Finally ditched the AV

and it's great. My PC feels like it has had a new lease of life. Sandboxie and OA Free are running light as feather and my old PC is as quick as lightening. I do not feel at all vulnerable. After a few tests there is no browsing debris at all. I think that i've finally found a setup thats a keeper.

 

so you are, I guess, using the HIPS party of OA to check your email for nasties. Or did you Sandbox your email program ? But doing that will cause you to lose any email that arrived while Sandbox.

 

I only ever check my email online through webmail and they are all scanned by my ISP. Any attachments that I need to download I'll also scan. But to be honest, it's very rare for me to have to open attachments or keep mail.

 

good deal, you are on the money.

 

I use two programs to check and get emails. POP Peeper with IMAP and if there is something intresting and valuable to save I use Popcorn with POP3. I don't like to keep my emails on ISP. Both programs are sandboxed.

 

AV's in my opinion have nearly if not already reached their full potential save some addition of HIP like features. Maybe next to keep them afloat will be a form of sandboxing too. I always was awestruck at the sensitivity AV's exhibited when simply scrolling past a databased file to alert to before a user even had chance to reach it, in that, their approach is an advanced method but that requires the AV IMO to take a complete inventory of the system's files beforehand, and maybe not, either way the very makeup of AV's require a lot of resources to draw on and for many that translated to trading off some performance they normally would enjoy without it.

I will never completely discount or recommend dismissing AV's completely for the masses, but since the introduction of HIPS/Sandboxing etc. the odds have steadily grown in favor of a new approach that doesn't need to rely solely on blacklists but rather whitelists.

Although i have a reasonable history of malware researching under my belt, my thoughts go back to before when all i had to depend on was AV's, and they at times missed intrusions completely. On the other hand, with the onset of HIPS + Sandboxes the percentages have overtaken AV's by a very wide margin and as such the anxiety level has fallen to single digits.

New ideas have lead to even newer innovations & more dependable measures from which to take confidence in. It's my belief that HIPS has turned the corner on malware and equally proven to turn back forced intrusions and disappointed the designs formerly enjoyed by malware/virus writers and now is put them squarely on the defensive while HIPS/Sandbox users have finally broken free from their once iron grip.

 

totally agree. The key will be it make one as close to idiot proof as possible. Most AVs are, with the infamous command "delete". When they can accomplish this, and some actually do, the masses will start to notice.

Mine is pretty much "trjam" proof.

 

Traditional AV's will always be around I feel. They make too much money i'm afraid. Norton is a prime example of a brilliantly marketed product. The vast majority of people I know have only heard of Norton and McAfee and have no idea other technologies and products exist. They've been brainwashed. Even now when I tell friends to ditch the £40 a year bloated suites and let me build them a user friendly, light, free suite they go and completely ignore me and shell out the £'s. Unfortunately the likes of sandboxie and other fantastic software will only become known when the likes of Symantec buy them out and incorperate them into their suites.
Thankfully I am no longer such a noob and my old box and my wallet are all the better for it.

 

Those statements hit the nail squarely on the head. It's a common mindset & misconception of the population of users in general that all they need is a Norton's or McAfee etc and away they go, then back they come complaining of issues. It's an endless cycle that not entirely the buyers fault, they are easily lead astray and convinced because of many factors which of one is their work schedule. They just want to turn on their computer and go to town and with strickly AV's affording them their blind confidence, they will a majority of the time often venture into unchartered territory or else open up a laced email to click it that even their AV can do nothing more than issue an alert. That doesn't keep other malware files from making use of IE's security holes to flood their PC's full of problems that either seize up AV's or drop deep under the av's radar.

 

Oh, I think AVs and suites will be around for a very long time. The key will be that over time, that are not as "Traditional ". Which is already happening.

It seems like it is the goal of some to dump the evil AV.The unreliable and endless scanning AV. Personally, I lkie the damn technology, but hey, thats just me.

 

Not necessarily so,i run my mailreader not sandboxed,is there some suspicious attachment i shutdown and open my mailreader sandboxed and check it,if its no good then delete content[set to automatic]Open again unsandboxed and delete message.

 

yes, that will work.

I guess the one that haunts me is my sister sent me a email, hey sister, safe right? Wrong. Opened it up of a picture of the horse they had just bought and Avira went "Zap". So, I guess it still is left up to our judgement and hopefully it is good. Mine isnt, so thus AV chain and ball method for me.

 

Whatever you like.

 

Did you uninstall the A/V or go as far as a format and OS reinstall? If you didn't format, some day when you feel like it, I wholeheartedly recco it. I have XP and I just can’t wait for the SP3 final - then its format time. haha

 

I reinstalled XP the other day funnily enough. I just couldn't decide on the AV that I wanted and thought stuff it, lets try a different approach. Glad I did.

 

This probably captures it better than the title - try an alternate approach.

A monolithic universal solution simply doesn't exist and there are plenty of distinct approaches a user can follow. Some have an active AV, some don't.

In any event, it's always a useful experiment to run

Blue

 

The thing about today's AVs is ... heuristics. All of the top tier AVs except Avast have superb emulator-heuristics. That makes them much much more than simply blacklist checkers. Nor is that sort of protection provided by any HIPS I know of.

The *best* security app is an imaging program, such as Image for Windows/DOS. However, the newest breed of malware is increasingly sneaky. Therefore, when riding bareback, one might not know of an infection right away. So.... until how far back does one retain images? One month? 6 months? Or....?

Such being the case, IMO a good emulator-heuristics AV program still is needed. Therefore -- if one is paranoid &/or a high risk surfer -- I would go with AV (one with good heuristics) PLUS --- HIPS+imager+SPI router+sandbox.

 

You don't have to lose messages you want to keep. It is possible to Save as... then Sandboxie will alert on the option to recover to the folder you choose or even a different one.

I remember the virus database signature count in the late 90's was in the ~ 50k range. Now it's ~ 500k, at least by Kaspersky's numbers! Indeed, it looks as though there has to be a better method than antivirus using a blacklist + heuristics, or at least something else to support it such as sandboxing or HIPS.

 

LOL, I am also waiting on XP SP3 before I cleanup house.

I dumped my AV's also but, not for Sandboxie (instaled) or OA Free (not installed). I opted for the suite approach as in Outpost Security Suite.

 

The suite approach basically is the AV approach.

 

Of course it is, however, I still ditched the anti-virus, along with the rest of the anti-stuff I had installed and now only use the suite. All with similar results as the original poster.

 

Why is the AV percieived as the bad guy. The one that I spend my life trying to get rid of. Hell, firewalls are not perfect but yet I dont see them being targeted as modules that must be done away with. Anti spam fits this bill to.

 

AVs aren't the bad guy. They're more like black boxes.

 

blackbox is usefull in the aftermath of a crash as opposed to AV who are made to prevent that !

 

I absolutely agree with what you said. You can extend the argument further with users of Word, Excel, Acrobat, and the IE browser. This is all they are aware of given that many computers are preloaded with software when they are purchased. Many new purchasers are novice computer users. Try preloading HIPS and any other fancy and more technical security software on their system. Personally, if the first thing that occurred when I first set up my system and dialed out was slew of cryptic pop up messages, my reaction would be "WTF is all of this ****?" If I am going to have to delve into some kind of thick manual to try to figure out the entire universe of pop up messages and their meanings after I just got the system, I would end up either clicking 'yes' to everything or shutting the system down.