Getting rid of "Security Software"

Seems to be quite a few knowledgable people here doing away with their AV's and other security software now, and relying more on their Rollback/Restore/Imaging software, and also virtualisation programs of one sort or another instead.

I understand they would experience considerable speeding up of their systems by doing this, but would like to know what security software they actually leave on their system. In other words, what do you consider indispensible, and how lean are you running your system.
Also, how much do you rely on your hardware firewalls to replace software?

Thanks for your input.

Ken

 

Hello,

Imaging software can be considered security, but it is also any-disaster-scenario rescue.

Beside that, you really don't need much, despite the obvious panic of the security market. Things are not as bleak as they appear to be.

For your daily tasks, you merely need a firewall and a decent browser, which means not MS one. And that's basically it.

Drive-bys, you handled above, active double-click executions - that's something no one can help you but yourself. But my question is, in a full production environment, why do you need to execute any files on a daily basis? It's supposed to be a stable, work platform. If you test software every 2-3 hours, then it's NOT a production platform, it's a test platform.

Other software that might merit attention are the mail client, IM clients, P2P software - keep these up to date, go with open-source programs, and you'll be fine. Of course, avoid talking to people you don't know and clicking on crap they send you. It's like eating a candy from a stranger on a street. The same goes for emails. Something called RE: for you does not merit the waste of reading.

People who claim they intercept baddies on a daily basis are either doing something very wrong, paranoid or their programs lie to them to justify the money "well" spent.

Mrk

 

i don't consider Rollback Rx as security software.

i consider Rollback Rx as a savior to Vista OS due to a lots of bugsssss...

also, if you are infected by a powerful virus how sure you are that all of your back-up image or snapshot will not be infected by virus? its better to install security software to protect your imaging software.

i used Kasp with FW because i go to other places and use public/private WiFi a lot, though in my home i have Router FW.

 

Read my post again please!

 

- On-demand online AV scanning, but rarely.

- On-demand anti-spyware scanning with AVG AS, AVG anti-rootkit, SpySweeper and AdAware daily.

- Winpatrol (for several things - great program!).

- Software firewall for outbound protection.

- PowerShadow "freeze" of system "C" drive. (All data files on Truecrypt partition which is on an external drive).

I give a lot of trust to my hardware firewall/properly configured router.

Other than that - it's strictly a fresh image sometimes once a day. It takes approximately 2 minutes and 30 seconds to restore my "clean" image and doesn't interfere with my productivity at all.

I feel very safe. In fact, I feel additional security software, while fun to 'play with' - is a waste of money and time.

 

I ditched all my AV/AS/AT/AK/AR scanners and I don't have any security software that is based on blacklists either.

If you put the real-time shield of the main scanner aside and you can have only ONE real-time shield per kind of scanner to avoid conflicts, then my reasoning is like this.

1. All scanners have one thing in common, you run them normally one time a day.
So there is a vulnerable period between TWO scans.

2. Each time when I reboot my system partition is cleaned by my freeze storage.
So there is a vulnerable period between TWO reboots, which is the same as the vulnerable period between TWO scans.

All infections have one thing in common, they CHANGE your harddisk in order to do their evil job and that is their weakness.
My freeze storage does NOT like CHANGES, so it removes them during each reboot, not only the BAD changes, but also the GOOD changes.

All "Image Backup" softwares and "Immediate System Recovery" softwares are based on that principle.

All "Image Backup" softwares offer the same quality of restoration, they simply replace your harddisk with an image, but they do it slower than "Immediate System Recovery" softwares.

"Immediate System Recovery" softwares don't have the same quality, some are better than others and this has been proven at Wilders.

So both softwares are very good in REMOVAL of infections and that's why I work with CLEAN images, CLEAN archives and a CLEAN freeze storage, which are based on a fresh installation with very short internet connections, just long enough to update or activate installed softwares.

But there is a daily problem : the vulnerable period between TWO reboots (= TWO scans for scanners).
In theory infections can INSTALL themselves and do their evil job (= EXECUTION) during that vulnerable period and that's why I still have security softwares, that stop the installation and/or execution of infections.
I have only 3 softwares to do this : "Anti-Executable" and "DefenseWall" and Look'n'Stop + router as firewall.
Is that enough ? I don't know, because I don't have any knowledge about security or internet, but it seems to work in practice.
I ran recently KAV, NOD32, SAS and a few other scanners on my computer and they couldn't find anything and I live without scanners for at least 6 months.

I don't trust any of my security softwares, because they fail too much, while recovery softwares hardly fail.
ShadowProtect replaces my system partition with a clean image in 9 minuts, including the loading time of the Recovery CD, that is pretty fast. The main reason why it so fast is that my system partition does not contain any personal data.
Restoring a clean FDISR-archive takes less than 1 minut.
My boot-to-restore from desktop to desktop takes only 1m50s, including the cleaning.
It took NOD32 at least 25 minuts to scan my computer and that is only one scanner and I wasted more than 25 minuts, because NOD32 didn't find anything.
So I'm not really worried about infections, as long I restore my computer regularly, which I do during EACH reboot and I reboot several times a day.

I consider my security setup as a personal experiment, so I don't recommend it. Each user has to decide for himself how to protect his computer.
I'm sure that security experts will find holes in my security setup.
I don't really care, because infections have a very short life on my computer.

 

Sounds interesting and I hope to have the time to play with Sandboxing, VMware, etc., BUT, I still would not do away with my scanners, the main reason being Trojans that can steal info from your system and phone it home. Yes, that Trojan may be "desolved" later when I vaporize my Sandbox or Virtual PC, but by then the damage could have already been done, someone, somewhere may have some private info of mine.

Acadia

 

Aren't trojans executables ? If yes, Anti-Executable will terminate them immediately. If no, how they look ?

 

This ought to be a sticky.

Unless you are doing something very wrong I can see no need for anything other than a hardware Firewall and Firefox. Yes I have Acronis images. Yes I use Returnil on some machines and Deepfreeze6 on others but any "security" benefits that these programs provide are a bonus and not the major reason for using them. Any suggestion that just going on line or that you are at risk between reboots is just plain hysteria.

So I run with No security software other than a hardware firewall and FF.
Not interested in "what happens if something bad gets in"

 

Hello,
Acadia, Erik, could you please tell me how you contract these infections?
You speak of trojans infecting, changing etc ... how do you manage to get these trojans? I really want to know.
Mrk

 

Hi, Mrkvonic, I've never contracted a Trojan, at least to my knowledge. If I ever did I would depend upon good ole BoClean to nail it. Among other ways, you can contract Trojans thru opening a spam email or a simple drive-by download by surfing to a malicious site.

Acadia

 

Hello,

If you have had a trojan, why do you ever consider it in your scenario?

Did you ever get a prompt from BOClean? If you did, did you bother to check if it were a real threat or something innocent or even non-existent?

Opening spam mail, how exactly please?

Drive-by from a malicious site? Why should you visit a malicious site? Even if you do visit, drive-by-downloads only work in IE, and even then, if it's misconfigured.

So, all this said, I'm wondering ...

Please mind, this is not an attack of you. I'm just trying to provoke some healthy thinking. Fearing the unseen dangers in the darkness is not beneficial. I prefer to shine into the darkness and really see what threats are there.

Mrk

 

My only real must haves are my hardware firewall and acronis trueimage.
On top of that i like to use first defense-isr, powershadow and ghost security suite.

 

Relative to increase in page rendering time I just conducted and experiment. My operating system is XP Home, 2.80 GHz Pent 4, 1 GB RAM, 5 mbps cable broadband. Now I have overkill in active security apps. NOD32 (no explanation necessary); Spy Sweeper (have had it for a long time, still really good at system changing notification); AVG Anti-Spyware (purchased ewidow back when, two min mem scan schedule 2x/day really frees leaked RAM); Windows Defender (creates restore points before installs and I like its startup program manager accessible with a few mouse clicks); BOClean (it was free!) and of course Comodo FW. So I log into Firefox Sandboxed with everything Sandboxed. I then open seven web sites and record the Fasterfox rendering times. I delete the Sandbox contents and disable everything but Comodo. Logon to my home page was the same, about 7 seconds Sandboxed with apps active or not. Yahoo rendered 2 seconds faster, which could have been an anomoly considering the rest of the results. One site rendered .3 seconds faster; two sites .2 and three sites .1. So for the most part. we are looking at tenths of a second and like I said I've got more apps running than most people.

 

Hello,
Try P2P for a week without rebooting.
Try gaming some fine 3D / online something.
Try Matlab scripts.
Tell me how you fare.
Mrk

 

How about take your timings with your current system then reformat and reinstall but with no software firewall or other security ? I don't think just turning things off inside a sandbox is quite the same thing. I do know that with a collection of security programs my poor old P4 takes over 30 seconds just to load Paperport 11. With no software security ( just a hardware firewall and FF)
I can load in 6 seconds the first time and 3.5 thereafter.

If I had ever seen a virus or had my identity stolen I would probably put up with the slowness...... But I just don't see the threats that others do. whether they are actually exposed to any real threats is another matter and I'm not yet convinced.

 

All of the imaging software in the world will not protect you from a virus that attackts your Bios or memory. There are viruses that can actually destroy your I/O in your hard drive. Now how is the imaging software going to help you when it can't be accessed. The day of the AV,AS,AT are not over yet. Preventive measures are still a better way to go than trying to treat it after infection. And sandboxs will not stop it all.

 

CIH/Chernobyl is the only virus known to attack the BIOS. An AV will not save you if a new virus with CIH-like behaviour is released and heuristics/proactive defenses don't catch it.

Do you mean KillDisk?

You're supposed to have a recovery CD and images stored safely in external/disconnected storage.

 

Hello,

I Often hear that backup/imaging softwares can be used as security. However, and I do not say that it is the case of people involved in this thread, people telling you that, very often miss the point that a keylogger can be active once, log confidential data and send them out by email. Then, when you restore your system, no matter it is done automatically every reboot, or manually, the harm is already done. I see backup/imaging softwares as a general disaster recovery, that the "disaster" be a virus, or a hardware failure. Backups should not be seen as a primary defence line. ErikAlbert from this thread is a good example of a user running backup softwares, but still have few security applications.

Then the "minimum security" will be different among the users. In my opinion, the minimum is what I've said there (basically what has already been said, update Windows, use another browser, etc...), then antivirus and software firewall. However as you can notice, it is already different from other people's opinions here.

In fact, I perfectly agree that you do not need 3 resident anti-spyware softwares, 1 on demand + 1 resident AV, 1 software firewall, 2 HIPS, etc... People reaching that point (and there is) reaches more a destructive security than anything beneficial for them. If that it is what some people are trying to say, then they are right.

However, at the opposite, people claiming that no security is necessary and that anyone should run Windows wide open, are ever purposefully misleading, or out of their mind. I explain what I mean : suppose that what they say is true about them, they can counter manually any threat or simply avoid them. They have the knowledge, they are smart, and have safe habits. However, that is utterly dumb to claim that what applies to them, applies to anyone, and bring it as a fact ! Imagine everyone disabling all it's security because "knowledgeable people" told it was useless, can you see the damages ?
If I was running without any security (that's not the case), I could say it, but I would explain why and how and I would absolutly not advise it to anyone, just to appear "smart". The consequences would be a real disaster.

Fighting bad habits of people using far too much security, resulting in a mess, is a valuable and respectful quest. However telling them that those who use any security are stupid, and that you should remove all of your security, is very dangerous.

So finally, to reply to the OP, I would advise again to read the following document about configuring and securing Windows (without any security software), and then, add an AV and a firewall. Backups seems a necessity to me, but can be optional for you, it depends on your needs.

Regards,
gkweb.

 

I don't recall anyone in this thread saying that no security is necessary. Suggesting that a hardware firewall ( security) and Firefox (security) is not saying no security is necessary it is saying that copious amounts of security are not always necessary.

I don't recall anyone in this thread saying that those who use security are stupid.

On the other hand, for some reason you seem to feel it is ok to say that others are purposefully misleading, or out of their mind. As my points are made in good faith and not meant to mislead I either have to accept that I am out of my mind or you have perhaps typed in haste without thinking sufficiently. Could you not have made your points in a more friendly way ?

 

http://www.computerworld.com/blogs/node/1099 anything is possible, everyone has the right to run whatever security software they desire or not run any at all. But I am not ready to put the well being of my computer in just one or two non antivirus apps.

bigc

 

I didn't suggest that too, it wasn't done in this thread, but was in many others. I just took the occasion to talk about it.

I didn't imply that either. My post was directed toward those "knowledgeable" advising others to not use any security. A hardware firewall is already security If you read again my post, you will see that me too, I say that "copious amounts of security are not always necessary".

No one in this thread, I was just warning about other people doing it.

No. I feel it is ok "to say that others are purposefully misleading, or out of their mind" when they are advising to other to remove all of their security software. That makes a major difference.

Wow, my post wasn't at all directed against you It was against those many "knowledgable people" the OP is talking about, those that tell you to remove any security (AV, FW, hardware firewall, even firefox...) which is not your case.

I'm sorry but english is not my native language, and in my language the translation of what I said is perfectly friendly. However if something is offensive in what I said, feel free to explain me for I can learn to use other words (obviously I used words that I judged "ok" wehereas they seems offensive to you). It might be "offensive" only against the people I mentioned, which is not the case of anyone in this thread.
If by offensive you mean that "purposefully misleading, or out of their mind" yes may be it is, and I still think it and keep my position on that about those who will advise you to remove any AV and firewall (software/hardware) and any kind of security because it's useless. They are a real danger, and they deserve worse words than those I used.

My post was just a warning against what I often see, and the subject started by kennyboy was very near of that (except he supposed by himslef to run less security, instead of people told him to remove any security). As I'm a little sick of "dump you AV, firewall, hardware firewall, just use IE ,etc...) I took the opportunity. Next time I'll write a more detailed introduction.

Regards,
gkweb.

 

And how is an AV going to save you from this threat?
On the other hand, malware writers prefer to build a spam-pumping botnet to destroying your HDD.