AntiVirus Software

For a while now, a big topic in the tech industry is antivirus software.  With so many viruses, trojans, and malware out there, you need to do something to keep your computer (and it's data) safe on the Internet.  The general consensus is you need a good antivirus program.  But I'd like that challenge that assumption.  I got my first computer in 1994 and I've been on the Internet since day 1.  In the past almost 20 years I have never had a virus attack my computer.  But this wasn't because of really good antivirus software running on my computer - the truth is I have never installed AV software onto my computer.  I've managed to stay virus-free strictly through safe computer practices and commonsense.

Before I talk about how I stay safe, I wanted to briefly talk about the history of computer viruses and antivirus software.  In the 80s and 90s, computer viruses were spread from computer to computer via floppy disks (as the Internet didn't really exist).  At the time pretty much all viruses would destroy your data or make your computer useless until you reinstalled the operating system.  Starting in the late 90s, virus writers learned that there is monetary value to the data they were destroying.  The data might contain credit card numbers, bank accounts, a list of email addresses that can be sold to others, etc.  They could even "hijack" a computer and use it to attack others.  So the goal of virus writers had pretty much changed 180 degrees during.

As for antivirus software, in the 80s and 90s your choices were very limited, and few of them were free.  But as long as you were careful about what floppy disks you stuck into your computer you were pretty much safe.  Soon the now heavyweights of the industry (Norton, Symantec, McAfee, etc.) released good AV software.  But once your software was out of date, you might as well be unprotected.  Moving into the 2000s and they offered online subscriptions that kept itself up to date (so long as you kept giving them money).  Fortunately nowadays there are a ton of good free options out there including Microsoft Security Essentials, Avast, AVG, Ad-Aware, MalwareBytes, and Avira just to name a few.

But I personally can't recommend any antivirus program regardless of cost.  Why you ask?  Simple, all antivirus software suffers from the same problem - loss of system performance.  In order for antivirus software to function properly it needs to be fully integrated into the operating systems.  It's not enough to scan files, it must "watch" what every program is doing on the system at all times and be ready in an instant to stop a program it deems to be suspicious.  This level of integration means everything on your computer runs slower.  I wish I had benchmark numbers, but installing any AV program significantly slows down your computer!  In fact, I've often said that having AV software installed on your computer is only slightly better than having a virus on your computer.

Despite this system impact, AV software is just a necessary evil, right?  Well, there have been a number of articles released in the past year or two (from technical places like Toms Hardware) that question the effectiveness of AV software.  They found most AV software does not fully protect the user but in fact only gives the user a false sense of security (in addition to slowing down everything they are doing).  So why not ditch AV software altogether and replace it with good practices and commonsense?  That's exactly what I've done for almost 20 years.

So what exactly am I doing (or not doing)?  For starters, be careful what you download and run.  I'll only download and run software from trusted sites (Microsoft, Adobe, Google, etc.).  If there is a file I wish to download and run but I don't know the site, I will first download and install the file inside a Virtual Machine.  That way if the file ends up being a virus it cannot infect my machine.

Secondly, protect your browser/email program against infection, since most viruses will enter your machine via web page and/or email.  For the love of God don't use IE or Outlook.  These are the most targeted and insecure pieces of software.  I recommend Firefox and/or Chrome for a browsers and Thunderbird as the email client.

Next, it's important to keep your computer and all it's software up to date.  On a regular basis run Windows Update as well as updates for other software (such as your web browser, email, Flash, etc.).  There's nothing worse than getting a virus simply because you were running an older version of a program.

The last step is to protect your computer against forced attacks.  Other than keeping your computer up to date, the most important thing is to run a firewall.  If your router has a built-in firewall, enable it (and make sure your router firmware is up to date while you're at it).  Chances are, that's all you need to do.  You can run a firewall on your computer itself - it's just redundant.  I disable firewalls when I'm in my home network (as I trust all my computers), but I enable firewalls when on strange or foreign networks.  Unless you do a lot of home networking, just enable the firewall on your computer and be done with it.

There you go, those simple steps should allow you to be safe on the Internet without the issues associated with AV software.  Oh, if you're wondering "how do you KNOW you've never had a virus if you don't run AV software?"  Easy - there are simple ways I am willing to double-check my computers for viruses without suffering the problems of AV software.  Those methods are:

1. On average every 2 years I reinstall the operating system on my computer.  Before reinstall the operating system but after backing up my data, I install one or more AV software programs to my computer.  This allows me to scan my system and verify I'm still virus free, and since right afterwards I reinstall the operating system the AV software is completely blown away.
2. I can boot my computer into read-only mode using what's called Windows PE.  From WinPE I can scan my files to ensure there are no viruses.  And since this is read-only mode, when I boot my computer normally the AV software is gone.
3. About once a quarter I backup my data onto an external drive.  I can then plug that drive into a test computer (or Virtual Machine) with AV software installed and again scan my data.

I hope I've challenged the conventional thinking about AV software.  You can be perfectly safe without an AV program installed.  If however you absolutely must install AV software, might I suggest a program that allows you to disable real-time protection and only perform a scan at your request.  Microsoft Security Essentials has such a feature, but I'm sure others do as well.  This is a good compromise as you get some protection but without all of the system impact of real-time monitoring.