Are antiviruses still useful?

Question

Are anti-viruses useful nowadays ?
Given the number of viruses that are developed and spread monthly, and given the fact anti-viruses are based on virus signatures, I wonder how much it is useful and effective to use an anti-virus ?

Over the last ~half dozen years my AV's blocked one or two threats/year from legitimate sites that were either hacked or hosting tainted 3rd party ads; and had one infection slip past an out of date filter about 2 years ago. As others have said it's not fool proof; but will cut down on your total risk a good bit. — Dan Is Fiddling By Firelight, Jul 28 '14 at 15:30
Very similar to [Are signature based antivirus or antimalware effective?](http://security.stackexchange.com/questions/438/are-signature-based-antivirus-or-antimalware-effective) — Adi, Jul 28 '14 at 18:14

score 11 · Answer 1 · answered Jul 28 '14 at 15:03

Yes, there are also near infinitely many possible vulnerabilities and exploits on your system, but applying system updates is still advisable. Good security includes a concept called defense in depth. The idea is that you do what you can with multiple tools in order to make it harder for an attacker to penetrate all your lines of defense.

The effectiveness of anti-virus software may not be as high as it once was, but it still protects you from a far larger set of threats than ever before. It is foolish not to use AV software as a component of your defense. Keeping current on virus definitions, good network security and patching your system regularly, as well as good password security and avoiding risky websites are all also important to keeping a system secure.

The more barriers you put up, the harder it is for an attacker, even if none of your defenses are 100% foolproof (which is really ALWAYS the case).

score 6 · Answer 2 · answered Jul 28 '14 at 15:04

Yes, you should have an antivirus installed for the following reasons:

protection against old malwares
protection against new, widely spread, malwares

You will get some malware eventually (depending on your usage), but significately less than without an AV, and with less impact on your usage.

score 4 · Answer 3 · answered Jul 28 '14 at 14:59

You will likely see a wide range of answers on this question, and even though this question is quite subject I'll answer it anyways.

I believe that anti-viruses do still serve a purpose, however it's peoples mind-sets that need an adjustment. The common misconception among many computer users is that if they install an antivirus that they are untouchable and their computer has become bullet proof. We know this is not true. I view AV software in the same light as car insurance - something you need to have but hope to never have to rely on.

I will say that I think signature based AV is an antiquated notion and largely ineffective. Behavioural based AV (such a Webroot) can block actions in addition to traditional signature based methods, making it almost impervious to code morphing or subtle variations of the code. I would certainly recommend a behavioural based approach as opposed to simply signature based.

I believe AV is still an essential weapon in combatting malware, but it needs to go hand-in-hand with a users education on how to spot and avoid threats. I've found that once I told people how to spot threats that they relied on their AV solution significantly less.

score 2 · Answer 4 · answered Jul 28 '14 at 15:00

YES

But you have to adjust your expectations to reality. Anti-virus likely will not protect you from a brand-new virus, but WILL likely protect you from well-known viruses.

Think of Anti-virus (Anti-malware) as a "background radiation shield". It's there to protect you from the background radiation of the Internet. It's not going to stop all threats.

score 2 · Answer 5 · answered Jul 28 '14 at 16:05

Given the number of viruses that are developed and spread monthly, and given the fact anti-viruses are based on virus signatures, I wonder how much it is useful and effective to use an anti-virus?

Let's turn that around.

Given the number of viruses that are developed and spread monthly, and that there are specialised programs who keep databases of these viruses to detect and counter them, I wonder how viable it is not to have an anti-virus program on a system.

Not very viable.

Now, you make a good point, and that is that threats evolve, but so does the AV software, even if it is sometimes a step behind. AV isn't perfect--never will be--and it will at times be insufficient, but it remains an important part of your defense. Leaving it out is a big risk I wouldn't advise anyone to take.

score 0 · Answer 6 · answered Jul 28 '14 at 17:29

0

If you are using a Personal Computer just for your own purposes and you are not browsing or using unknown sources. Then updating your Operating System on time and keeping your Firewall on is enough. While on the business side it is always a good idea to have an Anti Virus to cut down any remaining potential risks. Operating Systems are sometimes slower in releasing updates.

answered Jul 28 '14 at 17:29

user3783750

11
1

1

Known sites have been known to spread viruses if they have something not properly sanitized. I think AV is a must. – Travis Pessetto Jul 28 '14 at 19:25

score 0 · Answer 7 · answered Jul 28 '14 at 19:03

Yes... Sadly.

There is a lot of fairly dumb, automated malware floating around (especially for the Windows desktop platform) that is very nasty if allowed to install. Antivirus software can generally detect this stuff before the installer executable, dropper, or whatever runs. Most AV software also comes with transparent filtering proxies to detect exploit shellcode, and other layers of defense.

But there are problems here.

a) This is against generic, spray-and-pray attacks mostly aimed at desktop users. If the attack is customized, novel, highly obfuscated, or targeted specifically at you (e.g. spear phishing attack on a company) then an antivirus has a good chance of missing it.

b) Antivirus engines are privileged processes, and perform various types of analysis (often involving disassembly or virtualized execution) on possibly malicious code. That is a huge potential attack surface.

c) The entire concept of antivirus as real-time defense is not very smart or very future-proof. It detects possible maliciousness by signatures and heuristics; so false negatives are common, and it needs to be updated frequently.

d) The main part of an antivirus, the on-access engine, only kicks in once an attack has already started. Its job is to stop payloads. The memory or program logic exploit that triggers the payload generally goes undetected.

e) There are several modes of attack that an AV engine will not intecept, e.g.

Stuxnet-type kernel exploits
Non-persistent snooping in program memory

In summary:

Antivirus is not the be-all and end-all of security
It is a specialized type of security software for dealing with specific types of attacks
It is hugely helpful in some situations, but that does not make it invariably helpful

and about all, it is not a first line of defense. Your applications (via exploits) and your brain (via social engineering) are what get compromised, so they are always the first line of defense. Your AV is there as a fallback measure. That does not mean it's useless, but that does mean you shouldn't rely on it too much.

And now some disclaimers:

I am an IT worker, not a security consultant, so don't take what I say at face value.
I have a vested personal interest in antivirus software disappearing as a popular concept, because I believe the approach is unsustainable, and commercialized to a harmful degree.

score -5 · Answer 8 · edited Aug 12 '18 at 10:38

-5

It depends what OS you have. If Linux, then none is needed. If Windows then yes, you need it.

Windows - if you won't pay for antivirus (fair enough) go AVG free

Linux - built on UNIX system so no need for any

MACOS - same as Linux

edited Aug 12 '18 at 10:38

schroeder

123,438
55
284
319

answered Jul 28 '14 at 15:59

IBTrey

1
1

1

Why do you need it on one OS but not on others? – PiTheNumber Jul 28 '14 at 16:02
Because Linux and MAC OS are built on UNIX systems (OS's that were for big companies so it had ultimate security) – IBTrey Jul 28 '14 at 16:03
4

Linux won't protect your user's data from malware that exploits a vulnerability in Firefox anymore than it would on Windows. In reality, much of Linux's "security" on the desktop comes via the obscurity of it. Also, the notion that UNIX provided "ultimate security" is an utter myth that ignores how insecure the big Unix systems actually were- the threats were just largely nonexistent in a pre-Internet world). – Kitsune Jul 28 '14 at 16:08
4

Check the [myths about malware on Unix/Linux](http://unix.stackexchange.com/q/2751). These systems are not immune, just rarely targeted. – JvR Jul 28 '14 at 16:09
I think UNIX systems do have bugs, too. Also they often run cross compiled software where Linux and Windows Versions do have the same bugs. Sure, with UNIX you are less of a target. – PiTheNumber Jul 28 '14 at 16:09
Given the amount of attacks Windows faces , I couldn't think viruses and malwares won't have cropped up in large amounts if that was the case for UNIX based systems. – Abhinav Gauniyal Jul 28 '14 at 17:27
Google Mac OS X viruses and you will come across some. Some of them are pretty horrifying too. – Travis Pessetto Jul 28 '14 at 19:34
http://www.howtogeek.com/135392/htg-explains-why-you-dont-need-an-antivirus-on-linux-and-when-you-do/ – IBTrey Jul 29 '14 at 07:02
This answer was factually incorrect when it was originally posted. Is now even more so incorrect. – schroeder Aug 12 '18 at 10:39
Is not Android system a Unix based system? There are thousands of malwares for Android. In addition, there are many vulnerabilities ( patched or maybe some of them are not patched ). – Pilfility Aug 13 '18 at 06:32

Are antiviruses still useful?

8 Answers8

Linked

Related