AV or no AV

Discussion in 'other anti-virus software' started by computer geek, Feb 5, 2008.

Thread Status:
Not open for further replies.
  1. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    Would you guys have av's if you had sandboxie or virtualization tools?
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Yes I would.:thumb:
     
  3. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I would still run an AV just to let me know that I have snagged onto something.
     
  4. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    Yes.
    "Better safe than sorry".
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    I guess I am a vote in the no camp. All surfing is done in sandbox, OA, and SSM monitor for anything unusual trying to start, Browsers run at lowered rights, so do I really care about knowing if something got snagged. It's trapped and going to get deleted. The knowing comes at the price of loading down the machine. Mine run great since I took them off.

    Also any really high risk surfing goes into VM machine with the same afore mentioned software.

    Been running this way for a while, with no issues.

    Pete
     
  6. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    why? what makes you say that? wouldn't you be good enough virtualized?
     
  7. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    what i was thinking, but lets give the "yes camp" (:D ) a chance to reason themselves.
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    We use policy + behavior or classical + policy HIPS, always a sandbox.
    I use a AV, always a freeware and I reduce checking to inbound (e.g. web fiter) or write to disk only. So I skip read + write and execution. Say a more relaxed use of AV.

    Before Image backup I run a full scan. Only to find the crippled left overs of my malware tests. I keep fooling myself with the occasional bleep, just to see I caused it myself (and is always crippeld harmless left over).
     
  9. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Sandboxes / virtualization are quite secure, but sooner or later something is going to have to get pulled out of your sandbox/VM and go onto your HD.
     
  10. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    yes, espeecially when you download...
     
  11. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    So Kees, can you reccomend me a free light policy behaviour and hips? it can be seperate programs.
     
  12. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I think that with only a virtualization program, theoretically you *might* one day encounter some intelligent malware that will leak through. We have had some exampled in the forum too, of tools that were writing the MBR of hard disks etc. But, i would guess, the chance is much smaller to get infected than if you were running only an AV. I think it is a reasonable risk that one could take.

    With Sandboxie/GW/Safespace + classical hips or behaviour blocker, i think you could do without AV.

    Right now i am running Sandboxie + Comodo + AVG Free. The only reason i run AVG is for placebo effect and because it's so light that hardly eats any CPU time. I also like updating it manually. It's like my desktop pet. :p If it becomes heavier in the future, i will probably run it on demand only.
     
  13. Abeltje

    Abeltje Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    156
    Location:
    Netherlands
    What I was wondering, even if you use virtualization software you are still somewhat unprotected during your current session aren't you? What if you get infected and some personal data is transfered during that very same session, that would be bad wouldn't it although you reboot to a clean system. Or am I missing something?
     
  14. Judge Dee

    Judge Dee Guest

    My goodness! A couple of years away from the internet, and I have to learn almost all new terminology and readjust most of my thinking. :doubt:
    Psychologically, I just couldn't adjust to not having an AV.
     
  15. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    No AV.I use limited user acct sandboxie-DeepFreeze and Firewall.
     
  16. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    always a AV, always Sandboxie, always a suite, Avira that is.;)
     
  17. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    I tried no AV for a short period of time but didn't feel as well protected.
    Nothing happened to make me feel this way, I know it was psychological but better safe then sorry.
     
  18. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    :D That's what i call placebo effect. That's why i keep AVG free too. I honestly have seen it missing most malware that i downloaded, but for psychological reasons, i want to have a scanner .
     
  19. MitchE323

    MitchE323 Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    156
    I am on the "no" side as far as having an A/V if you are running SandboxIE. There is only one possible avenue where an A/V might be worthy and that is concerning downloads that you will save to your permanent computer. But the odds do not bear that out. If you confine your downloads to trusted sites and google search it a bit beforehand, you can achieve beyond 99% in terms of a protection rate. If you take care, not only would the download have to contain a malware but you would have to also be one of the first people to download it. There is no A/V in existence that has that kind of rate. I have just gotten into the habit of considering existence on my computer as being very prime. Downloads have to earn their way in.
     
  20. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    A scanner may turn into not the front line defense as time goes by, but I agree with you that it is one of those you just cant get rid of just for that added detection it gives. And they will evolve to.
     
  21. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    So Sandboxie is protecting your email program and deleting the contents on exit. Not me, I am like most and there are emails I need to keep and have a AV scan them to for nasties.
     
  22. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    On demand Scan after download, or Virustotal, that's it.
    I've no Realtime Scanner anymore.
     
  23. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    I you use IMAP, the Server can keep them for you.
     
  24. L815

    L815 Guest

    I'd rather run 1 good AV and browse safe than have 5+ security products to replace the simplicity of an AV.
     
  25. MitchE323

    MitchE323 Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    156
    Sorry but the same percentages apply. There are emails from trusted sources and untrusted. A trusted source could still contain malware of course, but you would have to be one of the first to receive it. Very similiar thing. Your email attachment (other than an .exe) needs an opener and all of mine are sandboxed. Word, Powerpoint, Excel, Paint Shop Pro, Foxit, etc. etc. etc manytimes etc.
     
Loading...
Thread Status:
Not open for further replies.