A/V vs. Virutalization

I am considering abandoning Anti Virus software completely. When I read privacy agreements such as Avast I am becoming concerned. It bothers me being tracked to that level. I am interested in input regarding running without A/V software in favor of destop visualization products such as Shadow Defender and Toolwiz Time freeze. Your input is valued. Thank you

 

They do different things.

Light virtualization do not aim at detecting/preventing malware. It focuses on getting back to a clean state each reboot. During that time frame, malware gets free reign. Banking malware is your biggest enemy here. Rogueware...well it gets flushed away. You get the idea.

Depending on your risk analysis, you might find that sufficient. Or not. Then you decide whether LV can stand on its own or if you need to complement it with something else.

As for AV and privacy, we have heated discussions on the subject before. You will not get full consensus among Wilders members.

Each of us has our comfort level as to where/when something crosses the line. Trust is subjective and more often than not an emotional decision rather than a rational one. Not to say logic does not count. Just that my logic may oppose your logic. Who is right? I don't know. Ask the lady...she might have a different view.

 

Agree with safeguy. If you want to go AV less with Virt then you'll have to add some additional safeguards. Namely like a policy restriction or Anti-exe. You could easily do Shadowdefender, Appguard and sandboxie. Virtualization keeps your system clean, Appguard restricts things while virtualized and sandboxie protects your browser if configured properly. Other than that you can add an anti-exe like NoVirusThanks ERP or Voodooshield. There are other options like Comodo firewall that has HIPS and autosandbox. I'm sure some other members have some additional input for you as well.

 

I agree with everything the previous posters have said. Virtualization on its own is not enough. It should be combined with anti-exe and/or policy restriction.

 

Please describe the policy restrictions you are talking about.

 

Software like AppGuard or DefenseWall I believe. Basically security software which decide what programs can do and what programs can't do according to the user's configuration, predefined rules, or a combination of both.

Personally, if I'm already using a policy-restriction program then I wouldn't need an LV software. But that's just me.

 

Anything that involves restricting the behaviour of running applications to prevent them from being exploited by malware to compromise the system or steal data.

Policy restriction programs such as AppGuard and DefenseWall split applications into two catagories: trusted and untrusted. Untrusted applications are subjected to a set of runtime restrictions, where the policy is predefined by the vendor, although some user customisation is available.

Sandboxie too has policy restriction features that can optionally be used to control and limit what sandboxed applications are allowed to do.

Information on each of these programs is readily available as to what policy restriction features they provide.

EDIT: GrafZeppelin beat me to it while I was composing my reply.

 

@pegr

You explained it better though.

 

What confused me is when you said group policy the MS Group Policy Editor came to mind (gpedit.msc).

 

Hi, another possibility is perhaps Sandboxie or Shadow Defender or both and use 2 scanners to check for downloads ex: Malwarebyte AntiMalware and HitmanPro (HitmanPro is a pure scanner, MBAM can be used on demand).

 

I don't recall mentioning MS group policy. The policy I was referring to is the vendor-defined policy that comes with a policy restriction program such as AppGuard or DefenseWall.

 

That might cover downloads deliberately initiated by user action; but it wouldn't cover things like: drive-by downloads, exploits of the memory space of running applications via malicous code embedded within data that the applications load, programs run from infected USB devices, etc.

Real-time blocking is capable of covering all entry points, probably with greater efficiency than relying solely on blacklisting, which by its nature is hit-and-miss. On-demand scanning coupled with real-time blocking is an option though.

 

FYI - for the past 2 years I've been running Sandboxie (8 boxes with restrictions) - PandaCloud Free - and WinPatrol Free.
I'm very happy with this setup.

Every once and awhile I'll run Malwarebytes/Hitmanpro/SuperAntiSpyware and I've never found anything.

 

I would be interested to find out what uses you have put those 8 sandboxes to and your rational behind using that many.

 

@Pegr - Just my IT days acting up. I read group policy and my head goes into overload. LOL

 

Personally I have not had an AV running in realtime in quite a while.
(with the exception of the occasional testing)
DefenseWall for almost 6 years now accompanied by Shadow Defender for about 4 years or so.
I will add something from time to time but always remove it,
as I have found they add nothing much in protection only longer boot time and a slower browser.
Not saying my combo is perfect but it works for me, no infections,breaches,compromises or any problems to date.
IMO a Policy restriction type software along with a Light Virutalization software is an excellent choice for those who know how to use them or are willing to learn.
Don't get me wrong, AV's in realtime still have their place and are useful for many.