What would be a good "No Antivirus" Windows set up?

My current PC with Windows XP was purchased in 2005 and although I have never installed any antivirus, I never got infected.

 

The problem with XP is it was developed BEFORE the "broadband to the home" explosion hit. It was also developed with support for legacy software and hardware having top priority because big business (Microsoft's biggest customer base - by far) demanded it. Those industries did not want retool all their IS/IT systems - again - as they had to moving from CP/M to DOS, then again to Windows 1.x to 3.x to W95/98.

If you recall, Microsoft wanted to include anti-virus code in XP. But they couldn't because Norton, McAfee, and the others whined and cried to Congress and the EU claiming Microsoft was trying to rule and monopolize the world. They were, but not the point.

The anti-malware industry claimed it was their job to thwart malware. So Congress and the EU threatened to breakup Microsoft, Ma Bell style, if they included anti-malware code in XP. So MS left it out.

But Norton, McAfee and the others failed miserably! Remember, they had (and have) no financial incentive to defeat the bad guys as that will put them out of business.

But who got blamed for their failure? Microsoft - even though it was the badguys who perpetrated the offenses and the anti-malware industry who failed to stop, or even hinder their proliferation.

Notice how now Congress, the EU and Norton have kept their mouths shut about Microsoft integrating anti-malware in W8 and W10? It is because they know they were wrong. Had MS been allowed to include anti-virus code in XP, it could have at least hindered the untethered advances of the bad guys and no doubt, we would not be in near as big as a security mess we are in now.

 

You have way above average technical skills to achieve this

 

Likely.
But today those who use W.10 have the advantage of the technical ability of others, so my personal benefit is canceled out.
Ergo, today with a modern OS even the average user can survive without AV like I did.
The antivirus has a reassuring effect on the psyche of the PC user that has roots in the past.

 

Except that running without an anti-malware solution is like driving around without insurance. You are gambling you will never need it. Even if the best defensive driver in the world, there is no guarantee you will never be involved in an accident that costs you in one form or another.

Do not assume you have avoided compromise all these years due purely to your own skills.

 

I suspect the reason you don't get it is probably because you're ascribing views to me that I don't hold and didn't express. A bit strange.

W10 has obviously improved security substantially over what used to be (and yes, I have lived through Windows from the outset). At no point did I get on the dreary Linux versus W10 bun-fight, although , Linux is obviously much more congenial from a licensing perspective when you run multiple instances.

The issues W10 has are associated with its history and popularity, and to an extent, its marketing. Because of the need for it to be backwards compatible, it retains some weaknesses that reflect that - and which can mostly be remediated with hardening through things like Hard Configurator - using standard operating systems functionality. You enumerate a cluster of 3rd party products that I said I'm avoiding, my only additional control is vmware which I use for lots of reasons- I might use Hyper-V if it had equivalent maturity.

MS has quite wrongly compromised security on the W10 Home edition, not supporting AppLocker, EFS or Bitlocker and now abandoning SRP. Of course, you can still use configurators like SSRP and HC, and 3rd party disk encryption, but it's obviously wrong for a big proportion of the 98% of the "normal users" you refer to. AppLocker is much easier to deal with than SRP, but guess what, that's Enterprise etc only.

MS has recognised the value of virtualisation because it's recently introduced facilities like WDAG and Protected Browsing or whatever they call it. Painful at this point, could be so much better, especially for naïve users. Likewise the partitioning for protected filestores (which Sandboxie does better, and Firejail does on Linux). Why has it taken so long to offer even something basic? It is presumably responding to user needs at any rate, if tardy as usual. And then there's the sandboxing for applications that have development and operating system support, which are painful for the developer and do not give the user any power to constrain what resources the application is going to end up with, which Sandboxie, Firejail and AppArmor and SELinux all do. Why can't I demand that my browser is enforced not to see my data files, am I supposed to trust the browser suppliers and what they've configured? I think not.

You previously mentioned user error, and that's obviously a problem with any system: if the user opens the doors to the invader, then you're compromised to an extent. That's the whole point of compartmentalisation, you limit the consequences of breach and the pain of remediation - whether this is system vulnerability or user error. VMs are certainly a good, mature and pragmatic way of doing that, and a reasonable option to offer the OP.

 

Ummm, you quoted me. Did you not see where I said I was speaking to the crowd? That is, not you specifically?

Well, that's your opinion and I don't agree with it. Neither do the facts because if Microsoft was wrong, there would be 10s or even 100s of millions of infected Windows 10 Home systems out there. But not happening.

 

I don't want to get the message across that it's better not to get AV.
I'm just saying that this component of the security configuration for some users is not as indispensable as for other users.

In my case it's really superfluous.

 

I have not depended on an AV for quite some time, 2008 , I believe it was.
Outside of brief testing now and then. Although I do rely on other security related software.
Going without an AV is not for everyone but I see no need here in the foreseeable future.

 

Going AV-less may be a good idea for advanced users who use the right securitiy-related software that suits their needs. Average Joe, however, should use a decent AV and firewall or a good anti-malware suite, coupled with a modern OS that is religiously kept up to date. Just my 2 cents.

 

Please note I said in post number 55 above, running "without an anti-malware solution" is like running without insurance. You are still suggesting users "use the right security-rated software". I'm not into splitting hairs here.

I also said earlier when referring to layers of security, there may be other users of the computer to consider - referring to those less experienced or less "security aware". Not all households have a separate computer for each user. I believe many here forget that or just assume every user has their own computer, and that nobody ever touches computers that don't belong to them.

Most experienced/advanced users are well disciplined, fine-tuned to suss out scams, spam, and malicious links. Having worked computer and network security for major "secure" networks for decades, I consider myself highly advanced and discipline in that area. But I sure cannot honestly claim I have never, ever accidently deleted a file I didn't want to delete or accidently click the wrong link. If anyone here claims they never ever, not even once (and once is all it takes to blow it), clicked on something they should not have or didn't mean to, then I will say they are not as experienced as they claim.

 

Yes, that's what I wrote. And I still think that the "right" security-related software does not necessarily always include an anti-malware solution.

Sure, as soon as there are other, less experienced users of the same computer, an AV-less computer should probably not be taken into consideration. I'm sure advanced/expert users are fully aware of it.

Same here. Even the most advanced user makes mistakes. However, this does not rule out an AV-less approach to security.

 

I ran sans antivirus for a good and peaceful six months. I used HitmanPro.Alert and VoodooShield along with a couple of on-demand scanners and a robust ad-blocker and another security extension with Firefox. It was wonderful...until Windows started sliding downhill and I ended up not with any malware but too many system errors for comfort. It was like a really early version, like 1607 or something.

I mean, if you know what you're doing, it's your machine and your choices. No one should dictate to you what you HAVE to do here.

I think it's sort of mandatory that Windows is bolstered by some antivirus though, esp Windows 10, otherwise the errors and nags may start piling up. As long as the product doesn't interfere with the function of the machine at any time, OK, fine. Defender is fine on here.

 

Hi Bill. I think you should open your mind up a little. If you do, you might realize that some of the people who don't use AV, quit using AV because one day they came to the conclusion that using AV it is not the right type of insurance. In other words, AV's fail sometimes. Sometimes they let something in. It is expected that something like that will happen. And then one day the user realizes that their are better ways to protect yourself and they go for it. Better technologies and security setups, give you better insurance.Thats what happened to me. Bill, with all the respect you deserve, you are wrong when you think that going without AV is like not having insurance when its actually the opposite. In my personal case, not using AV and instead using NoScript and Sandboxie, gives me better security and insurance than if I I was just using AV. You might not see it that way, but that is exactly the way it is for someone like myself. I being doing this for more than 10 years and I can compare to how it was for me before, when I used AV. It is night and day. Now, my security is clean and shiny like the morning sun, and yesterday it was ugly and cold, like a dark night. Fear was in the next click. Now, I can click whatever I want to click, and it is still shiny. Clean. Better insurance. More expensive? Maybe, needs more knowledge, but is like learning to use a bicycle. Once you learn, you don't forget and keep going..

Regarding the quote right above, I said this earlier. I can't be any clearer than that on how I feel about it:

Bo

 

Exactly, which is why many have recommended to the OP to use a form of system hardening, Sandboxie, etc, and browser hardening, such as NoScript or uBlockO. I like the fact that Defender in Windows 10 is so much better than previous, and that it's free, so I personally see no reason to exclude it from a PC security setup. It's better than nothing, although certainly not 100% foolproof, and as you mention they sometimes let something in, so they are not really insurance, but it will protect against the majority of threats. BTW, Defender is not just AV, it also has App & Browser control and Device security features built in to augment it. A prudent and PC security-aware individual will add other system and browser hardening measures to protect against occasional, even if rare, Antivirus fails.

 

FWIW, if I was to use an AV, I would use Windows defender. If I was to recommend an AV, I would recommend WD.

Yes, WD is not just an AV. Personally, I dont want any so I disable everything that comes with WD. I am not recommending this to anyone but in my view, I am safer because I am doing so. And not only safer, happier (this counts, too). In my first post, I mentioned some of the reasons why I dont use AV, but decided to Edit the part where I wrote (and i am going to say it here), I dont want to use them, I dont want to deal with scanners, or signatures and their updates. No need to. They annoy the hell out of me and my computer: The computer is healthier by not dealing with scanners. Relaxed. Cooler. I have more time to do what I like to do when I am in front of the computer. Is a better computer experience.

Bo

 

My mind is open - always has been. That is why I don't use the same security setup I used in years past.

But I feel there's a bit of tunnel vision here. Does a program have to be named anti-malware to be an anti-malware program? You have installed security programs that block and protect you from malware. Is that not then anti-malware?

I note almost all programs that call themselves anti-malware these days, including Microsoft Defender, don't just look for viruses, worms, Trojans, etc. by using signature/definition files like the old style AV programs did. Virtually all these programs today also do behavior analysis to look for malicious activity going on. In fact, most of the better programs, including Defender use behavior analysis as their primary weapon, and definition files as secondary - a necessary approach, IMO, in order to deal with zero-day threats.

Okay, my bad for taking the title of the thread literally. Maybe a tunnel vision approach was the intent. My feeling is if you are running security software to protect your computer from malicious software and malicious activity, then it is still anti-malware even if it does not have anti-malware (or anti-virus) in its name.

 

I took the title of the thread literally so on my pcs no WD (disabled) and no A/V.

 

Do you use any other software to improve security? I was thinking of going without real-time anti-malware but somehow can't make myself doing it (although I don't encounter malware).

 

I don't understand this. If it was that easy to always avoid encountering malware, no one would need security software.

There is always the possibility any legitimate site could be hacked and then the bad guys plant malware on it so the next time you visit, you encounter it.

Or your friend or coworker could become infected and then they send you an infected email.

There are many ways one might unknowingly encounter malware.

Maybe you should listen to that little voice that stopping you then.

 

Yes.

Sandboxie Plus to run almost every portable app I use.
Shadow Defender.
Secure Folders.
TinyWall.

That's it.

 

I just don't find it that easy to get infected.
Yes sites can get compromised but they would also need to serve some kind of zero day to exploit my browser since I wouldn't run or open anything I didn't intentionally download.
Even if my friend's or coworker's system got compromised they would either have to send me an infected attachment or link to follow. Neither would I open without email explaining me what it was in my native language.
IMO likelihood of encountering malware for me is really low and that's why my anti-malware software has nothing to do. It's just a safety net I use if I ever make mistake in future. Kind of last line of defence and not first for me.

 

Yes that seems quite secure. Do you still perform some on demand scans with OD scanner?