Need a no-bullshit antivirus/trojan/malware scanner

[wildweasel]

My method protects me pretty much 100%, but it's not for everyone:
1. Don't connect your main PC to any network connected to the internet.

This gets harder and harder by the day, with the amount of software that demands an always-on connection in order to function.

[Graf Zahl]

It's also very impractical these days. How am I supposed to interface with services like Github without direct internet access.

But if you look at most malware these days, it rarely uses system vulnerabilities to install itself through a backdoor but instead tries to trick the user into running things they really shouldn't. It's occasionally very interesting to look in the spam folder of my mail account. That's where the real threats land most of the time.

[Rachael]

My method protects me pretty much 100%, but it's not for everyone:
1. Don't connect your main PC to any network connected to the internet.
2. Scan your files on your internet network, for a few weeks, to give the major AV vendors time enough to detect and create signatures for the latest malware.

Don't grow overconfident with this method. This does virtually nothing to protect you.

It is no doubt combined with other practices, like not running unknown .exe files or random email attachments or clicking on links from unknown sources.

About the only thing that being offline saves you from is worm attacks. Crypto ransomware can still attack (especially older variants that stored the key locally rather than online). Viruses with a payload that replicate via individual executions can still attack. Hybrid trojans that combine any of the above 3 methods are also very effective at crippling your system.

[Chris]

USB sticks can also contain viruses, where merely plugging it in can infect you. CDs/DVDs have autorun, making them run a program on the disc automatically when it's put in. Aside from not connecting to the internet, you also need to ensure any media you place in has been verified clean (not even a "trusted source"; some legitimate sources have been found to contain viruses and trojans).

A not-so-comforting thought is that hardware can also be infected with viruses. CPUs essentially have mini OSs inside them, and have persistent writable memory (it's how you can flash CPUs with new firmware). Viruses can exploit CPU bugs that allow them to worm their way into firmware despite lacking permissions, so even if you reformat and reinstall, the CPU keeps a payload of the virus that can reinfect the system afterward.

[dpJudas]

My issue with virus scanners is essentially that they don't work. Even the best ones only detect something around 80% of all virus. That sounds like a high number, but if you're the kind of user that encounter viruses it means that the 5th time you've come across one it is now 74% likely that you got yourself an undetected virus. Also worth mentioning that 80% number is probably higher than the actual number since it includes all kinds of legacy viruses that nobody attacks with anymore.

So, the only real protection against viruses is to avoid the places you get them. The #1 place to get viruses from are drive-by viruses in ads. In other words, the best anti-virus in town is your ad blocker (thanks Mozilla for disabling that, really appreciate it!). The next thing is to be very careful about which locations you surf to and in particular what you choose to download. Keep all software that you use to access unverified sources up to date. And so on.

But people don't want to hear those bad news. That's why we have anti-virus products. They tell the tale of protection so everyone can pretend they tried and do nothing about it. It is the climate change equivalent of introducing a carbon tax. Ineffective at best, but then when the world burns down they get to say they tried. Blame deflection is the name of the game.

[Rachael]

While your point is valid, dpJudas, and factually correct, the overarching argument is something I disagree with. (But you probably already know that)

I am of the belief that, even as ineffective as virus scanners can be most of the time, that having one is usually better than not, especially for novice computer users that can't tell the difference between a .pdf and a fancy .pdf.exe file with a pdf icon.

Sure - they don't catch everything - and it only takes a single virus to spell disaster - but they still do catch a lot of things, and they do prolong the amount of time before some computer idiot clicks on something and unwittingly participates in a DDoS against Google or Amazon, only to wonder a day later why his ISP suspended his internet service.

You're right that absolutely nothing can substitute uBlock/NoScript/uMatrix, but ultimately the problem 99% of the time is PIBKAC. No security solution in the world can fix that, but virus scanners are a good last line of defense when all else fails and PIBKAC manages to stumble on yet another piece of malware. PIBKAC is the biggest nightmare of any corporation and is the biggest reason why social engineering pen testers are getting to be in higher demand. A corporation's employees are unquestionably always the most ripe exploitation target for any hacker, and there's so many great ways to do it.

I can almost guarantee you that if I was hired to do a phishing campaign by any online retail giant against its employees (ie Amazon or Overstock), I would get a jaw-droppingly high click rate.

[Caligari87]

It's clear that the only thing left is to adopt the Stallman Method of fetching static webpage content through a mail-request program on a separate machine and then viewing it in a text editor.

https://stallman.org/stallman-computing.html

[dpJudas]

I am of the belief that, even as ineffective as virus scanners can be most of the time, that having one is usually better than not, especially for novice computer users that can't tell the difference between a .pdf and a fancy .pdf.exe file with a pdf icon.

On the other hand one could argue that the anti-virus gives a false sense of security. Now that Windows 10 has anti-virus built in the viruses should be gone, but yet they are not and the people that got viruses still get them. It allowed way too many people to wash their hands pretending they now do something active (Microsoft included).

In general I don't really care much if other people run anti-virus or not. My issue with it is when it became "best practice" to run it unconditionally and have it force fed on me. Anti-virus software isn't only doing good things, it also slows computers down quite a lot.

I can almost guarantee you that if I was hired to do a phishing campaign by any online retail giant against its employees (ie Amazon or Overstock), I would get a jaw-droppingly high click rate.

Having anti-virus installed would not help them one bit in a targeted attack. Surely you'd pick one of the trojans new/fresh enough that the anti-virus gives it a thumbs up. And if that doesn't work, just get a job there, plug in the USB key and pwn the computer in person. Or just call them and ask them to email the blueprints.

[Graf Zahl]

Conclusion: The only way to protect mankind from the bad stuff that runs rampant on the internet would be to shut down the internet.
(not the worst solution, actually... )

[wildweasel]

Conclusion: The only way to protect mankind from the bad stuff that runs rampant on the internet would be to shut down the internet.
(not the worst solution, actually... )

Or to shut down mankind.

[Enjay]

[Caligari87]

Asimov's so-called Zeroth Law of Robotics.

[kb1]

My method protects me pretty much 100%, but it's not for everyone:
1. Don't connect your main PC to any network connected to the internet.
2. Scan your files on your internet network, for a few weeks, to give the major AV vendors time enough to detect and create signatures for the latest malware.

Don't grow overconfident with this method. This does virtually nothing to protect you.

It is no doubt combined with other practices, like not running unknown .exe files or random email attachments or clicking on links from unknown sources.

It's not confidence - it's fear. And, you're absolutely correct, it's combined with other methods. The biggest one is that I simply don't use very many web services, and the number of sites I visit is extremely small. I forfeit a lot of useful services to be safe. I also make lots of backups. I attempt to structure my hard drive in a way that I can capture all data that cannot be re-installed from source media.

It takes a special type of demented asshole to write software that hurts random people that you don't know. I can say that this method has protected me from getting any malware, and I absolutely despise running AV software that takes a super fast OS file system and cripples it beyond belief. It's not really the AV software's fault - for every drive access it has to compare files against hundreds of thousands of exact signatures, and lots of heuristic evaluations. It's amazing that it works at all.