CNET también está disponible en español.

Ir a español

Don't show this again

Operating Systems

A modest proposal: Dump your antivirus software

If you're careful about the sites you visit, the files you download, and the e-mail you open, you can do without virus protection on your PC.

What am I, nuts?

Removing the antivirus software from your PC goes against conventional wisdom, but a lot of conventional wisdom is bunk, especially when it comes to technology.

Two of the five PCs on my home network have been without AV software for six months, ever since I made the mistake of loading the beta of Windows Live OneCare 2 on my home network. This stellar example of the programming art brought my entire network to its knees in a matter of minutes. After three days of repairs, my network was working again, but I realized that two of the systems no longer had any antivirus software installed. I could've downloaded and installed one of the many free AV programs (Avast is my favorite, although it's free only for home and non-commercial use), but it was late, so I decided to take care of it "tomorrow".

In this case, tomorrow never came. Funny thing, I've been using the PCs as I always did, and they remain virus-free. I know because I just checked them both using Trend Micro's free Housecall online virus scanner.

Yesterday one of my PCs that still has AV software popped up a message that it was time for an update. Of course, I was in the middle of something that needed to get done right away, but like most PC users, I've grown accustomed to these interruptions, so I stopped what I was doing to let the AV program play through.

Wouldn't you know that this was one of those updates that required a restart? "Hey," I wanted to say, "I'm workin' here!" I had to fight the temptation to jump right to Add/Remove Programs (which Vista euphemistically calls "Programs and Features") and bounce the app once and for all. I didn't, but I have a feeling the program's days are numbered.

Be Careful Out There

The first thing you need if you fly AV-free is a bidirectional firewall. You can do better than Microsoft's free Windows Defender. Checkpoint Software's ZoneAlarm gets the lion's share of the press; it's free for individuals and not-for-profit organizations, excluding schools and government agencies. Another option is Sunbelt Personal Firewall, formerly Kerio Personal Firewall. The 30-day free trial of the $10 version reverts to the free release, minus a few features, if you choose not to pay.

Next, mind your downloads. "Free" music and video files available for download from the Internet are often loaded with some nasty viruses. The best advice is to pay for your entertainment, and avoid any site outside the mainstream. An alternative is to convert an old PC into your dicey system, the one you use when you want to visit a site whose content you're not sure about. Make sure that PC has antivirus software, a firewall, an updated copy of Windows (or better yet, a less-vulnerable OS), a bullet-proof case, and a hazmat suit. (Okay, you can skip those last two.)

Mind Your Mail

Another common source of malware is e-mail. One of the best ways to avoid mail-borne infections is to switch from HTML to plain text. In Outlook 2003, click Tools*Options*Preferences*E-mail Options. Under Message handling, check Read all standard mail as plain text. In Outlook 2007, choose Tool*Trust Center*E-mail Security. Click Read all standard mail in plain text under Read as Plain Text in the right pane. If you use Mozilla Thunderbird, simply click View*Message Body As*Plain Text.

Set Outlook 2007 to display received messages as plain text rather than HTML.
Prevent e-mail-borne malware attacks by reading your Outlook 2007 mail as plain text.

Also, don't click links in e-mail messages, even if you know the person who sent it. Some viruses hijack address books and send messages to every entry, so they appear to be from someone you're acquainted with. Instead, either copy the link and paste it into your browser's address bar, or go to the home page of the site (by removing everything in the URL to the right of the ".com", ".org", or other top-level domain), and then search the site for the page in question. If you're the least bit wary of the link, just let it be, or at least reply to the person beforehand to confirm that the link is valid.

Tomorrow: Centralize your e-mail.