
Ask HN: Do you use an antivirus? - abahlo
If yes, which one and on what platform?
======
boogdan
Mac user here: I'm using nod32 as AV and Backblaze for automatic backups. I'm
also using an object storage on rackspace for storing random stuff and last
but not least, I'm not going head first on any shady website or things like
that.

Oh and also I'm not letting anyone on my computer unattended by me.

It doesn't matter if you have the best security solution because in the end,
the human factor is the most vulnerable part of any computer.

~~~
abahlo
> It doesn't matter if you have the best security solution because in the end,
> the human factor is the most vulnerable part of any computer.

100 percent correct.

------
kephra
I'm using hierarchical backup. Logfiles of backups could tell when and how
maleware spread. And even more important, one can restore a system after
infect quickly.

I'm using a detached screen for ssh master control, and an rsync script to
sync servers to my backup server, from where hierarchical backup is done to
USB disks in the most simple way: `cp -al` and rsync. I have 3 piles of disks.
One attached, one in the shelf, and one at a neighbor and shuffle them weekly.

I'm using network scans, and keep things containerized with tight fitting
firewall rules.

------
pcr0
On OSX. I don't use an AV. In fact, I've visited known virus sites for the
heck of it or plugged in infected USBs from Windows users to help clean
it/recover data.

Nothing has happened to me, and it's been 2 years.

People keep harping on about the fact that viruses for OSX do exist. I don't
dispute that. But realistically, outside of virus labs and white hat
conferences, has anyone experienced or witnessed a Mac virus in the wild?

Ditto the above question to any other *nix users as well.

~~~
teh_klev
> Nothing has happened to me, and it's been 2 years.

How do you know? Modern day viruses and root kits go out of their way to make
things look "business as usual"

~~~
thaumaturgy
That's not true in the majority of cases, although it's possible that our
experiences are being distorted by the fact that users don't tend to bring
their machines in until they're nearly unusable.

But of those infected systems, we see relatively few that have truly sneaky,
invisible-to-the-user malware. Far more that's just a gigantic pain in the ass
to remove as it's hooked into everything in order to display ads at the user
or rewrite links or shoddy code has destroyed one or more browser or OS
components.

~~~
ramtatatam
You have very high regard of yourself (not saying it's wrong :-] )

On my VPS's I always assume I was already compromised. I never trust my system
in current state until I do all the checks including analysis of my logs. I
have automated this into certain level but you can never know :-)

People I work with used to say that it is only a matter of time somebody will
try something you have not thought about - to be prepared for such situations
is the key. But that's just my private opinion.

------
mrlyc
I use Avira on Windows 7. Once a week, I run Spybot.

I do weekly backups, alternating between two sets of disks that are kept at
opposite ends of my flat in case only one end burns down, as happened to a
friend. The really critical must-not-lose data is encrypted and stored on SD
cards on my keyrings that I keep with me all the time.

------
ramtatatam
On my personal VPS I'm using separate encrypted partition to store version-
controlled file containing list of all files (with size, last mod date,
creation date etc.) and updating this file after system update. From that I
know if my system was compromised. I keep another repository of all config
files and scripts that automate building any non-standard components. So if I
was hacked (I would assume the biggest risk is my web app) I would dump logs
for later analysis and rebuild whole box from scratch in a matter of minutes.
If there is nothing obvious in logs I then have my own utility that I use to
detect anomalities in logs (behavioral analysis).

I also use rkhunter (that in a sense does similar thing in terms of keeping
track of files being changed)

Apart from that I'm analysing logs frequently to see potential attempts.

~~~
abahlo
What tool do you use for the file lists?

~~~
ramtatatam
Mere `find` I'm not sure if `find` would omit some rootkits however
rootkithunter should handle such situations.

------
t0mbstone
Nope. I just use Adblock in all my browsers, and never run executables from
untrusted sources. Whenever I install free software, I always go down the
"advanced" install route and make sure that no adware is installed.

Been using Windows 7 and 8 for years with this strategy, and now 10. No
viruses in years.

With that said, however, I also have a fairly intimate understanding of all of
the common places that viruses hook into the operating system, and I double
check things every so often just to make sure that everything is clean.

Common places to look: startup locations in the registry (check using
msconfig), task scheduler items, services.msc, browser hooks, browser
extensions, file/folder context menu hooks, etc... (using tools like
HijackThis to look)

~~~
ljk
also NoScript for browsers to block unwanted scripts from running in the
background

~~~
pcr0
If you're going to go that route, you might want to use an adblocker instead.
I tried NoScript for a while, but it was impossible to use, too many sites
were crippled or broken by default. I had to keep allowing scripts which
defeated the purpose.

~~~
ljk
i use both.

when i first started using it many sites were broken, but there are options to
"forbid" and "allow" certain domains so after a while when the blacklists and
whitelists are built up, it's working pretty well for me!

------
agopaul
Even more interesting: are you using an AV on MacOSX?

~~~
abahlo
That was part of my intention, because I'm not and I'm curious what other
people do.

------
bhsiao
I have no knowledge whatsoever about this matter. That being said, I went
seven years without running an antivirus and zero apparent harm was done to
me. It could be that the viruses just did a good job of hiding themselves, but
whatever (somehow I doubt it).

Now I live at a place whose internet requires me to have an antivirus
installed. It's super annoying--Avira on Mac. It keeps popping up and telling
me it's keeping me safe and I keep thinking "the gall of these people..."

(One might suggest simply disabling certain annoying features, but my God,
university internet.)

~~~
ChuckMcM
The interesting bit here is that modern viruses don't ever make themselves
known. They aren't there to prank you or make your life more difficult, they
are there to steal your login credentials for financial sites, to be proxy
servers to mask people who are trying to avoid having their IP address
revealed, to send spam or do reflective DDOS attacks on third party sites.
You'll never know they are there, unless you're system is slow one day because
its doing your work and the virus owner's work at the same time.

~~~
thaumaturgy
> _The interesting bit here is that modern viruses don 't ever make themselves
> known._

Not disagreeing with your main point, but this bit is a bit statistically
wrong, in my experience. (See also my comment downthread,
[https://news.ycombinator.com/item?id=10118516](https://news.ycombinator.com/item?id=10118516))
We see a lot more malware that is obvious -- or, would be to a more
technically savvy user -- and a lot less malware that's being really sneaky.

But there is still a lot of sneaky malware and to the extent that you're
saying that people shouldn't trust that they aren't infected just because they
aren't noticing anything out of the ordinary, you're completely right.

------
dafrankenstein2
Microsoft Security Essentials on Windows 7 Ultimate

------
brudgers
On Windows the free Microsoft tools Security Essentials or Defender. I gave up
on "shrinkwrapped" anti-virus because it phones home all the time and I once I
stopped running XP Professional x64, I stopped having to use it.

------
jpstory
No. I use a dedicated untangled box for a firewall to keep things out, and I
use an IDS (security onion) that does packet analysis to check for any naughty
egressing (malware, C&C, etc). Best antivirus around, is common sense.

------
anta40
Yes, Windows Defender on Windows 10, mainly for daily scanning purpose. I
don't enable the real-time protection though.

I don't run untrusted executables without scanning them, or runing them on VM
first. Better safe than sorry.

------
MalcolmDiggs
When I was on Windows I ran AVG (Free version), with no complaints. I don't
run anything on OSX. This might be naive of me, but I've never had a virus
problem on a Mac (knock on wood).

~~~
schoen
A disturbing trend is that more malware over time attempts to hide its
presence in order to facilitate surveillance, extortion, or attacks against
others (leapfrogging, spearphishing, spam, botnets). Malware used to like to
draw attention to itself because it was a prank or showing off or because it
was adware that profited by showing pop-up ads. But today a _lot_ of malware
victims don't know it, and again I think there's a trend that more and more
malware tries to hide its presence from the infected computer's owner,
permanently or for some period of time.

------
vram22
Interesting that no one has so far said they use Norton (Symantec) or McAfee
antivirus software. And only one mention of Kaspersky.

~~~
vram22
Also Quick Heal (India).

------
jibsen
On Windows, I've used the combination MSE + MBAM + EMET in the past. I think
they complement each other well.

------
veddox
Windows: Kaspersky

Ubuntu: have ClamAV installed, but don't use it.

------
grover_hartmann
No, I run Linux.

------
devopsproject
MSE on Windows. uBlock Orgin on Firefox.

------
ruraljuror
Avast on Windows 7 on my work pc.

~~~
adtai
same here

------
snurk
Nope! I only use Mac and Linux.

------
Meglis
Avira Free on Windows 10.

------
nautical
macosx : ClamXav

------
WorldWideWayne
Whether I'm on Windows or OS X - I don't like real-time anti-virus, so I just
upload to virustotal.com whenever I download a binary.

~~~
devopsproject
Good thing malware only comes from rogue exes /s

~~~
WorldWideWayne
How did you get "exes only" from the word "binaries"? Anything can be uploaded
to VirusTotal - Office documents, images, zip files, exes, installers...and
that's what I do - pretty much anything that isn't a simple text or code file.

The last virus I got was back in the 90's. It was called the New York Boot
Virus and I got it by accidentally leaving a floppy disk in my machine as it
booted up.

------
subliminalzen
Kaspersky, and it's been rock solid for me.

------
justwannasing
You shouldn't expose such information and I will not reply.

~~~
HNcow
But you did reply.

