Personally I recommend any individual or business to run an AV program, have it be OSX or Windows. I have seen spyware and viruses on both, even though the mac's virues are not reported or spoken about anyware. Personally I agree that you have to have several layers of protection. Vista UAC, Windows Firewall, Router, OneCare AV, Standard User Account. Outlook 2007 spam and phishing filer, and IE7's phishing filter. OSX has some of these layers built in, as does Vista, and XP for years.

Have worked in the tech support area, I think a lot of users need to have protection on their systems. I am not saying that everyone may need it, but it doesn't hurt. As JoeM listed, the new version of windows (Windows Vista) has some needed protection. I highly recommend against disableing UAC. I also recommend running as a standard user.

Our company I believe fights viruses where the real battle is, on the email server. Almost everything comes through email.

My experience in the last 5 years is that EVERY single computer I've been called to fix that has been the result of virus or malware has had Norton running. It's a resource hog and completely unnecessary. A little training for employees will go much further.

As a Windows 'power' user for many years, I have almost always uninstalled any anti-virus software from the machines I use as the first way to improve the machine's performance. As noted in the article, AV software tends to suck ass when there are 30000 zombie processes sending Viagra spam to thousands of users in Europe. In addition, a lot of the more popular recent viruses have had built in protections against being killed off (immediately copying and respawning, for example).

The last major virus I had to deal with was the 'Form' virus which infected my mother's home computer when I was 10 or 11 years old. Since then, I've only once had to disinfect a mail server that was brought to a halt by the Nimda virus sometime around 2001. The only reason this happened was because the 'admin' was using the server to run Outlook.

The crux of the matter is that if you visit stupid sites, open stupid email, ignore automatic update alerts, download random software, and so on, of course you're going to end up with an infection. Digital promiscuity is really not that different from the real world.

I only recently succumbed to installing the free Clam-AV on my mum's home computer, as after years, my sisters' increasing use of it has resulted in an odd spyware process appearing in the task list on 2 occasions (I'm in the habit of hand-checking such things from time to time). Before that, simply telling my (50ish year old) mother to wait for me to visit in order to get software installed, has been sufficient to act as an 'anti-virus solution'.

I wholeheartedly agree about the scaremongering on the part of the AV companies. As one of three responsible for a local e-mail filtering company a few years back, I can say from a position of relative authority that much of what this expensive software does is at times complete nonsense, and when it's not the software, it's the press releases made by the companies about, e.g. "proof of concept OS X worm spotted in the wild!", which I believe turned out to be nothing more than someone in the company's lab fiddling with some impotent code that was by no means "spotted in the wild".

Rant over. Educating users has in my opinion been far more effective than scaremongering software that concerns itself more with pretty pop-ups alerting you to "oh my god you're infected! I'm fixing the problem!" rather than the (often unsuccessful) methods employed for actually fixing any problems found. My mum knows when a pop-up appears out of the blue to phone me. That's happened only once, and it took nothing more than a 5 minute VNC session to find and destroy the culprit executable.

I think, Windows (and any OS) don't need really an AV only users who don't know how to use computer safe :)

At our company there is AV on every computer but sometimes our employers bring viruses, trojans, etc. from home into our LAN with pendrives and the AV cannot catch it every time... :(

Are you kidding me?! YES! Especially if you P2P...

Having something sitting there scanning each disk access and and comparing the data with a list of known viruses isn't terribly useful and is certainly pants for performance.

Sometimes you're better off with the virus :/

Are you kidding me?

I wrote about this after the dust settled when Allchin was such an ass, and I stand by what I wrote:
http://www.not-so-rapid.com/philipstorry/dxblog/not-so-rapid.nsf/dx/13112006215438MDOTPQ.htm

To re-iterate and expand that message briefly: if you have no antivirus, you have no way of knowing whether or not you're handling malicious code.

I'm young enough to remember IBM Compatible PCs coming into my school, starting with 80186 machines. The school didn't connect to any BBSes (this was way before the internet - I'm not that young!), and the network OS was deemed secure. So why have a major AV installation? Why not just buy one copy and scan the network drive every now and again? (And AV updates? Nah. A waste of time and money. We'll just use the software we bought two years ago and ignore that warning...)

Of course, the school became a local "hub" for virus transmission. Whether or not the machines themselves could be infected was irrelevant - the school created and sustained massive virus infection rates because of their laissez-faire "I'm alright jack" attitude.

You may think your machine is invulnerable. I own machines which meet my personal criteria for "reasonably invulnerable". But even on those machines, I have some AV solution. Because you never know what the next threat is. And you don't want to be an infection vector.

One of those machines only runs Apache. It's only a webserver. Does that need AV? Well, a while back, lots of machines running IIS were "only webservers". They didn't need AV. And that didn't cause any problems at all, did it?
Hint: Code Red. Nimda. Plenty of others.
Default scheduled scans of most AV software would have found these and alerted staff to the problem within 24 hours, greatly reducing the length of time these worms survived.

Just like lots of machines running SQL Server were just database servers, so they didn't need AV.
Although thankfully Slammer was memory-resident only and couldn't survive a disconnect/reboot/patch cycle. AV wouldn't actually have slowed Slammer at all, but I include it to demonstrate that the most unlikely "safe" software isn't. Many people were probably unaware they were even running the MSDE version of SQL Server until they had to download a major update from their vendor to solve their slow network connection problems...

AV is another line of defence which you should have. It's not optional unless you're reckless.

Bottom line:
Anyone saying that they run no AV (or found to be running no AV) should probably be ostracised electronically, for the good of everyone else using computers. Yes, that includes idiots who think that because they run Linux/BSD/Mac OS X they're immune. Clam AV is free, and regular (ideally scheduled) scans with it are better than nothing.
Being proud or loud about the fact that you're an electronic Typhoid Mary - regardless of how well you feel at the time - is just stupid, and should never be encouraged.

I do not run any anti-virus software on my main home PC or Mac. As diligent as I am regarding the methods of infection I do realize I am still taking a risk. That said, I have my system ready to reload at a moments notice with a solid, clean Ghost image. My personal files, documents etc reside on my home Linux server that is completely blocked from the Internet and run Bit Defender Free Edition for Linux on that box. I do not do this for Linux so much as I do to make sure my personal files do get scanned.
My reasons for not running anti-virus\spyware on my home PC are rather simple. First anti-virus\spyware are reactionary products for the most part, updating after a new virus is already out and do little in the way of preventing from getting in your system in the first place. So my feeling is if I get a virus\spyware (and I am going to know) I will just install one should I need it. In either case I am going to have to remove it after it is already on the machine so why run things that slow my machine down constantly when I can simply install, remove and un-install? And most likely I am going to take the manual approach for removal anyway. I would not recommend this strategy for novice\intermediate skilled users or in the work place.

With the logic that these managers are using, I would also assume that they do not have car insurance, health insurance or homeowners insurance because they haven't had any incidents in recent years, where they needed to make use of their insurance coverage.

I believe that all security measures (AV, anti-spyware, firewall and best practices) should be taken by both individuals and corporations.

I am a member of a non-profit group, where the former leaders did not believe that our servers needed either AV or a hardware firewall, even though our servers were connected to the Internet's backbone.

Needless to say both servers became infected and we lost a year's worth of producticity in the process of diagnosing, trouble-shooting and rebuilding our systems. We also did not have any backups.

IMO, people who do not believe that these security measures are necessary also do not believe that backups are necessary.

One of the world's best kept secrets is AOL. Now free to broadband users, it also includes an always-updating AV set of programs. Works slick.

That, and some cool content plus easy-to-use email.

I've always hated AOL since they gave me a hard time when I tried to quit their paid service and...continued to charge me. I let them do this twice. Duh!

FREE totally changed that for me. I love their package. It's simply "another place to go" and, again, the AV works great. So, why would I get Vista? I wouldn't.

Of course AV is needed. Some people can get away without running AV only because the rest of us run it. An analogy--some people don't let their kids get any vaccinations because they have irrational fears about them. However, the only reason they can risk not getting vaccinations is because the rest of us vaccinate our kids and so the transmission of the disease that is vaccinated against is so negligible that they can risk not getting vaccinations.

I download software like Firefox and other open source software. Of course I need virus protection. Before I had broadband at home, I would download only at work where I had virus protection and scan it there before bringing it home. With my current ISP, they offer free AV software which I use and feel comfortable downloading software from known sites. Using GMail for my e-mail and not downloading attachments further cuts down my risk of infection.

If you stick to the conservative definition of a "virus", then No, I don't need an anti-virus. I have personally never seen a virus on my own computer. Anti-spyware is a different story, I check my computer once a month, or more frequently if I notice anything strange. Firewall, of course, is a must.

I disagree with using a piece of software JUST because it adds another layer of protection even if that layer is otherwise useless.

Viruses are obsolete, and with them Anti-Viruses as well.

I fasten my car's seatbelt, and have an AV program on my computer. In the past, my AV program has caught things, before they infected my computer.

For any Business, small or large to not have their systems protected from virus, spyware or any other threats is just plain stupid. At work you can never have enough protection. Afterall a downed system in a work enviroment can literaly cost a company millions in lost productivity. The same can be said for smaller companies who probably need it even more, with the lack of full time IT personel.

But home uses well that is a whole other ball game and one that I deal with on a daily basis. It really is funny when I think how foolish home users can be when it comes to this issue. I continually stress the importantance of virus, spyware, backups and common sense when dealing with customers and no matter how much you tell them they still do not listen. Everything boils down to "how much does it cost?" And as cheap as software is, it nevers gets bought and systems never have any protection. I guess it's better to pay an IT person to fix the problem than it is to solve the problem.

At home I never use it myself and have had only two viruses and one worm over the past 12 years. I find it difficult to sacrifice speed for peace of mind and like many IT persons, I usually feel very confident in my ability to keep my system clean. But untill something gets past me on a regular basis then I don't see the problem, at least not at this time.

I have not used any anti-virus software for quiet sometime when useing my Windows systems.I go to trendmicro ever so often(once a month) and run an online scan which has always shown a clean system. I do use spybot search and destroy, adaware, and spyware blaster however. I keep my windows systems updated. I never open any unsolicited emails or especially emails with attachments unless I specifically asked for them from someone I know. This comment was made useing one of my Linux systems

How many of you who run an AV, use a limited user account in XP too? There's no way you can talk about the need of an AV without that. So now, what is the risk of a person who surfs, opens email, opens programs, does everyday tasks on his updated operation system? If he doesn't elevates the permission for an specific program, all the risk is limited to his account, in the registry, his documents... So the field of attack of a virus is really limited, can be predicted with ease, and the need of an AV program is questionable.

(I'm talking about home PCs, not specialized PCs with specialized apps like SQL, Apache, etc. which are exposed to other kind of risks)

I disagree with the need for AV software because it tends to make one complacent and complacency is the biggest security risk you can have.

However I understand the need for different "layers" or protection and so I can see the reason why people choose to use AV software - just.

I lock down my browser so that it does not execute with administrator privileges. I have a stringent security policy on my browser with regards to CSS, Active X, Java etc. I use an updated HOSTS file. I only tend to visit the same 10-15 websites. I generally do not download from untrusted sources. If I do download I ensure the MD5 checksum is correct. I then test the application first on a virtual machine. I only ever view email in plain text with all java, activex, images, etc disabled. Any attachments are stripped unless on my exception list and they are quarantined first so that I can delete any I have not requested. I do not allow pen drives. I ensure that my browser is fully patched, as are my firewalls and OS.

It always amazes me that companies spend a small fortune on AV software, yet then go on to let their staff access google.

CarlosC hits the nail on the head. Maybe running a browser without AV software can be considered crazy and reckless, but only if you are crazy and reckless about what you do online. I dread to think what could be said about surfing the net with a browser granted administrator rights...

Considering its new year, you can have this one for free.

http://msdn2.microsoft.com/en-us/library/ms972827.aspx

or

http://msdn2.microsoft.com/en-us/library/ms972802.aspx

Of course, you wasn't going to just click that link. Right? As an admin? Of course you could always visit msdn yourself and search for the following string (and avoid any phishing tricks I may or may not be setting you up for)

"Browsing the Web and Reading E-mail Safely as an Administrator"

Guys, for a business you have to have AV. Anyone want to risk it? YOu would have to trust all the employees to not make a mistake, not just you.

At home Im probably going to go with onecare for performance reasons. I hope one day these spyware/virus scanners somehow learn to use one of the multiple cores our CPUs are gaining in order to keep systems responsive.

Personally I've never had a virus (running out of my control, that is) on any of my machines for the 20+ years I've been in IT. A good while ago I decided to remove the antivirus I was using on my primary machine. I've let it run like that for months. If you keep your machine up to date, and you're smart about your surfing habits, email, and general network management, then it's not as suicidal as others might think (especially if you're the only user of your own machines).

In the end however the mere paranoia got the best of me, and I reinstalled it. Of course it's not like I don't backup religiously already, and I realize the peace of mind is mostly artificial. But I still felt like I was "asking for it".

Sad times we live in.

I will tell you the truth. The last time I was the victim of malware, was about two years ago. I was running completely updated versions of: Norton Antivurs 2003, AdAware, Spybot S&D, Windows XP, Windows Firewall on, router firewall. I was searching Google, using IE6, for some information on a rock group. I clicked the first result, and noticed a strange Windows IE6 Help box pop up and then quickly disappear. Within minutes I noticed my computer acting strangely and slowing down considerably. I rebooted and when I logged on, I received an info box from Norton stating that Norton AntiVirus could not load.
I am a huge fan of backing up, so I had a very recent image that I restored. Once logged on, without being connected to the internet, I uninstalled Norton AntiVirus and installed Grisoft AVG. I also installed the latest version of Firefox at the time. I did the same Google search this time using Firefox, clicked on the same first reault and nothing happened this time. I then did the same search with IE6. The Windows Help box flashed and this time Grisoft AVG popped up telling me that it had detected a virus and quarrantined it. It told me the name of the virus, so I searched it out on Norton's website. They were aware of the virus, but had not yet provided definitions. Can you believe that? I paid $40 for Norton and Girsoft AVG worked better for free. Also, I swear I cannot discern a performance hit using Grisoft AVG. I definitely noticed performance loss with Norton.
Today, I run Windows VISTA with UAC enabled, full Windows Firewall, router firewall, Grisoft AVG, 7.5 and Adaware and double-check for updates every day. I have been running Windows VISTA RC2 as my main/sole operating system for 3 months with no security issues at all. My computer runs constantly and I use it for hours a day including much web surfing. I do admit that I am also very careful and observe safe computing habits. The ONLY way I would run with no security features would be as a test, and with a recent backup image. Why put yourself through the hassle and stress of a possible infection when you can protect yourself inexpensively and with little trouble.

You see, the reason that Alchin doesn't want you to use AV with Vista is that Vista will be so heavy there won't be room for another heavy program (the AV)

I have seen several posts mentioning "as long as I am safe with my surfing habits" I will be OK without AV software.
That is the key problem, most business computers are on networks with people who are not tech savvy and dont know what "safe" is. Ask anyone who got to experience the I Love You worm on a business network about not having AV installed and they will laugh in your face.
As IT professionals it is our responsibility to make everyones computer safe. I agree that education is a key part of the picture but you have to have layers of the total package, education and software.

There's a lot of Malware which has never been build to show anyone its existence, spyware-worms or trojans will never pop-up to tell you: "hello, i'm a virus, get your ghost-image ready to backup", they would possibly just crack your online-banking or things like that, and when you recognize your current account has lost 10,000 dollars, it's pretty late to get rid of the malware.

Maybe you could control the systems deeps by yourself in some way wiothout AV Software, but in my opinion that's just too much work for the saving of 0.0 money if you are an private, uncomercial user (free editions of avast and antivir/free-av.com) or 4 dollars per months and three clients with comercial use. Isn't saving time worth some money? Don't controller-dudes cost salaries?

Eric
"There's a lot of Malware which has never been build to show anyone its existence"

Great. I guess that means the boffins at the AV companies wont even know it exists as well and wont be able to include it in your next AV signature; so by your own account AV software is pointless.

You need to bear in mind that AV software is completely useless at stopping NEW attacks. It is only good at stopping re-infection.

Besides these days hackers are not writing viruses, they are writing backdoors, and very sophisticated social engineering. Gone are the days where viruses cause destruction.

As an example (and out of curiosity) I have just downloaded NOD32, preformed an update, in depth analysis. No Virus found. Uninstalled, and then tried KAV6. No virus found. Uninstalled. No, after 2 years - there is a suprise.

You are better with a really good firewall with proven anti-leak technology then AV software. Alas, I feel this advice is futile, I guess the AV companies have brainwashed a good number of you.

Please, feel free to try the following link.

http://www.firewallleaktester.com/

See how well your firewall stacks up against those leak tests. Then come back and say i'm at risk for not running AV software.

i need a software which can protect my pendriver
from any kind of virus programs.

my anti virus nod32 cant update and needs an user name and password! how can i update my anti virus?