A/V vs. Virutalization

Discussion in 'other anti-virus software' started by RollingThunder, Jan 27, 2014.

Thread Status:
Not open for further replies.
  1. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    I am considering abandoning Anti Virus software completely. When I read privacy agreements such as Avast I am becoming concerned. It bothers me being tracked to that level. I am interested in input regarding running without A/V software in favor of destop visualization products such as Shadow Defender and Toolwiz Time freeze. Your input is valued. Thank you
     
  2. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    They do different things.

    Light virtualization do not aim at detecting/preventing malware. It focuses on getting back to a clean state each reboot. During that time frame, malware gets free reign. Banking malware is your biggest enemy here. Rogueware...well it gets flushed away. You get the idea.

    Depending on your risk analysis, you might find that sufficient. Or not. Then you decide whether LV can stand on its own or if you need to complement it with something else.

    As for AV and privacy, we have heated discussions on the subject before. You will not get full consensus among Wilders members.

    Each of us has our comfort level as to where/when something crosses the line. Trust is subjective and more often than not an emotional decision rather than a rational one. Not to say logic does not count. Just that my logic may oppose your logic. Who is right? I don't know. Ask the lady...she might have a different view.
     
  3. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Agree with safeguy. If you want to go AV less with Virt then you'll have to add some additional safeguards. Namely like a policy restriction or Anti-exe. You could easily do Shadowdefender, Appguard and sandboxie. Virtualization keeps your system clean, Appguard restricts things while virtualized and sandboxie protects your browser if configured properly. Other than that you can add an anti-exe like NoVirusThanks ERP or Voodooshield. There are other options like Comodo firewall that has HIPS and autosandbox. I'm sure some other members have some additional input for you as well.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,046
    If you want to run AV less, a good combo is OA, SBIE, NVT ERP and Appguard.

    I run OA with the HIPS off as the pop ups bother me and with ERP and Appguard it is unnecessary.

    More and more I am learning that Appguard is one tough cookie.

    Pete
     
  5. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I agree with everything the previous posters have said. Virtualization on its own is not enough. It should be combined with anti-exe and/or policy restriction.
     
  6. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    Please describe the policy restrictions you are talking about.

     
  7. guest

    guest Guest

    Software like AppGuard or DefenseWall I believe. Basically security software which decide what programs can do and what programs can't do according to the user's configuration, predefined rules, or a combination of both.

    Personally, if I'm already using a policy-restriction program then I wouldn't need an LV software. But that's just me.
     
  8. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Anything that involves restricting the behaviour of running applications to prevent them from being exploited by malware to compromise the system or steal data.

    Policy restriction programs such as AppGuard and DefenseWall split applications into two catagories: trusted and untrusted. Untrusted applications are subjected to a set of runtime restrictions, where the policy is predefined by the vendor, although some user customisation is available.

    Sandboxie too has policy restriction features that can optionally be used to control and limit what sandboxed applications are allowed to do.

    Information on each of these programs is readily available as to what policy restriction features they provide.

    EDIT: GrafZeppelin beat me to it while I was composing my reply. :)
     
  9. guest

    guest Guest

    @pegr

    You explained it better though. :p
     
  10. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    What confused me is when you said group policy the MS Group Policy Editor came to mind (gpedit.msc).

     
  11. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    Hi, another possibility is perhaps Sandboxie or Shadow Defender or both and use 2 scanners to check for downloads ex: Malwarebyte AntiMalware and HitmanPro (HitmanPro is a pure scanner, MBAM can be used on demand).
     
  12. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I don't recall mentioning MS group policy. The policy I was referring to is the vendor-defined policy that comes with a policy restriction program such as AppGuard or DefenseWall.
     
  13. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    That might cover downloads deliberately initiated by user action; but it wouldn't cover things like: drive-by downloads, exploits of the memory space of running applications via malicous code embedded within data that the applications load, programs run from infected USB devices, etc.

    Real-time blocking is capable of covering all entry points, probably with greater efficiency than relying solely on blacklisting, which by its nature is hit-and-miss. On-demand scanning coupled with real-time blocking is an option though.
     
  14. Prole

    Prole Registered Member

    Joined:
    Feb 2, 2011
    Posts:
    36
    FYI - for the past 2 years I've been running Sandboxie (8 boxes with restrictions) - PandaCloud Free - and WinPatrol Free.
    I'm very happy with this setup.

    Every once and awhile I'll run Malwarebytes/Hitmanpro/SuperAntiSpyware and I've never found anything.
     
  15. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    I would be interested to find out what uses you have put those 8 sandboxes to and your rational behind using that many.

     
  16. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    @Pegr - Just my IT days acting up. I read group policy and my head goes into overload. LOL

     
  17. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Personally I have not had an AV running in realtime in quite a while.
    (with the exception of the occasional testing)
    DefenseWall for almost 6 years now accompanied by Shadow Defender for about 4 years or so.
    I will add something from time to time but always remove it,
    as I have found they add nothing much in protection only longer boot time and a slower browser.
    Not saying my combo is perfect but it works for me, no infections,breaches,compromises or any problems to date.
    IMO a Policy restriction type software along with a Light Virutalization software is an excellent choice for those who know how to use them or are willing to learn.
    Don't get me wrong, AV's in realtime still have their place and are useful for many.
     
Loading...
Thread Status:
Not open for further replies.