In the past, virus definition files would replace themselves entirely with each update because they weren't that large. Nowadays, virus definition files tend to be in pieces. For definitions that are extended upon, those pieces are rewritten, but for entirely new definitions new pieces will be added.

The definition files don't actually take up that much space. The bulk of most virus scanners nowadays are the executable data and GUI assets, since they're designed to be incredibly difficult to break or circumvent. I just performed a manual update to my scanner just now for the heck of it, and it only needed to download 100-something KB of data, a lot of which is probably replacement data for existing definitions.

Then again, I'm not using Norton and I avoid Notron like the plague for two reasons: It's incredibly difficult to uninstall a Norton product, and in the past, their "free" manual updates required you to connect to their pay-subscription servers to install them, thus you STILL needed a pay-account to apply them. :P

TBH, if your regular updates after just a few days are over 3 MB, then there's probably a lot more data being included beyond just the definitions themselves. I recall that back when there were only a few thousand viruses and not a few million, the scanners would actually include detailed information about what each virus did and such. The scanner I'm using doesn't include that kind of information, but perhaps Norton does? *shrugs*

It's true about Norton... that thing digs itself so deeply into your system it's almost impossible to properly remove. The last time I had to deal with a Norton installation (admittedly a while ago), yanking it out by force corrupted the entire Windows user profile. 😠

I never found frequent large updates to be an issue really. A bigger problem with virus scanners these days is the huge number of false positives, and generally a way too overzealous approach towards classifying threats. AV vendors don't care that much if someone else's legitimate bit of code gets tagged as a virus / malware / security risk - they can simply say "better safe than sorry" (and boast an increased number of defeated threats).

Utilities or tools that involve some kind of system tweaking can be frequent victims.... apparently some developers see this as a major obstacle in getting their software "out there" - once a false positive strikes, there's little you can do to convince Joe Sixpack that your program is safe.

Antivirus are always a bad joke. Paying for these extremely crappy programs should be punishable by law!!

Take a look at these results (page 4 of each report):

http://www.av-comparatives.org/images/stories … tro_may2011.pdf

http://www.av-comparatives.org/images/stories … tro_nov2011.pdf

Most of the time they can't get more than 60% detection of new malware. That means that a whopping 40% of the threats are missed.

It's just sad. Apart from the millions of problems that antivirus themselves cause 🙁 This industry is truly sad 🙁

I always say that having an antivirus program installed is the same philosophy as having a virus.

You guys make me think to remove the anti-virus.. 🤣

Yep, it's bad enough that connecting to internet nowadays "must" be accompanied by an "Internet Security" suite. Gone are the days, when all we wanted to do is to download a much required patch for that rare game that requires it and then disconnect and continue playing.

This might be outrageous but sometimes I wonder if these security companies are actually having a "pact" with "hackers" or "virus-writers" justifying them with pushing their latest "security products" to the mass and warning the consequences of not having installed a security product with the "latest updates".

To download so many MBs almost everyday and only having 60% of protection is very discouraging.

You could always get Firefox + Adblock + Noscript combo or use some adblocker proxy. If you are cautious, you should not get any viruses.

Running as a standard user under Windows 7 is also a very useful defense against malware.

Most malware is unable to run with reduced privileges. If you run as a standard user, you will be asked to type an admin's password when the malware is trying to infect you.

The defense is as simple as not typing the password. If you don't type it, the malware won't get the higher privileges needed to do harm.

There are, of course, exceptions to this rule (for example, when the malware exploits a privilege-escalation vulnerability), but keeping your OS patched and up-to-date makes it REALLY hard for viruses and trojans to infect you.

PS: Please note that running as admin with UAC enabled is not secure at all. UAC can be too easily circumvented, it's almost useless.

The only reliable way is to run as a standard user.

Regards.