Anyone Else Not Running AV?

I use FD-ISR and that's it. Since I typically only run portable free apps from a separate hard drive, hardly anything actually gets installed in Windows 7 x64. If ANYTHING starts running that I didn't let, I'll notice the change of behavior immediately, and roll back to a snapshot (which rarely happens.)

As far as passwords go, the only ones I actually type are for worthless website accounts. The really important ones get hashed on-the-fly by PasswordMaker for Firefox by a hotkey.

Have ran this way for over 6 years and I'm not concerned where I go on the web.

 

You're crazy. Gotta at least have a Realtime AV O.O

KIS 2012 here presently.

 

So, am I crazy because I live my computer life in way that scares the pants off many here, or because I believe my brain is better equipped to prevent malware from being introduced to my computers in the first place?

Either way, does it really matter if the end result is the same as yours - no malware?

I decided long ago I had better things to do than fuss about whether my computers were tools used to accomplish jobs, or solely to run security software to protect themselves from themselves because "the sky is falling."

 

I do both .....

 

if surfing habit is good( like mine ) then there is no need for an AV.
just block its entrance with HIPS or AE softs..
daily 2 min manual scan with hitmanpro..

 

I dont feel that sandboxing & virtualization is enough. malware writers will use exploit kits to break out if enough people use sandboxies and if people dont use antivirus software the malware will survive on users systems for longer which means more spam and bot nets. i like the idea of antiv executable software but I would find it a chore to do updates and install new software.

 

Sandboxie pd. with either Private fire wall or Online Armor. On demand scans with MBAM and HMP. No real time AV.

 

On Linux: no AV (duh). Currently I do have Firefox in an AppArmor sandbox, plus I use Noscript. Not really doing anything about local code execution and/or privilege escalation, but Linux presents a small target profile.

(That said, I have been getting familiar with FreeBSD and OpenBSD lately. Oh, and I should be messing around with cgroup/OpenVZ/VServer jails. Some time!)

On Windows: generally I use a HIPS with executable control. If I do get infected, the HIPS will probably go bananas; and if the malware is advanced enough to slip in and make itself comfortable without ever being detected, chances are it would have done the same for an antivirus. I feel the HIPS offers the more complete solution for on-access stuff, whereas antiviruses are better for use with live CDs.

OTOH, HIPS (especially the EXE blocking kind) are a massive pain if you're compiling software on your Windows computer. So for machines used for software development, I guess blacklist-based security is necessary; after all you never know when someone will plug in an infected USB stick.

 

Couldn't agree more, although sandboxing & virtualization is not enough IMO it does play a valuable part in ones defense.
An AV is not needed in realtime unless one wants that type of solution but there are other options.
Personally I prefer HIPS and/or Anti Executable coupled alongside Sandboxing and/or Virtualization.

 

Hi LoneWolf,

I see you use DefenseWall together with Shadow Defender. As a SD user I would be very interested as to how you use these two apps.

Wendi

 

No AV here for a while. I use BZ Pro with some tweaks and my browser is either Google Chrome or Firefox 10 with noscript and something called Do Not Track Plus which I'm not sure is relevant to security. Anybody tracking my internet use would die of boredom.

I do have MBAM pro running but it's never found a thing. I'll occasionally run Emsisoft emergency kit.

And I've got a full backup image (Acronis) on an external drive that's up to date.

Bufferzone is my first line of defense. Through the years, it's never failed and an antivirus was just taking up space and having a pretty easy life, with nothing to do.

 

Malwarebytes on-demand is the only anti-malware application of any kind currently installed.
I rely heavily on Sandboxie (free), Keyscrambler (free), WinPatrol Plus, and I just added Mailwasher (free). Also installed is Comodo Time Machine (version 2.6).
No known malware over the past fifteen or so months.
My OS is XP SP-2. I'm playing around with Chrome 17.0.963.46 but mostly, I use IE 8.

 

Absolutely 100% agree with you. Well said Mrk
All AV's based on blacklists mechanism are outdated these days.
I haven't run an AV for years.

 

Hi Wendi,

Hope this help:
http://gladiator-antivirus.com/forum/index.php?s=&showtopic=95426&view=findpost&p=242865

 

Yeah, until about two weeks ago

Nothing heavy. I just like what WSA AV offers. Not so much for browsing, just for stuff outside Sandboxie. It's the lightest thing I've come across real-time.

 

Hi Creer

Thanks for the link. I just read it, but find it confusing. Could you please break-down what one should know about using SD with DW (or visa versa)?

Wendi

PS. I just use SD to protect my C-partition (while surfing the net).

 

Hi Wendi,
Shadow Defender active and in shadowmode about 99.9% of the time.
DefenseWall protecting against anything harmful between reboots.
If I "Commit" something to my real system it goes in a separate folder on my desktop which is marked untrusted so after "Commiting" it remains under the strict policy restriction of DefenseWall unless I choose otherwise.

 

I've considered SD a few times. My guess, it's probably lighter than BZ which I now use. Unfortunately, considering the current situation, I'm hesitant to pay money for the 'real' SD and maybe never get a license. I guess I missed the boat on that one.

 

By themselves, each security measure is flawed, whether it's using an AV, a sandbox, anti-executable, etc. Something might escape a sandbox or virtual system. An AV might miss the same thing. The user might fall for social engineering and make an exception to something an AE blocks. If you base your decisions on these "worst case" scenarios, you'll rule out every option.

 

Thanks for your reply. It looks as if those two are the only security apps running in real-time on your system; is that right?

 

At the moment, yes.
I like to test out different setups now and then.
Although this combo is one of my favorites.

 

I bought my SD license just a month ago (after running the trial for 2 weeks). Paying with MC I felt protected (in case I didn't receive a working key). I got my license inside of 24 hours, so if you really want SD I don't think you missed the boat.

Wendi

 

IMO it is a matter of working situations, for a savvy user with a rational layered defense, lots of time available, rarely downloading any suspicious files an AV/AM with active guard isn't necessary (although most people would rely on a scanner of sort at times).

For the user who has his machine in a working environment, with third party flash drives, USB drives, CDs ROMs being continuously plugged in, an AV/AM real time not only it is desirable but it'll save a lot of time.

There is a third category, the majority of users, the ones who couldn't care less about any security knowledge, like ronjor mentioned an AV/AM real time is still their best option.

At the moment I'm not interacting with other people in my job therefore I have disabled Avira's guard, and use it occasionally as a scanner.

 

First - I don't remember when last time I had installed SD on my PC.
But anyway I will try to explain you how it can works together with DW.

Keep in mind that SD and DW can be separately running without any issue, but problem begins when you have more than one partition and during shadow session you move files from shadow partition/disk into other non shadowed partition/disk.
All DW data about which file should be untrusted or trusted are stored on main system partition, so they are also "shadowed" and after restart - all data regards to previous shadow session are gone.

In other words, if you downloaded file: "software.exe" and this file had been saved into shadowed partition or another one non shadowed - DW marks it as Untrusted. So far everything is good, but when you restart your machine software.exe will be Trusted since all data in shadowed partition gone during restart. And no matter if this file was in folder which previously you've added to exception/exclusion SD list because it's not about SD config but about DW stored data about all files on your computer.

To avoid this situation the best what you can do is to create separate folder and before you hit the shadow mode session mark entire folder in DW as Untrusted. So no matter if this folder will be on shadowed system partition (in this case you have to also add this folder to exclusion list in SD) or other non shadowed partitions – all files within this folder will be Untrusted during shadow session and but also when you exit from shadow mode.