The thread for people who do NOT use resident AV

Discussion in 'other anti-malware software' started by flatfly, Apr 23, 2016.

  1. flatfly

    flatfly Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    71
    I haven't used a resident antivirus on my main PC for more than 10 years, as I believe it is NOT good practice for security-conscious power users, and can even give a false sense of security.
    I use a solid defense-in-depth strategy instead. In those 10 years I've never been infected.

    Are there others who take the same approach? If so, what is your no-AV security setup?
     
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
    No AV for many years either. My security setup - no matter the O/S - is focused primarily on the browser, usually bolstered with a sandbox of some sort. The rest of it is a firewall and whatever I can utilize in the O/S. Of course with email it's mainly common sense and controlling active content, although I use mostly web mail anyways.
     
  3. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,887
    Location:
    Stockholm Sweden
    I log in as a standard user and use the free "Simple Software Policy" to get SRP on my home verision of windows 10. I used to have intrusion detection software but found out they were overkill and annoying. Computing life is much faster and simpler since I skipped the extra software.
     
  4. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    I still think a regular scan is advisable; say daily or at the weekend just in case.

    I dont have a realtime AV just hitmanpro and MBAM popping up on a once a day schedule to do a scan then quit.

    Set up is in the signature of deskstop XP
     
  5. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,099
    Location:
    Hawaii
    I have Avast loaded but I use it on-demand ONLY.
    • I image my system disk to a flash drive at least weekly, & retain 4 months of images.
    • 3 or 4 times/week I use various ones of 5 on-demand programs to detect bad stuff: Avast, Zemana Anti-malware, MBAM, Hitman, File integrity checker (AdInf).
    • I use just 3 real-time programs: Firewall w/behavior blocking, Anti-execution (EXE Radar Pro), Malwarebytes Anti-Exploit
     
  6. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    No realtime AV; occasional on-demand scans using HitmanPro and MBAM.

    I prefer to rely on containment by policy restriction (AppGuard) and isolation (Shadow Defender).
     
  7. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    511
    Location:
    Earth .... occasionally
    Regular backups that I can trust to reliably restore my system ( I use Macrium Reflect).
    .... I always disable wi-fi before any backup drives are connected ( overly cautious maybe ? )

    Don't use Windows as Admin , or Linux as root.

    Anything I'm uncertain about gets run in a VM.

    A couple of on-demand scanners ....
    .... and that's it for me .
     
    Last edited: Apr 23, 2016
  8. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I use antivirus software on all my computers. In my case, it does not give me a false sense of security, because I never depend on antivirus software to protect me. I never launch suspicious executables. So, rather then depending on antivirus software to stop me from downloading or running malware, I have enough common sense to actually not download or launch potentially suspicious files in the first place. As a result, the two most important features in any antivirus I use, are that it has as close to zero system impact as possible, and that it can prompt for action when a threat is found, rather than automatically quarantining it. These two things are much more important to me than the detection rate of the antivirus.

    I can run my computers as an administator, with UAC disabled, no security software installed (not even Windows Defender), and absolutely no measures in place to harden my systems or make them more secure, and be confident that the chance of getting infected is close to zero.
     
    Last edited: Apr 23, 2016
  9. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,189
    Location:
    Among the gum trees
    The programs I use are only really for an alerting system. If I somehow get infected I'll just restore my machine/s from a clean image backup.
     
  10. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    Just sandboxie and wfc, nothing else.
     
  11. hjlbx

    hjlbx Guest

    Complicated security config is not necessary.

    LUA, reduce attack surface, OS tweaks, AppGuard, ReHIPS, Sandboxie, Shadow Defender, etc - there are any number of simple ways to protect system.

    Lots of talk about nation-state grade malware on forums that a user will never face.

    I prefer AppGuard and ad-blocker or ReHIPS and ad-blocker.

    I disable Windows Defender and just use an occasional Malicious Removal Tool scan.
     
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Yes. :)

    In late 2008 I learned that there were available security programs that were better designed to prevent getting infected. This security programs did not require the updating of virus signatures. Among this programs was Sandboxie. And by sheer luck or instinct, I tried it almost right away. I liked what I read and it made sense to me. After using SBIE for 6 months, I was totally convinced that the program works and it was perfect for me. Seven years later, nothing has changed.

    And eventually in Dec 2010, I stopped using real time antiviruses and one year later, I did the same with on demand scanners. By that time, doing scans were rarer and rarer and had become boring and a waste of time.

    I owe the quality of my computing experience to Sandboxie. It went from one of a guy that used to get infected once or twice a year to none. For me, infections is like they don't exist. At the same time I discovered SBIE, I also discovered NoScript. When I first installed it, unlike SBIE, it didn't make any sense and I didn't try to make sense of it. But eventually, one day all of the sudden, it went click. I owe NoScript for the quality of my browsing experience. While for some people, using NoScript breaks their internet, for me its totally the opposite, it is what makes the internet enjoyable. And at the same time, also safer because it blocks potential malicious JS. So, in a way, NoScript blocks and Sandboxie contains.

    Basically all programs and files that run in my computers run sandboxed all the time. There are exceptions but this are rare. So, whenever I am using the computer running something, its running sandboxed. Thats really the bottom line.

    Part of my strategy is to install as few programs as possible. And only install what you are going to use on a regular basis. And the same with plugins, extensions. I avoid installing this things as much as possible. If I require it on regular basis, thats the one reason to install it. Otherwise, I don't install it at all or I install it in a sandbox temporarily, use it and delete the sandbox.

    And another thing. Some people think they are safer using 5, 10, 15, programs for security. I am the opposite. I believe that by only using one really good program, I am avoiding any potential conflict with another program that at the worst of times, it can water down Sandboxies protection and help the malware escape the sandbox. If I get attacked, I want SBIE at its best. That below is exactly what I want to avoid. :)

    https://www.youtube.com/watch?v=fhfTD26NL6Q

    Bo
     
  13. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,417
    Location:
    Slovakia
    Several years without any security software as well, no AV or a firewall, no ondemand scans either, they are just too bothersome and unnecessary.
    My signature says it all: UAC at max, OpenDNS, a sandboxed browser with blocked flash and cookies, disabled WSH and removed powershell.
    Turning off computer with my bat file, which removes various startup items and reset settings plus running CCleaner (a great security tool).

    Same here, the more security people run, the more vulnerable they get, because security software run with system rights.
    Security vulnerabilities in security software are common and gaining access to the OS through them is well documented.
     
  14. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    456
    Location:
    England
    Casual on-demand scans with Zevera, MBAM & HMP.

    I believe the biggest threat is the browser, so that`s locked down (settings & addons) in combination with HMPA realtime and WFC to control outgoing.

    AX64 (and secondarily Macrium) for when any issues do occur....as yet, nothing has.
     
  15. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    I have not used an antivirus software on my linux computer for close to 2 years now.Dont feel its needed.
     
  16. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Haven't run an active AV since November 2015.

    I did have an issue that was classed as malware, but that was related to my anonymity; bank and gov had no clue who I was, where I was, what I was and kept on telling me I was infected whenever I logged in. This was fixed after whitelisting my bank and a couple of the gov subscriptions I have in Random Agent Spoofer addon for Firefox (also use Better Privacy, Canvas Blocker, Change Referrer, Request Policy Continued).

    I do have EEK, MBAM (hold a premium licence but run as free... can't be bothered with the automated update checks every 30-40 minutes) & Stinger for on-demand. These are run before I make a backup as a just in case.
     
    Last edited: Apr 24, 2016
  17. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,500
    Location:
    .
    No resident-AV, here, too.

    *Sandboxie, UAC (Max), and LUA.
    *WOT & uBlock Origin.
    *KeyScrambler Premium.
    *Imaging.
    *Various on-Demand Scanners to check.
     
  18. Since Vista using build-in only
    • Set Windows Firewall to block outbound by default (disable risk-ware)
    • Enable UAC to block elevation of unsigned and disable UAC installer detection
    • Set a ACL deny file execute/traverse folder for Everyone on internet facing folders
    • Set Software Restriction Policy default level basic user with Symantec tweak for MSI
      ( block execution in user folders, allow run as admin to install/update software)
    Since Windows 7 refined to
    • Adding EMET for Office 2007 (using ASR to block vb/javascript, flash, dotNet)
    • Limiting installed programs to ASLR enabled programs only (including DLL's)
    Since Windows 8.1 added
    • Smartscreen on the desktop (requiring admin consent to discard execution block)
    • Set UAC to prompt for credentials (using elevated task-trick for a few programs)
    Since Windows 10 using
    • AppContainer OS-sandbox for all internet facing programs (Apps & Chrome)
    • Bought a Windows Lumia phone to sync Mail & Calendar via outlook.com
      (de-installed Internet Explorer, Windows Media Player and Outlook 2007
    Since Memprotect using
     
    Last edited by a moderator: Apr 25, 2016
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I would love to use a non-bloated and privacy respecting AV, but they seem to be non-existent since 2008, so that's why I stopped using AV's. I still use VirusTotal, even though advanced malware can easily bypass detection. But I noticed that most of the time, VT can detect mainstream malware. But anyway, for protection I rely on anti-exe, HIPS and sandboxing, combined with common sense.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    It depends a bit, I believe SBIE is not enough, I would always combine it with HIPS and anti-exe, because SBIE doesn't block all app behaviors when they run sandboxed. Of course you can harden SBIE, but it's too much work for me. But if you know what you're doing, then SBIE might be enough, it all depends on preferences.
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    ^This is my same practice and it stays now.

    Last year I added 360IS and don't ya know it? I was visited by mr crypto and he made quite the splash (and a lot of work for me)

    Never AV again PERIOD! Before tampering with my security by trying an AV my system was patrolled and controlled with a great Classical HIPS which also was the absolute best PC protection I ever experienced!
     
  22. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,334
    Location:
    Italy

    Me too.:thumb:
    Including my PC (XP)
     
  23. hjlbx

    hjlbx Guest

    10-layered security config is not necessary.

    All these reports online of this or that, Stuxnet, Dridex, Zeus, etc, etc. It serves no purpose other than to scare the hell out of people and, in turn, they adopt an "I'll-build-an-impenetrable-IT-fortress" mentality and just get themselves in to trouble.

    Typical users don't moderate their online behaviors - so nothing will prevent an infection in such cases.

    It amazes me that something as simple as AppGaurd + Adguard will protect a system over the long term - IF one reduces attack surface and adheres to common-sense safe online practices.
     
  24. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    162,650
    Location:
    Texas
  25. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I've used resident AV on and off over couple of past years. I don't feel much safer when I use one. On one hand it could block something malicious or stop me from my bad judgement, but on other hand it could also make problems with false positives or other incompatibilities. So I have to decide which scenario of those two is more likely to happen.
    Now I use combination of hardening (system and programs), updating, execution control and backup.
    I agree with OP: security conscious power users don't need resident AV to protect their systems. They can take control over security in their own hands. Those that don't have enough knowledge can leave control over security to AV vendor. They still have to practice safe computing. Otherwise even AV company won't be able to protect them against themselves.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.