Helping people with computers... one answer at a time.
•
Listen to the podcast: Running without a
net. 
Transcript
This is Leo Notenboom for askleo.info.
Every so often I hear of people who run Windows without anti-virus or anti-spyware software. A good friend of mine runs this way, and the other day I happened to hear that a couple of high profile tech industry folks do the same.
Now, while it might be OK for them, I'm concerned that it sets a misleading example, and might cause others to think that they can get away with doing the same.
Here's the deal.
If you're behind a firewall, and if you really know what you're doing - and I do mean really know what you're doing - it is possible to simply avoid almost all sources of spyware and viruses.
Unfortunately while the rules sound simple, in practice they're not. And one little mistake on your part can result in disaster.
In order to run without malware protection:
-
You would need to never open any email attachments unless you're absolutely positively certain you know where it came from. Absolutely positive - if there's any question at all, the attachment is discarded, no matter where it looks to come from. Some folks simply reject all attachments.
-
You would need to never download anything from the web, again unless you're absolutely positively certain you know it's from a trusted source. Absolutely positive - if there's any question at all, you simply bypass the download.
-
You would never visit any website that might be considered "questionable", since those are often a source of spyware and other malware. You'd probably need to tighten the security settings on your browser - including turning off Javascript on sites you don't absolutely trust.
And so on. The key to running safely without malware protection is extreme skepticism - don't trust anything - and what I'd call a lower level of curiosity - don't visit or run anything just to see what it might be. It requires a lot of knowledge and experience to know by looking what is, and is not, potential malware, and to act accordingly.
Knowledge and experience most folks don't have.
The fact is we all need to be wary and skeptical and develop that sense for what is, and is not, legitimate, but that only comes with a lot of time and a lot of experience. For 99% of Windows computer users out there, there's simply no excuse: you must be behind a firewall, you must run anti-virus software, you must run anti-spyware software and you must keep the databases for all these tools up to date on a daily basis.
I supposedly know what I'm doing, and I run these tools anyway. The cost is low compared to the cost of infection.
I'd love to hear what you think. Visit askleo.info and enter 11030 in the go to article number box and leave me a comment. While you're there, search over 1,000 technical questions and answers on the site.
Till next time, I'm Leo Notenboom, for askleo.info.
Article C2885 - December 31, 2006
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
Well, as first regarding the "real-time" protection (be it anti-virus or anti-spyware), I am personally more and more against it. And the main reason in my case to stop "torturing" my computer with "protection" from all these programs (again, I am talking in particular about those programs offering "resident" protection of any kind); is that in all that time they haven't "catch" anything. But it's true that even before realizing that I've only trialed a few of this type of programs (mostly for not more than a week or so), and that was pretty much it. Finally, I visit more or less same "set" of trusted/well-known websites during my online sessions (i.e. when being connected to the Internet; note that I am still on dial-up so I am not connected 24/7), while I also rely on common sense, so that must be it I guess.
And secondly regarding the firewalls (particulary "two-way" ones); this particular question was discussed many times on Ars Technica forums where I participate (one such thread was for instance the relatively recent "Kaspersky AV vs. F-Secure AV": http://episteme.arstechnica.com/eve/forums/a/tpc/f/99609816/m/155000260831 one), and the consensus seems to be (i.e. what the majority of members are saying) that, quoting: "Once the malware is on your computer you are owned. It could turn off your firewall and disable the security center, same result, more headaches.", although you might notice my post (my nick is "shirker") in which I say the following: "Yes I agree, it certainly could... But there is also a possibility that it wouldn't. I mean, there are so many different firewall-programs out there, that it's almost impossible to "target" them all." However, I do fully agree with Ars Technica members in regards to other "aspect" of them, i.e. it's that the average/inexperienced user could never really know for sure what to allow and what not (which process trying to establish/accept connection) when being "asked" by firewall, which was precisely what happened in Don Davis's case, as we can all read above. That's why I use default Windows XP SP2 firewall and am completely content with it.
________
best regards,
Posted by: Ivan Tadej at January 27, 2007 11:49 AMIvan Tadej, Slovenia
http://tadej-ivan.50webs.com/
The only secure computer is at the bottom of the ocean in a location known only to the owner, who is anchored to the computer!!!
Posted by: howiem at December 29, 2009 10:49 AMYou do not need a safety net (except a completely stealthed firewall) if
1. You are completely familiar with every single one of the well over 1,000,000 threats to computers.
2. You know exactly what precautions to take to avoid each of the over one million threats, using the precautions that Leo recommends.
3. You take practical measures to protect your operating system (sandboxes, VM, etc).
4. You are not gullible or greedy, and can recognize offers that are too good to be true.
5. You know and understand the capabilities and limitations of protective measures that anti-virus and other anti-malware programs offer.
6. You understand the trade-offs of protection and performance.
If you are uncertain about any of the above items, then you need the insurance that security software/hardware provide.
Happy New Year Leo, and thanks for all the valuable tips and assistance.
I fix pc's every day ... the largest volume of work being malware removal and resulting system repairs ... unless the malware is poorly written or designed to take control of the pc to purposely get your attention, you may never know the infection is there.
I have yet to find a completely clean pc, even among those with protections in place.
I DO know what to look for, yet I run the protections that Leo suggests, as well as being behind a hardware firewall and running only inside a sandbox, as I've seen the mess malware can quietly and surreptitiously make without any red flags at all.
Posted by: angusdhu at December 29, 2009 11:42 AMI run no AV
Posted by: Fred Nerd at December 30, 2009 8:43 PMAnd have no problems.
Basically I hate AV programs asking me whether I REALLY want to do that.
And since I'd say 'sure' anyway, it doesn't help.
BUT I do know a LOT about what I am doing, and if I do get infected I am prepared for it. (Not as well as I should be, but all important data is backed up, or I would have no problems with live cds for data recovery on a corrupt OS.)
AV doesn't protect you from phishing and similar scams, and is nowhere near 100% accurate. Its about as accurate as I am manually.... without hassles.....
If you start windows as a "guest" account without any administrator privileges, no program can be installed on the machine.
Have you heard of "sandboxie" ? anything that reaches the computer stays in the sandbox and can be selectively written into the machine.all else deleted.
Have you heard of "system protection " software ? All changes to "C: drive" are lost when you close windows.So any malware also gets deleted .
No need for ANY protection if you use these.
Posted by: calvin a b at January 31, 2010 1:14 AM