Why I am also finished with a AV

I did 1 year with out AV with out incident only use of windows firewall and LUA.

 

Im going to turn of my home security now too lol..

 

Home security you say, unless you have cellular back or up or line tamper,Easy Defeat.

 

Hola Pete-san:

From previous of your posts, I recall that you run OA, maybe another HIPS as well, plus Sandboxie. True? If so, you might ought to caveat the fact that you do not use an AV by revealing the other grrreat security stuff that you DO run.

To wit - not running an AV while sandboxed & HIPpy is much different from not running an AV when un-boxed & un-HIPpy. Wot?

 

...or not running AV when using Linux

 

Agree totally, for instance two applications I endorse:

A) ThreatFire, originally a behavior blocker, but at first intrusion it checks its AV-data base (I think originally from Virus Buster)

B) Rising AV, essentially an AV, but you can use it without the AV component ans a full fledged HIPS

So an AV is not just a black list scanner anymore.


Also a blacklist is not a blacklist anymore, for instance PRSC/NAB use behavior patterns, which can be configured and are stored in a external table. Is this pattern a blacklist?

 

I don't like the Reboot & Restore method since I often install new programs and create new documents. I've got a method that always works for me. Antivirus and sandbox. If I got a suspicious program, I put it in a sandbox, with read only access to my C: drive and the registry, blocked access to my D: drive, and blocked access to the internet. If I see any suspicious activity, I delete the sandbox, and send the suspicious file for analysis. Usually after a while it becomes detected.

 

Not every, many, newbies come and go.

A good way to create peace of mind.

Go on... your system remains faster.

 

Let's stop the quoting of Freud here, man............what a lines.........very hard for me to follow and understand. I like to read direct things regarding AV programs, if possible?

 

This is true, but we must ensure that our other security is setup correct ie. IPTables, SSH keys, Apache etc. There are still security considerations even in this OS world, albeit a little different but they are still there. I have VBACL_Linux installed on all my *nix boxes for the occasional scan, mainly on the Windows partitions, Samba shares etc. So yes no RT AV is ok in Linux, but we still must be careful to not let some skiddy own our boxen.

 

A strong wall, indeed, Pete!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Meanwhile, back at the topic ---

 

A lot of funky things can happen between reboots while on line. I agree with having a strong firewall to accompany any virtual surfing. As far as having an antivirus, you never know exactly what is on that commercial DVD or friend's USB drive.

Just my opinion.

SourMilk out

 

I agree with Sour Milk on this one. A baddie can run quite a while undetected between reboots and by the time you do a reboot it may be too late. But with an AV or HIPS or some other method of detection, you can stop it from installing and doing any harm and then reboot to get rid of it.

 

agreed... and those who think easy restoration with tools like returnil make prevention a wasted effort are only thinking about intrusion and not extrusion (as has been described by various others in this thread)...

might be interesting to note that not too long ago yahoo was serving malware... the shallow end of the pool isn't necessarily completely safe, one can drown in only a couple of inches of water...

 

I can't imagine myself without an AV

 

I couldn't also, until I got tired of AV failing and decided to give it a try.
But "no AV" != "no security software"...

 

well, that's a matter of semantics... given the history of the AV industry's products, one could also say AV != scanners...

 

Well you're right.
AV's have become much more than just scanners. But the main feature is that they still rely on a blacklist scanner as their main protection feature.

The important thing here is that a clean result of an AV doesn't guarantee a clean file, so why bother at all?
They do have the advantage that you can identify a known bad file before any other choice has to be done, and this saves some time.
But for me the performance hit is not worth it.


BTW, I still use some AV's on demand, just to see if any file once considered clean is now known to be infected.

 

have become? always have been...

because a clean result from a scanner means that of all the threats in existence, most of them are absent from the system...

just because it's not perfect doesn't mean it's not worth it... don't let the great (but impossible) become the enemy of the good...

so in reality it's not scanners you're arguing against, it's just on-access scanning...

 

Hi peter,No broken record at all.It is the first I have seen of it and I must say clever indeed and looks to be rock solid.

 

AV is till the bread and butter of security applications to me.