Anyone Else Not Running AV?

Discussion in 'sandboxing & virtualization' started by DBone, Feb 6, 2012.

Thread Status:
Not open for further replies.
  1. charincol

    charincol Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    113
    I use FD-ISR and that's it. Since I typically only run portable free apps from a separate hard drive, hardly anything actually gets installed in Windows 7 x64. If ANYTHING starts running that I didn't let, I'll notice the change of behavior immediately, and roll back to a snapshot (which rarely happens.)

    As far as passwords go, the only ones I actually type are for worthless website accounts. The really important ones get hashed on-the-fly by PasswordMaker for Firefox by a hotkey.

    Have ran this way for over 6 years and I'm not concerned where I go on the web.
     
  2. Tomwa

    Tomwa Registered Member

    Joined:
    Feb 3, 2010
    Posts:
    165
    You're crazy. Gotta at least have a Realtime AV O.O

    KIS 2012 here presently.
     
  3. charincol

    charincol Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    113
    So, am I crazy because I live my computer life in way that scares the pants off many here, or because I believe my brain is better equipped to prevent malware from being introduced to my computers in the first place?

    Either way, does it really matter if the end result is the same as yours - no malware?

    I decided long ago I had better things to do than fuss about whether my computers were tools used to accomplish jobs, or solely to run security software to protect themselves from themselves because "the sky is falling."
     
  4. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    I do both :D .....
     
  5. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    if surfing habit is good( like mine :D ) then there is no need for an AV.
    just block its entrance with HIPS or AE softs..
    daily 2 min manual scan with hitmanpro..
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    I dont feel that sandboxing & virtualization is enough. malware writers will use exploit kits to break out if enough people use sandboxies and if people dont use antivirus software the malware will survive on users systems for longer which means more spam and bot nets. i like the idea of antiv executable software but I would find it a chore to do updates and install new software.
     
  7. lws

    lws Registered Member

    Joined:
    Aug 28, 2009
    Posts:
    196

    Sandboxie pd. with either Private fire wall or Online Armor. On demand scans with MBAM and HMP. No real time AV.
     
  8. On Linux: no AV (duh). Currently I do have Firefox in an AppArmor sandbox, plus I use Noscript. Not really doing anything about local code execution and/or privilege escalation, but Linux presents a small target profile.

    (That said, I have been getting familiar with FreeBSD and OpenBSD lately. Oh, and I should be messing around with cgroup/OpenVZ/VServer jails. Some time!)

    On Windows: generally I use a HIPS with executable control. If I do get infected, the HIPS will probably go bananas; and if the malware is advanced enough to slip in and make itself comfortable without ever being detected, chances are it would have done the same for an antivirus. I feel the HIPS offers the more complete solution for on-access stuff, whereas antiviruses are better for use with live CDs.

    OTOH, HIPS (especially the EXE blocking kind) are a massive pain if you're compiling software on your Windows computer. So for machines used for software development, I guess blacklist-based security is necessary; after all you never know when someone will plug in an infected USB stick.
     
  9. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,786
    Couldn't agree more, although sandboxing & virtualization is not enough IMO it does play a valuable part in ones defense.
    An AV is not needed in realtime unless one wants that type of solution but there are other options.
    Personally I prefer HIPS and/or Anti Executable coupled alongside Sandboxing and/or Virtualization.
     
  10. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    Hi LoneWolf,

    I see you use DefenseWall together with Shadow Defender. As a SD user I would be very interested as to how you use these two apps.

    Wendi
     
  11. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,771
    Location:
    New Mexico, USA
    No AV here for a while. I use BZ Pro with some tweaks and my browser is either Google Chrome or Firefox 10 with noscript and something called Do Not Track Plus which I'm not sure is relevant to security. Anybody tracking my internet use would die of boredom.

    I do have MBAM pro running but it's never found a thing. I'll occasionally run Emsisoft emergency kit.

    And I've got a full backup image (Acronis) on an external drive that's up to date.

    Bufferzone is my first line of defense. Through the years, it's never failed and an antivirus was just taking up space and having a pretty easy life, with nothing to do.
     
  12. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    Malwarebytes on-demand is the only anti-malware application of any kind currently installed.
    I rely heavily on Sandboxie (free), Keyscrambler (free), WinPatrol Plus, and I just added Mailwasher (free). Also installed is Comodo Time Machine (version 2.6).
    No known malware over the past fifteen or so months.
    My OS is XP SP-2. I'm playing around with Chrome 17.0.963.46 but mostly, I use IE 8.
     
  13. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Absolutely 100% agree with you. Well said Mrk :thumb:
    All AV's based on blacklists mechanism are outdated these days.
    I haven't run an AV for years.
     
  14. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    167,446
    Location:
    Texas
    Antivirus is an outdated phrase. Anti-malware would be the correct phrase for the current programs.

    In my opinion, they are still one of, if not the the best options for the general/occasional computer user.

    Note that we are not talking about security forum users.
     
    Last edited: Feb 12, 2012
  16. crapbag

    crapbag Registered Member

    Joined:
    Mar 14, 2011
    Posts:
    145
    Yeah, until about two weeks ago :)

    Nothing heavy. I just like what WSA AV offers. Not so much for browsing, just for stuff outside Sandboxie. It's the lightest thing I've come across real-time.
     
  17. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
  18. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,786
    Hi Wendi,
    Shadow Defender active and in shadowmode about 99.9% of the time.
    DefenseWall protecting against anything harmful between reboots.
    If I "Commit" something to my real system it goes in a separate folder on my desktop which is marked untrusted so after "Commiting" it remains under the strict policy restriction of DefenseWall unless I choose otherwise.
     
  19. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,771
    Location:
    New Mexico, USA
    I've considered SD a few times. My guess, it's probably lighter than BZ which I now use. Unfortunately, considering the current situation, I'm hesitant to pay money for the 'real' SD and maybe never get a license. I guess I missed the boat on that one. :(
     
  20. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    By themselves, each security measure is flawed, whether it's using an AV, a sandbox, anti-executable, etc. Something might escape a sandbox or virtual system. An AV might miss the same thing. The user might fall for social engineering and make an exception to something an AE blocks. If you base your decisions on these "worst case" scenarios, you'll rule out every option.
     
  21. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    Thanks for your reply. It looks as if those two are the only security apps running in real-time on your system; is that right?
     
  22. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,786
    At the moment, yes.
    I like to test out different setups now and then. :D
    Although this combo is one of my favorites.
     
  23. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    I bought my SD license just a month ago (after running the trial for 2 weeks). Paying with MC I felt protected (in case I didn't receive a working key). I got my license inside of 24 hours, so if you really want SD I don't think you missed the boat.

    Wendi
     
  24. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,620
    Location:
    Milan and Seoul
    IMO it is a matter of working situations, for a savvy user with a rational layered defense, lots of time available, rarely downloading any suspicious files an AV/AM with active guard isn't necessary (although most people would rely on a scanner of sort at times).

    For the user who has his machine in a working environment, with third party flash drives, USB drives, CDs ROMs being continuously plugged in, an AV/AM real time not only it is desirable but it'll save a lot of time.

    There is a third category, the majority of users, the ones who couldn't care less about any security knowledge, like ronjor mentioned an AV/AM real time is still their best option.

    At the moment I'm not interacting with other people in my job therefore I have disabled Avira's guard, and use it occasionally as a scanner.
     
  25. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    First - I don't remember when last time I had installed SD on my PC.
    But anyway I will try to explain you how it can works together with DW.

    Keep in mind that SD and DW can be separately running without any issue, but problem begins when you have more than one partition and during shadow session you move files from shadow partition/disk into other non shadowed partition/disk.
    All DW data about which file should be untrusted or trusted are stored on main system partition, so they are also "shadowed" and after restart - all data regards to previous shadow session are gone.

    In other words, if you downloaded file: "software.exe" and this file had been saved into shadowed partition or another one non shadowed - DW marks it as Untrusted. So far everything is good, but when you restart your machine software.exe will be Trusted since all data in shadowed partition gone during restart. And no matter if this file was in folder which previously you've added to exception/exclusion SD list because it's not about SD config but about DW stored data about all files on your computer.

    To avoid this situation the best what you can do is to create separate folder and before you hit the shadow mode session mark entire folder in DW as Untrusted. So no matter if this folder will be on shadowed system partition (in this case you have to also add this folder to exclusion list in SD) or other non shadowed partitions – all files within this folder will be Untrusted during shadow session and but also when you exit from shadow mode.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.