Sign in to follow this  
Followers 0
Bit Viper

Why you still want AV on the desktop

4 posts in this topic

Pretty decent read. I've heard a lot of the "we don't need AV" argument, especially working in a mostly Mac shop. IMHO, it's as silly as not running a firewall for a general use machine. Even for office/business machines, you never know what your users are going to end up doing with their workstations.

 

I don't run a realtime scanner on my Linux workstation at home, but I do have a cronjob that runs clamav against the disk every night and e-mails me if infections are found. I also use clamav to scan others' hard drives (usually in USB enclosures) when I'm asked to recover data or repair a computer.

Share this post


Link to post
Share on other sites

I'll be the first to admit, Macs are just as prone to Malware as Windows. Windows malware just (still) reaches at least 60% of computer users.

 

Whenever I find malware I reinstall from a known good source and start over. Linux, Mac, or Windows.... some malware authors are pretty savvy at hiding or bypassing system checks and evading detection.

 

A few years ago, i did some research on this. I was able to evade every known windows A/V (but not in the same executable). By "packing", encrypting, or something simple as changing the entry-point of the executable. That was just with known threats as well.

 

 

There are still real people that code stuff, and keep the signatures of malware away from the A/V companies.

 

IMO, checking socket connections and mapping them to processes is the best way to go. 

 

 

edit: but again, that's assuming one is looking at non-tainted socket connections. Really the only way to 100% sure everything is pristine, is to check the hash of EVERY single file on disk.

Edited by tekio

Share this post


Link to post
Share on other sites
Yeah, I go with full reinstall as well. A lot of people don't want to hear that they need to reinstall applications, but scorched earth is the only sure measure.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0