Who uses no AV or AT products?

==============================================
List your basic security setup, and why you
don’t feel the need for AV, AT, etc, products.
==============================================


--------------
Kerio 2.1.5
Opera 8.02
Anti-Executable
Deep Freeze
Many Windows Tweaks
---------------

The above (with slight variations) along with
good judgment have provided me with
100% preventative protection for many years,
and as such, I’ve not felt the need for anything else.


-rich
________________
~~Be ALERT!!! ~~

 

The only thing that could defeat that defense is exploits against the Chair to Keyboard Interface.


Starrob

 

Now that I got my little joke out of the way...let me ask a question.

Have you noticed Deep Freeze slowing down your computer or any of the people's computers that you have reccomended it to?

Does it take up a lot of resources to use it? Have you noticed any conflicts with other software?

I noticed the talk about Deep Freeze from when people first started writing about it on this board. When I first heard of it, I thought it was the ideal solution.

I have never tried it because I sometimes think it might conflict with software that I already have on my computer OR it might make my computer not as user friendly.

This is just my opinion but I think when it comes to most people's computing, there is a big balancing act between security and being user friendly.

Some people that are really concerned about security might already be using Linux but Linux is not as user friendly.....someone like my father might have a difficult time with it. My father might even have difficulties understanding how to use something like deep-freeze....maybe he could learn but would he want to learn? All he wants to do is get on the computer, answer email, visit his model boat club website.....and that is about it.

Right now, I am trying to find my own balance between "Ease of use" and "security". I am trying to determine whether it is even worth it to learn a program like deep-freeze to get the benefits to security that it offers.

I am interested in your comments on your own set-up.


Starrob

 

No. Some have said they notice a little slower shutting down-rebooting time, but I’ve never timed it.

No

No

This is the purpose of an evaluation/trial period, when you can watch what happens, and communicate with the program’s Support for guidance, which is what I did. We emailed back and forth for about a week - best support of any program I’ve ever encountered. The only conflict I’m aware of was in earlier versions that didn’t support external USB storage devices such as card readers. This has been fixed.

I agree—it should be of prime concern, and well-thought out before purchasing any product.

There is really nothing to learn. Once a drive is frozen — C:\ for example — nothing can be written to it. Here is where "user friendly" comes in because if you make changes daily to your system, then you have to "thaw" the drive, then put back into "frozen" state, otherwise new programs won’t install because the Registry is protected while the drive is in frozen state. Might be a hassle—not so "user friendly" for some.

Also, if you use Shell User folders - My Documents, etc - these need to be remapped to a thawed partition. The computer requires at least 2 partitions, since you need a thawed partition to which you can write data. Another option is to have a second internal HD (I have this). Another user I know has just the OS on C:\ and everything else on an external USB HD. Many options. One needs to plan out a system before using DF in a home environment.

Shadow User is a bit less restrictive in some ways. Search the forum for threads on Deep Freeze and also Shadow User.

Only if you won’t take it as a recommendation. No two systems and users’ habits are the same, so it does no good to recommend a setup unless you are familiar with a person's system/habits, but discussions can be useful.

All of our actions are a result of our thinking. That is to say, as we think and evaluate, for example, our concept of computer security, we are led to take certain actions (buy products, etc) according to our perception of what we need.

In Win9x days, before lots of wonderful security products, if you were concerned at all about security, you had to learn about it by first understanding the vulnerabilities of Windows (including networking). It was a rewarding learning process, because it gave you a wonderful grasp of what was going on behind the scenes, and you learned how to use good judgment in your computing routine, and to apply security "tweaks" to the system. NETBIOS, for example.

With the advent of various anti-malware programs, less understanding is demanded of the user, and the solution has become to purchase a program. Nothing wrong with getting a product, but the approach to understanding security has changed. As more products emerged and more anti-malware businesses started, the competition became fierce, and the whole issue became self-perpetuating: more viruses/trojans are needed to create the (seeming) need for protection via products to create more sales=money.The first post, 4th paragraph, quoted in Technodrome’s thread is instructive: History of Virii vs AntiVirus War! (This article first appeared at madchat.org)

Many people I knew back then never climbed onto that bandwagon, and to this day, those I still communicate with from that period still have not used AV or AT products, because their own perception and understanding of the security threat has led them to deal with the problem (much of it is the fear factor) in a different way — to think out from a different point of view, and develop a security plan accordingly.

I was just curious to see if there were others who frequent Wilders who are of a like mind.

Regards,

-rich
________________
~~Be ALERT!!! ~~

 

I could have a setup with no AV or AT real-time protection installed, since I'm a "genned-up" low-risk user with a good degree of common sense, but I do have AV protection because I can. Why run the risk of getting a virus infection when you can add pretty good protection for very little effort and very little money? It's like wearing a seatbelt in a car; you can be as careful as you like, but one day it could save your life, and it's there anyway so you may as well use it.

 

98LitePro
Opera

Why don't i use av or at or windows update? 1. With 98Lite the most problematic components were never installed as part of the operating system. 2. Opera provides excellent user control for viewing web content.

 

Hi Rich,

Very interesting subject, unfortunately you probably won't get many responses on this site. Since I first came to this these forums, I have learned a lot about security. One thing that stood out, in my mind, was the incredible number of security apps that some people here use. Now, I'm not judging anyone for doing this, after all beauty (security) is in the eye of the beholder.

I've been involved with computers, as an amateur, gaming on a Commodore C64, if you actually want to call that a computer. On to a PC 286 which I did go online with in the early 90's on BBS with a dialup modem. Funny those early BBS's cost like $20.00 a year to join. Then you get to the mid 90's and the internet. During those times, I never really thought about viruses or security software. At some point around this time (1997), I got a sweet deal on Norton and installed it. Well it didn't last long on my PC because I tend to do a format and clean OS install (sometimes because I would buy a larger hard drive when they became cheaper) about every year and it never got put back on.

The one thing I did do when I got broadband (around 5 years ago) was to get a router. If you look up my profile here at Wilders you'll see that I joined in April 2005. You'll also notice in my first post that I hadn't been using a resident AV or AT, but I did do once a week or so on-demand scans. I think one of the things you take away from surfing on security sites is the need for a massive amount of security software, at least that's how I felt.

Luckily for me, I didn't jump in feet first and buy everything in sight. I figured since I haven't been getting infected, except for the less then honest scans with e-scan's mwave.exe (which brought me here in the first place), I would bide my time and use some due diligence in determining exactly what I needed. After all, I didn't want to slow my surfing to a crawl. I feel I use good judgment on the internet and regardless what anyone else says, to me, that's a big part of the battle.

Understanding the OS is a major step in being cognizant of the threats that abound and what you can do to alleviate them with tweaks to the OS. Starting out using DOS, win 3.1, 95, 98 and presently win2k, gave me a good feel about the OS. I'm still speaking as an amateur user with no knowledge of programming and the like. I never bought into the buy programs to protect you philosophy, especially what's being discussed nowadays (hips). I can never run a program like PG or the firewalls that harass you with popups. If I have to go googling to find out what every popup is asking permission for, I can only imagine how someone new to the internet and security software would feel. I want my surfing experience to be fast, inconspicuous and unobtrusive.

Two things really struck me about what Starrob said:

And:

First, people have to find their comfort zone as related to security software. Someone that uses a dozen security programs may feel the necessity to do so, but I believe the majority don't. But what is most surprising is the fact that many people buy a lot of programs but don't use them according to their posts.

Secondly, Linux would seem to be the answer except for the difficulty of use. I burned Knoppix on a CD about 6 months ago and I still haven't figured out how to get on the internet with it. To me, DOS seemed easier to use if that's possible. Using linux is like trying to read Chinese (no offense intended). I consider myself to be pretty good at problem solving on a PC (not to mention being an auto tech that does drivability and on-board computer diagnoses), not that this qualifies me on a home PC.

Rich, two of your statement I would like to comment on:

First, someone that is not proficient in locking down their OS or is new to the internet should purchase AV's and AT's without question, in my opinion.

Second, while what you say is true, you can't help but wonder about this never ending cycle. After all, if there was no more malware there would be no need for anti-malware. Is there ever going to be the perfect anti-malware? Hips, nips, security suites, I doubt it. There to much money involved and I can't see it turn into the last man standing scenario even if the prefect program was found.

Now let me be perfectly clear. I'm not pro MS nor anti MS. While it's true they could have done a lot of things differently to help secure the OS, the one thing they did do was to make it easy for the average Joe to be able to use a computer without the need for a degree in computer science. Make the OS too secure and half the people trying to use it will be turned off by the added complexity. Maybe I'm just too “windowized” to figure out linux, but that seems to prove my point. It's probably a bad thing and I'm just too old, but I'm not up to learning a new OS if I can't just point and click.

Having said all this, I feel AV's and AT's don't impose on you like some others programs do. If said programs don't restrict the speed of browsing then there is no reason not to use them. Especially the freebies. But considering you're asking the question in a security forum, the answers will be skewed. Those that harmlessly browse and e-mail with complete knowledge of what they're doing should answer “I don't use resident AV or AT” to your question. Those that run on the wild side of the internet and fear that their passwords with be stolen, well that's a different story. Now if you asked in a non-security related site this question, you would get the opposite response and rightly so. Again, someone that is not proficient in locking down their OS should be using AV's and AT's without question. Maybe some other questions to ask would be: Who uses programs where you have to constantly answer popup questions? Or: Who uses programs where you have to constantly disable a program to install another program?

My setup prior to coming to Wilders:

Router
Locked down IE
non-resident: Adaware - Spybot - Spywareblaster

Present setup:

Router
Locked down IE
Ewido paid (as of 7/20/05)
WinPatrol paid (as of 5/13/05)
Avast free
non-resident: Adaware - Spybot - Spywareblaster

The Future:

Router
Locked down IE
WinPatrol paid
Considering dropping Avast
non-resident: Adaware - Spybot - Spywareblaster

I consider trojans a more prevalent and severe threat. So I'm keeping Ewido but wish they would add some virus signatures and be an all in one anti-malware.

As you can see, I used less then you before coming to Wilders. But I always backup my data and don't consider it an inconvenience to re-format my HD.

From the looks of it I did get snared into the buy a program to protect you Wilders syndrome, even though I was not getting infected. Damn I wish you would have posted this question a few months ago.

Regards,
Jaws

 

Very interesting post, Jaws. You brought up some very interesting points and I agree with quite a bit of what you said. I guess ultimately beauty is in the eye of the beholder, and you're right....as malware and operating systems evolve, no security setup will likely ever be "full proof" or permanent. Technology changes just like the times....so what might be "the ultimate" security setup today may likely be somewhat dated or obsolete in just a few short years....

 

One thing I did learn from Wayne from DCS is a few comments that he made in a thread where he discussed Microsoft. (I can't find where we wrote about this now). Basically the things Wayne said made sense to me and made me decide not too bash Microsoft as much.

Basically the gist of what Wayne said is that he said, 'Microsoft was designed for "ease of use".' As soon as he said that I began to understand Microsoft's dilemma.

Microsoft is a business. It wants to sell software. In the early days of computing, you had to be a real geek to actually get into computing. the first time I ever got on a computer was in 1979 and back then it was defenitely not as user friendly. In order to expand the market for it's software Microsoft had to make the software convenient and easy to use....so it would just not appeal to the "geek" but also the 70 year that grew up with nothing but a slide rule. Microsoft, like Intel wanted to be in every home.

There appears to be a balance between being user friendly and being secure. If Microsoft opted for being the most secure OS ever, they probably could have accomplished that but also chances are that many of the people that now rage against Microsoft for being insecure would not even be computing if they had to recompile the Kernel every time they added a piece of software.

Could Microsoft do better concerning security? Well, yes they probably can but it must be understood that in the drive for convenience and "ease of use" they made certain decisions that opted for ease of use over security. If they had not made that decision probably many that are complaining about Microsoft being insecure would now be complaining about how hard Microsoft's software is to use.

Microsoft has a difficult balancing act between "ease of use" and "security" and that is why I won't bash them and now give them room to make mistakes.

This time last year, I might have been a vocal Microsoft basher but my opinion is now neutral. My opinions about things usually can and do stop and turn on a dime.

Some people make a decision about something and for the rest of their life, forever hold the same opinion....my opinions are very dynamic....they can change in an instant......and my opinion of MS has changed recently.

Here is my opinion of you Jaws. You have a very fast and sharp learning curve but then again that is only in the eye of this beholder....lol



Starrob

 

You mentioned...

"Many Windows Tweaks"

May you supply an example?

 

I do not think it is only Microsoft that needs easy to use apps.
TDS-3 was not designed for the home user. It was not a set it and forget it apps, which is what especialy home users want today and will in the furture.
It has only been the past few years that more home user security minded users even concidered a product like TDS-3. Wayne sees this.
I know it is a tough road to make easy to use apps PLUS keeping the security
required.

As I mentioned before and we are seeing more all the time, Suites are the way to go. Why? well if you want to patch the kernel, maybe it best to do with ONE security app and not 4 or 5 from different companies.
I have seen some awesome improvement in suites this past 6 months. I won't mention names.

controler

 

The Tweaks fall into 2 categories: those that change the default action of some Windows operation, and those that add something.

First, we insure that Windows shows all file extensions in Tools|Folder Options|View, and change the Edit Filetype option to "Always show extension."

Another tweak changes the default action of script filetypes from "Open"(Run) to "Edit" so that accidental running of a script (such as .reg or .vbs) by double-clicking or from a command line will open the file in Notepad. Legitimate scripts can be run by r-clicking on the file and selecting "Open" (Run)

An example of an added action is to add a Shell Key in HKEY_CLASSES_ROOT\* for different applications, such as MSWord and a picture editor. This puts the application on the right-click context menu, so that instead of double-clicking on a file, you open the file directly in the application from the menu. This prevents being tricked into opening a file that is really an executable. Most recently, it's been demonstrated that an executable can be hidden in a .jpg file. D-clicking on the file would cause it to execute, but opening it directly in a photo editor would do nothing except bring up a "wrong .jpg format" error. Rather remote possibility at this point, but this tweak trains the user to open email attachments directly in the application, rather than d-clicking. This assumes, of course, that the user is familiar with file extensions. For instance, double-extension tricks would not fool the person who knew what the filetype icons look like.

This and similar tweaks are becoming less necessary with the advent of programs such as Anti-Executable and Process Guard, because a hidden executable will be blocked from running/installing by these programs. But we still teach that behavior, since it insures that the user is alert to what the filetype is.

Agreed, but I would argue that no one should use a computer and go on the internet without understanding their operations, leading to proficiency. I (and a few others who work with new users) set up training sessions to teach the basics of the computer, starting with understanding filetypes and how executables work - the first step to security. Granted, all new users may not have the benefit of hands-on training, but it is possible.

<understatement>Proper training would eliminate many problems.</understatement>

regards,


-rich
________________
~~Be ALERT!!! ~~

 

Real time I used to only use an AV. Then I got hit with a dialler and so got myself Zone Alarm. Then I got hit with a browser hijacker and so added Spybot S&D and Spywareguard (in addition to Adawareand SpywareBlaster). Then I came across Trojans and thought where does it end? I've already got 4 programs running, how many more will I need? It didn't matter that all this protection was free of charge (amazing really), I just have a dislike of wasting resources, cluttering my taskbar with icons and wasting time scanning my computer.

Then I came across Principal Antivirus. It claimed to be able to stop all viruses even future ones without needing to scan or update. It seemed too good to be true. I couldn't believe this one program could be the answer to my prayers but I decided to give it a go. It did seem to stop things from executing and it let me know if something wanted to access the internet. Seemed pretty good but I wasn't sure about it blocking scripts whenever Excel or Word ran. I could stop the problem by reducing the security level but if I did that, was I still really protected?

Obviously, I needed to find more information and that's when I came across Wilders. Everyone was talking about layered protection and millions of exploits. My paranoia level hit the red zone. I bought Process Guard. Damn, another icon, more wasted resources and this time it's costing me money. What about those pesky trojans, another icon more wasted resources but at least I could get ones of those for free. I felt well protected but I still had a niggle about those Buffer overflows and I needed a pair of shades to block the glare from all those icons. After a while, the paranoia dropped and I continued my search for the ultimate all in one solution.

Then came Deep Freeze. Not quite the answer I had been looking for but it showed a certain potential.

The way I saw it, the advantage of the scanners was that they knew the difference between good and bad and could get rid of the bad. All of this was essentially automatic. The downside was that they could miss the new bad guys.

The advantage of PG was that it would stop everything, even the new bad guys. The disadvantage was that I had to work out who was good and who was bad. Also, if a bad guy came up, PG wouldn't get rid of it for me. But perhaps Deep Freeze would do that bit for me, get rid of the bad guys. And I had spent a while at Wilders, so I now felt able to work out the good from the bad. That was when I realised I didn't need an AV or AS or AT.

I would use PG to stop everything apart from the ones I wanted and I would use Deep Freeze to get rid of the ones that had got in and I didn't want. So, I still haven't found the all in one solution but now I only have two running programs and two icons. Oh yeah and a new router.

I still hope that one day I can get it down to one icon and one running program only.

Having said all that, I still have an on-demand AV/AT for suspect downloads or e-mail attachments.

 

Hi SpikeyB,

I've added you (second at Wilders) to my list of those who use this setup (PG or other anti-executable type; DF or ShadowUser or other similar)

Glad you've got DF worked out OK.

It's interesting to consider some of the comments in other threads:

Why you can not rely....
https://www.wilderssecurity.com/showpost.php?p=528865&postcount=1

What AV does the experts here use?
https://www.wilderssecurity.com/showpost.php?p=529369&postcount=13

Do we need more than free Process guard if we do not indulge in high risk behaviour?
https://www.wilderssecurity.com/showpost.php?p=529806&postcount=21


No one approach will ever be proven better than another, of course, but just shows that there are different starting points of thinking with respect to security; ultimately, one's perception of the problem determines the actions to take.

Please post when you do!!

regards,

-rich
________________
~~Be ALERT!!! ~~

 

My view is different. MS Windows, as originally designed, was a platform for selling additional software, preferably MS. And MS did everything it could to prevent other vendors from entering into their "space". Legal rulings since then, have slowed down MS.

MS Windows, as developed for the Internet, was and is still being designed to "snoop" into Windows user's space, and find out what they are doing. In marketing/sales lingo, this is called account control.

The "bad guys" are merely using the same "pathways" that MS is using - and actually for the same purpose. To snoop in on the users of Windows, to collect data on what they are doing, and then transmitting the information back to the "home server". As long as it is in MS's interests, (as well as the interests of other Internet companies such as Google, Amazon, etc.) to "know" what the users are doing, there will be "holes" in the operating system. This has absolutely nothing to do with usability. It has to do with the MS's "corporate mission" and the way they have decided to "make money".

Given that MS will not "close these holes", it is up to each user to find ways to close them down. Each user decides depending upon their own security/usability needs. DeepFreeze+Anti-Executable is one possibility. An image copy/restore utility+ProcesssGuard (with or without "Block new an changed applications" turned on) is another possibility. A variety of detection software (AVs, ATs,ASs), or lockdown techniques (which require lots of expertise and "re-education whenever a new operating system is introduced) are other possibilities. It all depends upon a user's strategy.

But a user should have a strategy. As for myself, I have decided to eschew the "trust the vendor appoach" (e.g. Microsoft anti-spyware) where the vendor decides for me, and have decided to take a more active role in deciding what does or doesn't run on my machine (e.g. ProcessGuard, Online Armor, RegDefend). For me, this is far more secure than "trust the vendor", and far less taxing on my time than "learn how to lockdown an operating system", especially when the operating system and all of its components are constantly changing.

Each user has his/her own strategy. My current strategy is to shut down the "choke points" into my computer system (the HIPS strategy) and decide for myself what comes through. Others, of course, may have a different strategy.

Rich

 

I have removed my comment about Microsoft in an earlier post regarding their purchase of AV. It wasn't intended to get started on the topic of MS, rather, just another illustration of how AV has become a big, profitable industry, so let's please not discuss Microsoft in this thread.

Thanks,

-rich
________________
~~Be ALERT!!! ~~

 

Yes, recently, I have been reading many things about the virus/anti-virus industry. In some ways it appears to be two sides of the same coin.

I read what you say with interest RMUS. I understand your philosophy toward computing. I am not sure whether I will use the same set-up as you but your philosophy educates me on how to better defend my computer.

I think in some cases I prefer education over software on my computer and in other cases I am lazy and prefer the convenience of having software do the job.

Sometimes paranioa combined with "hype" leads people in certain directions and other times not.



Starrob



Starrob

 

Not strictly true for me but all I now run resident it f-prot. I did get to the stage of having loads of icons, a fast computer straining to start under the load of umpteen processes starting. I think I finished up with 40 odd running processes, a slow computer which was a pain with pop upts etc.
Now I run Deep Freeze, have F-prot installed on a seperate drive so as not to lose my updates on restart and adaware.
Even when I did have my very tight set up I did not catch anything as I am very careful about the sites visited.
My new set up is ultra light, very fast and I think very secure. I just make sure I do the important things like banking etc after a fresh re boot to clear out any nasties.
This works for me very well, now with only 26 running processes ( I could always increase that to about 45 by putting Norton back on.............only joking!)
I think I got into the rut of wanting a very secure computer at all costs ( have spent loads on various progs) at the expense of useability and speed. Now I am happy with my compromise.

Rollers

 

Hi Rmus

I think I've got it down to one icon and one running programme (DeepFreeze only).

Using the security list from PG, I've created a white list of allowed executables using Windows XP's software restriction policies.

PG is disabled at the moment. I'll see how it goes.

 

Congratulations!

Can you describe how you set up these policies?

regards,

-rich
________________
~~Be ALERT!!! ~~

 

As a test , I used only one program for the last week and surfed poorly . No problems . The app was Online Armour . There ya go

 

From the control panel I selected Admin Tools and then Local Security Policy.

Then clicked on Software Restriction Policies and Added new rules from the Action menu. This created two new sub folders, Security Levels and Additional Rules.

In security levels you can allow or block all. In the additional rules, you create rules to overide the Security level. By default you can run all exe's in system root, system32 and Program files.

I added new Hash rules from the Action menu for all my programs and deleted the default rules. Then I set Security level to Disallowed.

First time, I forgot to add mmc.exe so I couldn't get back in to change the Security level, oops (DeepFreeze was active so I rebooted and tried again).

I also removed lnk extensions from Designated File Types in the Software Restrictions Policy Folder otherwise none of my shortcuts would work.

I must confess it wasn't as easy as setting up PG but I'm only experimenting.

I got the details from here: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx#ELAA

and here: http://support.microsoft.com/default.aspx?scid=kb;en-us;324036

I think there's still some tweaking to be done.

Nice one hollywood

 

There is risk with the amour of the armour, a trojan with the downloaded programme could remove the user mode hooks to disarm the defenses. maybe the one like this is just not written for the online armor soft but also for trojan hunter or the spy sweeper with others that use the madshi libraries. The simple nature of the user mode unhook is to erase the protection of the soft that is relying for it and expose the soft underbelly to the dissapoint of the user

 

I have been watching . As stated earlier , no problem . But , with ANY app , there is the risk of something getting in . Again , this is only an experiment . And so far , it is working well .