Why I Don’t Use Antivirus
I haven’t used antivirus for near five years now, and yes, even on my Windows hosts. According to the popular opinion of the Internet, my Windows machines should now be zombies supporting the botnet efforts of Russian organized crime - but they aren’t. The reason for this is, and I am going to make a bold statement here, is I am just as secure without antivirus software as I would be with it. Now that you all know where I’m heading, I’ll explain why it is true for me, and why it is probably true for you too.
The secret lies in the reasons people would have you believe you need antivirus software. Obviously the reason is to prevent and clean infections, but the effectiveness of these tasks is dependent on the signatures created for the software. To give a rough outline, the process goes like this:
- Virus is coded and released
- Antivirus labs obtain a sample of the virus
- Labs reverse engineer and create signature for the virus
- Signatures are downloaded by your AV software to be able to detect and clean the virus
Ignoring heuristic scanning for a second, note that between events one and four you are vulnerable to the virus that was released. The amount of time it takes for AV labs to release a signature for a virus varies, but in that time you are unprotected from it. That means that your signature based virus detection and cleaning system is effective only for attacks that have been around for a bit.
With heuristic scanning, there is a chance that it will pick up new viruses that don’t yet have signatures. This is fairly effective for trivial viruses that repeat methods used by other viruses, but poses no resistance to viruses using new techniques, engines for encrypting malicious code, or polymorphic engines. Unfortunately for Joe Public, the damaging viruses are the advanced ones - heuristic scanning is only going to prevent you from doing something really silly (like opening that screen saver someone sent you in an e-mail).
Viruses aren’t even that dangerous. I’m sure I’ll catch some flak for this statement, but they are generally contracted by user ignorance or idiocy. Viruses by definition require user interaction to propagate, which means that if you are infected with a virus, it is because you did something to contract it. Worms are a different story, they can infect you without your participating in the event. However, antivirus is completely ineffective in blocking the initial wave of worm infections (even with heuristic scanning) anyway, which is the same time you are most likely to come in contact with the worm. If you don’t do anything to contract viruses, you don’t have to worry about them.
So say I am a discerning user who doesn’t open shifty attachments or download warez executables (ie, I in general know what I am interacting with) - what is my risk of contracting a virus with antivirus? Slim to nil. And without antivirus? Slim to nil, because I don’t open the attack vector required to be infected by viruses. And say I contract a virus using a new attack vector that catches me off guard because it uses some new technique - what is my risk now? Antivirus wouldn’t catch it even using heuristic scanning because it is using new techniques, so it doesn’t matter whether it is installed or not. My risk hasn’t increased because my machine lacks antivirus software.
This plays out practically, too. In my five years of not running antivirus software on a Windows box that I keep patched and behind a router with NAT (which is the new default setup for many families), I have not contracted a single virus nor been hit by a single worm. This isn’t something I’m bragging about - it is just a fact that defies the common notion that antivirus is a necessity, especially on Windows boxes.
If you don’t keep your machine patched, your company policy requires it, or you are gullible, you should probably have antivirus software - your risk will decrease by having it there. If you are security conscious, aware, and scrupulous, you can save your system resources and some money by ditching your antivirus software - you are no more secure with it than you would be without it.
I run OSX, I don’t get viruses!
May 9th, 2008 at 12:13 pm
Relic, thats because no one can be arsed to write mac viruses, no one of any consequence uses macs, just artists and ponces
May 9th, 2008 at 1:52 pm
Trust me, AskedRelic, there are viruses for Mac, just not as many. Oh, and mokey - most graphic production is done on macs, and with the Bootcamp and Parallels programs released, you can run all of your Windows programs ON A MAC without having to worry about dealing with the common Windows problems (BSOD, constant updates, security holes, a myriad of viruses, etc.).
The reason that there aren’t as many viruses for Mac is simple - it’s harder to break than Windows, and it’s not as common because Microsoft is the most-used operating system - not because Macs are only for artists or any of that happiness, but because it’s cheaper and so many only know Windows. Virus authors aim for amount of damage, not who they can hurt, and the straight numbers make a Windows virus more appealing to them.
As for nobody of consequence using Macs, think of it this way - the majority of movie and TV production is done on Macs, and when you consider how much power the media has over the public, that makes these people rather important. Along with that, Google (yes, the most popular search engine in the world) works mainly on Apple computers, and with the Google CEO now on Apple’s Board of Directors, that makes it a rather influential system.
One more note - more people would buy Mac if Apple dropped their prices somewhat. That’s a large part of why Apple hasn’t overtaken Microsoft.
~this post written on a Macbook by a person who also built his own Windows-based desktop PC.
May 9th, 2008 at 3:25 pm
Macs suck.
~this post written on a Hackintosh by the person who built it.
May 9th, 2008 at 6:52 pm
Awesome article! I’ve been telling clients this for years. I’ve never used an anti-virus or anything of the sort, whether it’s a free 30 day trial of Norton to the free AVG, it’s jut not worth the money or time setting it up because of the issues you’ve stated above. I hope more people can read this and weed through the myths being sold. Education is the best defense.
As for Apple computers and viruses; I’ve used Windows all my life and still do on a daily basis. I recently bought a Macbook Pro and had a whirl with OS X 10.5. The illusion is that Macs are impenetrable, despite the PWN To Own challenge, and are made from the same material as black boxes on planes. Two months after using my new notebook it was compromised, marking the first time I’ve ever had an intrusion.
( http://www.macworld.com/article/60823/2007/10/trojanhorse.html )
May 9th, 2008 at 8:04 pm
I had a free copy of NAV (Three year subscription) that was taken of straight away. It
slowed down my PC so much at times I decided to take the risk. I’ve now been running AV free for the last four years with no problems whatsoever!
I reformat a couple of times a year to keep things fresh and everything is stored on an ext drive so I completely agree with you!
May 13th, 2008 at 7:18 am
For the most part, I agree with you and used to run a similar setup. However, when I suspected that I had unwittingly got a virus / trojan horse (listening ports on my machine) and installed a free antivirus program it picked up an infection.
My point is that if you don’t run antivirus software, you are unlikely to know whether or not you do have a virus or malicious code running on your machine. You may be infected and totally oblivious to the fact.
May 13th, 2008 at 8:55 am
@Twig: That is a very good point, and something I neglected to mention. Along with being knowledgeable enough to operate with low risk of contracting a virus, you have to be knowledgeable enough to know when you may have accidentally done so. Your suggestion was great - for those reading, AVG provides a great free antivirus solution, and you can even scan your computer without installing any AV software by using trend micro’s “house call” web application. Both are great for periodically checking to make sure you system is clean.
May 13th, 2008 at 3:33 pm
Relic, it is true that you will not get viruses that can harm you due to the whole “Mac” thing. However, you will still get viruses - just they cannot do anything because you do not run Windows. I have the same problem as I run linux. Not running Windows does not mean you can be careless because you can be immune to the virus yet still spread it.
May 17th, 2008 at 2:34 pm