Does anyone here run their PC without antivirus?

10 points by leoncrutchley ↗ HN
I know a few people who are so religious about avoiding unknown links and freebie downloads they feel confident to avoid using any AV. Any one else tried this approach?

18 comments

[ 6.9 ms ] story [ 29.8 ms ] thread
Yes, I'm one of those people. Of course, avoiding dodgy links and free downloads can only do so much to protect you. What about all the random flash drives we put into our computers on a whim?

I do admit, I'm kind of ashamed that I don't protect my computer better - but many AV solutions hog resources and just slow my computer to a stand-still. So I just forgo them altogether. Running on Windows 7 or 8 does enable the Windows Defender program by default, though, I believe. And at first glance, it doesn't seem to be that bad a setup (admittedly, I haven't looked into it much)

I'd be reasonably confident running Chrome with almost every plugin (especially Java and Adobe ones) disabled. It's been a long time since I've had any AV alert when running that way.

I do keep a copy of Firefox with Flash and Java installed so I can manually "whitelist" a mostly trusted URL to that browser if I need it.

I've been doing this for years and it has never caused me a problem. I'll leave it up to the masses to judge how much of that is luck or stupidity.
I haven't run any anti-virus software for at least the past ten years either at work (Ubuntu), on my laptop (OSX) or at home (Windows 7).

To the best of my knowledge I've never succumbed to a virus and have certainly never seen any indication that I have!

I'm cautious with what software I choose to run and do cursory checks of links in e-mail/online. I really only run business related software (Sublime Text, CS Suite, Browsers, Autodesk Inventor, Eagle CAD, etc) and any games I do play (rarely!) are via Steam.

All machines are used regularly depending on where I am and what I'm doing. I'm the only person who uses any of them. I generally only re-install when I'm replacing a machine or substantially upgrading it (perhaps once a year or so).

I run Linux now so it's a moot point, but I survived for years without any infection or malware running Windows without an AV solution. It's all common sense really. Of course, if you have a system where it can be used by the public (or family members that don't know at least two programming languages), you should have some sort of protection.
With the new ways people come up with to attack computers... I just would never be that confident. Sure, don't open attachments and execute stuff from unknowns that look phishy. Don't click links from emails. Don't download sketchy software.

But what about something like malware attacking you from an adserver that didn't happen to get blocked by AdBlock or Ghostery and you're not running NoScript or you whitelisted the domain (perhaps supporting a company you were happy to help support from ads).

>But what about something like malware attacking you from an adserver that didn't happen to get blocked by AdBlock or Ghostery and you're not running NoScript or you whitelisted the domain (perhaps supporting a company you were happy to help support from ads).

Assuming you are talking about a fully silent "driveby" on a modern browser like Chrome: There's a very good chance such a dedicated and advanced attack will also bypass all AV products at the time you are infected. To this day it's still quite easy to bypass any AV if you know what you're doing. If the malware author himself (I'd say "him/herself" but I have encountered very few female authors of advanced malware, Joanna Rutkowska being the only exception I can think of) is the one launching the browser exploit campaign, he likely also knows full well how to get it past any AV.

Personally, I run AV just as a simple "stupidity guard" for myself. I would pretty much never get infected with malware through regular browsing; I work in information security and fight malware daily. But there's that chance I get really drunk one day and do something stupid, so it's nice to have.

I regularly switch between Linux and OS X. I don't run any AV, and haven't for years. (on either of those platforms)

On Windows, some customer stuff scans for updated AV, so I have to run it there.

I'd venture to say, you can avoid 90+% of viruses simply by using webmail, and not being foolish with what you click on. If it looks suspect, it probably is. :)

After 10 years of not having a single positive detected by my anti-virus program I uninstalled it. If you already have a certain amount of PC knowledge it doesn't really improve your security any more. AV-scanner find the kind of malware that spreads via e-mail attachments or warez downloads and those can be easily avoided. And if someone is really after you with a hot new exploit your anti-virus is probably the last to recognize it.
Many system admins I know don't use AV on their personal computers.

My thought is that a properly secured computer and network are far better defenses than AV. If you add to that system an expert user then AV becomes mostly useless, creating more problems than it solves.

I think NoScript and Request Policy are much more valuable to my security than AV.

The only AV 'software' I use is Common Sense™. That and frequent backups have been pretty effective so far.

YMMV though...

Yes, Windows XP without antivirus for more than 2 years. Once a year I install an antivirus, full scan all drives, and then uninstall it. I never had any problem.
I don't use AV and never have. I've never gotten a virus, or anything worse than a driveby exploit that hijacked my browser's home page, and that was years ago. I do semiregular malware scans, and they always come up clean, so I don't worry about it on a regular basis.
It's basically a catch-22 situation, if you don't run a (good) virus checker you have no idea if you've got a virus or not.

It's not like in the 90s where viruses would just destroy stuff and taunt users, modern viruses are often silent stealing data or turning machines into sleeper cells on bot networks.

Viruses no longer rely on downloads to spread either (downloadable software is in a death spiral), they now commonly spread through zero-day exploits in browser software and extensions (flash, pdf readers, java, etc.)

You don't have to visit dodgy sites either, many viruses are spread through legitimate ad networks or compromised web-servers (hacked wordpress installs are often used).

Any software on your machine that handles data received from the outside world (including games, word, skype, etc.) is an attack vector.

If you're not running a virus checker you're essentially just hoping you'll be lucky. Being careful will only take you part of the way.

I thought that novadays even the AV companies admit (off the record) that they've lost the battle, and cannot really do a good job detecting the more sophisticated viruses?
I run windows and do not use an antivirus.

I monitor all files in the filesystem, and all incoming and outcoming network connections.

I have gotten viruses and malware, mainly adware in the past but have always been able to manually remove them.

What do you monitor with and for? What do you remove the malware with?