every so often to make sure you’re clean.
Antivirus is definitely needed on your computer it will catch most viruses and it needs to be updated frequently. In my experience at the end of the day it will always come down to the users and what websites they go to and what they download and/or open (email from a user they don’t know)
Antivirus technology has come a long way over the years, gone are the days of buying multiple products to cover various threats. Here at Temple we use Symantec Endpoint protection. Symantec bundles antivirus, malware, and spyware protection along with Network and zero-day protection in one product. This allows the consumer to have a little piece of mind, no product is 100% perfect but Symantec End Point protection is doing as the name suggest protecting the End Point. Another great advantage of this product is that it’s an enterprise solution, so every system on our network running Symantec is centrally managed allowing us to always make sure that pc’s have the latest virus definitions.
The debate over the effectiveness of anti-virus software continues! Personally, I think the primary appeal of anti-virus software is the peace of mind it provides to users. Even if they aren’t really protected, the perception that they are protected goes a long way.
On a side note, I’ll share a link to John McAfee’s AMA from the netsec subreddit. Despite inventing McAfee security, McAfee is a fervent believer that anti-virus is essentially bloatware. I’ve spent hours scrolling through this AMA…McAfee is quite a character. Good for some laughs and the occasional insight. Also, fair warning, his language can be a bit harsh.
Enjoy: https://www.reddit.com/r/netsec/comments/3hr9f0/i_am_john_mcafee_ama/