Do You Still Need An Anti-Virus Client?

by Jason Faulkner on Apr 10, 2009 | 21 comments

How would you classify a process on your system with the following characteristics:

Constantly runs in the background.
Consumes a noticeable amount of system resources.
“Attaches” itself to programs and files you open.
In general, slows down you system.
Annoys you and/or costs you money.

You are probably thinking virus or malware… or preempting what I am getting to based on the title of this post: an anti-virus client. When you compare the traits of malware and anti-virus software, they are strikingly similar (with ‘attached’ used loosely above).

What really surprises me is how most people think an anti-virus client is “must have”. Think about it, when was the last time you actually had a legit (<- keyword) virus stopped by your anti-virus client? Think.

Traditional anti-virus software identifies threats based on signatures. That is, it compares a file to the anti-virus database and looks for certain characteristics. If there is a match then ‘whola’, virus! This means in order for the software to protect you, it has to know about the threat first. More ‘advanced’ anti-virus software uses heuristic based detection as well which identifies threats based on behavior. For example, if something tries to modify system files: virus! As you can guess this can lead to a lot of false positives. Additionally, this is why you see installation programs tell you to turn off your anti-virus protection, because since they (installation programs) modify system systems, they behave like a virus.

While the combination sounds bulletproof, this is a flawed model for system protection because ultimately the buck stops with the user. Remember there is no protection against yourself. If you want to install something on your system, you will be able to regardless of what security programs you have in place. Some research shows that 23% of computers with up to date anti-virus definitions are still infected which speaks to this point and the infectiveness of anti-virus software as a whole.

Now, let’s turn our attention to ways your system actually gets infected:

Your everyday Windows account is an Administrator account. The #1 thing you should not do because anything you run has unrestricted access to your system. More on this in a bit.
You run a file you shouldn’t have. Whether from an email attachment or a suspicious website, if you run a file you are uncertain about you are putting your system at risk.
You install a browser plug-in to play a game, view some file, etc. See above.
You don’t keep your system adequately protected with a firewall and OS patches. This is important because it protects you against OS exploits.
You ignore common sense. The biggest way malware is spread.

Today’s threats are much more sophisticated: rootkits and phishing are the new generation of threats and are designed to steal data for monetary purposes rather than just annoy you, so you definitely need some system protection. Here are a few simple suggestions which will add little to no burden on your everyday computing experience but are extremely effective against threats:

Run as a *gasp* restricted user. Doing this alone, I would argue, is more effective than the best anti-virus system out there. Again, using your system on a day-to-day basis logged in as an administrator account is playing with fire. When you run as a restricted user, you do not have the ability to modify OS files and install new programs. This means if you accidentally run a malicious file, it will not have the ability to do this either. When you do need to install a program (which probably isn’t an everyday task), just log in as Administrator, use the ‘Run As‘ command or use PsExec. Spare me the argument that this takes to long as it takes me about 15-30 extra seconds depending on which method I use.
Vista users: Do not disable the User Account Control (UAC). I use Windows Vista on my work machine and am a system administrator for our network and can tell you UAC is not annoying. You get a UAC prompt whenever you attempt to modify a system setting, install a new program or run something as the Administrator. I have it enabled and I go days on end without ever seeing a UAC prompt. This is a great security feature and anyone who says otherwise, in my opinion, doesn’t know what they are talking about (and as probably never even used Vista).
Monitor your system’s vitals. Keep tabs on your CPU usage and your startup programs. Malware will want to start itself when you system does, so keeping tabs on this is an easy and minimal impact measure. There are tons of free tools out there which do this such as Task Manager (built into Windows) and StartupMonitor.
Use common sense. I cannot stress this enough. If something seems to good to be true, it probably is. If something seems suspicious, it probably is.

What I Use

I do not use my system logged in as an Administrator, I run as a Power User and when I need to do any OS level stuff, I have the ‘Run As’ command waiting with a simple right click. I run Process Explorer minimized to my system tray so I can monitor CPU usage. Any unexpected and/or prolonged CPU usage is easily spotted and I can investigate. The only security program I use is WinPatrol, which is lightweight, not annoying and provides all the protection I need. Of course on top of all this, I keep my OS patched via automatic updates.

My system is old. It is a Celeron (single core) 2.7 Ghz with 2 GB of RAM running Windows XP. I have been running anti-virus free for about 9 months now and have yet to have any problems. In fact the biggest performance boost I ever received came from removing my anti-virus/anti-spyware programs completely. My bootup time (from system off to ready to use) went from about 90 seconds to around 25 (no exaggeration) now that said programs don’t have to connect to the update servers, initialize themselves, etc., etc., etc. As you can probably guess, opening programs is noticeably faster as well.

Like I said, my system is old, but I have no plans to upgrade because it runs like a top. Now that the biggest hog of resources is completely removed, it is lean, slim and plenty fast for what I need it for.

Let me be clear, I am not suggesting an anti-virus free system is right for everyone. If you have just a basic understanding of how threats are spread and common computer sense in general, an anti-virus client is most likely going to do nothing but suck up resources.

Care to give it a try?

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

If you enjoyed this article, you might also like...

Post A Comment Using Facebook

MartYn
Or just use an antivirus program that doesn’t hog all your system resources, combined with using common sense when using a computer = problem solved.
http://kkomp.com Sharron Field
Hmm, I’m dubious about this post: “Whoopee” says the user. “I have it on authority from PC Mech that antivirus is unnecessary and slows my computer down.” – Following which they uninstall their antivirus and become infected without any idea that they’re spreading viruses hither and thither.
I’ve had customers in the past sending me viruses. When I informed them of this and suggested that they run a virus scan they replied that they uninstalled their antivirus program as it slows their computer down. It turned out that they were running their original computer that I’d built them a replacement for as a second machine which was running ME on a P1 with 32MB PC-133 RAM, and heaving with malware without any indication that it was a virus nursery.
I encourage everyone but the world’s top computer nerds to always have fully-updated antivirus installed at all times.

Jason Faulkner
I didn’t suggest you simply uninstall your AV software.
As long as you make the changes I suggested (namely, not running as an admin), AV becomes rather benign. Since malware pretty much requires Admin access to propagate and bury itself in your system, if your account isn’t an admin then the malware can’t do anything.

Oldkid
I have to agree with Sharon, a lot of people will ignore any statements like “this is not for everybody”. Computer usage conditions people to instant gratification even more than what might be natural to their personality. So many will sacrifice speed over security, especially if given justification by an article like this. That’s why I don’t recommend to anyone that they should run without an AV or even imply it in a public venue.
Because I do think there are situations where some can get by without an Antivirus. But only for those whose behavior doesn’t lead them to be infected. For example a computer that is dedicated to gaming or where the internet is only used to surf to certain sites, but as you yourself say, common sense, and I will add safe surfing habits that are learned with the help of common sense, is the biggest factor–so I’m a bit distressed to see it at the end of the list. I’m not sure there aren’t some “gotchas” with running as limited user, so think you are overemphasizing this. For one thing, if you have the right to Run as Administrator to install software, what is to prevent malware from running a script that does the same? Not sure if that’s possible, but even so, there are situations using XP where running restricted can cause problems. When there are multiple users, such as on my machine, one account running restricted slows things down as some programs that install globally and need Admin rights, throw up errors.
Four users on this system, all Administrators now, with one Anti-virus and one firewall and for six years no serious infections. I have seen a lot of people that overload their systems with security apps–I don’t have any anti-spyware/malware guards or monitors and think they aren’t needed if your surfing habits are good. I try to run lean and mean, so agree that a lot of security apps can be eliminated to improve performance. But I won’t sacrifice an AV lest Murphy’s law catches me with my pants down.
What AV are you using that takes 90 seconds to startup? I also have an old system with the same processor as yours, less than a Gig of RAM, and it takes me 40 seconds to get to the logon screen from a cold start and about 20 seconds to load autostart programs after login (but I have more than just an AV loading and could reduce this if I wanted). I use Antivir, which has a very light footprint.
Security is a matter of risk reduction. Not using an AV increases your risk at the expense of saving some time and not worth it in my opinion. Even if the times savings are significant as you’ve demonstrated, a good multitasker will find a good use for that time. People who get infected and thus allow it to spread to others usually (not always, usually) don’t have enough common sense to discern that your advice is not suited to them and will use it as an excuse–all they care about is increasing performance and saving time and continuing with their bad habit.

Jason Faulkner
Thanks for the well thought out reply. To address a few of your comments/questions:
“with one Anti-virus and one firewall and for six years no serious infections”
Note that despite having AV on your system, you still get infections. The problem is the buck stops with the user and if everyone is an Admin, no matter how “secure” your system is one inadvertent or ill-advised click and your security is completely compromised.
As for the 90 second boot time. I had AVG 8 on the system and took roughly 1 minute on every boot-up (I shut my computer down at night) for AVG to contact the update server, install the update, initialize, etc. During this time, my CPU hovered around 75-100% usage which made the system crawl.
As for this article being an excuse for people to blindly uninstall AV without any consideration. For people that fit in this category, I have some snake oil medicine I would like to sell them. Seriously though, this just proves my point that no matter what you do, you cannot protect people from themselves.

SupaChalupa
Lol, you don’t have to be a “world’s top computer nerd” to take the course of action described by Rich. Sure its not for everybody but its not really complicated or difficult to understand either. Not using the administrative account is an excellent piece of advice, easy to do and will greatly boost any computers security. If you use all the measures described above I see no reason to use an anti-virus program.
Btw Rich, UAC is (in my opinion) the best feature Microsoft put into Windows vista, score for Microsoft there.

Jason Faulkner
I wrote the article, not Rich… but thanks for the re-enforcements.

MartYn
I think you guys are conveniently forgetting something. Have a look here, then maybe hypocrite will spring to mind.
http://www.pcmech.com/article/stop-vista-from-being-annoying-disable-uac/
“Vista might be more secure, however a huge part of that security is accomplished by simply annoying the hell out of the user.”
“So, very quickly, this becomes nothing but a sheer annoyance.”

SupaChalupa
Dave wrote the article you linked to. This article was written by Rich, and in my opinion UAC is well worth the slight inconvenience.

MartYn
Yes i apologise.
The PC Mech team giving conflicting advise is what i should have said. How can the readers know what advise to take when one blogger says its a “…sheer annoyance” and “…annoys the hell out of the user”, then the other blogger in the same team says “…UAC is not annoying.” and “…anyone who says otherwise, in my opinion, doesn’t know what they are talking about”
Talk about mixed signals for the reader :-S
Jason Faulkner
Actually, I wrote the article.
Regarding UAC – My understanding is neither Rich nor Dave use Vista at all. I use it on a daily basis, so I know the impact of UAC once you have your system fully up and running.

http://none David M
I can’t believe there is a debate on whether or not we should be using anti-virus software. What next? Debates about using seat belts?

MartYn
Man, don’t get me started on that one. My brother died due to not wearing his seatblet. Yet there are still people in this world who say it should be their choice as its their life. What about all the other lives you effect ey.

Soldier1st
The Op is simply showing his opinions about how he handles stuff, you don’t need to take the advice if you don’t want to but if you thats your choice but if not then thats ok too. Seatbelts are a must and should always be used. would you want to happen?your computer to go off for a bit or would you rather be killed?i would prefer the PC going down rather than being killed,a PC can be replaced but a Person can not.
SAP
An AV solution is still useful for checking external files; maybe one can live without an AV running automatically, but surely there are occasions when you want to check a specific file?
Matthew Henson
Ok, I normally don’t respond to these, but you all seem to have missed the obvious. I am a builder / repair shop and so constantly have many users with virus problems. I do NOT use antivirus software installed on my personal machines. I mostly do as he describes above. However I have a dedicated AV machine that runs Linux, Windows XP, Windows 7 and Mac OS. I do regular scans of my personal systems drives using that dedicated machine and/or if I notice something that doesn’t seem right I run a scan. So in the end I have personal systems that don’t have AV installed and run fast. On a regular basis I scan those drives using multiple flavors of AV software running on a separate machine. This still isn’t perfect and I have had to deal with a couple very frustrating root kits. However I am certain my machines are better protected than the vast majority. Also you left out a VERY big point of detection on machines not running AV. You need a smart firewall/packet sniffer so you can monitor your network connections. The sneakiest malware in the world still wants to phone home. If you monitor your packet traffic it is MUCH easier to recognize an infection. In the case of some of the advanced rootkits it is the ONLY way you are going to detect that you have become infected.
Pingback: Question for PC experts
Pingback: Friday Only: WinPatrol Plus Is Only 99 Cents | PCMech
Pingback: How Effective Is Your Anti-Virus Program? | PCMech
Andrew K
My problem is the one caveat: you cannot protect people from themselves. We ran our system virus and malware free for years. Then facebook came along. The boss clicked on a link, and boom, computer down. I decided that I can’t come check every link someone wants to click on, so I upgraded our av protection to bitdefender’s biz suite. I sleep better now.
I am curious though to try your methods. The only problem is, I can’t control the other people who might use my machines (boss, coworker, wife, kids etc.). In this case it seems an AV protections is necessary. Would you agree with that? Especially considering I just spent $700 for 3yrs worth of protection for our network.

Jason Faulkner
The whole point of this article was not to say AV is a waste of money, rather it is not a “foolproof” protection method.
In your case, it sounds like you have people using the system which fall into “I want to see this and will click anything it takes to get to it” category, so the extra layer of protection is probably worth it.
Not to mention, you can always fall back on the fact that you have AV installed. If you don’t run AV then you might be “perceived” (by some) as not protecting the system.
There is a reason there are 5,000 AV and clean-my-computer programs out there— because people have been made to believe these are absolutely essential.