I've now completed a year of running my Windows 10 Pro box without any real time AV. Disabled defender and use ReHIPS and run monthly on demand scans of MBAM and ESET. It operates as my NAS/KODI box and front room browser (TV as monitor) and makes me wonder if we're all subject to scaremongering after all. I do stray from the clearly marked 'internet' paths from time to time with a Avast's protected safezone browser, with ReHIPS just in case but clean as a whistle, food for thought maybe?! Are we really in as much danger as AV companies want to us think, is it from viruses or more drive-bys and malware? Are signature based AV's days now numbered cos the offerings are getting larger, more bloated with more and more add-ons we're told/sold we need, do we, REALLY
My experience over many years is that if you keep Windows and vulnerable software (e.g. browsers) updated and are not click happy, it is extremely hard to get infected. I believe that the only times I've got infected when using an updated computer are when I've manually opened an infected file.
AV are for people downloading a lot of files - especially binary programs, but malware can be also written in scripting languages and macros. Especially those who don't have much knowledge about computers and malware or those whose work requirements exposes them to malware - for example work requires them to open a lot of files from strangers every day. Drive-by attack nowadays are greatly mitigated by keeping browser up-to-date and browser built-in sandboxes. Conscious users can use extensions such as NoScript or uMatrix to further secure their browser. Server are significantly different use case. For servers greatest risk is misconfiguration, vulnerabilities in programs listening on TCP, UDP ports or in the OS itself. On servers use programs (servers) with support in case of discovery of vulnerabilities (security updates) with proven record of low number of vulnerabilities, sandbox those programs (i.e. Linux's Apparmor os SELinux), use firewall for logging network connections and block port scanning and tiny DDoS attacks, use logging and alerting by mail to catch unexpected file operations. You use case is actually some hybrid of desktop and server.
That's a good idea. But even without any kind of blocking, I believe the chance of getting infected is very slim. At least, that has been my experience. I don't recommend that others do it, but I do not feel particularly vulnerable, even when using no security software.
Exactly, I would not advice it to anyone, but if asked, then, yes it is possible, but it heavily depends on the user (setup and common sense). I can not even imagine running AV, I just do not see any reason to, I have not used one since XP. I was running XP customized with nlite with no AV, no firewall and no updates for a year, using just IE7 and not a single infection.
Running only with free Voodooshield but always use Acronis backup just in case. Everything seems to run smoother and faster with no AV. Having said that, safe browsing is the motto here.
it's not only malware that you want to be wary of - one of our hosting customers was successfully spear-phished - I've been trying to advise him for years on anti-malware and he's been happy with freebies based on his "tech guy" - guess what - that URL was already blocked both by ESET and by Google DNS, on first click he would have been blocked. Yes, this is a very smart owner of a multi-million dollar pharmaceuticals company and he gave his email + password up in a spear-phishing scam. You seriously cannot believe that people fall for this, but now I actually know someone who did. https://i.imgur.com/KtabVza.png
I would ask those who say they run their systems without security software and have been free of infection, how do you know your system is malware free when obviously, well designed malware should operate without the user noticing it?
@RockLobster When I have not used any realtime protection, I have used scanners such as Malwarebytes for occasional on demand scans.
I do not even bother scanning, because I know, that it is impossible to get infected, unless I would run exe myself. Malware has a pretty basic design: 1. download - 2. run scripts to create a startup entry ot a scheduler task to get admin rights - 3. run as admin and then all the hell breaks loose. Step 1 is harmless, my browser/firewall blocks some at 1 and my tweaks block it at 2. Still it is pretty hard get infected even with normal settings, 10 is pretty secure. 99% malware gets into the computer via a browser or via HTML emails, so securing the browser is the key. I have installed AV on mom's computer just in case, she would run something. Most malware has way of manifesting itself. There are not that many well hidden, like fileless malware or rootkits.
Tech guy does not used 2FA for email? It's scary. I am doing it too and in most cases I would probably be alerted by ReHIPS something is going on. In Gnu/Linux or OpenBSD case manual inspection.
