However, you should never ever need them. If they ever catch something about to execute which is clearly not a false positive, you have already failed extremely badly and what you really need is to overthink how things could come this far.

Where did I download that and why did I think it would be a good idea to execute it? How could something even start to execute just because I visited a web page? All of these issues suggest a severe failure on your part before anti virus came even into play. No software should be able to start executing on your system just because. If it does, the battle is already lost. Anti virus software might be able to save the day but you can never be sure if something it did not recognize did not get through.

but it saves you when you screwed up, better yet is not to screw up and that's actually fairly easy:
- if you see a popup warning you that you have a virus IGNORE IT, most of the time it's an add trying to get you to download a virus, no virus will EVER let you know that it found something WITHIN a webpage, so if the window is "owned" by your browser (in the taskbar), IGNORE IT, if it's not, well ignore it anyway, most antivirus with default settings will take reasonable actions if you let them do without worrying about it and if you're following

I'm by no means a security expert, but from my little experience there is very good reason for anti-virus software.

1. You seem to confuse 2 things into 1: Alerts are not just for something dodgy executing on your system, it could also mean something dodgy BLOCKED AT THE POINT OF ENTRY, and the software gives an alert just for the sake of a pat on the back and a "welldone you're worth the money" reward

2. Saying AV are never needed also defeats the point of the internet - particularly in exploring for information through search engines. Ninety nine percent of times reputable brands/names are not even involved so these actions cannot be said that one was careless/(or screwing up as you put it).

Typically you require some information about something, product , news, sales info --- Nothing wrong/careless with that

You go to your search engine type in some keys words and results that perfectly match your search is found -----Nothing wrong/careless with that

Most of the times you can't second guess a website,

merely visiting a site that perfectly match the info you're started out searching for ------ cannot be said to be a screw up or careless

And these days thats all you have to do ---- just visit a compromised site, you don't even need to explicitly download

Yes you can be safe without AV if you remain in your little box and never venture out but that defeats the point of the internet

I'm by no means a security expert, but from my little experience there is very good reason for anti-virus software.

1. You seem to confuse 2 things into 1: Alerts are not just for something dodgy executing on your system, it could also mean something dodgy BLOCKED AT THE POINT OF ENTRY, and the software gives an alert just for the sake of a pat on the back and a "welldone you're worth the money" reward

There is no distinction here. The simple fact is: there should never be a 'point of entry' on your system. If there is, you screwed up. I have been running anti virus software for well over a decade. It has never happened to me that it blocked something dangerous because I visited the wrong web site or tried to execute something.
Whenever anti virus software talked to me it was one of these cases:
- "Hey! You know that executable that has been on your system unchanged for a couple of years? I'm now convinced it houses an extremely new bit of malware."
- "That email you just clicked has a very suspicious attachment. Also, I do not know why I just received a 'delete'-key event from you."
- "If you order right now we can give you a great deal on our professional version for next year. Also, you will have to wait a few seconds before you are allowed to close this window."
I have been infected by a virus twice in my life. Once was in the 90s because a game magazine contained an unchecked executable. Nothing I could have really done back in those days, without regular Internet access for updates any scanner I had running would not have caught it since it was rather new.
The other time was Nimda. That was pretty close after I got broadband for the first time. Using IE at that point in time was obviously the big problem, it was nothing but a huge 'welcome' sign. However, on the bright side, there was no real damage done except a little bit of inconvenience to get rid of it and it raised my awareness of security issues. Since then, I have been paying real attention to the things I use, especially browsers.

2. Saying AV are never needed also defeats the point of the internet - particularly in exploring for information through search engines. Ninety nine percent of times reputable brands/names are not even involved so these actions cannot be said that one was careless/(or screwing up as you put it).

Typically you require some information about something, product , news, sales info --- Nothing wrong/careless with that
You go to your search engine type in some keys words and results that perfectly match your search is found -----Nothing wrong/careless with that
Most of the times you can't second guess a website,
merely visiting a site that perfectly match the info you're started out searching for ------ cannot be said to be a screw up or careless
And these days thats all you have to do ---- just visit a compromised site, you don't even need to explicitly download

Yes you can be safe without AV if you remain in your little box and never venture out but that defeats the point of the internet

Again, during my normal browsing I have never ever encountered any 'caught something' warning by anti virus, even in the decade or more I actively used it. There should never be anything to catch for it. Even if it does, my advise would be to nuke the system and reinstall. If anti virus really catches something, it means there was a chink in the armor for something to slip through. That chink should not be there. How can you be sure nothing else slipped in through that same chink, just undetected?
And if you do not want to reinstall, at least boot one of those live Linuxes with security tools from an USB drive (obviously not downloaded and created from the possibly infected machine) and use that for scanning.

That said, if you want to browse porn (or anything else that feels really fishy) I would do that in a browser inside a virtual machine.

Yes it could.
I don't have an anti-virus software. Just do not click or download anything fishy, and don't use torrents, thats all.

Nice disinformation. There is nothing inherently malicious with the BitTorrent protocol, and a very high percentage of torrents don't contain malicious code at all.

Whilst previous P2P systems in the late 90s may have been riddled with unsafe files, a lot of things have changed since then.

Furthermore, you're more likely to receive a virus from independent websites with no record of trust or bundled installers.

Security is my bag.

I've contributed to security related published books which you can buy in book shops.

Now that's out of the way, I don't run antivirus either except ms security essentials.

I also don't run as administrator ever.

I haven't ever had a virus.

I do perform semi regular audits, e.g. by picking through my pc with a Linux boot disk every few months; nothing van really hide from that.

I also don't run anything from untrusted unsigned sources.

I would recommend this method of defense to anyone who knows what they're doing, but for 99% of users ignorance abounds and antivirus is a necessary evil.

On that note in my day job as network manager for a company I took away administrator access to everyone in the office and removed the ability to download executables of all types with a transparent proxy. There, we do run AV, AND we've had no virus alerts on the console for over a year since this was enacted.

This is the approach I recommend for normal users.

You get what you pay for but they also need to make feel like you do, i found paid antiviruses are more intrusive system wide to give a better impression of protection, that's not so bad but that's overkill and tends to cause more system issues related to the AV itself

You are being very merciful here.

Indeed, the paying version of Kaspersky will render your computer unusable to a point where you almost wish that you just had malware instead of malware protection. Compile times with Kaspersky were (once upon a time when I used it) about three times as long although I had the compiler's executables whitelisted and had the complete development partition excluded from scan. Disabling live protection alltogether didn't change a thing performance-wise either.

The paying version of Avast is very slightly less obnoxious if you disable almost all the features that you pay for, but it contains a serious amount of adware/malware itself. For example, it will install Google Chrome as a well concealed drive-by when doing updates, and it includes a "tools" (such as Grimebuster or what they call it, or the VPN thingie) which, after you have already paid for a subscription, do some constant nagging and fear-mongering by popping up dialogs that tell you that you should do this and that to make your computer more secure and faster and whatnot, and when you click on "OK" assuming that this program that you already paid for will just do it, it pops up another subscription dialog for their mostly useless service.

Anything Symantec, Kaspersky or Avast have ever detected and blocked as malware were programs that I wrote myself and which were certainly not malware. So either I've never had malware in 30 years, or they simply aren't able to detect it.

Symantec will make your computer totally unusable, both from a performance and crash-resilience point of view, and down to details like denying you access to removable media. It was bad when I used it around 15 or 20 years ago (when it was still called "Norton"). But things have not improved since then. For example, on my wife's corporate laptop, you cannot run even run fucking chkdsk or format an USB stick because Symantec Endpoint will tell you it's not encrypted with Bitlocker. Which, of course, defeats the purpose of copying something onto an USB stick in the first place. Starting an application (like Excel) takes around a minute, on a modern high-end laptop.

After logging in and while the desktop and taskbar are already visible, it takes around 3-4 minutes until the light on the harddisk goes off and the computer is "usable" because, hey, Symantec must do a fuckup scan every time you log in. A trojan could have been installed while the computer was turned off.

However, you should never ever need them. If they ever catch something about to execute which is clearly not a false positive, you have already failed extremely badly and what you really need is to overthink how things could come this far.

Where did I download that and why did I think it would be a good idea to execute it? How could something even start to execute just because I visited a web page? All of these issues suggest a severe failure on your part before anti virus came even into play. No software should be able to start executing on your system just because. If it does, the battle is already lost. Anti virus software might be able to save the day but you can never be sure if something it did not recognize did not get through.

but it saves you when you screwed up, better yet is not to screw up and that's actually fairly easy:
- if you see a popup warning you that you have a virus IGNORE IT, most of the time it's an add trying to get you to download a virus, no virus will EVER let you know that it found something WITHIN a webpage, so if the window is "owned" by your browser (in the taskbar), IGNORE IT, if it's not, well ignore it anyway, most antivirus with default settings will take reasonable actions if you let them do without worrying about it and if you're following

I'm by no means a security expert, but from my little experience there is very good reason for anti-virus software.

1. You seem to confuse 2 things into 1: Alerts are not just for something dodgy executing on your system, it could also mean something dodgy BLOCKED AT THE POINT OF ENTRY, and the software gives an alert just for the sake of a pat on the back and a "welldone you're worth the money" reward

2. Saying AV are never needed also defeats the point of the internet - particularly in exploring for information through search engines. Ninety nine percent of times reputable brands/names are not even involved so these actions cannot be said that one was careless/(or screwing up as you put it).

Typically you require some information about something, product , news, sales info --- Nothing wrong/careless with that

You go to your search engine type in some keys words and results that perfectly match your search is found -----Nothing wrong/careless with that

Most of the times you can't second guess a website,

merely visiting a site that perfectly match the info you're started out searching for ------ cannot be said to be a screw up or careless

And these days thats all you have to do ---- just visit a compromised site, you don't even need to explicitly download

Yes you can be safe without AV if you remain in your little box and never venture out but that defeats the point of the internet

No i'm not confused, i was stating that running manual daily SCANS was useless because if something was found it should've been found EARLIER by your AV, i'm not advocating that everyone uninstalls their AV, just that it's useless IF YOU KNOW WHAT YOU'RE DOING.

You can very well visit any website, no one says you shouldn't, there's a big diference between visiting a website and downloading random exécutables from it, visiting any compromised website is PERFECTLY SAFE if you're not screwing up YOURSELF

You are simply very wrong about how this work, today it's NOT all your have to do, a website has NO rights on your machine and NO WEBSITE can harm you except by the 2 ways i mentioned, user screwup (download something / run it / give priviledges / accept a run popup etc) OR exploit, that's all period, if your computer is exploitable then it's ALSO your screwup, it means you're not up to date, if you are then it's a 0 day exploit, and you can't do anything about it but typically NEITHER CAN YOUR ANTIVIRUS. So the only time when something can happen and it's NOT you screwing up is also the only time when your AV can't help you!

You guys are all super-paranoid about this stuff. I'm not sure why I haven't uninstalled my anti-virus software at this point - all it has done in the past 5 years is generate false-positives and quarantine every goddamn 4k intro I have downloaded.

As long as you run a decently recent version of Windows (say, Windows 7 or newer), browse the web using a recent version of Chrome or FireFox, and use Gmail as your email client, you'll never have an issue with viruses and malware.

Or, you know, buy a Mac.

You guys are all super-paranoid about this stuff. I'm not sure why I haven't uninstalled my anti-virus software at this point - all it has done in the past 5 years is generate false-positives and quarantine every goddamn 4k intro I have downloaded.

As long as you run a decently recent version of Windows (say, Windows 7 or newer), browse the web using a recent version of Chrome or FireFox, and use Gmail as your email client, you'll never have an issue with viruses and malware.

Or, you know, buy a Mac.

I'd change that to as long as you run any up to date version of your OS, with any up to date mainstream browser. Nothing specially secure about Firefox or chrome, all modern browsers are doing fine there.

The problem with anti-virus is that most people tend to draw a parallel with ordinary diseases and medicine, in that anyone can "catch" malware and then just has to "deal with it": this is where the anti-virus comes in. This is in analogy to someone catching a cold, for example. Anti-virus companies know very well that their products are actually quite useless to a remotely competent computer user, but most people aren't competent with computers. It is not in these companies interest to educate users, what is in their interest is to perpetuate their business as best they can to make profit, and that means ingraining into users the notion that everyone needs an anti-virus. Hence the name "anti-virus". That sounds like serious business; wouldn't want your computer to "catch" a "virus", would you? Calling them "security software" packs less of a punch, what do I need security for? Same for the word "malware", which shares roots with terms like "malady", or "infection", "quarantine", and so on. Whether it is intended or not, whether you acknowledge it or not, people do make this connection and that contributes to the perception that getting infected by malware is inevitable in the long run, and hence that anti-virus software is necessary.

The problem with this analogy is that while even the most hygiene-conscious person can catch something like a cold just by interacting with other people in everyday life (we don't live inside sterilized environments, and who has never been sick in his life?), the same cannot really be said for malware. They don't just materialize on your computer one day for no reason. Something put it there, and that something is, rarely, a genuine vulnerability in software you use (exploited by zero-day exploits, for instance; not much one can do about that), but almost all of the time is just you, because you opened a random email attachment, misconfigured some software, etc... At this point the anti-virus software may or may not jump to your rescue, perpetuating the idea that it actually does something. And it does, of course; if it can recognize existing malware, then it can try and do something about it (why not, after all. the anti-virus has to do something at least). But of course a lot of malware knows how to evade such software, and there is also potential for annoying false-positives especially for people who create software (also known as, us). So overall it is simply not useful to counterproductive to the power user, and marginally useful at best to other users such as grandma.

The bottom line is, the companies who make anti-virus software are in it for the money. Their business model exclusively depends on uneducated computer users trusting, buying, and using anti-virus software and associated products. You have no doubt seen advertisements on such software on TV or the internet. Do not be naive.

More commonly, viruses need to pretend to be something else when:

A) Flashing advertisements saying, "Ur computr is teh virus. Plz cilck heer too fix!"

B) Pirating antivirus software or downloading free antivirus software, there is fake antivirus programs begging to be downloaded.

C) When a virus needs to be ran in the first place, it can try to trick the user to run it - like having fake USB booting names and icons ("Open in Windows Explorer (no, really!)").

===========================

I disagree with others that anti-viruses are entirely worthless to experienced users.

I'm generally very cautious, but I run Microsoft Security Essentials and Spybot Search & Destroy as a second line of defense incase I make a mistake. Maybe twice it's happened where they caught something for me, but I'm glad they did. They don't noticeably slow down my machine.

If I trusted in them alone, they'd miss plenty. But if I'm cautious already, but then get lazy, they still have a chance to cover my back.

But yeah, you can install whatever anti-virus program you want on non-experienced users machines, and it won't be enough to protect them. Given enough time (three months is enough), and they'll have downloaded and manually installed enough adware and browser toolbars to slow their computer to a crawl. All the while, they'll claim that perfectly innocent programs must be viruses because those legit programs popped up messages saying something is wrong.

I don't hesitate to click ok when my avast antivirus dialog box pops up to say "i need to update my virus definition". Lately its beginning to occur to me - could an advanced malware mask itself with an antivirus logo and so when you click "ok/yes" you end up f*******g-up your system.

You almost have to be on the other side of the hatch for that to be a problem.

ExecutableABC pops up a message saying it's ExecutableXYZ, and 'would you please let it run?' Why does ExecutableABC need to do that? If it pops up a message, that means it's already running on your machine. Instead of popping up a message to trick you, it can just run its virus stuff directly.

Maybe it's trying to escalate privileges by running as administrator. Well, your administrator (you) knows what he installed and what he didn't install. If he already installed it with admin privileges, there's no need for the executable to pretend to ask for permission.

If the administrator installed it without administrator privileges, then you got a problem because the administrator (you) installed a virus period.

It's definitely possible for a virus to already get installed on your computer (user error!) without admin privileges, but then the additional prompt asking for elevation is just another user-error away from disaster. If the user already made one mistake, he can't be depended upon to not make the second. You need some other form of security here, like signing the executable to confirm the identity of the executable. But is the user (who already made the mistake of installing the software in the first place) really going to read and pay attention to whether the executable was signed and confirm the authorship of the program? No.

So maybe the system could block the user from running unsigned executables. And then the first time an unsigned program that the user wants to use gets blocked from running, the user will complain that Windows is broken or sucky, and Microsoft is trying to hinder competition and enforce a monopoly, and the user will ask for help running the program on some internet forum, and the forum's response will be "Just disable UAC, it suxxorz!", and we'll be back to square one.