Going AV less- suggestions are welcome

Hi,

I've gone AV less for the first time in one of my pcs. So please give suggestions and advice on my setup and anything that needs to be added, removed or replaced. My new setup is:

HitManPro + Keyscrambler
Sandboxie + DriveSnapshot
Norton ConnectSafe + NoScript | AdBlock Plus | WOT | LastPass
Skydrive : 7-Zip encrypts backed up files
Windows XP Firewall

OS : Win XP SP3 32bit

Best Wishes,
Iron Man

 

Looks fine to me.

 

Looks good

I bet the system feels lighter now

 

Are you using the standard Windows XP firewall? Are you behind a hardware router?

Your security is strong enough for any internet facing program that runs in a sandbox, assuming you've set up those sandboxes well.

Edit: Your signature has changed to reflect the XP Firewall.

 

Instead of using 7-Zip to encrypt your SkyDrive backups, perhaps take a look at Duplicati.

 

Did you set this up to run automatically? If so, please share!

 

I know its more than enough. For the past year and a half I used a somewhat similar setup: SBIE, NoScript, Adblock and Windows firewall. Never seen anything that looks like malware knocking on my door.

Bo

 

You have everything covered as far as I see. Nice light setup. Keep it.

 

Thx elapsed. Really appreciate it.

 

Yes it does feel lighter. I'm a soft pillow which is hard to penetrate for the malware.

 

Nope I am not behind a hardware router sadly. No money you see.

Yes I've hardened sbie with all the knowledge I've acquired from all of my friends here in the forum.

 

Security wise they are the same. They offer the same strength of encryption- 256 AES. Duplicati may have advantages over 7-Zip with other features but not in security afaiu. Anyways I'm backing up my important files to the cloud - Skydrive only don't intend to backup to FTP or DVDs. I already backup drives and all the files within it. I do not even use Skydrive desktop app just the usual uploading and downloading. So no constant resource eating and bandwidth eating. For that reason 7-Zip perfectly fits the purpose. It's very small and eats nothing except disk space.

Thx for the suggestion though.

 

Nope. Actually it should read I've manually encrypted files backed up files to Skydrive using 7-Zip.

 

Ah thx for the confirmation Bo. Nice to know you also used a somewhat similar setup. Oh and if malware do knock on my door I've got HMP licensed to remove them once and for all. And after the latest MRG Flash test I feel confident HMP will certainly kick a$$ if malware do slip by.

 

Thx buddy. Yeah I'll be keeping it for a long time. I love the setup so much that I've adopted a similar setup in my other pc.

 

Make sure you submit unknown files to jotti or use one of your scanners prior to letting it loose on your real system. I try to download much of what I need from known good sources, but one cannot always do that.

If in doubt, start the unknown in sandbox or vm, or make sure to run it restricted. Sandbox analyzer might help in such situations.

The only good thing about an AV for me is that older, known virii are caught by them for the most part. I don't trust them for current problems, but that is just me.

Sul.

Edit: point in fact - just today a gal I know who uses win7 and UAC with Firefox and IE uses her machine for work purposes (from home). She finally listened to me after years of nagging, and about a year ago she bought this machine. I installed win7 (was oem) and set it up right. She has been very good about being cautious, no problems. This week her in-laws were visiting (complete noobs) and they somehow got her chock full of nasties. They were under UAC and she had Avira on and up to date. How? It doesn't matter. It only matters that when you only depend on UAC and an AV, only those who really understand what UAC is trying to tell them seem to fare well. That is of course not a fact, only an opinion I have after seeing this sort of thing happen over and over.

 

Yes I download only from trusted sources and apps from either majorgeeks or main website verified by firefox or wot or I trust in writing the website name correctly. No redirection because of noscript so no going to malicious site before downloading. Also WOT and Norton ConnectSafe prevents any phishing and malicious site which might impersonate as the original site.

And I check with HitmanPro and VirusTotal. For my other pcs I've got EAM, MBAM and WSA along with HitmanPro and VirusTotal.

The difference is I'm not quite a noob(one Noob is in this forum is enough ). So careful surfing the web and rarely any downloads.

 

Browsers isolated with Sandboxie inside Shadow Defender's Shadow Mode set to run on each boot.

bye bye malwares.

 

@Ironman

Threatgate programs

I would like to know what browser, e-mail, media player, P2p if any, downloaders you are using and whether you have covered them all with Sandboxie?


Systemwide protection

As a second safetynet you could install something to cover system wide protection: suggestions

1. Surun http://kay-bruns.de/wp/software/surun/
You will be running as a limited user, with the advantage to easily switch to admin using the same profile (you will get a smarter UAC on XP)

2. Install a free easy to use HIPS like Spyshelter.
- remove keyscrambler OR
- disable all Spyshelter keylogger protection (keep only system protection)

3. Use WindowsDefender as an IDS
Disable program execution monitoring option and WindowsDefender will still inform you when critical area's of your PC's is changing at little or no CPU or disk I/O cost. The intrusion detection system works great (giving you an option to allow or block) when you join Microsoft Spynet as an advanced user.

Regards Kees

 

Hmm...I would rather go without any security software than use an old non-supported Shadow Defender. It was a great software but as malware landscape is shaping up quick that old software would sure be bypassed easily soon.

 

@Kees1958
I'm using Firefox and Internet Explorer 8(as you know XP is only up to . I'm too afraid to remove IE as it seems to be too closely attached to Windows. Email Client is Office Outlook 2007 but I don't use though. I use browser based email like gmail. Media Player is VLC and WMP. No P2P. No downloaders.
I've only forced my browsers and pdf reader to start in sandbox.

I'm the only one to use this pc so I want less hassle and want to have only one account- no other way than using admin. But I'll check out Surun. Will installing surun do the job? I don't have to do anything right? Just install and I'll get into limited user?

Spyshelter site is down. I guess it's going down Shadow Defender's path. Totally creepy.
How about ERP? Anyways, I thought I'd go with as less as possible. Now I'd need an AE? Hmm......

I had trouble with WD and not going back to it. Never ever.

 

SUrun will do the job. See http://www.dedoimedo.com/computers/surun.html for an English tutorial (thx to Mrk & Tlu). Install it and keep the rest of your setup. You will be safe for sure.

Spyshelter sit is up. Since XP is a matured/phased out OS, latest Spyshelter free will do fine (even when Spyshelter is discontinued, it will do fine on XP).

 

I've been running 32 bit XP SP-2 standard account- LUA off without AV for almost two years now.
XP firewall, SBIE (free)/IE 8, Keyscrambler (free), WinPatrol Plus, Comodo Time Machine, MBAM free on-demand.
WMP and VLC are run sandboxed. So far, I've stayed malware free and my old P4 CPU certainly benefits from not having to deal with the drag of real-time scanning.

Good luck, I hope you will let us know if you pick up any nasties with your setup.

 

Hmm.....SuRun is too much of a hassle. I do not like to enter password and manually run apps as administrator each time I need to do something. That's the whole point of going AV less. Less hassle, easy and simple security.

As above. I had OA on all of my pcs. I wanted to go for a quiet and easy security in my XP pc. So no Spyshelter or any AE at the moment.

Thx for your suggestions though. Do you think I'm okay with the setup I'm using now?

 

Speaking for myself, the reason to go without an AV is that I don't want the "heaviness" that it usually brings with it and I don't feel it works all that well against new issues.

But, once you decide to drop that traditional defense, you need to do something about the normal admin account. If you decide not to use SuRun, I am assuming you are also deciding not to be LUA. I am not saying that is a bad idea, just that you have to be all that much more vigilant and very anal in how you do things to stay in an admin account for daily use and remain free of problems.

There are obviously ways you can mitigate the threats.

I understand your dislike for the credential prompts. What I do most of the time requires admin very frequently. For me then, LUA is a big PITA. But examine what you do. You stated that you don't download much and if you do it is from trusted sources. I would ask, what is it that you do that needs the SuRun prompt to pop up that often? I ask because, perhaps you are in the middle of setting your system up for your new approach, and while that is tedious now with all those prompts, it might level off once you get it set up the way you like, and then not much changes that often, thus you are not annoyed by the SuRun prompt.

Thats the way it works for a lot of people I would imagine, providing they don't do much after they set things up that require admin.

Just some food for thought.

Sul.