"..and stopped relying on AV's" And they said it couldn't be done on those so-called aging systems. Looks like yours are doing just fine and pretty ageless now HIPS busted up my dependence on AV's for good. I still use them but only to grade and compare malware samples and do simple analysis. Easter
Classic HIPS became my tool of choice for implementing default-deny on both 98SE and XP. It's so much easier to implement on a 9X system. There's no interacting services and a much smaller attack surface to protect. It's not ageless but it does very well for me.
I used nothing but Geswall Free,plus Malwarebytes FREE for years on my XP system with no antivirus,never had any malware,etc. NOW I'm using Sandboxie with no antivirus and no issues.
Definitely agree on that. For example, on my XP Pro box i use EQSysecure HIPS (classical). With it i can even add an interruption point on folder creation as well as files of any extension absolutely anyplace in the system. This type of coverage is proven flawless on my XP. It allowed me to not only eliminate AV's but use virtualization apps like Shadow Defender and Sandboxie on-demand only. No one misses these classical HIPS for 64bit as much as i do for windows 8 now i use that one too.
Never since joining Wilders. I've always had a layered defense making sure that anything entering my computer would find a sandboxed/virtualized environment. I do use an AV real time on my main machine, even though it is there only to give me an indication, I wouldn't trust any AV as the only security.
You actually let rootkits on to your real system and duped their drivers etc ...? WOW, your a real cyber boffin to be sure. Apart from the usual noob fiascos about a year or so ago I ran a free av setup just to see where it hailed from and of course it started doing crazy things. Luckly I ran it sandboxed in Sandboxie so no damage done, but I nearly did`nt run it in Sandboxie. Lesson learned.
I dunno. Because it will turn into a mad festival? Meh, just a privacy oriented issue is not going to be a valid reason to abandon the ship for me. Instead, why don't we say things like "antivirus programs inject DLLs to your web browsers and manipulate their behaviors and it might decrease the security mechanism of the browsers themselves and increase the attack surface"? Much better than "I don't use an AV and I have no problems whatsoever" which is not educative at all no matter how you see it.
I got into security things when i joined Wilders before that i would just run free software and trial AV's.
I've owned Windows laptops for 4+ years, never once had an issue with viruses or any malware. I never understood how people can catch these insane viruses that redirect every webpage to some rogue website, or prevent the user from doing anything. I had a friend who caught a really bad virus. I asked, what AV do you use? He said none. REALLY? What a shocker!
You just need to have a bad day to get infected. If you're saying that not using an AV means it's a game over, that's not entirely true. It's still effective IMO, but not the only way to prevent infections. Some of us here are not using a real-time AV and still fine. It's easy to block the malware from entering the computers. But what worries me a lot is the post threatgate scenarios, which is where you allow executables to run in full conscious. Classical HIPS is IMO the best method to analyze the behaviors of those programs. But unfortunately, they tend to work improperly in 64-bit OSes from my own experience.
Using your example, a classic HIPS can detect and block DLL injection, and it doesn't have to identify the specific malware in order to do it. There's a big difference between not using an AV and not securing your system.
Two mistakes, noone_particular... 1. I wasn't talking about malicious DLL injection. But instead, antivirus programs which inject various DLLs to other processes, such as web browsers, to protect their users by manipulating their behaviors. And that might decrease the built-in security features of the programs and the OS as well as increasing the attack surface. It's not exclusive to AVs though. I'm probably wrong but if I read that right, even EMET injects a DLL to other processes that it protects. Can't say anything about the added vulnerability. 2. I wasn't talking about not using an AV shares the same meaning as not protecting your system. But instead, if one decided to not using an AV and declared it all over the place, at least give a valid excuse. We all are learning here, not bragging about ourselves being able to ditch AVs for good. If all it takes to backup our statements is just "because I can", then I think I should be able to say things like "I don't use Sandboxie and I don't have any issues so far. Not even a single infection!".
Most of us who rely on security apps and policies other than AVs and default-permit have described the policy and the apps used to implement that policy in detail in quite a few threads. There's several threads that go into detail regarding the different types of security policies, what type of user each is best suited to, and which security apps are best suited for each of those policies. For my own, I specifically mentioned a default-deny security policy. Several users including myself have described its implementation using separate security apps like classic HIPS and Windows own built in tools like Software Restriction Policies. There's several tutorials regarding firewalls that include applying default-deny to the inbound and outbound traffic. There's more regarding its application to web content using NoScript or Proxomitron. There's a huge thread for current security setups. This doesn't need to be repeatedly covered in every thread.
@noone_particular I wonder what's the direction of your latest post? An example of a valid excuse to not using a real-time AV I don't like antivirus software. They rely to much on blacklisting technology. In order to be effective they need to be updated very frequently to get the signatures of the latest malware. The heuristic doesn't do much either. An example of a non valid excuse to not using a real-time AV I saw people not using real-time antivirus software. I tried to do that as well. Oh wow, I don't get infected! Antivirus software are really useless. I should tell anyone to stop using them because they all are doing it wrong. See the difference? You said that you prefer default deny policy because it's more effective for your needs. That's a valid excuse. What I meant to say is, if someone wants to quit using antivirus software, make other people who disagree with your action to be unable to break your statement easily. Some people who use antivirus software have weak statements as well, like: better be safe than sorry. If we wants to argue, fill it with facts, not selfish opinions. BTW, I also don't use antivirus software ATM. Not even as an on demand scanner. My excuse would be I always run into problems when I was using one. I've tried to fix those problems but I couldn't resolve them and had to find an alternative. Then I got other problems with the new one. Tired of keep going in the same loop, I decided to stop using AV altogether. A pretty valid excuse to me.
All of this is off topic. This thread is not about default-deny, AVs, or any other specific security app or policy. It's not about my reasons or excuses for not using an AV. I've spelled that out in detail several times in other threads. If you're interested in default-deny and why I prefer it as my security policy, use the search function. This thread has been derailed too much already.
Didn't I already warn about it earlier? https://www.wilderssecurity.com/showpost.php?p=2297351&postcount=30 It's not about me being interested to know why do you like default-deny. I was trying to make people quit discussing about no AV talks because it's never really going anywhere yet people just don't seem to get bored to repeat the same points over and over again.
Behold Eck. Greets Not exactly but in essence you are right. There's real truth to my cyber boffin method. It was the direct result of the proverbial fear factor. User's stricken with rootkits scrambled (understandably so) to AV and Security Forums in a panic for help. AV vendors and other independent experts dissected and/or sandbox ran these villain intruders and published the results of what they affected and where. The eternal optimist that i am a cool idea crossed my mind in an attempt to turn malware makers antics right back at them. What if we could turn something they cleverly crafted to disrupt our good machines back at them in a more useful manner. So i decided to be creative and let them dump their wares inside my live system, a honeypot of sorts if you will. Then i would impliment some deep level security tools to freeze their running processes and then shut off their hider drivers AND IN EFFECT HIJACK OR CONFISCATE their devious works for a better good. That is, locally on my now refreshed machine manually load their hider drivers to vanish my own security program at deep kernel level fitted snuggly in either system32 folder or even notepad or some other file in an Alternate Data Stream!! Engenius stuff right? The hidden security file i used was a formidable Driver Loading Blocker. Currently active drivers were unaffected but if once ACTIVE, no drivers PERIOD could ever load just a complaint box. lol I set this hidden driver blocker run after every reboot. No whitelist, no nothing but INVISIBLE PROTECTION i could manually disable just long enough to run security scans etc. I took full advantage and control of what was designed to do harm and applied it to a more useful and strategic purpose. Regards EASTER
I prematurely voted no, but then remembered my primordial days on 98SE when all I had was McAfee AV, no firewall whatsoever and was plugged directly into the phone jack on my wall. Since getting high speed + a router it was pretty much the end. And since discovering sandboxing, virtualization and imaging... a moot point even if I did get compromised. I'd just reboot my computer, reset my router and enter a new key.
