Is possible: Free security setup - without antivirus

noone_particular
Thanks for detailed explanation. I'm sorry I opened a wrong topic. I try to learn from you. I started this topic to inform me about other possibilities than the traditional.
I am not a fool, just want to learn.
I apologize to those I've bothered.

 

Oh I don't think you've bothered anyone and I certainly don't think you're a fool. You had a question, you were right to ask it.

 

Ocsi, the answer to your question is yes, I am doing it with Sandboxie, nothing else. I dont run anything like an AV, FW or HIPS and personally, I feel that for me, this is the right way to take care of my security. My personal experience is proof that once SBIE is learned well, Sandboxie is enough.

My heart dont pump any harder because I dont use real time scanners nor do I feel the urge to do scans every 5 minutes. Now, I even dropped scanners. I only have HMP on board and its scan is the only one that I run.

My system feels better as it does not cry as it use to and myself, I am more relaxed when I am in front of the PC because I don't have to do painful updates or upgrades that sometimes can go awry. Those updates/upgrades use to give me stress. That is gone now and for me, thats one of the benefits of running without real timers.

The key to doing it this way, is running everything sandboxed. I dont care what it is. I know that doing it this way, its not the right way for most people but for me, certainly it is.

Bo

 

This isn't a wrong topic, in fact for some of us it's one of our favorites that we'll go on about ad nauseam (sorry Adrenaline7 ). This is the right place if you want to ask questions and get good discussions. Do you feel you got anything useful from the last 5 pages of back and forth?

 

I can think of at least one very good thing to come out of this thread.

 

I see a few things that could be gathered from this thread based on some of the comments I have read

 

what is it my friends?

 

hey we're doing exactly the same thing it's scary

 

There's absolutely nothing wrong with the topic or your question. More than anything else, you're changing your role in the securing of that PC. With security packages based on AVs, the user plays a very small role. The vendor does most of the work, determining what should be detected, handling the updating process, etc. When you switch to a different security policy, you'll be taking on a much more active role in the process and a lot more of the responsibility for the results. In one post, you asked to be shown "How to set up and how to use Malware Defender?" Malware Defender (MD) is a classic HIPS. With classic HIPS, the user combined with the HIPS learning mode has to create rules governing the running and activities for every process and executable on your PC. To do that, you and/or the HIPS software has to know or be able to figure out what each executable and process does and what they need to be able to do in order to function normally. It's a very steep learning curve. In order to answer your question regarding how to set it up and use MD, a comprehensive answer would be a small book. I use System Safety Monitor (SSM) which is similar to Malware Defender but older and no longer supported or developed. I was a beta tester for the developer for a long time and spent better than a year testing and learning how both SSM and my PC worked, how the infection process worked, how processes interact, etc. Switching from AVs to default-deny was a long process. I used both for nearly a year.

I'd suggest a similar approach for you, a gradual switch from relying on an AV to whatever method you choose. Start with determining which policy best fits how you use a PC. Then select security software that's best able to enforce that policy. A security app designed for one type of policy is often completely unsuitable when used with a different policy. SandBoxie is excellent for containment based policies but isn't suited for enforcing default-deny. Malware Defender and SSM are ideal for enforcing default-deny but aren't designed to enforce a policy based on containment. None of these will be able to identify and block malware on their own. That's a job for an AV. Take a long, objective look at how you use your PC, then pick the policy that best fits your usage. Once you do that, we'll help you select apps that are best suited to the type of policy you choose. Stop worrying about asking the wrong questions. That's what a forum is for, asking and getting answers to questions.

 

This certainly is possible, as described in detail on this thread. Personally, I'm not making any radical jumps, because AVs are getting lighter and include additional features nowadays (look at Avast, Comodo, etc.)

I won't use an AV on very old computers though.

 

thanks noone_particular

 

If I were to go the free route using, for example, Win7x64 HP (most people don't use Pro or Ultimate so this rules out SRP/AppLocker), I'd use:

1. Standard account

2. Free Sandboxie

3. Win7 firewall w/advanced security blocking by default inbound & outbound, using my own application ruleset.

4. EMET

5. UAC at Maximum

6. Disable some services:

• Secure Socket Tunneling service
• IP Helper
• Remote Access Connection Manager
• SSDP Discovery service
• TCP/IP NetBIOS Helper
• Workstation
• Function Discovery Resource Publication
• WinHTTP Web Proxy Auto-Discovery service
• DNS Client

7. Free av like MBAM for on-demand scans only.

8. Keep all sensitive data in a TrueCrypt-encrypted container on a different partition/drive/Pen Drive

9. Macrium Reflect free for imaging the drive.

Pretty robust, I think. Obviously with the Pro or Ultimate versions then SRP or AppLocker would be included.

EDIT

Heck, you could even install Virtualbox and install a nice, easy to use Linux distro like Mint (my all time favorite) or Ubuntu) and do all your really "adventurous" surfing from there

 

Since when did MBAM become an AV for so many posters?

 

OK! Thanks noone_particular!
But:
- my english is sucks - I am wrong in tone expression;
- I wanted to know if you can protect your PC and other than traditionally (antivirus + antispyware + Firewall + etc.); I wanted opinions and views on this theme; here I have received many good responses and learned from them;
- I know how to use a HIPS; question was whether there is any conflict between Malware and Shadow Defender; in this particular case I wanted to know if there is any more special setting in Malware Defender (or Shadow Defender, or both);
- my IT knowledge is above average, but not excellent (is room for improvement and more);
- however, your exposure was very detailed and explicit; I learned a lot.
I hope I was clear/explicit now.
Thank all those who guided me!

 

Great Post wat0114!

Easy to read, straight forward with rationale imbedded in your points!

 

I've never used Shadow Defender. For some reason, Malware Defender won't install properly on a virtual system for me. I don't have another real system available to try it on. Someone more familiar with both apps will have to answer that question. Judging by the description of Shadow Defender, I don't see why they would conflict. Malware Defender will have to be configured to accommodate Shadow Defender, but I have no way to determine what that will require. Sorry.

 

No conflict here on Xp. (MD 2.6 + SD 1.1.0.325)
The only setting I made is putting "commit.exe, defender.exe and defender daemon.exe in Malware Defenders trusted applications list (Rules)

 

1. 
   Until you commit a mistake... and allow what you shouldn't... Then nothing is protecting you.
   
   HIPS? If you want to click a hundred thousand popups per minute...

 

I agree with Technical. HIPS often rely too much on the user, as does default-deny.

It depends on the user but it really comes down to common sense and that's really not reliable.

 

I have to agree here, mistakes are very possible...

Common sense has served me well for over 15 years now....

 

Like I said it depends on the user.

 

Yep, very true....

 

i used hips for long time now and very satisfy

 

Yep, used HIPS myself. Very strong when the used properly.

 

indeed