Going AV less- suggestions are welcome

Like you, I have never encountered anything malicious when playing a video but I know Real player and Quicktime have been heavily exploited in the past. I got rid of them a long time ago but I use separate sandboxes for the players that I use, KMP and WMP. They open in their own sandbox where only the player can run and nothing is allowed to connect to the internet.

Bo

 

Ah thx Sul. I'll try out Chrome in Win 7 pc.

Thx for the tips. Now what I understand from your post is if I set WSA to Monitor say Firefox it'll limit FF and in a way sandbox it. WSA is compatible with other AV. And if I use WSA with say EAM then EAM will not work properly on Firefox as it requires access to Firefox in it's own way and FF is sandboxed by policy by WSA.
So what do you think?

 

Actually I read it quite right. I know an AV can identify most older infections fairly well (depending on the AV). I only hinted that some people, the uneducated, seem to believe an AV will keep them from ever being infected, which is simply not reality. And that it is possible to stop using AVs and stay just fine.

I was in no way meaning you in any of that btw, just generalizing.

Oh, and as for that quote, you can replace real time protection if you would like. I have been doing it for 3-4 years now without a problem. I'm no expert, but I would say that since I don't have any real time protection, and I don't have any issues, that I have replaced it... or something like that
Sul.

 

but you have knowledge Sully Don't deny that

 

True. Many here do as well. I TRY to make a point here, every time, that for "OTHERS" things like an AV might be needed (even if many "others" think it is all they need and it won't fail), but for "US" you might not even need an AV if you choose not to.

Many times, because of how text can be "construed", these types of subtle meanings get lost. I realize what you are saying and why you are saying it. I only argue that we must remember, here, those blanket statements don't really apply all of the time, not that they have no merit

Cheers.

Sul.

 

No one mentioned Microsoft EMET. Granted, it doesn't offer as much mitigation as it offers for Vista+, but it still offers some. It wouldn't hurt to have it.

-edit-

By the way, I've created a threat some days ago on how to restrict Firefox connections to specific websites, by using an extension called BlockSite Plus. You could create specific Firefox profiles, and only allow connections to sensitive services, such as you e-mail accounts, for example.

 

But does EMET not make some apps unstable and create prob to use? This along with the fact that EMET offers only a fraction of protection of what it offers for Vista+ makes it better not to be used, right?

Can you give a link for the thread?

 

I would use WSA and EAM on two different machines. EAM has a full size IDS/Behavioral blocker, WSA has smart HIPS and heuristics. Both are great applications which do not need the other. I do not know whether they interfere with each other, but the security would overlap so much I would not make sense at all (better to use WSA +SBIE and EAM + SBIE).

PS. Because I use no AV on my safe-admin setup, does not make an 'don't use AV propagandist"

 

Thx and I've already removed WSA and put it back on separate pc leaving it to be the standalone security product as WSA and EAM were slowing down my pc as stated here.

 

It may or it may not cause problems with this or that application, but it doesn't mean there will be issues. The only application I've heard so far that it has issues, it's Skype, and all it takes is to disable EAF protection. In fact, EMET v3.0 comes with a template, which already covers most commonly used applications, including Skype, and it already comes with EAF protectio disabled for Skype.

Other than that, you can't know before hand if some issue will happen with some application. You really have to try it. If some issue does happen, then EMET's notifier should tell you which mitigation crashed the application, and then you can disable that mitigation for that process.

So, I don't see it an enough reason not to use it, even if it doesn't offer as much protection as it offers for Windows Vista+ users. It still offers some protection.

https://www.wilderssecurity.com/showthread.php?t=326675

 

Ah I understand. Thx for the link btw.

 

That is sometimes the issue here. I try to always point out that you can go without one just fine, but that you should know what you are doing if you are going to go without one.

I probably make things more complicated too because I also say they don't work with current attacks as well as they would like to claim they do. I cannot help it though, when I have to fix machines with up-to-date AV installed that have been infected Using an AV is very helpful for a lot of people, but not the cure-all they pretend to be.

Threads like this always get great infos flowing - usually something to learn in them, at least for me.

Sul.

 

Agree, there is no substitute for the "You are secured" messages or icon message overs on Android devices and PC's of AV companies. No matter how pretentiousness this message is.