Jump to content

* * * * - 1 votes

Why you still want AV on the desktop

  • Please log in to reply
3 replies to this topic

#1 Bit Viper

Bit Viper

    SCRiPT KiDDie

  • Binrev Financier
  • 28 posts
  • Gender:Male
  • Country:

Posted 10 January 2013 - 06:33 PM



Admittedly, F-Secure has a vested interest. But he does bring up some valid points, in my opinion. Thoughts?

#2 systems_glitch


    Dangerous free thinker

  • Moderating Team
  • 1,766 posts
  • Gender:Male

Posted 10 January 2013 - 08:58 PM

Pretty decent read. I've heard a lot of the "we don't need AV" argument, especially working in a mostly Mac shop. IMHO, it's as silly as not running a firewall for a general use machine. Even for office/business machines, you never know what your users are going to end up doing with their workstations.


I don't run a realtime scanner on my Linux workstation at home, but I do have a cronjob that runs clamav against the disk every night and e-mails me if infections are found. I also use clamav to scan others' hard drives (usually in USB enclosures) when I'm asked to recover data or repair a computer.

#3 tekio


    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,284 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 18 January 2013 - 11:31 PM

I'll be the first to admit, Macs are just as prone to Malware as Windows. Windows malware just (still) reaches at least 60% of computer users.


Whenever I find malware I reinstall from a known good source and start over. Linux, Mac, or Windows.... some malware authors are pretty savvy at hiding or bypassing system checks and evading detection.


A few years ago, i did some research on this. I was able to evade every known windows A/V (but not in the same executable). By "packing", encrypting, or something simple as changing the entry-point of the executable. That was just with known threats as well.



There are still real people that code stuff, and keep the signatures of malware away from the A/V companies.


IMO, checking socket connections and mapping them to processes is the best way to go. 



edit: but again, that's assuming one is looking at non-tainted socket connections. Really the only way to 100% sure everything is pristine, is to check the hash of EVERY single file on disk.

Edited by tekio, 18 January 2013 - 11:36 PM.

#4 systems_glitch


    Dangerous free thinker

  • Moderating Team
  • 1,766 posts
  • Gender:Male

Posted 19 January 2013 - 08:49 PM

Yeah, I go with full reinstall as well. A lot of people don't want to hear that they need to reinstall applications, but scorched earth is the only sure measure.

BinRev is hosted by the great people at Lunarpages!