Related Articles

Security Sources

Home > Security > How to use Windows Vista as Ultimate Antivirus — Part 2

Dump your Antivirus and Live Free. Part 2

First published—11 September 2006.
Updated—17 January 2008.

Residential AV

Residential antivirus (or antivirus monitor / shield) is a poison to your PC nowadays. You sacrifice your precious PC resources permanently, you let it run with System privileges messing up with everything, interfere with every move you or the operating system make for a sake of saving you from potential disaster. Even if it came preinstalled from Dell or HP, you should know that there is a choice for you — keep it or uninstall.

Before we touch our assumptions, one thing should be stated clear: residential antivirus software creates system slow-down, and because of this low-level interactions be prepared for BSDs (blue screen of death), errors and nasty surprises. No wonder, or maybe you thought engineers from Symantec or McAfee would know for sure how to make these implants painless in the organism created by other smart engineers from Redmond?

Assumptions

OK, what are the assumptions?

Assumptions are any virus will be detected and cleaned, infected file(s) cured, nicely and easily. The problem here is that antivirus “knows” only those virus signatures which are supplied with its database, and it may fail to recognize if the virus is too new or was modified. Even simple code modification, or use of instant unpackers, or even CRC fakes (yes, they exist) may turn it to something harmless with regard to your antivirus, in other words the antivirus will shut up. But even if the virus is detected, it is not always possible to clean, cure or simply delete. I had this problem countless number of times with McAfee (which is, in comparison, a very effective antivirus, by the way): “The file is blocked and cannot be deleted” – So, now what? Ultimate solution is “simple” here: boot from a Linux live-CD, mount NTFS partition and delete the file.

Remember MSBLAST? The company I’m working for was hit by MSBLAST one beautiful sunny day. Trend Micro we had installed everywhere in the company was useless. During the whole day nobody was working, just sitting and watching PCs booting and restarting again and again. Thanks God, msblast was harmless and only was reproducing itself with a speed limited to your LAN bandwidth. But it could be worse. It could be much worse, if the guy would not be so peaceful. The point here, that in this particular scenario any antivirus is useless, because it is pointless to clean the file – it sure will appear again.

Did you say “heuristics analyses”?

OK, let’s look at the 3D model of W32.Bagle.AG worm from f-secure.com website (scroll to the middle). Here is the video with animation in Windows Media and Quicktime (9 Mb).

Do you think it is easy to model this worm’s intentions, given that its creator is not a lame and knows how to hide signs of malicious behavior inside the code? It is not even easy to understand it is a worm before it runs!

Salvation

I’m a bit afraid to disappoint you. In case of Windows XP, I would write a couple of paragraphs more, starting from the point that it is not smart to be logged in with administrator rights all the time. Special thanks to Microsoft for that, as all new installations come with this feature by default. I understand why they did that – to avoid billions of whining complaints like “Help! I can not install my favorite game!”, similar to what happened after XP Service Pack 2 launch, when internet connection was disrupted because of the new firewall. Fear to loose popularity overcame the common sense?

Sorry for that history flash back. But in case of Windows Vista, solution is simple: do not disable the User Account Control, in spite of what some snobs are saying. This is the way to avoid antivirus hell.

So, let me summarize the step to convert your PC into fortress:

If you want to mess with something potentially dangerous:

... AND do not forget to fix your Firewall.

Popular Searches

Windows Vista Firewall Outbound Protection

Google