hello
i am looking for some honest, objective opinions on running my home computer (vista x64 sp1) without the extra burden, expense, and overhead of a traditional AV (nod32, kaspersky, norton etc). I have been a nod32 fan for about 5 years now, and it's been fine for me. But I think in those 5 years, it has only stopped 2-3 'attacks', and those were all web-based malicious .js attacks which would not have been able to do much damage to a vista x64 system running IE7 protected mode anyway.

So I am wondering if I am just throwing $$ away keep renewing these AV softwares year after year. Not to mention they cause various compatibility issues themselves often requiring waste of time to troubleshoot, maintain, tweak, configure and update just to keep your system functioning on a minimal level. I am sort of leaning towards just having a secure OS (64bit vista or win7), nice hardware firewall (ddwrt or tomato), be careful where I surf and be vigilant about running on-demand scans with free tools like MalwareBytes AntiMalware and SuperAntiSpyware.

The security software market to me seems every day more and more a joke, I mean there are hundreds of products out there now, with little to no "honest" reviews, benchmarks, etc. Companies pop up daily with a new whiz-bang product or fancy anti-heuristic-hypervisor-HIPS-a-licious technology that nobody really understands, only to disappear months later leaving customers hanging. (anybody remember DiamondCS??) I am just fed up with it.

what are your guys thoughts?

With free programs like Avira and Avast I don't know why you'd take a chance. I guess if you had frequent back-ups it would be OK.

what is the best on-demand AV scanner these days?
I am a fan of SuperAntiSpyware, MBAM, and the good ol' Spybot S&D for malware, but I am not familiar with On-demand AV scanners.
Are there any decent ones with good detect rate and low FPs?

-{ Quote: "So I am wondering if I am just throwing $$ away keep renewing these AV softwares year after year. Not to mention they cause various compatibility issues themselves often requiring waste of time to troubleshoot, maintain, tweak, configure and update just to keep your system functioning on a minimal level. I am sort of leaning towards just having a secure OS (64bit vista or win7), nice hardware firewall (ddwrt or tomato), be careful where I surf and be vigilant about running on-demand scans with free tools like MalwareBytes AntiMalware and SuperAntiSpyware." }-
You seem to have skipped over the free products out there that are just as good or better than the paid variety. I fattened the Symantec coffers for about 8-10 years before pulling the plug on them and going with FREE avast!4 Home Edition. What a great move that was! It's been a year and a half of comfort and joy, I'm telling you. Take a solid look at avast! You could even add Avira AntiVir Personal without the Guard and use it as an on-demand FREE scanner. ThreatFire is another free tool. And the three programs I just mentioned all coexist nicely on my machines. Good Luck. :thumb:

-{ Quote: "what is the best on-demand AV scanner these days?
I am a fan of SuperAntiSpyware, MBAM, and the good ol' Spybot S&D for malware, but I am not familiar with On-demand AV scanners.
Are there any decent ones with good detect rate and low FPs?" }-


To be honest I'm not sure about using Avast only on demand but you can with Avira by disabling AntiVir Guard right clicking on the tray icon. Some complain about false positives, but I personally haven't had that problem. It's also always rated at the top.

The only drawback for the free version, if you want to call it that, is a pop ad during updates. It can be disabled following these directions.

http://www.elitekiller.com/disable_antivir_nag.htm

The above link also has the directions to disable the start up slash screen,

Avast is good free AV
use SAS,MBAM provides good protection to ur pc
u may also try this software Returnil
http://www.returnilvirtualsystem.com/comparison.htm

AVG or Avast - both have a good antivirus/antispyware engine!

But as you say: I also had a lot of AV programs in the past but I hardly ever saw any of them in action :P

-{ Quote: "
Companies pop up daily with a new whiz-bang product or fancy anti-heuristic-hypervisor-HIPS-a-licious technology that nobody really understands" }-

:thumb:

Use DR Web cure it.No installation,no messin up with the registry.

@LuckMan212,

I completely understand you :)

After using Linux as my main OS, for more than one year, I just realized that we can perfectly can go "without" all these security programs.
We just have to use the common sense and stay way from the ways that can compromise our privacy and security.

Even for those that "know" how to stay way from these treats, we are still human beings that makes mistakes, and Windows is far from being perfect OS, so we need something that help us on that job.

We don't need to have hundreds of security programs, like some users of this forum use, to protect or check our system, just a few to complement and help our common sense… ;)

First with Moderator hat on. Lets not turn this thread into an A Vs B. You all know what will happen. This thread is about not using an AV.


Having said that, I run without any Antivirus or in fact any Anti anything. I rely heavily on Sandboxie, and that is a catch for Luckman. No 64bit version, nor will there be one.

Pete

-{ Quote: "First with Moderator hat on. Lets not turn this thread into an A Vs B. You all know what will happen. This thread is about not using an AV.


Having said that, I run without any Antivirus or in fact any Anti anything. I rely heavily on Sandboxie, and that is a catch for Luckman. No 64bit version, nor will there be one.

Pete" }-

Do you run all of your "normal" browsing in sandboxie?


Technically....if "something" decided to launch in your sandbox...it do anything with the data inside the sandbox (e.g. your wilders login for example) or even outside of the sandbox...e.g. passwords for thunderbird,outlook, ftp clients, websites etc etc.... which is why I think sandboxes are fine as prevention of file infection but not protection for your data from threats such as password stealers for example.

-{ Quote: "Do you run all of your "normal" browsing in sandboxie?


Technically....if "something" decided to launch in your sandbox...it do anything with the data inside the sandbox (e.g. your wilders login for example) or even outside of the sandbox...e.g. passwords for thunderbird,outlook, ftp clients, websites etc etc.... which is why I think sandboxes are fine as prevention of file infection but not protection for your data from threats such as password stealers for example." }-


You would have to be very mindful of just what you were doing, where you were browsing during any one session. But actually I like the idea of this approach. Have finally gathered enough parts to piece together a "break me" PC. A bit resource deprived so I may give the Sandboxie only approach a try.

Thanks Peter2150. Nice Mod hat by the way. :D

-{ Quote: "Do you run all of your "normal" browsing in sandboxie?


Technically....if "something" decided to launch in your sandbox...it do anything with the data inside the sandbox (e.g. your wilders login for example) or even outside of the sandbox...e.g. passwords for thunderbird,outlook, ftp clients, websites etc etc.... which is why I think sandboxes are fine as prevention of file infection but not protection for your data from threats such as password stealers for example." }-
You can configure by folder path,or simply by program name what can acces the internet in a certain sandbox.

-{ Quote: "You would have to be very mindful of just what you were doing, where you were browsing during any one session. But actually I like the idea of this approach. Have finally gathered enough parts to piece together a "break me" PC. A bit resource deprived so I may give the Sandboxie only approach a try.

Thanks Peter2150. Nice Mod hat by the way. :D" }-

Can be browsing any one of your normal sites and get infected. For example, yesterday I came across a poker blog, online clothes shop and forum that had all been comprimised with malicious scripts and were silently downloading pinch password stealers to the visitors. It's an unseen jungle :P

-{ Quote: "Can be browsing any one of your normal sites and get infected. For example, yesterday I came across a poker blog, online clothes shop and forum that had all been comprimised with malicious scripts and were silently downloading pinch password stealers to the visitors. It's an unseen jungle :P" }-


Agreed. That is why you must mindful of your particular surfing session. Example; If I were going to make an online purchase or log into my bank site I would make sure it was the only thing I did from within that session. If a site is compromised, depending on how, no amount\type of security programs on your PC will protect your private information.

I fear we are beginning to drift off topic though. Sorry to the OP.

I'm curious why there is not any Sandboxie or similar product for 64-bit OS? Is this some sort of technical limitation? sorry for my ignorance. I am a registered user of Ilya's DefenseWall HIPS and I found it to be an excellent product-- unfortunately I have been unable to use it since moving to a 64bit OS. Truthfully I am quite surprised by how slowly the migration towards 64-bit has been going in general-- especially considering the improved security, performance and most importantly the ability to use >4GB RAM.

I don't know the technical details, but x64 is a whole other ballgame apparently, and it would appear to be quite difficult for developers to write any HIPS or related app for x64.

I understand your desire to lighten up and also spend less, but I think in your case I'd go ahead and at least run Avira, or use it on-demand only perhaps, there is the free version, and it is quite good. No AV means a small chance of something going unseen I suppose. I have been at that point too, but I always seem to end up putting something on. Right now on Vista x64 I use Avast, and that's it.

On any new PC, the "overhead" of a free AV should be near zero.

I removed NOD32 and even though it is light on resources, my PC "feels" snappier already. I may wait for avast 5.0 and try that. I will probably try NOD32 v4 as well when it is released. But for now I will probably just stick to on-demand scans with MBAM, SpyBot S&D, and SaS.

I would say that the main problem with x64 isn't the difficulty of development, but that stupid requirement for driver signing that you have to pay for.

your problem is not on the net, since u can easily use adblock and noscript but on usb viruses or when downloading songs n stuff from p2p. why dont u try eset v4? its for free as its beta and works pretty well (for being a beta that is).
SAS works great if combined with cureit on demand

-{ Quote: "I'm curious why there is not any Sandboxie or similar product for 64-bit OS? Is this some sort of technical limitation? sorry for my ignorance. I am a registered user of Ilya's DefenseWall HIPS and I found it to be an excellent product-- unfortunately I have been unable to use it since moving to a 64bit OS. Truthfully I am quite surprised by how slowly the migration towards 64-bit has been going in general-- especially considering the improved security, performance and most importantly the ability to use >4GB RAM." }-
I believe its due to patchguard which is the kernel protection feature found in vista x64. As a vista 64 user i just use virtualization to create my own sandbox type environment. Its no where near as convenient or light as sandboxie but it works great.

-{ Quote: "hello
i am looking for some honest, objective opinions on running my home computer (vista x64 sp1) without the extra burden, expense, and overhead of a traditional AV (nod32, kaspersky, norton etc)...." }-

It is a good way if you only download stuff from well known and reputable sources. And then once per week run the NOD32 and Kaspersky FREE Online Scan. :thumb:

LUA + SRP.

OK, I know LUA=Limited User Account, but what's SRP? :doubt:

-{ Quote: "OK, I know LUA=Limited User Account, but what's SRP? :doubt:" }-
Software Restriction Policy. It's a Windows feature first introduced in XP Pro.

Running without an AV is quite workable. I haven't used one in almost 3 years and my PC is better off because of it. There's more to it than just uninstalling your AV. An AV can be viewed as a form of process control that blocks any malicious code it identifies from executing. Software restriction policies, HIPS, etc are capable of performing the same function but use different methods and criteria. AVs use signatures, definitions, etc to identify somewhere around a half million bits of malicious code. Keeping such a list current and complete is a formidable or impossible task. With AVs, only the known bad is blocked. Both known good code and unknown (to them) code are allowed to execute. This is referred to as a default-permit policy. Its weakness is its allowing the unknown to execute. The unknown can be a new version of an app you use or a brand new rootkit.

Software restriction policies use the opposite approach, as does a properly configured classic HIPS like SSM. They allow the 50-100 known good processes on your PC to run and block everything else. Neither wastes disk space or resources trying to keep up with a nearly infinite and ever growing list of malicious code. This is referred to as default-deny policy. Anything not identified as good and belonging on your PC is blocked.

A default-deny policy has some disadvantages. The responsibility of determining what is good and belongs on the PC is the users responsibility. You're building your own whitelist of what is allowed, which does require you to be fairly knowledgeable about your own PC. It's not a good policy for users who install a lot of software or are always changing their setups. A default-deny policy prevents change by design and makes constant changing more difficult.

Default-deny is an extremely effective security policy when enforced by either HIPS or software restriction policies. Both control what can execute very well. IMO, HIPS gives the user more control over how processes and applications can interact. How important that control is will depend on who you ask. HIPS also has the advantage of working on older systems that don't have the ability to enforce software restriction policies.

There are other methods that will be brought up. Sandboxing software, virtual operating systems, reboot to restore software, behavior blocking. Each has their advantages and weaknesses. IMO, the best policy is to not allow malicious and unknown code to run in the first place, provided the user is willing and able to make themselves adhere to such a policy. A default-deny policy enforced by system configuration and SSM has served me very well for nearly 3 years, with 6 different people using my PC. It stays clean and fast.

there is no SSM for 64-bit vista is there?

-{ Quote: "there is no SSM for 64-bit vista is there?" }-
I don't believe there is. I'm not sure which HIPS will work with 64-bit Vista. Even if there isn't one, software restriction policies are almost as effective.

It must be nearly 2 years since I last ran a real-time AV. After 10 years of finding nothing dangerous I thought I would give it a go. So my opionion - if you enjoy playing with programs then fine load up with security otherwise you need to be living dangerously before such programs are really needed.

You can always run with Sandboxie type protection or shadow defender but this still doesn't address the question of whether AV is really neccessary.

My main concern is that so many attribute their lack of infection to having run
numerous security programs when they may well have been just as clean running nothing at all.

If you find that you somehow manage to get infected, and it does actually require a degree of talent to do so, on a regular basis then security may well help. Otherwise remember why you bought your computer - you may have vague memories that it was for reasons other than to run security packages.

Hi, I was recommended to ask my question here so I apologize if I'm being slightly off-topic.

Thread I made that got closed:
http://www.wilderssecurity.com/showthread.php?t=228536

I think as someone above pointed out, running without an AV is all up to the responsibility of the user and most of Wilders are tech savy enough to know when they are dealing with an infected pc and have good habits enough to easily set things right. I'm not among those people though so while I don't mind dropping the AV guard, I tend to make such rookie mistakes as inserting an infected flash drive and that's my main concern for dropping an antivirus guard.

I'm not so much afraid of infected files but I still tend to be confused when using Sandboxie on programs that require installations and false positives that are really false positives so I'd rather stay safe by using an HIPS that doesn't constantly nag me to delete a file when I've already ignored it.

I'm also afraid of run by viruses so is there a middle of the road advise that doesn't involve totally forsaking security applications?

I've asked about programs like ShadowDefender and Returnil before but I haven't installed them on my PC yet and I'm kind of holding off installing these programs until a fresh XP, not to mention I can't afford ShadowDefender right now and I'm not sure it's better than newer programs like PrevX Edge.

@Paul,

There are a few middle of the road advises:

On XP
- Use Surun/Sudown (see software and services and look for Mrkvonic excellent tutorial, only add a limited user to start with instead of an extra admin user).

On Vista
- use UAC (=run LUA) with Norton's UAC tool

XP/Vista 32 bits
- Enable DEP for all programs
- Add threatFire it checks the Virusbuster AV data base when an intrusion occurs
- for dodgy browsing try Iron a Google Chrome clone with the new webkit engine, this reduces browser vulnability with 70%

You should be fine with this light set up.

Cheers Kees

Thanks Kees1958,

I tried Threatfire before per the suggestion of another user here but installation didn't went well so I decided to go with the free version of Online Armor. Any better suggestions?

What's DEP?

and is Iron really that better than both Firefox and Opera?

-{ Quote: "Thanks Kees1958,

What's DEP?" }-

It means Data Execution Prevention

http://en.wikipedia.org/wiki/Data_Execution_Prevention

-{ Quote: "On XP
- Use Surun/Sudown (see software and services and look for Mrkvonic excellent tutorial, only add a limited user to start with instead of an extra admin user)." }-
So, SuRun works in a limited user and admin accounts?

You add a limited account to the Surunners group, and then you can elevate that account's privileges to admin for the program you want.
Admin is admin, Surun won't do anything with it, only the LUA - but you can however tweak the options from admin account if that's what you're asking.

-{ Quote: "You add a limited account to the Surunners group, and then you can elevate that account's privileges to admin for the program you want.
Admin is admin, Surun won't do anything with it, only the LUA - but you can however tweak the options from admin account if that's what you're asking." }-
Thanks Pedro ;)

Anytime :)

Yesterday, I formatted my Windows XP Pro partition, and choose an Admin Account, so now I will try to change it to a Limited Account to test SuRun, but only after an image backup... :)

What i did, not that it matters now thanks to Crossover ;D , is turn the admin to LUA, and make the hidden "Administrator" visible with password. So i get 1 LUA + 1 Admin + 1 disabled Guest.
Turn DEP on, SRP ..

tlu has advice on his thread regarding turning an account to limited - XP doesn't safely convert the account.

Unfortunately I need Windows and its developer tools for my work, so I decided to install it again at home...

What means SRP?

Software Restriction Policy, gpedit.msc . I do as tlu suggested, what this good guys says:
http://www.mechbgon.com/srp/
It's simple to use. No unknown execution, except for that super villain who wants your pictures ;D

-{ Quote: "...and choose an Admin Account, so now I will try to change it to a Limited Account to test SuRun..." }-
-{ Quote: "...turn the admin to LUA..." }-

I would avoid this approach since I´ve noticed some "glitches" where it turns out that the restricted user inherits the ownership of certain files/folders/keys in some cases where it shouldn´t. IMO it´s better, for avoiding this possible security risk, to stick with the default created admin account (for updating/installing/tweaking) and create new restricted user accounts, instead of converting admin accounts to restricted user accounts. I know some users here have converted admin to user, perhaps successfully without any issues, but just in case...

/C.

Lol, hmmmmm, why go through all of this painstaking setup. Why? To say here you dont use a AV. I dont know, to me, it is easier just to say I use one, any one.8)

-{ Quote: "I would avoid this approach since I´ve noticed some "glitches" where it turns out that the restricted user inherits the ownership of certain files/folders/keys in some cases where it shouldn´t. IMO it´s better, for avoiding this possible security risk, to stick with the default created admin account (for updating/installing/tweaking) and create new restricted user accounts, instead of converting admin accounts to restricted user accounts. I know some users here have converted admin to user, perhaps successfully without any issues, but just in case...

/C." }-
I will see if I can create a LUA :)

-{ Quote: "Lol, hmmmmm, why go through all of this painstaking setup. Why? To say here you dont use a AV. I dont know, to me, it is easier just to say I use one, any one." }-
Did you already use Linux?
Do you know the security and usability that this program will add to your system?
Do you think that your AV will protect you against what?

I don't know if I will use this in the future, but for now seems to be a must addition to protect my system...

-{ Quote: "I would avoid this approach since I´ve noticed some "glitches" where it turns out that the restricted user inherits the ownership of certain files/folders/keys in some cases where it shouldn´t." }-
-{ Quote: "tlu has advice on his thread regarding turning an account to limited - XP doesn't safely convert the account." }-
Located his post - http://www.wilderssecurity.com/showpost.php?p=1201866&postcount=146
Both his threads should be read imo. I parsed both of them and made notes just to digest it better. :P

In any case, i agree it would be best to create a new one, but i did what i did and end up with only one admin. I think it's a case of all roads leading to Rome.

-{ Quote: "I will see if I can create a LUA :)


Did you already use Linux?
Do you know the security and usability that this program will add to your system?
Do you think that your AV will protect you against what?

I don't know if I will use this in the future, but for now seems to be a must addition to protect my system..." }-
Protect me against myself.........Will Linux? No, because ultimately there is a opening in every closed entity.

-{ Quote: "Protect me against myself........." }-
If I just trust in AV to protect myself, I would be in trouble for sure! ;)

Fortunately, I just use them as a complement when my common sense fails.

I think some AV is better than nothing (generally speaking)... especially if the overhead is low and there's no performance impact.

Comodo Defense+ is a hips that works on 64.

-{ Quote: "hello
i am looking for some honest, objective opinions on running my home computer (vista x64 sp1) without the extra burden, expense, and overhead of a traditional AV (nod32, kaspersky, norton etc). I have been a nod32 fan for about 5 years now, and it's been fine for me. But I think in those 5 years, it has only stopped 2-3 'attacks', and those were all web-based malicious .js attacks which would not have been able to do much damage to a vista x64 system running IE7 protected mode anyway.
what are your guys thoughts?" }-

I stopped for a year running an AV, and it was indeed fine. My AV replacement was very effective, Faronics AntiExecutable: It would deny by default any executable that was not whitelisted in the first place. The new version for Vista (I believe only x32) is even better, and more sophisticated. Unfortunately it doesn't allow FirstDefense PC Rescue to run properly on my system. Maybe future versions will improve the compatibility.

I tried with HIPS to use them simply to deny any executable, but in the end they were complicating my life rather then simplifying it. I run 99% of the time virtualized and sandboxed, and when I want to keep something I find the AV is still the only way to find out if it is known malware.

Ok, I read as far as someone giving a simple guide in that other thread on how to turn an admin account into a limited user account but now I read in this reply that it might have a glitch:

Can anyone remake a simple guide explaining the whole SuRun + SRP + LUA + DEP set up?

Some of these tweaks scare me because I've tried creating a guest account once and as you know, everything changes. Then there are stuff like you can only allow program files folder execution but what about portable applications and usb/external disk mounting that might require a different access?

One of my main headaches when I tried Linux was that the structure was so different from XP that if you wanted help, you have to go into details with what you did and I see this setup as being even scarier because it's not as simple as going to an antivirus' forum and asking them what I did wrong, it involves making sure I didn't make a separate mistake like how my printer right now is constantly chucking a Visual C++ Runtime error after I installed and removed Litestep then narrowing it down to this setup's mistake.

Instead of running a limited user account you could always run an admin account and just run certain programs with reduced rights. Dunno if Its safer but its much easier and more convenient imo.

Wouldn't that leave me exposed to scriptbased malware?

I also don't get how to install programs into Sandboxie. I know how to run them on it but when the installation fails, I don't know whether it was due to not having explorer also sandboxed or it was a case of a malware installation not getting through.

-{ Quote: "Wouldn't that leave me exposed to scriptbased malware?

I also don't get how to install programs into Sandboxie. I know how to run them on it but when the installation fails, I don't know whether it was due to not having explorer also sandboxed or it was a case of a malware installation not getting through." }-
You can configure your SRP to block scripts.
It depends on what you are trying to install in sandboxie, not everything will work as sandboxie blocks certain things. If you are wanting to test software you might be better off using a virtual machine or something like returnil.

Perhaps I have done something wrong ? Just Installed SuRun to an existing Admin Account. Now everything is set as Standard User ( i.e Limited) except for the programs that I have given elevated permissions to. There may be more fancy stuff that I could do but I would have thought that this was more than enough.

-{ Quote: "You can configure your SRP to block scripts.
It depends on what you are trying to install in sandboxie, not everything will work as sandboxie blocks certain things. If you are wanting to test software you might be better off using a virtual machine or something like returnil." }-

Yeah, I considered Returnil but someone recommended to ShadowDefender due to Returnil not being able to shadow multiple drives. I can't afford it right now though.

PC isn't also that powerful for virtual machines either.

How do you configure SRP to block scripts?

-{ Quote: "Yeah, I considered Returnil but someone recommended to ShadowDefender due to Returnil not being able to shadow multiple drives. I can't afford it right now though.

PC isn't also that powerful for virtual machines either.

How do you configure SRP to block scripts?" }-
There was a good thread on these forums somewhere. I don't have time to search for it now but when i do i'll see if i can find it.

Here's a good thread for SRP setup. http://www.wilderssecurity.com/showthread.php?t=197456

-{ Quote: "Yeah, I considered Returnil but someone recommended to ShadowDefender due to Returnil not being able to shadow multiple drives. I can't afford it right now though.

PC isn't also that powerful for virtual machines either.

" }-

When referring to virtual machines, VMware for example is a real one, and it definitely requires quite a bit of memory and speed. But programs like Returnil and Shadow Defender are really 'virtualizers' (they work on the same principle), but they are fairly light to run on any computer.

I read up to page 3 of that thread and it seems like SRP is bypassable especially if you were the one unknowingly installing a malicious program.

my gaming pc has never had anything installed other than malware bytes anti malware free scanner, it's backed up to an external hdd and behind a nat router. it's only used for games, over 200 and many of these are online games in over 12 months i have never had a problem, but as i said it's only used for games not sure i would risk nothing on the pc i use for surfing etc, however i also cannot remember the last time nod blocked anything, key is safe surfing and i never peer to peer other than some games updates.
a lot of pc's i clean up have super anti everything installed and they still get infected:/

Anti-virus is needed by those who can't use it. A paradox, but there you go.
If you know what you're doing, you don't need one.
Mrk

-{ Quote: "Anti-virus is needed by those who can't use it. A paradox, but there you go.
If you know what you're doing, you don't need one.
Mrk" }-

That sums it up pretty well.:thumb: My wife is computer illetrate, and of course she has no clue how to use a AV but I did install one on her PC.

On my computer I am not using any AV since one year without any problems.:)

-{ Quote: "Anti-virus is needed by those who can't use it. A paradox, but there you go.
If you know what you're doing, you don't need one." }-

I disagree. In ignorant people's hands, an antivirus is no more a false sense of security if not a deliberate desensitization of what counts as security in the casual person's mind.

99% of people who can't use antiviruses, don't put antiviruses there and still get infected when people install it for them because often times it's a poor AV or they fail to both update and realize some basic methods of securing their PCs.

At the same time, how large do you think the amount of people who know what they're doing are?

If this was the case, then you'd have a much more improved and less confusing guide for lay-men splashed all across the web. One that need not force a PC user to read even 1 discussion forum of Wilders as the basic summary is not only constantly updated but presented in a universal page where the url is merely copy pasted anytime someone asks.

No. The irony is, that as most things in this world, the simplest solutions are never the ones most well known.

At this point, the easiest solutions would be for a big enough majority to switch to Linux and generate enough demand so that suppliers would provide ports of programs (especially games) into it that it fills one of the holes Linux is severely lacking in the desktop environment.

This same single ideal would also improve every parts lacking in Linux support: better free documentations written for the lay-men, more people to ask help that are actually willing to help and don't have the elitist volunteer syndrome, better support from third parties, more knowledge of what different programs are such as how Firefox is actually not Internet Explorer but is actually a sub-category of web browsers...

Of course, in modern times, this seems just as unlikely as a bunch of people protecting themselves better by embracing better security programs rather than the status quo programs like Norton and McAfee but I just thought I'd throw it out there to better cement my disagreement with this paradox.

-{ Quote: "hello
i am looking for some honest, objective opinions on running my home computer (vista x64 sp1) without the extra burden, expense, and overhead of a traditional AV (nod32, kaspersky, norton etc). I have been a nod32 fan for about 5 years now, and it's been fine for me. But I think in those 5 years, it has only stopped 2-3 'attacks', and those were all web-based malicious .js attacks which would not have been able to do much damage to a vista x64 system running IE7 protected mode anyway.

So I am wondering if I am just throwing $$ away keep renewing these AV softwares year after year. Not to mention they cause various compatibility issues themselves often requiring waste of time to troubleshoot, maintain, tweak, configure and update just to keep your system functioning on a minimal level. I am sort of leaning towards just having a secure OS (64bit vista or win7), nice hardware firewall (ddwrt or tomato), be careful where I surf and be vigilant about running on-demand scans with free tools like MalwareBytes AntiMalware and SuperAntiSpyware.

The security software market to me seems every day more and more a joke, I mean there are hundreds of products out there now, with little to no "honest" reviews, benchmarks, etc. Companies pop up daily with a new whiz-bang product or fancy anti-heuristic-hypervisor-HIPS-a-licious technology that nobody really understands, only to disappear months later leaving customers hanging. (anybody remember DiamondCS??) I am just fed up with it.

what are your guys thoughts?" }-

Hello LuckMan212!

Best of the day and the season.

My thoughts?

Well my first thought is you have already kind of made up your mind to do it and go sans AV. and that is your call.

I know where you are coming from do you and I NEED an AV resident on the PC. For you and me it's probably okay because we know or think we know how to protect ourselves. You could do weekly or daily web based scans with mainline AV's anyway.

With the ASW stuff you have and the FW it's unlikely for you to get hit BUT there is some risk as you say you found a few NOD 32 stops in the past.

I've never been concerned about using PC resources to support security SW but some users get exercised by that issue.


It is possible to go sans any security software, if you are prepared to load your OS clean each day from an external drive. It then is just a matter of avoiding the dark side and IF you get hit, wipe and reboot clean.

Good luck.


PS This is not a recommendation for my clients but ideas just for you;D

-{ Quote: "I disagree. In ignorant people's hands, an antivirus is no more a false sense of security if not a deliberate desensitization of what counts as security in the casual person's mind.

99% of people who can't use antiviruses, don't put antiviruses there and still get infected when people install it for them because often times it's a poor AV or they fail to both update and realize some basic methods of securing their PCs.

At the same time, how large do you think the amount of people who know what they're doing are?

If this was the case, then you'd have a much more improved and less confusing guide for lay-men splashed all across the web. One that need not force a PC user to read even 1 discussion forum of Wilders as the basic summary is not only constantly updated but presented in a universal page where the url is merely copy pasted anytime someone asks.

No. The irony is, that as most things in this world, the simplest solutions are never the ones most well known.

At this point, the easiest solutions would be for a big enough majority to switch to Linux and generate enough demand so that suppliers would provide ports of programs (especially games) into it that it fills one of the holes Linux is severely lacking in the desktop environment.

This same single ideal would also improve every parts lacking in Linux support: better free documentations written for the lay-men, more people to ask help that are actually willing to help and don't have the elitist volunteer syndrome, better support from third parties, more knowledge of what different programs are such as how Firefox is actually not Internet Explorer but is actually a sub-category of web browsers...

Of course, in modern times, this seems just as unlikely as a bunch of people protecting themselves better by embracing better security programs rather than the status quo programs like Norton and McAfee but I just thought I'd throw it out there to better cement my disagreement with this paradox." }-

I don't know if you agree with me or no, except the first sentence ...

I'm doing my job trying to get things in layman terms ... I am fighting the elitist syndrome as much as I can, believe me ... The percentage of knowledgeable users is about 1%, btw.

99% of users do not put anything anywhere - they just use their machines. Out-of-date anti-virus programs they might have are pretty much useless, so why bother if they're gonna get infected in the first place? Might as well save some money.

Which is exactly my point - they need it, but they can't use it. And if you do know what to do, including some of the alternatives mentioned, then you sure don't need it.

BTW, there's no golden solution just as there is no golden solution to stupidity or mediocrity. Until the moment you have licensed computing where you have to pass the test to use them and then get punished by law for misdeeds, just like driving, nothing will change. This won't ever happen, though...

Computers are geek tools made by geeks for geeks and thus completely unsuited for masses.

Mrk

-{ Quote: "I don't know if you agree with me or no, except the first sentence ...

I'm doing my job trying to get things in layman terms ... I am fighting the elitist syndrome as much as I can, believe me ... The percentage of knowledgeable users is about 1%, btw.

99% of users do not put anything anywhere - they just use their machines. Out-of-date anti-virus programs they might have are pretty much useless, so why bother if they're gonna get infected in the first place? Might as well save some money.

Which is exactly my point - they need it, but they can't use it. And if you do know what to do, including some of the alternatives mentioned, then you sure don't need it.

BTW, there's no golden solution just as there is no golden solution to stupidity or mediocrity. Until the moment you have licensed computing where you have to pass the test to use them and then get punished by law for misdeeds, just like driving, nothing will change. This won't ever happen, though...

Computers are geek tools made by geeks for geeks and thus completely unsuited for masses.

Mrk" }-


Hi Mrk:

Yes, FWIW I agree with your post here. I'm not exactly sure what Paul is disagreeing with, my read is that he is agreeing but it is a bit unclear to me anyway. No surprise there!

Over the last year I have become more and more convinced that the masses should not attempt to secure their own PC's it is just too d...n complicated. As you say they are made for geeks by geeks.

Yet I feel I'm whistling in the wind to the masses and preaching to the choir in the security forums.

I'm not really discouraged though since even helping one user may make it valuable.

I really get exercised by the "one solution fits all" mind set on 99% of the vendors parts. Since every users www risk profile is different and their knowledge level also vary it is just not possible to have a single solution.

For me the layered defence still is the "best" approach PLUS a solid backup and recovery system for the inevitable crash.

See ya

Unless I missed it why didnt anybody mention rollback rx? If I did sorry..

Thanks,

Chris

-{ Quote: "I don't know if you agree with me or no, except the first sentence ..." }-

Disagreeing...like what my first sentence said.

-{ Quote: "I'm doing my job trying to get things in layman terms ... I am fighting the elitist syndrome as much as I can, believe me ... The percentage of knowledgeable users is about 1%, btw." }-

There are lies, damned lies and statistics.

The problem with the "I" statement is that it can be used as a straw man.

There are problems with education...

"MY teacher" still got me the education I needed.

The media gets away with throwing more hurtful insults just cause Sarah Palin is a woman

"I" made fun of BOTH Sarah Palin AND other male politicians

Just because you might have done something doesn't mean there's enough people doing it or optimizing the pedagogy of security.

In fact, even in these so called knowledgeable userbase you will find that there are pseudo-experts dulling the effectiveness of what they are saying so the blame is not always on the non-geek users. Often times, the geek community even does more harm than good in bridging the gap.

-{ Quote: "99% of users do not put anything anywhere - they just use their machines." }-

Except everyone pretty much use their machines. Geeks may do more or different things with their machines but at the end of the day, most of them do it out of their sense of "use".

This is like one of those myths people throw out when they meet enough people who can't cope with what their saying. Sometimes they're over-explaining it, sometimes they're over-simplifying it and sometimes they just relate to past experiences and rather than quench a person's curiosity, they often hand scripted diatribes such as install this or use this.

Even Wilders is not exempt from this. How many times will you hear some person ignore the question and simply say: Use this or that cause I'm using it? or I don't understand your question, use this? In fact, isn't AV comparison banned in Wilders precisely because the so called knowledgeable userbase turns out to sometimes be biased pseudo-experts?

-{ Quote: "Out-of-date anti-virus programs they might have are pretty much useless, so why bother if they're gonna get infected in the first place? Might as well save some money." }-

Not sure what you are implying here.

1) It ignores the fact that there are free/cheap security alternatives.

2) Out-of-date AV programs that are good still detect a decent amount of viruses and malware especially ones that don't involve anything p2p or copyright protection related.

-{ Quote: "Which is exactly my point - they need it, but they can't use it. And if you do know what to do, including some of the alternatives mentioned, then you sure don't need it." }-

My argument though is that they do have the possibility of knowing how to use it...if the learning material was better optimized for them. How often do they encounter this though?

This is my criticism with your point. It is based around an often knee-jerk cynicism that often times create more barriers for people who want to know rather than help optimize it for them.

It is like a dogma of "Ok, everything that I can learn from is good enough. Everyone who requires more skills than I do though cannot be taught because they can't learn from the materials I learned therefore they can't use it."

It's these kind of mindset that creates for elitists who allow for people who aren't as good run amok fundamental solutions.

-{ Quote: "BTW, there's no golden solution just as there is no golden solution to stupidity or mediocrity." }-

But there are fundamental things which helps lead to better solutions. Following these fundamental things helps not only the seeker but the one who possess the knowledge to better communicate their expertise.

Unfortunately, as the improvement in pedagogy goes, the more pseduo-experts enter and the large the pseudo-experts the harder it is for people who want to learn not be able to because these pseudo-experts often believe that the seekers should have the capacity to learn in the same standards as they and not seek an easier way so that more people can learn just as the original experts paved the way for allowing them the fruits of their knowledge.

That's another criticism I have with your point. It makes no room for growth, progress nor consideration for pseudo-experts and therefore I find it flawed in that manner.

-{ Quote: "Until the moment you have licensed computing where you have to pass the test to use them and then get punished by law for misdeeds, just like driving, nothing will change. This won't ever happen, though..." }-

Let me ask you this: Did driving help reduced and improve driving knowledge that radically?

Do you see every other 3rd world people build racing cars out of scraps? Do you see gov'ts being intelligent enough to realize that bailing out auto-industries is bad cause of the progress in driving knowledge? Do you even see people not using their cellphones while driving cause the information of safety is so impacted in their minds through gaining their driver's license that it takes a decade before someone is stupid enough to risk it?

-{ Quote: "Computers are geek tools made by geeks for geeks and thus completely unsuited for masses." }-

Are you saying nerds did not and cannot invent the computer? Of course not.

Bottomline is that many of these modern day geeks can't hold the straps of their earlier more pioneering geeks and the same can be said for these modern day geeks' capabilities once the future geeks take their place.

The thing is...the masses have suited to computers that is why security programs and instructional websites would bother writing anything on securing their PCs. In fact, that is why they already call it the "Personal" Computer and even if you want to argue the fact that it is more of a MS brand, Apples are even more praised as "suiting" the masses to use these "geek" devices.

In fact, a rich person that is part of the masses is more likely to access these geek tools made for geeks earlier and better compared to a poor average geek because they can not only afford the technology but they can hire more willing to teach well geeks than the poor geek.

Edit: Btw just read this quote: education theorists tend to be “pedagogical plainsmen ‘preferring intellectual plains to intellectual hills and valleys’... [and are] devoted to ‘the weary process of shoveling to fill valleys and steady erosion to remove mountains of human talent.’ ”

http://www.dana.org/news/cerebrum/detail.aspx?id=3228

Even though it goes against the grain the of the thread title. I really just think a good AV will keep you safer then you will ever need. Sometimes, we complicate this, a hell of a lot more then it needs to be. This thread is proof.

trjam, that's true but I'm just annoyed how often AVs detect AutoHotkey programs as viruses. Sure, I can add it to it's ignore list but it's still frustrating having to out-guess even a good AV of whether something is legit or not.

-{ Quote: "Use DR Web cure it.No installation,no messin up with the registry." }-Am i correct the free version cannot be updated, you have to download the next version? Or can you manually update?

-{ Quote: "Just because you might have done something doesn't mean there's enough people doing it or optimizing the pedagogy of security." }-A real part of the problem is simply the rich trove of solutions. More options = more confusion.
-{ Quote: "Often times, the geek community even does more harm than good in bridging the gap." }-All too true.
-{ Quote: "Even Wilders is not exempt from this. How many times will you hear some person ignore the question and simply say: Use this or that cause I'm using it? or I don't understand your question, use this? In fact, isn't AV comparison banned in Wilders precisely because the so called knowledgeable userbase turns out to sometimes be biased pseudo-experts?" }-The mindless AV comparison threads are banned since they are, well, mindless. When a dozen people start yelling at each other to use "X"! (or Y! or Z!) and don't back it up with a pertinent technical rationale...., we're into the regime of mindlessness. Bring a cogent technical rationale to the discussion, and comparison threads would work fine.
-{ Quote: "My argument though is that they do have the possibility of knowing how to use it...if the learning material was better optimized for them. How often do they encounter this though?" }-In part, I would say that there is a bit of mismatch in expectations. Most users approach a PC as an appliance, not a precision tool. If you walk up to an "appliance", you want to be able to use it on an almost intuitive basis. Think of an ATM located in a country which uses a language that you don't speak - most of us could probably get local currency out of it after a try or two. That's because the interface is quite simple (minimal options) and fairly intuitive. It's difficult to walk down the wrong path since there are so few of them presented to you. Most of us know the basic paradigm from out home country. The paradigm doesn't change a whole lot. PC security is (or should be) like that, IMHO.
-{ Quote: "Let me ask you this: Did driving help reduced and improve driving knowledge that radically?" }-It wasn't the "driving"...., it was the accidents and near misses, i.e. the "experience". Sometimes you just need to live it or simulate it under controlled conditions for the information to take hold.
-{ Quote: "Bottomline is that many of these modern day geeks can't hold the straps of their earlier more pioneering geeks and the same can be said for these modern day geeks' capabilities once the future geeks take their place." }-It's not that they can't "hold the straps", but that the specific straps have, by and large, changed.

Blue

Thanks BlueZannati. I don't entirely agree with all your conclusions but just for providing a third perspective is well appreciated.

I will say that I personally know less about appliances than computers so I find fault in that analogy. I think, in general, repetition and as you said controlled simulation go a long way and that saying most people treat computers as applications kind of throws in question what the difference between the two words are.

As far as the driving bit was concerned though, it wasn't that I was denying it didn't help. It was more to show how even in something as common as driving tutorials, there can be ways to improve things even more.

A person who knows they have the option to be a race car driver by just following basic lessons for example would have less incentive to participate in an illegal race.