Thanks for posting. I am really surprised at this... ... and quite relieved that my intermediate-at-best computer skill level is what it is!
Sorry could only think of 9 off the top of my head. Limited choices for security on Android, if DefenceWall or the like comes out for the Smartphone I'll drop Eset like a hot potato. (also using Gray shirts NoRoot Firewall at the moment) That's the easiest solution for her. (believe me)
Nope! I'm confident of my security setup – besides, I've come to realize that my main safeguards are my browsing habits and the way I interact with the net. I've used a few AVs over the years and got sick of misbehavin AV drivers – and\or programs that caused more issues than the viruses they were supposed to be protecting you from! Plus, I got sick of continually updating the damn things. (I do use MBAM Pro – and have to update the defs - but as I use the program only to scan downloaded files - I update prior to scanning)
Really, not even online ones like VirusTotal? I'd like to know what alternatives you have for checking downloads if so.
I feel tempted to go back occasionally to real time scanning but I always get depressed by the lack of efficacy for the system resources used. I'll give you an example. I used a highly rated (recent award winning) product, although it holds true for them all, for a month or so at the tail end of 2013. I got an e-mail with a zip attachment saying it was my credit card statement from a company I don't use. Virus written all over it for those who know what we're looking for. It was not detected by the real-time AV. VT scan gave 37 vendors detecting it but not mine. Start run restrictions in SBIE and AppGuard blocked execution. Some would say your other layers did their job, I just say if they do their job why the hell do I need resource hungry (in comparison to SBIE and AG) AV if the other layers are sufficient. Cheers
Nope. If I do that it means I will need to whitelist VT and Google in HTTPSB. And my upload speed is slow. Too long. Plus, it has file size limit. I do not. If I wanted to find new software or just trying out, first things first I'll look up on reliable websites such as Gizmo's TSA, dotTech, etc. Then when I have names, I'll lurk on forums to get more info about those software and their reputation. If all good, I'll see if those names are listed on Softpedia. The names which are not listed will be discarded. And if a software doesn't offer an offline installer, it will be rejected too. Lastly, the download links must not be blocked by any means. Thus, I don't need to check them anymore because the risk has been reduced considerably. Then you might ask: "How do I check PDFs or JPEGs or other downloads which seem to be non-executables?". The answer is simple, just open them. AFAIK they also will be blocked with execution control if it turned out that they were malware undercover. Although a proper sandbox is theoretically better.
Yes, one would expect the opposite as an end result, on the other hand reading how the test machines were set up with only an AV (Trend Micro), it's not surprising that the higher number of websites would generate a higher probability of infection. White listing anti-exe, virtualization, sandboxing are absolutely necessary to avoid new infections.
Yes but I feel I dont really need it with Sandboxie out front, OP hips in the middle and MBAM/HMP covering the rear, as it were.
You know Freddy, you have a real good point there. In my opinion it is just plain arrogant when a vendor who has a presence on a forum such as Wilders to stifle commentary by using their position to close down a thread they don't like. I have never liked bullies. I commented on the thread in question substantially. I couldn't explain part of my negative reaction to the prose being submitted. You clarified the outstanding problem I had. Thank you.
Well it looks like so far I'm one of those in the minority category of No. Why? Between online scanners, (file downloads) on-demand scanners, bootable cd scanners and a tight security setup in place I feel no need to run a real time AV.
So you download from reputable sources. But they aren't perfect, so what happens when you execute something? Is it allowed to run freely?
Yes, but only because I have to when working remotely from home. My work VPN refuses the connection unless it finds an up-to-date AV running on the PC. For primary real-time protection, I prefer to rely on a combination of policy restriction and virtualization.
i voted no. i bought my computer to enjoy software, not waste CPU cycles to run real-time security stuff. if i check my downloads with an on-demand scanner i don't see why i should run of those. i don't open suspicious email attachments either.
Just to be clear, unless I'm completely misunderstanding, the reason that thread was closed was not because they didn't "like" it, but because an official company reaction was sought, and the forum is, primarily, for support issues, Joe being in development, and Daniel helping with support. Neither is either qualified, or presumably authorised, to go making official company statements etc. Please see: https://www.wilderssecurity.com/showpost.php?p=2328912&postcount=57 https://www.wilderssecurity.com/showpost.php?p=2329540&postcount=61 IMO you won't see anyone from BD or others generously providing such support as has always been evident over on the Prevx forum. Oh, and yes I use WSA
No realtime nor ondemand AV, a firewall or any other security software for that matter. I find a chance of getting infected impossible (like 0,0...01%), so I do not bother. I have actually tried it at first because of the heavy impact of AV on the system performance, then I have slowly realized, that since Vista with UAC it was no longer needed. Please do not mistaken getting infected with getting hacked. A real person can not be stopped, no matter what, even security agencies can not prevent it with elite hackers.
An update, no longer using any AV including MBAM pro in real time. MBAM and HitmanPro on demand only.
That about covers it. The only time I've ever been infected is when I relied on an AV. The top link on a Google search led me to a site that crashed the AV. Since it was a security suite, the rest of the suite also crashed. Some time ago, an AV update caused several clients PCs to Blue Screen. The update added an anti-rootkit component which conflicted with another app. Many years back, I experimented with multiple AVs, 1 resident and several manual scanners. It wasn't bad until the manual scanners all started requiring resident processes and services, up to 8 separate processes on some of them. Maintaining compatibility became a nightmare, especially when they updated the apps with more bloat and fewer ways to shut off certain features. Even with all these, I was getting a collection of malware that evaded all of them when I first found it. Thanks to SSM intercepting the malware's attempt to execute, I was able to capture them. The update frequency got ridiculous on some of the AVs. I was satisfied with once per day. The AV initially wanted every 2 hours. Later, an update made that interval much shorter. I'd change the interval back to every 24 hours. The updates changed it back. I had to disable the built in updater and run it through a 3rd party scheduler tomake the interval stay where I wanted it. Every AV I've tried wanted to delete or quarantine several batch files I used. Hallf the time, the ignore options didn't work. Talking to the vendor didn't help as they considered them malicious if used on someone elses equipment. Between these problems and the general sluggishness each caused in my system, I was quite disgusted with AVs. After beta testing SSM and learning more about implementing a default-deny policy, I stopped using AVs and haven't looked back. Since that time, I've expanded my use of default-deny to include inter-process activity, internet access, web content, and connections to additional sites/servers contained in visited pages. The browser is faster. Pages load faster. Apps run faster. There's less demand on RAM and processor time and less heat coming out of the tower, much to my cats disapproval.
Great post, man. Enjoyed your explanation. Too bad about the kitty, though. I'd love to see you post back one day and say you installed an AV... because the cat made you do it.
Now they've pushed this to its limit, constant, continuous updating, aka cloud AVs. In the mean time, they're buying out and absorbing other technologies (sandboxing, HIPS components, etc.) in order to keep themselves relevant, and bundling them with their update dependent cash cows in order to keep users paying.
Source. I only download software from Softpedia. It can be roughly considered as my download repo. And I always use the secure download links whenever possible. Very true. So are AVs. The only problem is if Softpedia was being hacked. I think the HOSTSs offered by HTTPSB and Comodo's Secure DNS should be enough. My logic says if the file already wrote on my HDD, it's been too late to prevent it if it contains malicious payloads. Now if I have executed it, trying to watch over it is like trying to fire a cannon while your ship is sinking. What matters to me is how to protect those allowed processes from being hijacked for any malicious purposes, which is supposed to be the job for EMET, AppGuard, EXE Radar, etc.
