I think im ready to go AV free, or am I?

I thought the Prevx brand was being phased out by Webroot in favor of their new line.
Maybe with all the posts I read I got it wrong, but I don't think so.
I would think that they would not still be selling something they plan on killing in the near future.

 

gosh I have no idea. Will you ask the Prevx people? They have their own official support thread on this forum

 

I don't get what the big deal of them paying for the testing is. It is a set fee, so no one vendor is paying more than another. So if they all pay, there is no bias, and AV-C can keep testing. The thing that I noticed though is that Symantec Norton seemed to pull out of the last VB100 tests too. They haven't received a grade on the past 5 tests it looks like.

 

I don't feel secure without an AV.

 

You are secured if you update ur system and softwares and downloading only files that you trust. Windows 7 and Google Chrome is a good start to go AV free.

 

MrGump,
Let's approach this subject from a different direction. For all practical purposes, security apps are tools for enforcing security policies. They are only as good as the policy they're enforcing. While there are several variations and combinations of approaches, there are only a few core security policies:

1. Default-Permit.
2. Default-Deny.
3. Containment.
4. Reboot to restore.

Default-Permit allows anything not identified as malicious or undesirable. This is the core policy of AVs, anti-malware apps, etc. It's strengths are convenience and needs minimal user interaction. It's weakness is that it's reactive in nature. Reasonably effective against known threats, weak against the unknown or new. They can be very heavy on a system, especially older ones. They need constant updating.

Default-Deny is the opposite of Default-Permit. Anything not specifically allowed is blocked. Also known as whitelisting. Windows has built in tools that help with implementing. Classic HIPS are also ideal enforcement tools for default-deny and give much finer grained control on the operating systems they're compatible with. They're strong against both known and unknown malware and don't rely on constant updating. They're also much lighter than most AVs. Their disadvantages are that they are not convenient and require a lot of input and knowledge from the user, especially if you regularly install, remove, or change apps/configuration. This is worse with classic HIPS until the ruleset is finished. Building a classic HIPS ruleset requires quite a bit of knowledge from the user. It's best used on systems that change very little. Taken to the extreme, default-deny effectively becomes an "anti-change" policy where updating becomes an administrative task.

Containment based policies confine changes make by applications, users, malware, etc to sandboxes or virtual environments and away from the real operating system. Containment software ranges from sandboxing software that confines the actions of specific applications to entire virtual operating systems or a complete virtual computer. Their demands on the system vary from fairly light application sandboxes like SandBoxie to quite heavy with full virtual systems like VirtualBox. Full virtualization requires strong hardware because it is containing and running 2 complete operating systems. As long as they're reasonably up to date, both are quite effective at keeping unwanted changes away from your real system. They're not as effective against keyloggers and such and won't prevent them from capturing any sensitive info that you enter in that virtual environment. This can be mitigated by using a freshly booted virtual system or starting with a clean sandbox. They do require more knowledge and input from the user than default-permit based solutions, mainly during the initial setup. Containment based policies are a good choice on systems that see a lot of changes, installs, updates, etc.

Reboot to restore is literally what it says. After a reboot, your system is just as it was when you started. These are basically automated system restore options. In effect, they're similar to virtualization in that they don't save changes unless they're instructed to. Their main weakness comes when changes are saved. If an install or change compromises your system and you save it, the result is no better than a missed detection by an AV. In this regard, this option requires knowledgeable input from the user regarding when to save a change and when not to.

These core policies can be combined in whole or part. Take a look at some of the pros and cons of the different core policies. Pick the one (or combo) that best matches your needs, usage and skill level. Once you do that, it becomes much easier to choose apps, settings, etc that best fit your needs.

 

That was a seriously comprehensive post, noone_particular!

 

Thanks. I get ambitious once in a while.

The question "Do I need an AV?" has been coming up a lot lately. Too often it's asked in the wrong context. Doing without an AV is not a goal. It's not a milestone that you reach after a certain point. It's not an indication of the users knowledge or skill level. The real question should be:
"What is the best security policy for me?" Once that question is answered, it becomes much easier to pick security and user apps, to make configuration decisions, etc. Done this way, the apps and system work together to enforce the same policy. Without a core policy to base decisions on, you end up with a pile of security apps with duplicated coverage, conflicting configurations, and gaping holes.

 

Well put noone. I felt like this a while back. I was struggling as to why I couldn't run without an AV. I thought that I was weak or had the wrong setup. I would much rather have a cloud AV running than none at all. I tend to like convience over security. I would rather have one AV running than use multple on-demand scanners to make sure a file is clean.

 

thank you for all the great answers. And a special thank you to you, noone

 

+1000

 

It maybe psychological but i still feel the need for an AV!

 

See post #14 onwards in the following thread for a discussion regarding the issue of continuing to sell Prevx 3 without making it clear to prospective purchasers on the Prevx website that it is end-of-life software that has been replaced by WSA (Prevx 4): WSA Rocks A 5.5 / 4.0 / 5.0 Av-Test