Why I Don’t Use Antivirus
I haven’t used antivirus for near five years now, and yes, even on my Windows hosts. According to the popular opinion of the Internet, my Windows machines should now be zombies supporting the botnet efforts of Russian organized crime – but they aren’t. The reason for this is, and I am going to make a bold statement here, is I am just as secure without antivirus software as I would be with it. Now that you all know where I’m heading, I’ll explain why it is true for me, and why it is probably true for you too.
The secret lies in the reasons people would have you believe you need antivirus software. Obviously the reason is to prevent and clean infections, but the effectiveness of these tasks is dependent on the signatures created for the software. To give a rough outline, the process goes like this:
- Virus is coded and released
- Antivirus labs obtain a sample of the virus
- Labs reverse engineer and create signature for the virus
- Signatures are downloaded by your AV software to be able to detect and clean the virus
Ignoring heuristic scanning for a second, note that between events one and four you are vulnerable to the virus that was released. The amount of time it takes for AV labs to release a signature for a virus varies, but in that time you are unprotected from it. That means that your signature based virus detection and cleaning system is effective only for attacks that have been around for a bit.
With heuristic scanning, there is a chance that it will pick up new viruses that don’t yet have signatures. This is fairly effective for trivial viruses that repeat methods used by other viruses, but poses no resistance to viruses using new techniques, engines for encrypting malicious code, or polymorphic engines. Unfortunately for Joe Public, the damaging viruses are the advanced ones – heuristic scanning is only going to prevent you from doing something really silly (like opening that screen saver someone sent you in an e-mail).
Viruses aren’t even that dangerous. I’m sure I’ll catch some flak for this statement, but they are generally contracted by user ignorance or idiocy. Viruses by definition require user interaction to propagate, which means that if you are infected with a virus, it is because you did something to contract it. Worms are a different story, they can infect you without your participating in the event. However, antivirus is completely ineffective in blocking the initial wave of worm infections (even with heuristic scanning) anyway, which is the same time you are most likely to come in contact with the worm. If you don’t do anything to contract viruses, you don’t have to worry about them.
So say I am a discerning user who doesn’t open shifty attachments or download warez executables (ie, I in general know what I am interacting with) – what is my risk of contracting a virus with antivirus? Slim to nil. And without antivirus? Slim to nil, because I don’t open the attack vector required to be infected by viruses. And say I contract a virus using a new attack vector that catches me off guard because it uses some new technique – what is my risk now? Antivirus wouldn’t catch it even using heuristic scanning because it is using new techniques, so it doesn’t matter whether it is installed or not. My risk hasn’t increased because my machine lacks antivirus software.
This plays out practically, too. In my five years of not running antivirus software on a Windows box that I keep patched and behind a router with NAT (which is the new default setup for many families), I have not contracted a single virus nor been hit by a single worm. This isn’t something I’m bragging about – it is just a fact that defies the common notion that antivirus is a necessity, especially on Windows boxes.
If you don’t keep your machine patched, your company policy requires it, or you are gullible, you should probably have antivirus software – your risk will decrease by having it there. If you are security conscious, aware, and scrupulous, you can save your system resources and some money by ditching your antivirus software – you are no more secure with it than you would be without it.
I run OSX, I don’t get viruses!
May 9th, 2008 at 12:13 pm
Relic, thats because no one can be arsed to write mac viruses, no one of any consequence uses macs, just artists and ponces
May 9th, 2008 at 1:52 pm
Trust me, AskedRelic, there are viruses for Mac, just not as many. Oh, and mokey – most graphic production is done on macs, and with the Bootcamp and Parallels programs released, you can run all of your Windows programs ON A MAC without having to worry about dealing with the common Windows problems (BSOD, constant updates, security holes, a myriad of viruses, etc.).
The reason that there aren’t as many viruses for Mac is simple – it’s harder to break than Windows, and it’s not as common because Microsoft is the most-used operating system – not because Macs are only for artists or any of that happiness, but because it’s cheaper and so many only know Windows. Virus authors aim for amount of damage, not who they can hurt, and the straight numbers make a Windows virus more appealing to them.
As for nobody of consequence using Macs, think of it this way – the majority of movie and TV production is done on Macs, and when you consider how much power the media has over the public, that makes these people rather important. Along with that, Google (yes, the most popular search engine in the world) works mainly on Apple computers, and with the Google CEO now on Apple’s Board of Directors, that makes it a rather influential system.
One more note – more people would buy Mac if Apple dropped their prices somewhat. That’s a large part of why Apple hasn’t overtaken Microsoft.
~this post written on a Macbook by a person who also built his own Windows-based desktop PC.
May 9th, 2008 at 3:25 pm
Macs suck.
~this post written on a Hackintosh by the person who built it.
May 9th, 2008 at 6:52 pm
Awesome article! I’ve been telling clients this for years. I’ve never used an anti-virus or anything of the sort, whether it’s a free 30 day trial of Norton to the free AVG, it’s jut not worth the money or time setting it up because of the issues you’ve stated above. I hope more people can read this and weed through the myths being sold. Education is the best defense.
As for Apple computers and viruses; I’ve used Windows all my life and still do on a daily basis. I recently bought a Macbook Pro and had a whirl with OS X 10.5. The illusion is that Macs are impenetrable, despite the PWN To Own challenge, and are made from the same material as black boxes on planes. Two months after using my new notebook it was compromised, marking the first time I’ve ever had an intrusion.
( http://www.macworld.com/article/60823/2007/10/trojanhorse.html )
May 9th, 2008 at 8:04 pm
I had a free copy of NAV (Three year subscription) that was taken of straight away. It
slowed down my PC so much at times I decided to take the risk. I’ve now been running AV free for the last four years with no problems whatsoever!
I reformat a couple of times a year to keep things fresh and everything is stored on an ext drive so I completely agree with you!
May 13th, 2008 at 7:18 am
For the most part, I agree with you and used to run a similar setup. However, when I suspected that I had unwittingly got a virus / trojan horse (listening ports on my machine) and installed a free antivirus program it picked up an infection.
My point is that if you don’t run antivirus software, you are unlikely to know whether or not you do have a virus or malicious code running on your machine. You may be infected and totally oblivious to the fact.
May 13th, 2008 at 8:55 am
@Twig: That is a very good point, and something I neglected to mention. Along with being knowledgeable enough to operate with low risk of contracting a virus, you have to be knowledgeable enough to know when you may have accidentally done so. Your suggestion was great – for those reading, AVG provides a great free antivirus solution, and you can even scan your computer without installing any AV software by using trend micro’s “house call” web application. Both are great for periodically checking to make sure you system is clean.
May 13th, 2008 at 3:33 pm
Relic, it is true that you will not get viruses that can harm you due to the whole “Mac” thing. However, you will still get viruses – just they cannot do anything because you do not run Windows. I have the same problem as I run linux. Not running Windows does not mean you can be careless because you can be immune to the virus yet still spread it.
May 17th, 2008 at 2:34 pm
Simple answer, run Linux.
Nov 30th, 2008 at 2:44 pm
The problem is, that viruses don’t always come from stupid attachments or warez.
Often times, a compromised website (often due to an XSS hole) will auto install malware on your computer using a browser exploit. By far the biggest offender is IE, but FireFox, Opera, Mozilla, and Safari all have useful browser exploits as well. In short, simply browsing the internet can and will expose you to malware. It’s a simple fact.
Not to mention that opening a friendly attachment, or even viewing an infected email can expose you to malware.
Granted, antivirals do have issues with speed, but running them doesn’t hurt. I don’t understand why anyone would refuse to use an antivirus, when so many free ones are already available.
I personally antivirus software (AVG anc Clamwin)
Nov 30th, 2008 at 4:37 pm
its only a matter of time before Macs start getting viruses. I have heard of a virus that messes with the motion detector or whatever that thing is on Macs. Eventually somebody will come up with something to infect them.
Nov 30th, 2008 at 5:49 pm
This is fail.
You can get viruses injected into your system just by surfing the internet or opening an email. Images, javascripts and the like can exploit security holes and run malicious scripts.
Note that while the security holes in your system may have been newly found, the viruses that get passed through them are usually not new.
I don’t know how many times my virus scanner has gone off surfing the web or opening an email. I’m VERY glad I use one.
Oh, and yes, I use Firefox and keep my system very up to date.
P.S. – Stupid friends are another way you can contract a virus. I always scan everything I download. =p
Dec 1st, 2008 at 11:17 am
If you don’t run antivirus software, how do you know then that you have not contracted a virus?
Dec 1st, 2008 at 11:50 pm
@Don: Good, I’m glad your approach is working for you. It sounds as though you would be very uncomfortable performing day-to-day operations without a virus scanner, and I thoroughly recommend people like you use one. If it gives you peace of mind, then little harm is being done.
However, the name of the game is risk mitigation. If you inconvenience yourself 99.9% of the time to protect against that .1% chance of being infected, is it worth it? I’ve been running without antivirus for over five years, and haven’t had a single incident with malicious software. So let us say that today, I randomly get a virus. That is one incident out of more than 1780 days – less than .05%. The impact will likely be minimal, as in no data loss (read my “viruses aren’t dangrous” statment in the original post) and equally minimal cleanup once discovered. To me, bogging down my system with a resident scanner, dealing with the updates, and paying a subscription (unless you go with something like AVG) is absolutely *not* worth protecting against that .05% chance.
I can not stress this enough: *If you spend more time dealing with your antivirus scanner than it would save you if you were to get infected, you are wasting your personal and computational resources.*
To get back to you Don, I’m sure using antivirus benefits you. Maybe you just have more stupid friends than I do, or you have absolutely no risk tolerance. For me, the risk has been proven to be nearly 0%, and gets closer to that point every day. So is my reasoning “fail,” as you so eloquently put? Or would funneling my resources into a system that serves me absolutely no purpose be “fail?” Of course I am biased, but I would go with the latter statement.
Dec 2nd, 2008 at 12:38 am
@SuperG: Good question.
If we agree that the class of virus that antivirus would help protect you against can only infect you through user action, then it is implied that I will only catch a virus if I do something to contract it.
So if I don’t do anything, I don’t catch a virus.
If I do do something normal (e-mail, browsing the web, code) the risk is extremely minimal that I will catch a virus.
Because I never download executable attachments (programs) and only open attachments from people I know, I have no risk from e-mail attachments.
So the only attack vector I expose myself to is downloading things from the Internet. Even then, my risk is still nearly zero. I download from well-known sites, established open-source projects, or sites which I believe I have a reason to trust. The risk then from downloading is real, but minimal.
So on a day-to-day basis, it is very safe to assume that I haven’t contracted a virus. Understanding viruses also gives you great peace of mind.
Just for kicks, I ran Trend Micro’s Housecall – a web version of their PCillan antivirus software. No viruses. I must be lucky ;)
Dec 2nd, 2008 at 12:51 am
I would agree that for the really advanced users, anti-virus is not really required, but for the average, and even above average, Windows user anti-virus is pretty critical. I don’t doubt that there are no issues when sticking to safe websites and only email from friends, but I can’t imagine most people only follow these guidelines. I run AVG Free and scan with Spybot every now and then and haven’t had a virus detected in a long time, but whenever I am setting up a computer for family or friends, anti-virus is one of the first things that gets installed.
Dec 3rd, 2008 at 7:15 pm
I use clamwin, it’s night and day diffrence from using my AVG copy on my desktop in terms of system resources, and I agree for similar reasons, Noscript is probably better than anti-virus.
Dec 10th, 2008 at 12:53 am
What about “old virus” — with no protection, you now can get any virus out there..
New ones are one thing but being caught by one that’s 10 years old will really be sad for you…
Get a free one, dont be stupid.
Dec 24th, 2008 at 8:49 pm
For the mac users above: Quit being so pompous :/ Macs aren’t any less hackable than windows, it just so happens that nobody is very concerned about writing viruses for a small segment of home computing.
The question is: Do you pay $3,000 for security through obscurity, or do you pay $600 and pay a little more attention to what your friends send you?
Dec 30th, 2008 at 6:08 pm
I don’t speak english very well, so don’t expect perfect writing… nor anything remotely close to that. Many people here asks how do you get aware of having virus in your system. Well… if you don’t notice that there is a virus in your pc, I don’t see the problem in having it. I notice viruses when my pc is working slower, when it does strange things, when configs change at there own will, when internet doesn’t work as well as it should, when I find broken files, etc, etc, etc. If i don’t notice that I have a virus (my computer runs fast as it should, internet does too, my files work as they should, etc, etc, etc), I simply don’t mind having it. What I can’t leave unnoticed is that resident antivirus slows the accesing of files, the internet navigation, the system startup, blah blah blah. What I mean is that having an AV is, the most of the times, equal or worse than having viruses. For example, some weeks ago I reinstalled windows on my mother’s computer. I left her no antivirus. The next week she was calling me because she had a virus. She was mad at me because i didn’t installed the AV, so I removed the viruses and installed Kaspersky AV. The next week she was calling me again and telling me that her pc was working worse than before. I went to her home again and i found out that now she had not only the same viruses she had before hurting the computers performance, but also the AV helping the virus cripple the system. AVs stink. Seriously. If you can’t remove a threat from your computer manually with no mayor efforts, trust me, you AV has no chance of accomplishing it either.
Jan 7th, 2009 at 10:30 am
I have thought the same for years myself. It was only until I started using Vista that I also stopped using A/V software. As what has been said, Anti virus does not do well at preventing anything. I ran Anti virus for 3 years with no hint of a virus. Even if you run without anti virus. You can still use a online scanner periodically to be sure. I think that’s why many A/V venders are trying to add other utilities to their suites so as to look like they have more value. Even though many of these are already included or available as free software or in the OS.
Mar 26th, 2009 at 7:15 pm
While it’s all well and good, it’s truly just plain inconsiderate not to, and to suggest that your average user not use AV is like asking a hooker not to wear condomns. Yeah, your married couples may not need protection, but someone who pours around in filth should have protection.
Suffice to say, looking at your resume, it’s easy to see why you wouldn’t need AV, most viruses nowadays are either outdated or based on patched exploits. Patching all your loopholes seems to do just as good of a job as AV, but your average user does a lot more idiotic stuff than you do, and they don’t realize it. For people who have an understanding of how things work, and what they need to do to avoid getting crap on their machine, yeah, go for it, but don’t encourage the fools of the internet to do the same.
Jun 25th, 2009 at 12:18 pm