@noone_particular The exploitation that I was alluding actually was about the execution manipulation in which the malware is designed to trick the AV to run the executable and the user here is not involved at all. But indeed, all "deep" security software can, ironically, be the threat-gate that can be very fatal if the attackers managed to exploit them. But then again, we already have the OS itself to worry about.
I remember reading about that, malicious code that executes when the AV parses the file. I don't see any way that SRP or a classic HIPS could prevent that and still allow the AV to examine the file without knowing exactly how the AV works. With most of the being closed source, that's not possible.
I remember that also. So it could, in theory, be safer to not run a virus scan as administrator. Hitman pro requires admin rights but I know some can be run as regular user.
"WSA" = Webroot SecureAnywhere AntiVirus ? .. How would you know, that it's not killing the drive btw. :-0 P.S. A little bit contradictory, that whole post.. Today there is virus, that can self-replicate when it runs into a scanner / cleaner; that can obfuscate and survive (along with many other methods). An antivirus might soon need to be a part of the system, if not the kernel itself (if not ROM, even!), in order to be effective - and not just integrated (Services, or whatever) .. Sorz for not providing any links, or reference! Just being lazy, no other reason!! (but I can see it's been mentioned in the thread) =)
I don't see any contradiction. You just spelled out one of the reason, malicious code that can be executed by the AV itself, checking the file. An AV will attempt to open every file that appears on your system, regardless of how it got there. Every file that turns up in the browser cache, temp folders, etc. Combine that behavior with browsers prefetching the links on pages. They're just like 100% effective social engineering, except that most AVs have root access.Just drop the file and the AV will open it. Most users know better and are warned against that kind of behavior. Others will not agree with this point, but that's fine. The only real difference between an installed security application and one that comes with the operating system is whose name is on the files. For all practical purposes, once an app is installed, it is part of the operating system.
No real time; MBAM and HitmanPro on demand only. (I added back NoScript to Palemoon just in case Bo was checking my signature)
if one checks every downloads that is not from a reputable source with an on-demand scanners then the only thing to worry about are email attachments. i used to worry about drive-by malware but those seem to be a thing of the past. especially with Chrome and its sandbox. the only thing then that one has to worry about are email attachments. i get those at least once a month. i know they are malware because i never purchased airplane tickets or the like. in fact, i'd rather jump out of an airplane with a parachute than fly in one. so it seems to me email attachments are really the thing to watch out for. though Outlook/Hotmail do a pretty good job at blocking most of them, but not all.
Moontan, I don't worry about emails or email attachments, all I do is run them sandboxed (Sandboxie) and that's it. You can do the same. The only time really that I have to be extra careful is if I install something new in my real system or during the rare occasions when I run something out of the sandbox. Bo
i have an allergy to security software. anyway, i use IE with 64 bits Enhanced Protection Mode to check my emails . so i guess it's sandboxed in a way. i use IE for checking my emails and online transactions only. i could always use Chrome but i use that for regular surfing. i never open those dubious attachments but it certainly could be a major problem for the Joes and Janes Average of the world. thankfully, us Wilderites know better. depending on how inebriated we are at any given moment! lol
I run downloads through VirusTotal before opening them. I barely use e-mail at all. Even so, I have SSM rules for the e-mail folders that block all executables from running from those folders.
On the laptop I'm using now, which I did a clean install of Windows 7 on, I have no security software of any kind installed, and have Windows Defender disabled too. I disable Windows Defender for good on all my laptops at the first case of high CPU usage from it. Maybe, in time, if I decide to keep this laptop I will install an AV with real time protection. I do have Windows Firewall enabled, as well as UAC. This is the first laptop I've not disabled UAC on it, as it something I really hate. However while I usually install and uninstall software as often as seven days a week, I intend to install very few programs on this laptop to help keep Windows running fast and error free. So, I shouldn't be seeing many UAC prompts at all - and in this case I can live with them.
if you scan all downloads with an on-demand scanner like Hitman Pro and/or VirusTotal and don't open suspicious email attachments then a real-time antivirus is not needed, imo. if you have a house full of teenagers it might be another story but if you are the sole user of your computer then a real-time AV is not only overkill but a waste of system resources as well.
I don't ever open suspicious email attachments. I rarely even use my email account. I am not scanning any downloads at the moment. But, I have very few programs installed, and won't be installing much more, and I am careful about what I download. No, it's just me, and yes I agree about the waste of system resources, and somewhat agree with the overkill bit, as sometimes an AV is useful.
Today every email provider scan emails and attachments and some browsers even scan downloads, so there is not even a need for any on-demand scanning. Not to mention, that DNS blocks download request from malicious pages, so if a possible trojan wants to download something from a blacklisted page, it will fail.
right you are! Outlook.com does a pretty good job of filtering out the bad stuff and IE 11 scans everything I download. same here, I very rarely use things like Hitman Pro and VirusTotal as I don't install much stuff anyway.
It`s on those rare occasions that Sandboxie comes into it`s own as I once found out. It was a free av package and I only wanted to see which av engine it was using so I opened it and the thing went ballistic.Trying to open internet connections, access protected system files and replicate all over the place. Thanks to the right click and "run sandboxed" all was well and my curiosity was cured for good.
