Security

2008-06-15

Knowing slightly more than average about computers, I am regularly assumed to be an expert by family or friends. A returning question is which virus scanner to use. This one always causes me some trouble because I know the right answer is to spend some money on e.g. Norton or McAfee or to experiment with one of the free solutions.

However, I don’t really know anything about the subject because I don’t use virus scanners at all. I don’t need them. But this is hardly something to recommend to somebody who has no clue what to do here. At work we have Norton Antivirus wasting a lot of my time on my slow laptop disk. Each time it boots, it insists on re-examining the same crap it hasn’t found a virus in before, ever. It so happens that this is a particularly bad time to access the disk since a dozen processes are trying to start. So, I usually kill the process to make my laptop boot in a reasonable time frame (< 10 minutes). I think over the past few years, Norton easily wasted several working days of my time by making me wait. Arguably the economic damage of such products is worse than the problems they supposedly prevent.

Installing virus scanners is not a security measure but merely a form of deniability for system administrators. If the shit hits the fan, they can point to Norton and Norton can point to the fine print in their license (which says good luck if the shit hits the fan). Norton’s businessmodel is to provide deniability to companies. The price is in dollars and productivity lost. Norton will easily transform any laptop in a dead slow machine, especially if configured for maximum deniability (scan everything, always, every time, all the time).

I know I’m OK because I know how not to get infected, which is why I don’t run any security products at home. A little bit of hygiene goes a long way. Most virus infections are ignorant users clicking on stuff they shouldn’t be clicking. Drive by infections are also common with risky things such as active x and internet explorer exposed and not updated. That’s no concern for me because I A)  use firefox, B) don’t visit suspicious sites and only use up to date, mainstream plugins, C) have adaware filter out a lot of crap, and D) keep my shit up to date. Sure, that still leaves some room for something to slip by but I’ve never been infected by anything since I stopped accepting floppy’s from strangers (long time ago).

A few days ago, some download included Norton Security Scan which is a free scanning tool designed to make you buy the full version. Since this computer has been exposed to the nasty internet for a few years now, I thought lets see what it comes up with.

Well:

  • A tracking cookie in my browser of some ad site. Tedious but not really a risk. Also shows how crappy this tool is because I have way more advertisment related cookies that I probably should remove. However, I’m too lazy to keep track of all my cookies. Once in a while I clean them up by deleting cookies for any domain I don’t know or care about.
  • Two infected mails in thunderbird’s trashcan (w32.netsky.p@mm!enc worm). That’s risky, if you open the attachment. Using Thunderbird prevents that from happening automatically. Besides, all my mail is handled by Google these days which uses serverside malware and virus filters. So no reason for me to install a virus scanner. These two mails probably predate me starting to use gmail. This was in 2005.

So two old and obvious malware mails I deleted (or thunderbird filtered them) and a tracking cookie. No worms, no rootkits, no spyware, no adware. Just a failed attempt to make me open some shitty attachment and a cookie. Thanks for confirming what I already knew Norton. I uninstalled it.

This doesn’t prove anything of course. There’s no perfect security. But so far so good. I don’t have a firewall since I have a NAT router which stops any incoming request except the ones that it shouldn’t be stopping because I told it to. I know everything outgoing is OK because I know what software I install. My router doesn’t do UPNP configuration so I control everything manually. I don’t have a virus scanner active since all my mail goes to google which already scans my mails. All my downloads are of course a risk, so I take care to only download from respectable sources. I actually have clamwin antivirus installed to manually scan files if I don’t trust the source but I rarely have a need for it and it has never found anything. Firefox 3 should warn me against malware sites in so far they are able to keep their filters up to date. Arguably if they screw up, Norton isn’t doing much better probably.

So in short, I’m keeping my money and will take my chances. If something goes wrong, I’ll only have myself to blame and will be back online in no time because I do have backups of all my important files. The last time this happened was when a particularly nasty piece of malware struck me: windows activation failed on a fully legal version of windows XP pro after installing a new usb hard disk.