Using No Antivirus

[STONEMAN]

no resident AV for a while now,and dont plan to use one.
very happy with what I use, see sig
Everyone has different views,so use what best suits your needs.

[Dark Shadow]

Quote:

Originally Posted by Brummelchen

just lol. kerio is idd outdated and not state of the art. proxo works on win7.
but the best - xp - lolagain. for now its ok, but after 2014!?
SSM same - its not developped any longer, website is offline - also outdated.
you dont really think that outdated software can catch actual behavior?

i dont know where but it must be a very nice experience to test your system
versus actual java trojans through browser.

I can say they same for current updated software,dont always catch bad bahavior.Some one drives a classic car its outdated,does that mean they should buy a new car. Sometimes old things are much better made then new things.

Yes after 2014 XP is going to explode. The world could end as well.If something is not broken it doesn't mean it has to be fixed.

If you think your safer using the lastest so called state of the art software,then so be it.

[Brummelchen]

the are ofc changes into deep which outdated software cant control.

i dont consider me as safer - but i have another concept. if it hits me, i will burn me down. it was never so present with the latest java trojans i mentioned.
"resistance is futile"

i can follow your pros and cons, but anytime i wont use outdated software.

[noone_particular]

Quote:

proxo works on win7.

I did not know that. Pleasantly surprised.

Quote:

kerio is idd outdated and not state of the art.

I don't care if it's "state of the art". Except for IPv6 which I don't have, basic internet protocol hasn't changed. The apps and rules that controlled it then still work the same.

Quote:

SSM same - its not developped any longer, website is offline - also outdated.
you dont really think that outdated software can catch actual behavior?

Yes it does. Even the free version of SSM catches the use of LoadLibraryEx, which can bypass Applocker.

Quote:

i dont know where but it must be a very nice experience to test your system versus actual java trojans through browser.

You assume a lot, starting with assuming that I have it integrated into the browser. On my PCs, Java is disabled and blocked by default. Not much point in trying to exploit Java via the browser. That particular attack surface, like many others doesn't exist on my PCs.

[dw426]

Quote:

Originally Posted by Hungry Man

Thinking that you've seen the worst of the worst because you hopped on TOR is naive. Thinking that the worst thing out there is the crap on malwaredomainlist? Come on. Yeah, that's the automated malware you'll run into and I'm sure you can have virtually any decent program and it'll protect you on the off-chance you run into something but pretending that that's all that there is to security is flat wrong.

You can disable DEP across XP. Turn it off completely. And you honestly might not get infected just because you're running EMET or some AV. Are you secure? Hell no.

It's just silly to pretend that you've seen "what's out there" by dealing with automated malware and looking around the deep web.

The "deep web" has nothing to do with whether the net is a ticking time bomb of malware or not. Really the land beyond TOR is no different than the "normal net". Everything you find in the underground can be found on the surface too if you look long enough. The way your post comes across, Hungry, is that there are magical hackers out there that can break anything and nuclear malware.

You won't even run into half the crap on MalwareDomains, let alone see the "doomsday" malware that intel agencies and other government hackers use for espionage and other operations (and in many countries, they don't even need that since they are already hooked in via control centers at ISPs and such). Malware is malware, the only difference between them is sophistication and the target.

On the flip side of this, pretending that encrypting everything, running an anti-execute app and so on, will protect you from everything is just as silly and naive. Besides, guess what would happen if millions of people started using Truecrypt and other tools? You'd have millions of doorstops.

[kjdemuth]

[EASTER]

Quote:

Originally Posted by Brummelchen

just lol. kerio is idd outdated and not state of the art. proxo works on win7.
but the best - xp - lolagain. for now its ok, but after 2014!?
SSM same - its not developped any longer, website is offline - also outdated.
you dont really think that outdated software can catch actual behavior?

i dont know where but it must be a very nice experience to test your system
versus actual java trojans through browser.

He he. I KNOW! outdated security software CAN & DOES not only catch even today's baddies, but also Terminates them completely, completely enough to not have to deal with the same ones again once they been netted by these relics.

Of course being on XP untill Windows 8 comes out all the way for some of us is a HUGE advantage over any malware, including the most notorious which are the destructive type - MBR Infectors + File killing viruses. I've turned loose some really well crafted ones and still am in awe to see some of these "outdated" softwares absolutely trap & dismiss them.

[Hungry Man]

Quote:

Originally Posted by dw426

The "deep web" has nothing to do with whether the net is a ticking time bomb of malware or not. Really the land beyond TOR is no different than the "normal net". Everything you find in the underground can be found on the surface too if you look long enough. The way your post comes across, Hungry, is that there are magical hackers out there that can break anything and nuclear malware.

You won't even run into half the crap on MalwareDomains, let alone see the "doomsday" malware that intel agencies and other government hackers use for espionage and other operations (and in many countries, they don't even need that since they are already hooked in via control centers at ISPs and such). Malware is malware, the only difference between them is sophistication and the target.

On the flip side of this, pretending that encrypting everything, running an anti-execute app and so on, will protect you from everything is just as silly and naive. Besides, guess what would happen if millions of people started using Truecrypt and other tools? You'd have millions of doorstops.

Surface web is nothing like deep web. I don't even know how to argue this point, it seems self evident simply by its nature and content or even by its existence as a separate net.

Yes, there are very skilled hackers out there. Absolutely everything can be broken if the time is put in. I don't care if it's Chrome or Linux or whatever, it can be hacked. I'm not saying it will be, I just think that pretending that this isn't the case is basically covering your ears to what every hacker and security researcher will tell you - every system can be broken into with enough time and dedication.

Just because malware has, for years, been very much the same and you can trip it up easily doesn't mean that your system is secure. It's secure against automated malware that's aimed at people who don't know what a computer is.

Pretending that one is above it all and they've seen the worst the web has to offer and survived is ridiculous and naive. If you aren't interested in defense in depth, that's fine, but pretending that you're above it all because you've seen it all when you haven't is just dumb.

And I'm using the proverbial "you."

[dw426]

Quote:

Originally Posted by Hungry Man

Surface web is nothing like deep web. I don't even know how to argue this point, it seems self evident simply by its nature and content or even by its existence as a separate net.

Yes, there are very skilled hackers out there. Absolutely everything can be broken if the time is put in. I don't care if it's Chrome or Linux or whatever, it can be hacked. I'm not saying it will be, I just think that pretending that this isn't the case is basically covering your ears to what every hacker and security researcher will tell you - every system can be broken into with enough time and dedication.

Just because malware has, for years, been very much the same and you can trip it up easily doesn't mean that your system is secure. It's secure against automated malware that's aimed at people who don't know what a computer is.

Pretending that one is above it all and they've seen the worst the web has to offer and survived is ridiculous and naive. If you aren't interested in defense in depth, that's fine, but pretending that you're above it all because you've seen it all when you haven't is just dumb.

And I'm using the proverbial "you."

I mean everything you can find on the deep web can be found on the surface as well. The biggest difference is that you're 100 times more likely to run into a LEA/intel agent and traps galore. And, well, hell, if you are visiting the places most consider part of the deep web, then the deep web is actually a rather boring place.

At least we agree nothing is unbreakable, lol. However, the kinds of attacks you are referring to when speaking of such things, are not ever going to be seen or dealt with by an average user. So, automated attacks it is, and said attacks are far from scary, and laughably avoidable with 5 minutes worth of effort. As I said earlier, if we got even a small majority of average users to truly lock down their systems, they'd lock them up and turn them into bricks.

I'm 1000% with you that Linux and Chrome and all these so called "rock solid" options are nowhere near untouchable. But I still see the daily "alarms" as overblown. Unless you're in the crosshairs of one of these "one percenters", hackers that have the time, the funds, and the desire/need to take you on, you've very very little to really fear (the exception being government issues, which there is practically nothing you can do about.).

[Hungry Man]

Quote:

I mean everything you can find on the deep web can be found on the surface as well.

Not really... and definitely not to the same extent. Data can exist anywhere, sure, but no one's going to be selling exploits, drugs, or child porn on the surface - at least not nearly to the same extent.

Quote:

At least we agree nothing is unbreakable, lol. However, the kinds of attacks you are referring to when speaking of such things, are not ever going to be seen or dealt with by an average user. So, automated attacks it is, and said attacks are far from scary, and laughably avoidable with 5 minutes worth of effort. As I said earlier, if we got even a small majority of average users to truly lock down their systems, they'd lock them up and turn them into bricks.

Right. The average user is not likely to run into an exploit that takes EMET into account (example) so therefor EMET is incredibly effective against exploits. But let's say I disable DEP and enable ASLR. Of course, I've just broken every exploit out there just about for that program, but I've opened up a door for a ton more that aren't out there. So I'm safe from attacks that aren't aimed at me but I'm still very insecure.

So is that security? No. Could an exploit bypass that security? Yeah. Will it? Probably not. But it would be trivial to, and saying that anyone has experienced all threats because they've tested against some automated malware that is aimed at grandma's XP SP0 running IE 6 and Java 5 is silly.

Quote:

I'm 1000% with you that Linux and Chrome and all these so called "rock solid" options are nowhere near untouchable. But I still see the daily "alarms" as overblown. Unless you're in the crosshairs of one of these "one percenters", hackers that have the time, the funds, and the desire/need to take you on, you've very very little to really fear.

Just to put it out there, it isn't a "special breed" of hacker who can exploit a machine that's running more than what the average user runs. These aren't 1%'rs. I mean, sure, a skiddy can't, but I don't think it's so difficult to tweak an exploit to bypass certain things. It's much more about desire/ need than ability.

My only point at calling Boost naive was that he was implying that hopping on TOR and using automated malware from domainlist means that he's
1) secure
2) somehow "above it all"

when all it means is that he's implemented a solution that works for what he's likely to run into. And that's fine.

[bo elam]

Gone without one for almost a year and a half. I don't think I ll ever go back to using one real time, I ll be worrying too much if I ll ever did.

Bo

[SweX]

Quote:

Originally Posted by iScream

And to the person who said todays AVs are lighter, I remember running avast 4.8 on a 300MHz AMD K6. That compared to avast 7 - I can't stand the slowness after installing it on a 1.6 n270 atom.

Haha, well if you would install Norton 2005 and after try the 2012 version, then I am sure you must feel a difference in performance

[Atul88]

Quote:

Originally Posted by SweX

Haha, well if you would install Norton 2005 and after try the 2012 version, then I am sure you must feel a difference in performance

i think 2012 is still heavy, the best so far was 2011!!!
don't tell me that i maybe wrong
because i used it on Pentium 4
And i really am surprised when people say that AV's are heavy
i bet they are atleast on Dual core...
i am running AV's on Pentium 4, 768MB ram and eset runs like a champ!!!!
No false positives, low footprint, silent and right now consuming 34MB ram.
just tried AVG internet security on my other Hard Disk and surprise surprise it is light as much as Avast & ESET!!!

[NAMOR]

Been real-time AV free for 6 months on my gaming computer. HMP, Bitdefender TrafficLight, Sandboxie, Anti-Executable.