IMHO opinion you are correct. For very long time (more than 10 years) I
did not use any AV/AntiMalware product on the computers I personally
used and did not get infected at all.

Now since app. 2 years I used different products and the only
infections the AV software detected were false positives. Ok here in
the office we are running a Virus detection at the firewall itself
(from Sonicwall now Dell) and that stopped 2 mails, which were really
infected out of thousands.

But for IT ignorant people or careless people they help reduce
infections quite a lot. My children all got hit by viruses in the past
despite of AV software, but they would have been infected by much more
viruses without that software. Since I told them the best thing to get
rid of those viruses, is to reinstall from scratch, infections didn't
occur anymore. That's the educational part of it. And if anybody in the
office gets hit by a virus one can mostly detect, that those came from
visiting sites, which were not used for business purposes or from mail
from private contacts. If you confront people with those findings they
get much more cautious in using their office PCs.

The only real use I see are the USB/Flash drive scans, because with
those you can get infected easily and you cannot really escape the use
of those devices for data transfer.

On Windows I now use MS Security Essentials (/MS Defender on Win8),
which seems to use far less resources than all other AV products and is
free. Especially the other free solutions seem to be quite resource

W. Prindl

ab wrote:

>I should probably start a poll in VBulletin, but I'm not smart enough
>to use the HTTP interface so I'll let somebody else conjure that up.
>I am of the opinion that anti-malware software basically does not work
>well enough to be used. Furthermore, it costs something and therefore
>decreases net worth more than it increase it (yes, even those free
>products cost cycles as everybody who runs anti-virus software
>complaining about performance tells me). Despite this, people use
>the stuff. My opinion about it not working stems from the following
>bit of AB-ian logic:
>Anti-malware software works if it prevents and stops all anti-malware
>Anti-malware software is broken if it allows malware (same as above
>Anti-malware software imposes a cost, usually monetary but always in
>computer performance.
>Anti-malware is required or else "Bad Things" will happen (per the
>anti-malware vendors).
>The problem I had is that all of these statements are, by my
>estimation false.
>The software doesn't stop bad things since it's a constant battle with
>software vendors behind malware-creators and the "heuristics" that are
>used to detect bad things just don't work reliably. Every study I've
>seen on this shows that every vendor fails tests, and some miss a
>huge amount of bad software. Because of this #1 and #2 above are
>rejected. Maybe there's hope though on the other points.... but no.
>The cost is clear whether you pay for it with your wallet directly or
>via your (or your company's) electric bill and slowness-induced
>Finally, the world has come to assume that unless you have this snake
>oil applied you will have a terrible life. I know many people who do
>not use anti-malware software at all, though, who never catch viruses
>or other "bad things". But how do I know that I don't have anything?
>Well, I'm pretty sure because every year or two before I wipe my
>laptop and start anew I download one of those free discs that scans
>everything and it consistently comes up clean, so at least the things
>that the software can find, I don't get (the things the software
>cannot find wouldn't have been found in any case, so nothing lost
>Maybe it's because I'm a geek and use the command line a bunch, but I
>doubt it. I intentionally downloaded evil software from time to time
>to poke at it and figure out what it is doing. I'm not a professional
>researcher, but I'm curious and it's interesting. Still, no
>infection. I wouldn't recommend others do this with or without
>"protective" anti-malware software, but since most problems fail to
>infect Linux (for many reasons), I feel pretty safe with what I
>choose to poke/prod.
>Despite this, I know many other people who do not run anti-malware
>stuff and avoid infection. It's probably no secret that the way to
>do so is to be smart about where you go online and what you put in
>your computer. Is that it? Some of the people I know without evil
>software on their boxes are semi-trustworthy with a computer so maybe
>they're just competent online. If that's the case then education is
>the key as usual, though personally I think that is just one aspect
>of what should be an in-depth defense.
>Finally we get to my question:
>Which anti-malware do you use or have you used in the past?
>How much malware have you found on your box when using those? This
>includes anything found during those big full-disk scans (shouldn't
>have been allowed to show up in the first place, so that's a failure)
>and ideally would include things that are not detected, but due to
>the failure of the snake oil to detect, that's hard to measure.
>If you do not use anti-malware software, why not? What do you do (or
>what do you avoid doing) to keep safe? Obvious points to keep safe
>would include not clicking on anything in e-mail, not responding to
>anything that flashes or pops up on your screen, blah blah blah. Any
>gems that can help others?
>Good luck.