An antivirus question

Computer Help and Discussions Windows Security
1

Hi,

It is a long time question that I`m having, and up until now it remained puzzling:

We use an antivirus or anti malware software hoping to keep our pc safe, and secured, now the question:

The antivirus has unlimited privileges that no other installed software has, isn`t that in itself a huge security breach?? somewhat like letting the cat watch the milk? m` I being paranoid or, or having realistic logic grounds for doubt? and if yes, what are the alternatives?

2

to put it as nicely as I can, yes, you are being paranoid. :)

there is one piece of software higher than your AV - your OS has system-wide privileges.

all Microsoft digs aside, you trust the OS is doing the right thing.

you have to trust something.

there are no alternatives, apart from having no AV, and although some conspiracy theorists go down that path, it's simply head-in-the-sand ignorance.

3

Welllll, there's a difference between paranoia and healthy caution. :ph34r:

I have thought about that for a long time also. Agree w/ mta, there is no good alternative.

There are ways to double check, like independent online virus scanners, system monitoring software, a good, configurable firewall, virtualization, imaging software, etc. Then there are Live CD's, which start fresh every time and will not retain malware.

But yes, eventually "you have to trust something".

4

If Google or Facebook or Twitter created an AV, would you trust it?

5

If Google or Facebook or Twitter created an AV, would you trust it?

Nope,but then I do not trust any body with priveleges on my pc, maybe sandboxing would be less of a security breach although not air tight.....

6

I've never trusted antivirus but for a completely different reason; they detect something, then it turns out to be a false positive. All I've ever gotten from them are false positives and a degrade in performance. Luckily I've never had any real infection, just those false positives, and I've scanned my system and files over the years with umpteen different anti-virus and anti-malware software.

I do find it rather interesting if a system gets so badly infected it typically isn't the traditional anti-virus or anti-malware software that everyone knows and has installed that's used to remove it, usually it's some specialized tool.

7

Antivirus tools do have unprecedented access to certain parts of the OS but I think only those that get special license from Microsoft do (such as the intel key in the registry).

8

..I do find it rather interesting if a system gets so badly infected it typically isn't the traditional anti-virus or anti-malware software that everyone knows and has installed that's used to remove it, usually it's some specialized tool.

Meaning...that all this infections come about right through the protection... and once infected some other tool does the catching and cleaning job...that I know also from my personal experience..exactly what brought me to that question I asked...gain and lose are not clear here....

9

If Google or Facebook or Twitter created an AV, would you trust it?

on face value, hell no.

like any piece of software that goes on your PC, it should be; researched, reviewed, how often it's updated, company profile, etc.

but passing those checks, and if it met my criteria and expectations, they I would give it a crack.

10

If Google or Facebook or Twitter created an AV, would you trust it?

Nope ... Facebook ... MMUUAAAaahaaahaahaaa.

But in order to be aware of viruses or similar issues in real time you have to use something in real time..

One of the benefits of hanging around forums where the members are not completely whacko pretty knowledgeable is that you can learn from others experiences.

What I've done to keep XP safe is adopt a layered approach.

Here on xp the setup is this, listed in order of least disaster to worst.

- Avast Antivirus + MBAM + Spyware Blaster to catch malware at the point of attack (hopefully). There are alternatives available.

- Sandboxie, used to run programs in an environment isolated from the real OS. No good alternative that I know of.

- Powershadow, a light virtualization software, it allows to just reboot if the problem gets past the antivirus and other realtime protections. There are alternatives like Returnil, Shadow Defender, others which I don't remember right now but other members will.

- Acronis image backup in case all else fails. Alternatives are Image for Windows or Macrium, maybe others.

- Last but not least, the factory reset disks.that came with the computer. Or the restore image from the OEM, or something similar.

There is one type of infection I don't much understand, a compromise of the Trusted Platform Module (TPM). It isn't an issue here on this old machine, so I am not fully read up on it. But it is a baddie.

11

here, here @login123

use or don't use an AV.

use or don't use layered security.

[insert here whatever else gives you a warm fuzzy feeling when using your PC]

but make damn sure you have some form of recovery process when the brown stuff hits the fan.

12

but make damn sure you have some form of recovery process when the brown stuff hits the fan.

Yes, quite so. (Might be you posted that while I was editing.)

Anyway, I've learned over several years that Avast and Outpost firewall (maybe others) do indeed send information their masters, but nothing has ever come back to haunt me . . . he says, as there is a loud knock at the door :P. So at any rate I need the protection and will put up with the "feedback" functions in order to get it. Others might disagree.

The question posed by Eli is a good one. I think the answer is to just select protective softwares based on opinions you trust, then watch them to make sure they work.