HomeBlogsDave Keays's blog

use an anti-virus program

Wed, 02/06/2008 - 08:05 — Dave Keays

There are several questions about the software that tackles the traditional computer virus: best? signature updates? free? more than one? email? deep-scanning?
I'll try to tackle all those questions.

should Anti-Viruses be used at all
There are a few experts that claim that Anti-Viruses (AV) are not a good idea. They say they are ineffective, slow the computer down, and are proof that the user doesn't know squat about security. I'll ignore their last claim. Unfortunately there are some rather uh... arrogant members of the security community that seem to want to belittle everybody that disagrees with them.

As far as AVs being ineffective they are making two claims that make some sense. They say that relying on signatures is ineffective and will leave a time when the exploit will work (see below). This is true but so far there are no viable alternatives except not running an AV at all. Good habits go a long way but not everybody is an expert and can avoid an infection. Now days even the experts can't always avoid an infection. So if they want to surf naked, more power to them but I wouldn't suggest it for the rest of us.

They also say that any software running on a computer that is already infected can not protect you. Again true, but what else are you going to do? What they say everybody should do is reboot to another OS whenever we want to scan our Hard Disk. An action that few know how to do and is so tedious that even fewer will do it.

We know that AVs are not 100%, but that doesn't mean we should abandon them completely. Even though they are only partially effective they are more likely to catch a virus than a solution that is not always used or nothing at all.

residential vs. on-demand
There are two kinds of AVs. With a residential AV, the program is always running in the background. It scans each file that saves information on your hard disk and looks for files that appear to have a virus in them.

An on-demand AV scans all your files for a known virus, not just those that are writing to your Hard Disk. You can start it explicitly or set it up so it starts on its own at certain times. Those settings are different on each AV so the best you can do is to learn about your AV and post any questions on the vendors web site.

signatures and updates
Most AV's today need to know about a virus before they can recognize it. The setting to "update automatically" updates on a regular basis. Most people should use this setting and if you decide not to, be sure to update the AV yourself on a regular basis.

Not only is constantly updating a major inconvenience, it leaves a hole that a new virus can take advantage of. There will always be a period of time when you are vulnerable to a brand-new virus. A virus that the AV doesn't know about yet is called a "0-day virus".

holistic
One kind of AV that doesn't require signature updates is the "holistic" AV. It watches for certain kind of behavior. However they aren't mature enough as of this writing to replace the AVs in place. Hopefully they will be soon be good enough that we don't need an AV that plays a cat-n-mouse game with viruses.

Which is best
There is no one best but each AV has a group of fans that claim the others are not even close. Again, an example of techie arrogance. The list of AV programs that catch or "detect" the most viruses changes every month. No AV can catch all viruses all the time.

Another concern is which is easiest to use. A correctly used AV with poor ratings is better than the "best" AV that isn't used right. If it isn't easy (too many pop-ups, too much false information, too much technical information, etc) then you wont use it. Go with the AV that you think is easiest to use and that you will use religiously.

If you have just bought a new computer then you probably have an AV good for one year. I suggest using that one until the free period runs out and then decide if you like it or you should try the some other brands.

Watch some on-line rating sites (see below). Pick one that has been in the top 10 for several months and has a good rating for both "effectiveness" and "ease of use". Then try it and decide if you will use it on a regular basis. If you like it then use it all the time.

scanning email
This setting allows for the AV to scan email as it is being read. Normally the AV will only scan as the file is being written to.

Again, some people don't like the idea of email scanning and says it is a waste of time. But they know the risks and what they are doing. The rest of us simply need the extra security and should use it.

using more than one
Many people assume that if one is good then even more is better. While that is true with on-demand AVs, more than one residential AVs can interfere with each other.

I say only have one residential anti-virus. But when you scan your hard disk use as many on-demand AVs that is feasible and if you suspect an infection use as many as you can get your hands on.

are the free ones any good
The free ones do compete well with the paid for AV's when it comes to simply detecting viruses but lack in ease of use. Use the ideas listed in "which is best".

shallow vs. deep scanning
There was once a time when only a few kinds of files could carry a virus so it was safe to scan only a few files. That limited scan is known as a "shallow scan". But virus writers have figured-out how to put viruses in many kinds of files and not just the few a shallow scan will look at. So you should always do a "deep scan" and look for viruses in every file, not just what kinds of files were known as of the AV's last version.

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options