I’ve been running my eval copy of Vista (as a virtual machine) for a couple of weeks now and it’s a strange feeling. No, it has nothing to do with the new user interface (most of which won’t run in my virtual machine anyway), User Account Protection (UAP), or any of the new features.
It’s because I’m running without any AntiVirus running. At all. And I can’t, for the life of me, think of any reason to install it yet.
It’s there. This little zip file sitting on my desktop trying to tempt me into releasing it from the confines of its uninstalled bundle. It calls to me as I sleep, whispering fears of sending Office macro viruses to my family or being unprepared as that just-detected 1-day worm wheedles its way past my firewalls into the heart of my OS. But I resist the temptation as I banish the file to the depths of a subdirectory. Waiting to be called upon when needed, but imprisoned in the bowels of my file structure until the most desperate of times.
As someone who practices safe email and browsing habits I often wonder if I need desktop AV at all. I don’t run it on my Mac and I don’t run it on my XP Home PC (that isn’t ever used for email or inappropriate browsing). I only use it on my corporate desktop, where it’s never found anything despite destroying my system performance every Wednesday at lunch, and I’m well protected with our email server AV (which is definitely necessary).
Thus there’s no reason to run it on an OS for which there isn’t a single known worm or virus. It’s not like signature-based AV will catch any of the rumored 0days floating around, and my generally safe browsing habits limit my exposure anyway.
I’d consider this feeling of freedom strange if I haven’t been experiencing it on my Mac for the past year. Now you Windows users can know what freedom really feels like.
At least for now…
Reader interactions
6 Replies to “Running Vista Without a Net”
Let me restate my position a bit.
In a lifetime of computing, going back to the 1980’‘s, I’‘ve never been infected with a virus.
In the past 7 years or so (once I started using server AV) my desktop AV has never detected a virus, other than a couple positives for test tools that contained a potential signature.
I have, however, experienced numerous performance and stability issues due to my desktop AV.
Thus I can think of no reason to install desktop AV on this system.
I do keep desktop AV on any system I open up to family members, but my migration to Mac has eliminated even this need.
I watch the world closely. Someday I might need to change and run AV on both my Vista install and Macs, but right now I’‘m enjoying going commando.
And no, I don’‘t recommend this for everyone.
My two cents:
Yes, many current threats operate on Vista. Those which don’‘t fail because of privilege issues (they can’‘t write to the c:\Windows directory for example), but even this isn’‘t true in 100%, since Vista creates “virtual folders” (redirects the writes to other folder) for the sake of compatibility in many cases (effectively considering the malware a poorly written application and trying to help it to run :-)).
As for your opinion about 0-days not being caught by AVs: this is true (however some do after a couple of days), however they can most definitely catch a large part of the junk such an exploit downloads. Malware has become a commodity in many ways, so new vulnerabilities are often tied to old malware which any decent AV can detect.
Lastly, about you not visiting “those sites”: this isn’‘t a 100% guarantee. Legitimate sites are hacked daily and tweaked slightly so that they host hidden iframes and such which host exploit code (or spammy links, depending what the defacers intent was) without any obvious signs for the visitors (or the site owners for that matter).
This morning Martin reminds me that I’m a bit of a professional myself. As mentioned in this post, I’m running Vista and an XP machine without any antivirus. And as kwismer pointed out in the comments, Vista isn’t completely immune.
What do you mean by “operate on Vista”? I don’t believe any current virus can execute on Vista outside of (perhaps) some cross-platform Office macros.
i mean precisely what you don’‘t believe… microsoft’s jim allchin had engineers look at sophos’’ claim that some of the viruses on the top 10 list can affect vista, and although he challenges the notion that users are likely to explicitly open malicious zip files and execute files inside (in spite of the fact that their presence on the top 10 list proves users do just that) he does not challenge the fact that they do execute on vista…
vista is not an entirely new operating system, it is an entirely new version of an existing operating system – while there are new protection features there is also plenty of backwards compatibility…
What do you mean by “operate on Vista”? I don’‘t believe any current virus can execute on Vista outside of (perhaps) some cross-platform Office macros. I also don’‘t consider least priviledge a defense at all, so no argument there.
It’s an insurance policy that costs more than I want to spend for the assessed risk, based on my particular curcumstances. Right now the only reason to deploy AV on Vista is to protect others you may accidentally share a virus with that doesn’‘t infect your system. I use email server AV to prevent that. The other reason is to have it for when that first virus hits. I’‘m confident I monitor all information sources frequently enough to know when that day hits.
Signature based AV is a very ineffective tool on the desktop. Right now my risk assessment is that I, personally, and others with good security habits can consider not using AV, just as I don’‘t use it on my home XP machine.
It’s not true for everyone, but I feel pretty darn good about it for myself.
I’‘m tired of the AV tax and will avoid paying it as long as possible.
a couple of things…
first, many strict practitioners of safe-hex get along fine without a resident virus shield and have been doing so since long before vista came out… it seems you’‘ve joined their ranks, congratulations…
second, just because there aren’‘t viruses specific to vista yet doesn’‘t mean existing viruses don’‘t operate on vista – it’s already been established that some do… further, don’‘t assume that least privilege will stop viruses, fred cohen’s initial experiments saw a virus successfully replicating in a professionally administered unix environment where he was not root…
and finally, it’s probably best to think of running an anti-virus product as being like having insurance… it’s there ‘‘just in case’’ even though most of the time it does you no good and is a drain on your resources… for some people (perhaps many people) those ‘‘just in case’’ events balance out the cost equation…