AV or no AV

I understand but like a lot use pop3 and want my emailed scanned.

 

With the exception of Win 3.x/DOS, I´ve always used an AV with all the Win versions so by psychological reasons I wont get rid of my AV.

/C.

 

That's cool I can understand that. At least it's not a physcho case thing. lol

 

But in reality what I do is forward all of my mail over to a Gmail account which always opens in a sandboxed browser. I know that some will say Gmail is not secure but I don't think that's been proven out yet. I use it like a filing cabinet for email attachments. But we are talking about 'lowering' risk here, not an expectation of 'zero' risk. And then that risk (whatever it is) is measured against the wear and tear of an A/V on an OS.

 

Wow
Trjam Norton now? Why Norton?

 

Looks good, however you failed to mention but we can assume all that is run within an FD-ISR snapshot also?

On the note of AV, i haven't used them since before the first introduction of System Safety Monitor, only Online Scans with the small exception of NOD32 On-Demand that keeps identification of my ongoing malware inventory.

I don't even bother testing malware with an AV, and why? With a simple combination of SandboxIE + HIPS, EQS in my case, all positioned on my FD-ISR snapshots with archives to fall back on, completely eliminates the need for such heavy resource hogs like AV's, not to mention AV's are the most targeted security programs running and likely always will be.

Also i "CAN" use SuRun and sometime enjoy doing so, but a sandbox does just fine thank you and the HIPS is the middle-man or gate, they must request permission first before passage.

 

What a great concept and it is something everyone needs to take a bit more seriously. I do scan everything that I download with 3 scanners and if possible, upload it to be scanned. I am however lacking in the research department though.

As far as running without a real-time AV, I've been toying with the idea for a while now. Sandboxie and Returnil are best friends with Sandboxie set to block access to my non-system partitions and Returnil protects my C: or system partition. Anything I want to save I can recover it to my desktop, scan it and then move it to my other 2 data partitions if it's clean. I also have Online Armor 2 on-board which keeps getting better and better.

I do think AV's will evolve to include other features that will be necessary to protect against malware. Blacklisting isn't perfect and I found evidence of this when asked to clean a relative's computer. It was sort of an eye-opener for me .

 

Sorry Pete you right.

I would always advice a good AV

 

Blacklisting is still useful. If it is a signature detection, it gives positive assurance that a file is bad.

 

Will Sandboxie work with a program like Newsleecher? I download movies and those rars are mostly 50Megs each, so how would I cope with those going through Sandboxie?

 

I guess you mean real-time AVs. I've stopped using real-time AVs long time ago, even without sandboxes and virtualization tools.
There are reports of malware authors starting to write code targeting Sandboxie

 

good post, hopefully Tzuk will be ready as always.

 

Oh yes, scan it with virustotal before using it in sandbox because you don't know it is a virus, and then since a virus cannot be activated without the user doing something.

 

What products do you guys use along with sandbox?

 

I stopped using an AV 4 months ago, and I'm never going to have one ever again paid or free. My statement is not a direct criticism to AVs, but within the context of this thread.

A sandbox/virtual environment can be defeated of course, but there isn't enough malware around written to target such applications. I doubt that there ever will be for the simple reason that it isn't worth the trouble due to the the low number of sandboxes.

Now if you add any HIPS that can stop executables (they all do basically), I don't see what an AV could add to your security except for identifying malware for the record (if detected) at a great cost in terms of computer resources and speed (that is a fact for any machine - a fast computer will run faster).

For somebody who never bothers about computer security, an AV + a FW are certainly the simplest way to protect their computer without any knowledge of anything.

 

Registry protection + antiexecutable

 

thats what comodo pf does, and safespace. So do you guys think its enough having sandbox+hips or add an av? I have to take into account that my computer was using masses (masses and masses) of memory with all three installed and was going a bit chugga chugga.

 

lucas1985 summed it up best. You can go totally virtualized if you want, but malware writers will up their effort at penetrating those products to.

Blue said best last week that the AV and virtual route go well to protect what the other doesnt.

 

GeSWall free + Jetico 1 in real-time. Carefully studying the move to LUA+SRP.