In order to explain fully why I do not use any kind of anti-virus on my personal computer. I must explain a bit about the way things used to be and the way they are now. This story is roughly chopped into three pieces ‘The way things where.’, ‘The way things are.’ and ‘OK so anti-virus is almost useless what do I do?’

‘The way things were’

Most of us are our family technicians, we are the people that setup Mom’s surround sound. When spyware/adware started to get bad we would get the call to come and take care of a friends computer. Often the computer would be spontaneously popping up ads and slowly chugging along hogging what little bandwidth the dial-up had. Along comes the tech friend with a few minor tools like hijackThis and a boot disk and hunts down the offending executable.

The old method for malware writers was a game of hide and seek. Without getting into too much technical detail there are a large handful of places to hide something to make it run at boot on a windows system. Hiding a request to make some code start up and obfuscating the where and the how is all malicious software could manage. In this day anti-virus software was very handy most of the time because it was trivial to remove most problematic programs when they where found. The scanning software did not need to be too fanatical about things since most badware really wasn’t that bad.

In the old days of bad software the payload was often something trivial, funny, or annoying but rarely if ever truly malicious. The Whale Virus filled your hard drive up by replicating itself zillions of times. The Yankee Doodle Virus made your internal speaker play the song for which it was named relentlessly. Most virus writers where not bad people and the few that where bad people knew that when a virus obliterates the system it is on it no longer has that system under its control and can no longer replicate itself.

At this time I recommended and sometimes even used anti-virus software.

And then things changed…

‘The way things are.’

Most systems are infected with some form of malware according to some statistics as high as 80% of all Windows systems are infected currently. Only in rare situations will malicious software make itself known to the user in any way. Most often it will lay dormant on the computer utilizing your system in various ways I wont get into here to generate cash. You could be (and likely are) already affected by such software. How did this happen?

Two huge factors caused this paradigm shift.

1. Monetizing virus writing. Virus writing moved out of the realm of the hobbyist and became a way to generate serious money. This is topic for one or more other articles. In short virus writing to obtain zombie systems to generate massive botnets became the new goal not making someone listen to Yankee Doodle. This factor made virus writers ruthless and aggressive and was a huge game changer.
2. Rootkits. The administrator account on a Unix/Linux system is called the ‘root’ account. Rootkit started out as a term to describe a set of tools used to gain administrator access on a machine. It has now came to mean something very different, a method used to con-seal the presence or hinder the removal of some code on a system. In short rootkits attach themselves to a portion of the operating system that makes their removal very difficult or impossible without damaging the operating system.

Because its a different game now days viruses keep under the radar often far enough under the radar the user has no idea they exist. Detecting these viruses is much harder then it once was thanks to code that allows them to reorganizes themselves confusing virus definitions. After the fact it is all but irreversible no longer can your friendly neighborhood tech rout out all the problems. After a rootkit style virus has its hooks firmly planted in your operating system it can make itself almost entirely invisible to all other software including your virus scan software. The only sure removal technique is a full reformat and reinstall…

‘OK so anti-virus is almost useless what do I do?’

• Secure your system. - Keep updated regularly and follow security best practices. I will get more into this topic in future ‘best practices’ posts it is far to large a topic to give justice here.
• Keep regular backups. - If you have one copy of anything you are in immediate danger of losing it at any time not just to bad software but hardware failures as well.
• Keep sensitive data secure. - Using methods I explained in my TrueCrypt software recommendation keep sensitive data secure and keep very sensitive data very secure.

Once you are infected it is too late and even the best virus scan software wont save you, so don’t let it happen. Virus scanning software is no replacement for a good understanding of how viruses spred and how to keep yourself safe.

When researching this article I ran across a post on another site that was a good enough start at securing your system that I didn’t want to reitterate what was said. Please read Lifehacker’s ‘Low-Hassle Ways to Secure Your Computer System’.

I do recommend people use virus scan. But only because I don’t want people to blame not having anti-virus when they get infected.