Anti-Anti-Virus on the Desktop

I can be an extremist in some of my views on technology; some might call me jaded, or hardened by fire. I lean heavily towards the simplest, least expensive solutions. I would never say that my solutions are better than anyone else’s, but I will stand behind them, and proclaim that they effective. There are many different ways to solve any given issues. Some days I feel like people look at my solutions like they are very odd, until I explain myself. Before I explain myself I often think that people see some of my solutions look this picture; they scratch their heads and think WTF Mate?

Earlier this week a wink and a cute smile roped me into fixing a handful of computers in a small office in Kent. They complained that the computers did not function, functioned poorly and or that were filled with porn based pop-ups. The owners of the office and the previous computer care takers wanted to solve the problem by very haphazard installing Anti-Virus, Anti-Spyware, Adware, Firewalls, and Computer Cleanup software packages. That might be a great solution, when implemented properly, but it is not the my idea of a solution.

There was one computer that had three different AV software packages, two firewalls, and three Adware products installed; that computer hardly even started. To make it worse the normal user account had full admin rights, and  updates had never been run on the machine. Most of the computers in the office were in similar states. With my bullheaded dedication to simplest and least cost solutions I took the following steps to solve this office’s problems:

  • Removed all AV, AS, Adware, Firewall,  Computer cleanup, and any other junk software from all machines
  • Updated all of the machines to the latest service pack and patchs (One did the SP3 reboot loop on me, that was fun to remember how to fix, something about an Intel driver on an AMD box)
  • Turned on automatic updates to run nightly and reboot automatically (I never trust users)
  • Ran "msconfig" and turned off everything that runs on startup on all machines
  • Turned off all none essential Windows services (Like Wireless config on a wired desktop)
  • Created a "root" account on all of the machines with admin rights to use to work on the machines
  • Set a password for the default Administrator account (XP home does not have one)
  • Changed all users from Administrators to Limited users – This ends nearly all viruses in my mind. If the registry cannot be changed, and users cannot install software, how are they going get a virus?
  • Setup a File level Anti-Virus scanner on their file server and set it scan all of their shared documents – In my mind this catches most virus
  • Installed VNC so I can help them out remotely if they need any future help

I left this office making all of their computers run better, and operating in a much safer way then they were before I got there.

My belief is that you solve Anti-stuff problems at the entry and movement points. You protect the email in transit, you protect the network entry and exit points on the backbone servers, and workstations, and you make it impossible for the user to install stupid things like smiley toolbars. I’ve never run AV on a workstation and I never will. I have yet to be infected by a virus on any of my workstations. What works for me might not work for every user. In the right environment, properly managed, properly maintained, and implemented in addition to other things I do support desktop AV; I am not totally anti anti-av. This small office was not the properly place for it, nor is my mothers house. Yes I don’t run AV on my parents computers. I do just what I did for this office. I took away all of their rights to do anything and consider the problem solved.

Related Posts with Thumbnails

About Kevinm