ComPCs said:
So the "means" are, in actual fact, quite unrealistic, in the general
terms of computing which this newsgroup covers - e.g. PC's connected to
the internet/network in some way or another?
Nothing unrealistic about isolationism being a secure system without AV.
Yes, as I said, once you let outside programs onto the machine you then
need AV to scan them (this is why we have AV). What you don't need is
autoupdating, on-access scanning, e-mail and newsgroup scanning, fancy
GUI, quarantine, code repair (healing), or to worry about "footprints"
of any kind. On-demand scanning is all you need, the rest is there for
those without the "means" to implement the safe practices that go with
on-demand methods. Maybe they aren't experienced enough to do it or they
just can't be bothered to take the time to do it (it doesn't make them
'bad' people).
And you prevent that occurring by ... ?
Isolationism. There is no law of computing that says all machines are
required to be internetworked or that they must have new executables
brought in. Believe it or not there were computers long before there
were computer networks.
... there's always a but
Average user? It would be daunting for even the most experienced.
There is no reason that a computer must have every existing ingress
vector installed. No reason a browser has to have ActiveX and scripting
(text only is fine, but I prefer HTML or RTF). No need to share
executables over p2p networks or e-mail etc...
The most ecperienced users won't even allow most of that crap on their
computers.
But would still require an AV solution ....
Yes, as I said. You're still stuck on the point I made that it is even
possible to have security without AV through isolationism.
the "means" seems to have
been forgotten?
No, short of isolationism you need only on-demand scanning capability of
those programs you do feel the need to bring onto the machine.
Preferably one that has a good detection rating, but even a lesser one
could be enough seeing as the exposure is limited by safe practices.
Ditto that which I mentioned above.
Yes, but how many of those ingress vectors are actually needed. You do
have the means to not use applications that add so much complexity to
keeping track of what is allowed in.
The reason for these "ingress vectors" is that people who use computers
desire such to operate as simply and efficiently as they can.
Which means automation of what could be done manually. They "desire" to
give up the means by which they could have control of what comes in.
They 'desire' that websites be allowed to download-and-execute content
without bothering them with so much as a "do you really want to do this"
prompt.
FTP is an
excellent way of transferring files, but if that file is an .exe that at
some point needs to be run, the end user is simply going to trust the
source and do so?
No, that's what AV is for - it is the 'verify' part of 'trust but
verify'.
Not on this machine .... how do I know the FTP server
hasn't been interfered with and/or the file replaced by someone?
You don't, that is why you verify.
[...]
I have an old AV program that I have used for years -
Which is?
It hardly matters to this conversation.
Why has it never detected a virus?
Because I have never asked it to scan one. So far, my trusted downloads
were worthy of that trust. I don't download every program I see on the
web, but did get InControl5 and Process Explorer last year - they sat
'cooling off' in my downloaded files directory while I checked for
complaints or comments about them, then updated and scanned them with
AV.
And if so, why are you using it?
Maybe it's so dreadful it has let viruses/malware onto your system
without your knowledge?
No, it's not "ClamWin"
)
There appears little logic there.
Mitigation. If an AV is capable of detecting only 50% of known malware,
and I don't expose it to any, then I have done a 100% thorough job of
preventing infection. The idea is to not rely on the AV too much - the
more you rely on it, the more the risk.
If you don't have to have anything in
place detect viruses, then why are using one [AV] in the first place?
Who says I don't have anything in place? I said I have an AV scanner.
Please keep this in context of course .... concern yourself with network
connected 'at risk' PC's, not stand alone workstations that have never
had anything else introduced onto them.
Keep in mind also that it is not black and white - there are degrees
away from isolationism that effect risk.
No, I use Windows, and to use it safely and sensibly because I am aware
of the flaws within it, I have no *sensible* and *selfless* option other
than to use an AV solution.
Nobody has said anything about AV being unneeded, only that the
difference between some offerings are differences in unneeded features -
so if you have the ability to get by with the bare bones AV then
detection rate is the only important difference.
Mindset Schmindset.
I have every control of those using my system - me.
Then there is nothing stopping you from adopting an on-demand AV and
limiting exposure through safe practices. If you choose not to do so,
then it starts to be important how feature rich and computing cost
efficient your AV program is.
[snip]
In the context I mention, I stand by my sentiment - anyone who connects
their PC to the internet (read: network) without additional layers of
security (e.g AV solution, firewall) is being reckless, taking risks,
and to add another sentiment, selfish.
That wasn't your statement at all. You said:
"None taken, but nonsense nonetheless." in response to optikl's
statement:
"Both are well regarded products, intended primarily for folks that lack
the means to manage their security without them. No offense intended."
Now you're on a horse of a different color. Nobody here is likely to
argue that AV is not needed, and it is true that AV has evolved into a
programs that ostensibly enable users to forego safe practices and
relegate their security measures to software automation.
Considering the recent flaws being found in libraries containing
unarchiving algoritms, this adding of automation software actually
decreases security - an on-demand regimen (and user initiated
un-archiving rather than automatic so-called "scanning of archives")
would present no additional risk.
