One year ago, I posted on Slashdot that I do not run an anti-virus program on my computer. That spawned a very large set of comments, most of which were telling me how stupid I am for not running anti-virus. I promised one user that one year from that day, I would post the results of a virus scan here on my blog. (I also promised a malware scan, but I’m too lazy.)
Well, I’m a few days late, but no matter. A few hours ago, I downloaded the free AVG Rescue CD (well, the bootable USB stick version). A few months ago I used this program to successfully de-virus a neighbor’s aging laptop, and years ago I ran AVG as my computer’s anti-virus, so I feel confident trusting the AVG Rescue software.
The AVG Rescue CD is a small bootable linux image which downloads the latest anti-virus definitions from AVG’s servers and then scans your computer’s hard drives. It will then allow you to delete or quarantine any viruses it finds. It’s a pretty handy tool – I highly recommend you keep a spare USB stick around with this installed, just in case.
Now, I was quite confident I do not have any viruses. I booted from the USB stick, updated the AV definitions, and proceeded to scan both hard drives. (I had forgotten how long it takes to scan several hundred gigabytes of files.)
This is what I found:
Obviously I could not simply take a screenshot, so you’ll have to put up with what my iPhone 4’s camera could do, and hopefully you’ll forgive me for taking a crappy picture that cuts off the rightmost portion of the text.
“But wait!”, you’re saying. “There are some viruses found!” Don’t be hasty – allow me to give some background. First, I have not used Thunderbird since I switched to Google Apps (which I mentioned having done in my first post in that Slashdot thread). That switch was, as mentioned, before March 18 of last year. Note that these hits are all in Thunderbird directories.
The first two lines are referring to a file named something like UPS_receipt_8492.zip, and AVG says a virus named FakeAlert was found in the file. The last two lines are referring to another copy of the same file. When I looked at the full file path, my surprise faded — this was Thunderbird’s Junk folder! So, being junk mail, I have never opened it, and really I should have deleted it. (Well, really, I should have cleared out this old Thunderbird data entirely.)
The other lines all refer to a trojan horse called “Generic13.BBVH”. This is actually a false positive; the two executables in question (“64K Movie.exe” and “64K Movie2.exe”) are a pair of really nifty programs which procedurally generate a 3-d environment with some nice shiny eye candy and some accompanying music, all in an executable weighing in at less than 64KB. For what it’s worth, the e-mails containing those executable attachments were uploaded to my Google Apps e-mail account along with the rest of my (non-Junk) mail; Google’s anti-virus does not complain about the two files.
So you can see for yourself, I’ll mirror the two files for you here:
– 64K Movie
– 64K Movie 2
You can also google those and find other people’s mirrors. You can scan the two files yourself; some anti-virus programs will give false positives.
So, one year and counting running Windows with no anti-virus, and no viruses. It’s not hard, you just have to browse responsibly.