or Connect
AVS › AVS Forum › Video Components › Home Theater Computers › To anti-virus or not to anti-virus, that is the question
New Posts  All Forums:Forum Nav:

To anti-virus or not to anti-virus, that is the question - Page 2

post #31 of 74
Quote:
Originally Posted by Suntan View Post

Well, if you don't go around randomly poking your HTPC into the dirty places on the internet, then you don't need a condom.

-Suntan

hahahaha I damn near spit out my pop reading that!

- Josh
post #32 of 74
I use the free AVG version. Small, fast, and gives a nice peace fo mind.

I look at it like having health insurance. My hope is to never need it, but I willingly give up some money (or CPU power) just incase I do need it.
post #33 of 74
No AV software, but I do try to run Bitdefender's on-line scanner once a week.
post #34 of 74
Why are people so anecdotal? "I never had AV on my HTPC, and I never had a problem".

Is that a reason not to spend 2 minutes to install free AVG and not have to worry about it again?

There's no real compelling reason not to, but many for. It's all about the network, not the machine.
post #35 of 74
Quote:
Originally Posted by floepie View Post

Why are people so anecdotal? "I never had AV on my HTPC, and I never had a problem".

Is that a reason not to spend 2 minutes to install free AVG and not have to worry about it again?

There's no real compelling reason not to, but many for. It's all about the network, not the machine.

Yes but if your talking about network based infections, those are vulnerabilities that were found within your operating system, IE a worm. Like What Sasser and Blaster where to XP. I don't care who you are or what AV application you use, there is no way an AV application is going to prevent a worm spreading like Sasser and Blaster.

AV apps scan for infected files, not for unknown open vulnerabilities within the operating system.

For me its having a stream line, "less is more" view point for my htpc. I don't need excess cpu cycles going on for no reason at all.

- Josh
post #36 of 74
Quote:
Originally Posted by floepie View Post

Why are people so anecdotal? "I never had AV on my HTPC, and I never had a problem".

Is that a reason not to spend 2 minutes to install free AVG and not have to worry about it again?

There's no real compelling reason not to, but many for. It's all about the network, not the machine.

I think it's a holdover from the days when playing HD was more demanding on a computer.
post #37 of 74
I use AV on all my machines except the HTPC, don't want to do filesystem stuff while it's showing HD material.
On the HTPC I remove the DNS and gateway settings (static ip).
Using a firewall for the whole network so it's not exposed to the internet.
If by some accident it gets infected there will still be a hurdle for the bot/virus/etc. to find out the gateway settings etc.
Not fool proof but so far it has been clean, sometimes I install AV just before a ghost reload just to check.
Haven't found anything yet.
post #38 of 74
Quote:
Originally Posted by Suntan View Post

Well, if you don't go around randomly poking your HTPC into the dirty places on the internet, then you don't need a condom.

-Suntan

probm is if you do a lot of web stuff you will prob be redirected sometime or another to a site where you didnt want to go. So i rather be safe then sorry....
post #39 of 74
Quote:
Originally Posted by umdivx View Post

I don't care who you are or what AV application you use, there is no way an AV application is going to prevent a worm spreading like Sasser and Blaster.

Really? Don't tell that to the Nod32 or Kaspersky folk.
post #40 of 74
Quote:
Originally Posted by umdivx
I don't care who you are or what AV application you use, there is no way an AV application is going to prevent a worm spreading like Sasser and Blaster.


I assume you haven’t used or tested Kaspersky? The latest version on Kaspersky is pretty granular.

It protects from even TRUSTED network threats. Meaning if your network is infected with a worm, Kaspersky will protect that individual workstation. Which is WHY I have front line AV Firewall then 2nd Line Kaspersky on my systems.

Kaspersky =
File AV
Mail AV
Web AV
Proactive Defense
Anti-spy ware
Anti-Hacker
and Anti Spam

I believe your worm falls into the category of proactive defense and Anti-Spy and Anti-Hacker.

Proactive looks for Application activity, registry guard and office guard from things like macros.

Anti Spy & Hacker is phishing attacks, port scans, personal firewall and also the ability to set rules, and permissions based on NICs inside the computer. So your wireless network can have different trusts than your hardwired network.

Even a change to my registry is halted (valid of rogue) until the user accepts or deny. Granted this can be a little pain in the butt; but its worth it.
post #41 of 74
My point was about unknown threats. If there is a hole that has yet to be found and kaspersky/nod32/norton/ect... if their database isn't up to date how is it going to know about it and look for it? Though kaspersky is a little different as it is also a firewall.

I by no means am saying it is bad to run AV/Firewall software (above the built in MS firewall) its just that if your careful, don't run your system as administrator, don't download and install software from un-verified sources you will have just as good of a chance of running a complete uninfected system as you do of running a system with AV/Firewall software. It just simple proper PC use if you want to call it that, don't do anything stupid and you won't get infected.

- Josh
post #42 of 74
Josh,

Sometimes its not that easy either. If you take a look at Page 1 I posted a photo of my Fortigate hardware firewall which also offers a form of Zero Day Protection (thats what Watchguard calls it). Basically it looks at IPS/IDS signatures and looks for anomalies and blocks based on that as well.

So even before the database is updated, it still offers some form of protection.

My network is actually pretty active, and take a look at the pictures and see how many IPS/IDS attacks were on my network. Not all are actual threats; but are things that are logged because they triggered an event in my firewall. If one was not correctly patched, it would pass through the firewall and onto a system.

If you use any software like Pear Guardian, you would get a better idea of what’s actually happening thought the wire. Call me paranoid but a lot more is going on that most think.

Id love to post better example but my firewall gives very detailed logs about IP address and what comes from where. Even a UPS Site can trigger a PNG buffer overflow IDS attack, but its up to the user to figure out what is a thread and what is NOT.

End of the day any protection is better than none. I don’t want to get too technical, but most people who say no need to have AV on a media center because they don’t surf is crazy.

Your media center access the internet more than you think. Software updates, Automatic updates, windows updates, iTunes and winamp access album covers and other data. Web surfing and threats you may not be aware of. My home network is pretty locked down, you cant download an .exe, .com, .bat, and even a .zip w/o a Firewall Override; and even when someone does; I know about it.
post #43 of 74
Especially if there are multiusers on a PC. My wife and daughter download emails all the time - many of which they have no idea of the contents, but the subject title entices them to open them!

I just gave back a PC that a realtor was having problems with and had wanted my help on. Firstly, none of the already installed AV or Spyware SW would boot up at all. The PC had abysmally slow bootup times. I installed AVG, which found and "healed" about 70 different trojans! Boots up a lot faster now (ya think?)

Why take a chance with your PC investment?
post #44 of 74
Quote:
Originally Posted by Stealthlude View Post

Josh,

Sometimes its not that easy either. If you take a look at Page 1 I posted a photo of my Fortigate hardware firewall which also offers a form of Zero Day Protection (thats what Watchguard calls it). Basically it looks at IPS/IDS signatures and looks for anomalies and blocks based on that as well.

So even before the database is updated, it still offers some form of protection.

Any NAT router will prevent IPS/IDS attacks. Your router just also looks at "approved" nat traffic and scans it for viruses and spyware, ect...

I don't care who you are you have high speed internet your going to see what is called "noise" IE IPS/IDS, there is constant traffic of probes and port scans going on all the time by scripts, its just the unfortunate nature of the internet these days.

But by having a simple NAT firewall it prevents you from all of that.

I mean If I turned on IDS logging on my firewall I'd have the same information, I just don't bother with it, as it does me no good to even look at it.


Quote:


My network is actually pretty active, and take a look at the pictures and see how many IPS/IDS attacks were on my network.

Like I said thats nothing new, happens to anyone with high speed internet every day and a simple NAT will protect you from that.


Quote:


Not all are actual threats; but are things that are logged because they triggered an event in my firewall. If one was not correctly patched, it would pass through the firewall and onto a system.

Tell me how can an un-solicited IP packet pass through a NAT firewall?

Quote:


If you use any software like Pear Guardian, you would get a better idea of what's actually happening thought the wire. Call me paranoid but a lot more is going on that most think.

I'll join you and call you very paranoid.

Quote:


End of the day any protection is better than none. I don't want to get too technical, but most people who say no need to have AV on a media center because they don't surf is crazy.

I agree with you there, but like I already said SEVERAL times is that if you take the proper precautions then you wouldn't have to worry about it either. First and foremost, do not run as administrator. Not running as admin is huge. Then with the advancement of UAC in Vista, and the vista firewall, I honestly see no reason or need to run AV software.

- Josh
post #45 of 74
I personally have AVG on my laptop but don't allow it to run in the background. If I'm downloading something I think is questionable, I start it up and do a quick check before running the file. I start and update AVG maybe once a month or so and scan my computer once every 2-3 months just for safety.

Since it doesn't take up massive amounts of space (compared to the 500+ GB on most HTPCs), it makes sense to have it installed just in case.

For the last 2-3 years, I've only had maybe 2 viruses.

If you use something like Limewire or Torrents, then I'd highly recommend at least having AVG installed and probably running. If it's basic internet surfing without much downloading, then install it and prohibit it from running unless necessary.

That's my 2 cents.
post #46 of 74
umdivx,... lot of the stuff you are saying in incorrect. Your understanding is IDS and IPS isn’t accurate.

Just because it’s a NAT firewall does not give you the level of protection a Statefull packet firewall does.

The NAT firewall unless high end with a IPS/IDS database (just like an AV database) only looks at the header of a packet. I can easily spoof that packet to make it pass thought your standard NAT wall like a linksys. If it looks like approved traffic, it passes. Not hard. Give me your IP address and we can talk about it. (no its not a threat)

A Stateful packet firewall looks at header and content. Even if the packet is spoofed, it will look into the packet for content and reject the packet.

There is a difference. I don’t want to get into a pissing match about IPS/IDS and the difference if just logging. I will agree that if one does not monitor logs; it does not help. Getting traffic to pass a Stateless NAT wall is.. EASY. I do this for a living... I am pretty savy in this area.

I am only trying to explain having a higher end firewall can help justify not running AV on a computer.

AV software is cheap insurance. I don’t even care about reformatting a system. My entire life if on a computer, identity theft is a big deal. You are protecting more than just ur MP3s.
post #47 of 74
Quote:
Originally Posted by umdivx View Post

My point was about unknown threats. If there is a hole that has yet to be found and kaspersky/nod32/norton/ect... if their database isn't up to date how is it going to know about it and look for it? Though kaspersky is a little different as it is also a firewall.

My point is about unknown threats as well. One of the strengths of several AV software is how well they perform using "heuristics" in that the software can recognize threats *not* found in their database and quarantine them before they have the ability to do their damage. Nod32 does particularly well in this respect. However, unknown threats not found in an AV's database do fly under the radar at a greater rate of course. I go by 'less is more' as well; The less the threat exists, the more I have peace of mind.
post #48 of 74
You guys should get some books like ethical guide to hacking or buy the CBT Nuggets on hacking and pen testing. They even have free videos on their site if you want to see how these lectures are setup. My company buys this stuff for me... I see huge value in it.

http://www.cbtnuggets.com/webapp/product?id=250
http://www.cbtnuggets.com/webapp/product?id=59

watch and pass this test and then we can talk about ur NAT firewall...
post #49 of 74
Quote:
Originally Posted by floepie View Post

My point is about unknown threats as well. One of the strengths of several AV software is how well they perform using "heuristics" in that the software can recognize threats *not* found in their database and quarantine them before they have the ability to do their damage. Nod32 does particularly well in this respect. However, unknown threats not found in an AV's database do fly under the radar at a greater rate of course. I go by 'less is more' as well; The less the threat exists, the more I have peace of mind.

Which also matters quite a bit. This is why I use two independent sources for AV definition updates.

Fortinet has its own AV department, they are also fastest to market in updates.

Most people don't know but a lot of AV companies just buy or share the database from a major manufacture like Symantec

Kaspersky and Fortinet don't share the same database, which is also good piece of mind.

If people who don't use AV due to processor load then buy a faster processor Even for a HTPC the scanning isn't an issue. Just allow it to do its thing and forget about it. Even with free solutions out there, protect urself. Its simple as that.
post #50 of 74
Just so people in this thread know... I am throwing a lot of emphasis on firewalls to do the main load of work, but in reality for home use what I am proposing isn’t always a viable solution mostly from a cost standpoint.

A typical off the shelf firewall like a linksys/netgear cost about $60-100 bucks.

The fortigate 60 firewall cost about $1000 + $300/year to keep the updates alive. Setup is also pretty tedious since its not very plug and play.

Umdivx… I know it may sound more like an argument between us but its not. I was also not fair in comparing a commercial firewall to a consumer wall. So I apologize. But an off the shelf firewall works and is better than nothing at all, but still does not provide the level of security a high end wall does.

You can choose or choose not to use AV on your own system. It really does depend on what you do with it too. It’s not my computer but I am only trying to relay my experience. I make lots of electronic transactions with my computer so I can warranty the added security.

All im saying it only takes one bad event; think of AV more as insurance. You don’t drive your car w/o it (I guess some do) but it can save you from a world of hurt.
post #51 of 74
I haven't seen a router WITH a builtin firewall sold at a big box store in a long time. They're just routers.
Almost had identity stolen by the Paypal worm in 2004 the day before Norton issued the patch. Came as an email from Ebay after winning bid. About halfway through filling out the Paypal signup form I got a bad feeling and cancelled, then had my CC # changed.
You could get a rootkit from playing a Sony CD.
The last few DVDs purchased have tried to connect to the internet.
Zone Alarm free firewall makes everything ask permission along with the new Spybot S&D.
AVG last year said my chipset drivers were a virus ha ha.

Edit: For those of you that let your kids play online games or aren't regular gamers... some games download content automatically now to display advertisements in the game say on a billboard along a road or poster in a hallway. One game tried to load 30 cookies or the same cookie 30 times but my cookie monster blocked it till the game locked up the computer. Of cource I'd never known if not for the antispyware.
post #52 of 74
No AV on my HTPC. Never have, and never will. I don't surf the net with it. Any files it accesses are on other PCs that do have virus scanners. There's no reason to have it on a HTPC if you're not on the web with it.
post #53 of 74
Quote:
Originally Posted by Bob7145 View Post

Almost had identity stolen by the Paypal worm in 2004 the day before Norton issued the patch. Came as an email from Ebay after winning bid. About halfway through filling out the Paypal signup form I got a bad feeling and cancelled, then had my CC # changed.

Common sense > all the AV software in the world.

Don't click on links in e-mails. Ever. If an e-mail tells you to take action, log on to the web site and take action from there. If this is not possible, cut and paste the link from the e-mail, make sure it points to the exact domain of the web site, and paste it in your web browser.

With the increasing proliferation of malware, I use Kaspersky on systems that count. But in 25 years of using computers, no system of mine has been attacked by a virus, just because I use common sense.

There are also good reasons NOT to use AV software, as they can mess things up and slow things down.
post #54 of 74
Quote:
Originally Posted by Bob7145 View Post

I haven't seen a router WITH a builtin firewall sold at a big box store in a long time. They're just routers.


Do you have any examples? I don't think I've ever seen a consumer-grade router without a built-in firewall.



D-Link DIR-655 N Gigabit Router: "...this Xtreme N router utilizes Dual Active Firewalls..."

Linksys WRT150N Wireless-N Home Router: "...has a powerful SPI firewall to protect your PCs against intruders..."


Linksys WRT54G Wireless-G Broadband Router
: "...The Router protects your PC from most known Internet attacks with a powerful Stateful Packet Inspection firewall."

Netgear WNR834B Wireless N Router: "...Double Firewall protection from external hacker attacks."
post #55 of 74
Jeeze guys, you keep projecting your general purpose computer usage into this discussion. We are talking about a HTPC, which I (and it sounds like umdivx) do not use for all the things that you use a "normal" computer for.

I won't speak for anyone else, but I would never use my HTPC to order stuff off the internet (I am usually doing that on the laptop while watching the HTPC), nor store my person information. And I certainly wouldn't setup email on it. My HTPC has XP, a couple of media programs, and the Purevideo codec installed. Total time to reinstall from scratch 35 mintues plus re-format.

The only place it goes online is Netflix for on demand (direct link from shortcut), Zap-to-it for tv guide download and Windows update (manually not automatically).

Also, the only information located on its drives are, a couple of ripped DVDs that I haven't gotten around to watching, whatever TV shows I haven't watched yet, and a mirrored copy of all the MP3s for playback.

Further, this topic was about anti-virus, not firewalls. I run a firewall on the HTPC, but I see no need for anti-virus.

Quite honestly, you internet paranoids may like to geek out about all the different ways the unfriendly ones-and-zeros can get into your computer, but the reality is that there is probably 100 to 200 things you do daily in your real life that has the potential to inflict much more harm or discomfort into your life than what I laid out above. From not signaling while changing lanes, driving too close in traffic, cutting up carrots for dinner while also trying to catch the evening news, handing your credit card to the punk waiter that walks off to scan it. etc. etc.

As I said at the beginning, no AV for a couple of years... ...and amazingly the sky hasn't fallen yet.

-Suntan
post #56 of 74
Quote:
Originally Posted by Stereodude View Post

Any files it accesses are on other PCs that do have virus scanners. There's no reason to have it on a HTPC if you're not on the web with it.

How do you get EPG data if it is not connected to the Internet?
post #57 of 74
Quote:
Originally Posted by Suntan View Post

As I said at the beginning, no AV for a couple of years... ...and amazingly the sky hasn't fallen yet.

So what's the downside to using AV software? Have you tried various brands and found that they affect system performance?
post #58 of 74
Quote:
Originally Posted by Rupert View Post

So what's the downside to using AV software? Have you tried various brands and found that they affect system performance?

Well, back in the day, running MyHD card. When timeshifting, the MyHD creates many small files. The av software would bog down with all the new files that it saw "coming in from outside the computer." Axed the AV software and never looked back.

-Suntan
post #59 of 74
You guys are too paranoid. I've tried both AVG and Symantec on my HTPC and found them both to use more resources than i wanted being dedicated to anti-virus duties. Now i don't run any. Also i make sure to turn off all of Vista's security features. I guess i just like living on the edge.
post #60 of 74
I stopped using AV/Internet protection suites after a fiasco with Norton completely screwing up permissions on a system. I've removed hundreds of viruses over the almost 20 years I've been in the computer industry and none were as difficult to remove as that corrupted Norton configuration. McAffee isn't much better when it IS working. Bottom line, it's easier for me to remove viruses than deal with most so called AV protections. If you really want AV, use AVG or Kapersky. They are the least obtrusive.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Home Theater Computers
AVS › AVS Forum › Video Components › Home Theater Computers › To anti-virus or not to anti-virus, that is the question