Preventing malware, spyware & viruses on workstation?

[metro_digital]

Hi...hopefully someone here can shed some light on the issue of PC security for me.
I'm a motion graphics/3d artist and currently have my workstation connected to the web. This is fine, but I don't run any antivirus software, because when I ran BitDefender, it slowed my processing right down, and made it very frustrating to try get work done. I figured I'd rather just be careful online, and so far I havn't had any issues (that i'm aware of)
Anyway, the time is approaching for me to reinstall a new OS (Win 7) and upgrade all my design software, and I have since bought a macbook pro, and want to know what the best setup would be for security.
I plan on using the macbook for all my email & internet stuff (I am happy to install an antivirus on the mac, if people think it is necessary), and keep my freshly cleaned up workstation off the internet, so I don't have to worry about virus's and allow it to run at it's optimum potential.
This obviously would introduce a number of other issues, like getting windows updates, adobe updates, receiving files from clients via email and printing through the network.
The client email thing could be solved by transferring needed files to the workstation via USB flash, but would be more labour intensive.
So here are the questions I have:
1) If I keep the workstation connected to the net through my wireless USB adapter, but never use it to surf the web, do I run the risk of still getting infected? It would just be to get software updates & print to the network printer.
2) Would it be better to only plug in the workstation about once a month via ethernet to get necessary software updates, thereby reducing the amount of time it's online?
3) Is there a way to limit web access to the workstation through the router, so that only updates & printing are allowed?

I appreciate any advice offered. Thanks.

 

[<?php?>]

Checkout Avast

 

[gregmcc]

All you need to Microsoft Security Essentials - its free.

 

[AstroTurf]

The workststion will eventually get infected if it does not run an anti virus (internet, flash drives, network, files off clients, cd's and just about any media you plug in).

Just get a cheap or free anti virus. Our head designer makes 3dmodels on his machine and the anti virus does not affect performance that much. What you should be doing is making sure your pc can run all essential software (including an anti virus) without performance issues.

we use Sophos btw.

 

[bubbatentoe]

My 5 cents:

On Windows, if you don't want the overhead of an antivirus package that constantly scans everything in real time just install Spybot Teatimer.
The footprint is small and it'll warn you of unwanted registry changes. (trojans & malware)
And never use Internet Explorer. rather stick with Firefox, Chrome or Opera.

Regarding Macs..
MACs have what's known as "security through obscurity".
Apple's market share is so small (compared with Windows) that nobody cares about writing malicious code for it.
The exposure they'll get from writing "bad code" for MAC is not worth the effort.
**MAC is a Unix based OS so it's much more difficult to write self replicating code for it. (compared with Windows)

Market share:
Windows - 90%+
MAC - 5%
Linux - 1%
No wonder there's so few (none?) viruses for MAC's and *nix.

But to be safe get an anti virus package for Windows.
Update it, run a full scan and then disable the service.
Enable it once week-or-so, do an update and run a full scan & disable it again.

 

[gregmcc]

Update it, run a full scan and then disable the service.

Thats got to be the worst idea I've ever heard. Whats the point in running AV if its disabled. With modern fast machines you don't even notice the overhead of AV running. Install it, let it autoupdate and leave it running!

 

[syntax]

Thats got to be the worst idea I've ever heard. Whats the point in running AV if its disabled. With modern fast machines you don't even notice the overhead of AV running. Install it, let it autoupdate and leave it running!

Agreed, realtime scanning should use very few resources. Its the full system scans that hammer the box, schedule those at non working times

 

[hungrybeaver]

All you need to Microsoft Security Essentials - its free.

+1. MSE works very well and it's not intrusive at all. If you'd prefer to go with a big name in AV, I suggest Eset NOD32.

You can keep your pc constantly connected to the internet if you have a good AV. Nothing to worry about as long it updates its definitions every few days.

 

[Elite Override]

+1. MSE works very well and it's not intrusive at all. If you'd prefer to go with a big name in AV, I suggest Eset NOD32.

You can keep your pc constantly connected to the internet if you have a good AV. Nothing to worry about as long it updates its definitions every few days.

+1 NOD32 is low on resources and works very well.

 

[bubbatentoe]

Obviously you haven't heard many ideas.



If it's such a bad idea then the option to turn real time scanning off wouldn't be there.
Most ALL virus packages have the option to turn it off.
Wonder why?

Registax - stack 75x5meg images with RTS enabled = 3 minutes some seconds.
Registax - stack 75x5meg images with RTS DISABLED = 1 minute some seconds.
(and image files aren't even being scanned)
?
?

Turning real time scanning off can save HUGE amounts of resources.
ESPECIALLY if you performed a default install of your anti-vir with zero exclusions specified.
Some anti virus solutions are better than others at handling resources with RTS (u usually get what you paid for)

 

[gregmcc]

If it's such a bad idea then the option to turn real time scanning off wouldn't be there.
Most ALL virus packages have the option to turn it off.

There are a few brain dead software applications that refuse to install with AV enabled. Why do you think on AV managers there is a option to remove the option of allowing the user to stop their AV. Turning AV off and leaving it off is a bad bad idea - trust me. I've been in the security field long enough to know.

If your image files are taking longer with the real time scanner enabled and you excluded those extensions then you have a serious problem. They are still being scanned when they shouldnt. What AV are you using?

 

[bubbatentoe]

brain dead?
LOL.


In my work (Laboratory Information Management Systems) we have to disable real time scanning on all our automated laboratory systems.
We have no choice.
Robotic control application processes run in "real time".
Any "Real Time" anti virus solution causes them to crash and the auto sampler robotic arm stops.

Disabling real time scanning is only a "bad bad bad" idea if you're a "promiscuous" computer user who requires protection.

Think "condom".

 

[gregmcc]

shakes head.

Then its clearly not setup correctly.

 

[karnuffel]

/snip
Think "condom".

He is on the web (I assume permanently or for extended periods ).

Using your analogy... Bump uglies, pull out before you reach the happy, put rubber on, finish the job..... :erm:

I use the new trend micro Titanium Maximum (mostly because I got it for free from ABSA). It is a lot easier on resources than their previous products and works for me. That being said, +1 for Avast and+1 for Microsoft Security Essentials

 

[The_Unbeliever]

All you need to Microsoft Security Essentials - its free.

Doesn't pick up all the nasties though.

 

[The_Unbeliever]

brain dead?
LOL.


In my work (Laboratory Information Management Systems) we have to disable real time scanning on all our automated laboratory systems.
We have no choice.
Robotic control application processes run in "real time".
Any "Real Time" anti virus solution causes them to crash and the auto sampler robotic arm stops.

Disabling real time scanning is only a "bad bad bad" idea if you're a "promiscuous" computer user who requires protection.

Think "condom".

Ouchy... I'll feel for you when something nasty breaks out.

I take it that the lab is totally on its own physical network segment - and that there's a firewall between the lab and the main network?

 

[gregmcc]

Ouchy... I'll feel for you when something nasty breaks out.

I take it that the lab is totally on its own physical network segment - and that there's a firewall between the lab and the main network?

And all DVD drives and USB ports have been disabled.

 

[Polymathic]

deep freeze

 

[metro_digital]

Thanks for all the input guys.
I really don't want to go the route of installing antivirus.
I'm running a dual processor quad Xeon system with 8GB RAM, so it should be more than capable of handling the overhead of an antivirus, but when I tried using one in the past, it made the system sluggish, and programs took ages to load.

I think maybe the best solution for me would be to install antivirus on my macbook, and scan anything that needs to be transferred to the workstation.
Would mac antivirus software pickup pc viruses, malware & spyware?
You see, in the future I plan to add other render nodes to the workstation, which will run on its own network through a 1Gbps switch, and this will be totally off the web. I am the only one who uses my workstation, so I can keep control over what gets plugged into it. These systems need to be running at their maximum potential, as their purpose is to push out frames of animation as fast as possible.

Now that I think about it, I would actually never use the workstation to print from, as all my web & office work would be happening from the macbook, so the only concern would be the software updates which I assume I would check maybe once a month.
Would it still be risky if I checked for updates via the software instead of through browsing?

 

[gregmcc]

I really don't want to go the route of installing antivirus.

I give up! :wtf: