Getting rid of "Security Software"

gkweb

thanks - I clearly misunderstood your post.

 

No problem Long View. Part of the confusion is my fault.
Have a good day

Regards,
gkweb.

 

Only run Symantec AV at my current office (was Mcafee at my previous office, same employer), plus 2 levels of coperate firewalls plus common sense security policies, works fine, no need for any more.

 

Just expanding somewhat on the points already raised by gkweb since they are rather important to appreciate.

Stop and analyze the situation for a moment. Ask yourself what are the basic functions of any general scheme of computer security.

Obviously, you want to eliminate the execution of malicious software on your computer. The execution of malicious software can take many guises including:

• Use of your computer and bandwidth for any unauthorized purposes
• Harvesting of your personal information for either unwanted or illicit purposes
• Exposure to fraudulent activity
• Exposure to undesired content of any sort
• Disabling or otherwise compromising the information on your computer
• etc.

In dealing with this situation in a very general sense, you should to be able to identify, halt, remove, and finally recover from any malicious intrusion with halt and recover being at the top of the priority list.

It has been discussed at length on this forum that approaches which only implement a rapid and facile recovery from any untoward event do not necessarily yield a secure system. They do provide a system with a rather high level of guaranteed uptime, and since many folks find recovery from intrusions, and the associated downtime, among the most painful of steps, it's natural to place a fair amount of focus on that single aspect.

One can even succeed in using a "recovery only" approach if one exerts a very high level of usage discipline and executes a pre-emptive restoration to a known clean state prior to initiating sensitive activity. However, this is clearly a case in which the downside potential looms large if mishandled. It is certainly easier from a virtualized state than from a rollback/restore approach, but the difference is mainly one of time expended. The end results are pretty much the same.

However, it's important to keep in mind that restoration to a known good state is only the last of a number of steps required to assure fidelity in your online experience - and let me emphasize that last word - experience - the fidelity of your computer system is only part of the equation.

There are a number of mechanisms one can employ to fill out the prior steps - some could involve the use of targeted security software (AV/AS/HIPS/firewalls/etc.), some could involve fully harnessing features embedded in the OS (policy management/LUA/etc.), some could involve readily deployed programs that mimic aspects of OS policy management (execution control/etc.), while some could involve detailed configuration of the applications most prone to subversion or use of alternate applications in these categories (browsers/email or IM clients/P2P). There is enormous overlap in the security implications of the various measures one could take between each of these categories with some better positioned to handle some circumstances than others - hence all those underlined qualifiers.

While there are a number of distinct and complementary approaches to filling out the identify/halt/remove phase dealing with malware, it's a mistake to assume that implementing all flavors of these approaches is a rational or even desireable end result. Like any activity, if taken to an extreme level, downside results start to appear. In the area of computer security this often involves contention for process priority or focus, consumption of finite system resources, or intrinsic compatibility issues that can deadlock a system and render it ompletely unusable. Implementing too many of these cures will certainly yield a final result worse than that infrequent undesired infection.

In part I'd say some of the ethic away from installing security software is a natural correction to people installing every variant of every category possible and noting that the results obtained were not pretty. In addition, while there is an undercurrent of paranoia that seems to posit that the darkside is lurking around every corner providing a constant flow of intrusion attempts, this isn't what most users experience. If I'm a typical average risk user, experiencing a genuine event every couple of years is more the norm. Given that frequency, many would ask are any measures really needed. Given the potential downsides if one uses the internet for private communications or commerce, I'd say yes, but at a rational level that reflects the true current threat potential and that rational level is a lot leaner than many use. Naturally, a rational level is determined by the challenge expected, which will vary substantially among even the readers of this thread. Yet, I'd suggest that even an extremely high risk user does not need to overload their system with an inordinate level of duplicative measures.

Keep in mind that you are safeguarding the quality of your experience. If you're constantly on edge over incursions, tighten your system. If you find that your system is an unresponsive morass, perhaps a reevaluation is in order. In any event, the landscape is dynamic, and so should one's view of best approaches to implement.

Blue

 

Very true. I was thinking the same thing as I read this thread wondering why I was the only one to mention my data being in a Truecrypt partition as security goes far beyond the typical "as you use the computer" type of scenarios. Physical access, unencrypted personal data, etc.

 

First of all, I don't consider an image to be "security", I look at it as something to fall back on if and when your security apps and other measures fail.

If I want to run lean and fast here, I have, at times, run with as little as only an on-demand AV setup and an alternate browser (Firefox or K-Meleon) and my router. But I consider myself an intelligent and "safe" user with a good track record.

My normal everyday setup which is most convenient for me consists of just a simple NAT router and an AV, with a decent browser. For me that's enough. I keep the AV resident simply because it's more convenient and easier that way, and depending on the AV, it doesn't usually have too much performance impact in general.

In general, rather than load up on a half dozen security apps, I prefer to be what I consider "reasonable" and if the worst does ever happen (and it hasn't yet in 12 years or more) then I would just reformat.

That's my 2 cents...

 

Again, PLEASE read my original post. You will see that I said:-

Seems to be quite a few knowledgable people here doing away with their AV's and other security software now, and relying more on their Rollback/Restore/Imaging software


I didn't imply that an image is security.



OK. That is terrific information from all who have posted on this thread, and has given me many insights into the way people here are working.

My reason for originally posing the question is that in my location, communication of any kind is to say the least.........temperamental, and most unreliable. When we have a connection, it is very slow, but it is "the only game in town"
Usage of computers here has to include online banking, and other business orientated information, which in this area would be very desirable for the bad guys to have.

So,........a dilemna really. Try to speed up the connection by cutting down on unecessary software running, in order to enhance internet speed, but at the same time, doing all I can to ensure secure communications.

Anyway, it has been most helpful to my line of thinking.

Thanks to all.

 

Hi Guys

I read that article, have always meant to check out 'DropMyRights' now I have the following progies using less than admin, and working fine: IE7, Outlook, iTunes, Contacts (shortcut to Outlook contacts), 1-ClickAnswers, & GoogleDestopSearch. Not sure how this actually makes me safer, but I've heard many times & from many people. Thanks

Take Care
Rico

 

Peter, I was wondering which of 1,2,3 virtualization styles above do you consider best for p2p use like limewire & mutorrent?

Considering it might be 3, {since my gf downloaded was using limewire one day, did something and screwed up my comp} can you have a guest VM save files on a different partition?

Also, I have somewhat computer illiterate/irresponsible people use my computer from time to time {guests, gf} Sometimes they need to use word, surf & save bookmarks. I was thinking of having a guest account that starts-up in "shadowmode" for my guests to prevent future problems. I can simply instruct them to save to a certain drive, but when it comes to saving bookmarks, but bookmarks are saved to the shadowed drive, so, is there a strategy to retain bookmarks in a shadowed mode?


Thanks

 

So u confess that u r commiting the crime of running two full blown HIPS in real time.

U must be kidding. Three levels of virtualization!!! Let me say it,s like someone running three AVs in real time. Only VM will suffice!

 

How do you know if they are trojans and whether to let them execute or not? A couple years ago there was a program floating around that would check your FlashFXP site list for dead sites. Well, it did that but it also sent all of your sites and passwords to a site in Holland. Many trojans do function as legit programs so it's not always easy to distinguish them.

 

So I am not alone, good to know that!

I still think a VM will be more than enough for any kind of malware.

 

Are you suggesting with "it checks good" to install all security software on guest os as the host os? {FV, Hips, AV}

How does this recovery occur?? do you have to goto a menu option in VMware for rollback or it detects errors and suggests remedies?? does VMware place actual VM into a virtual mode and reverts changes upon a reboot {wouldn't you have to select an option for this functionality?? or do you mean that since your Powershadowing host os thats running VMware or VMplayer and in turn reverts your VM back to what it was akind of the being in shadowed mode and is independant of any functionality or feature in the VM software??

I was thinking that the best way for me to protect my pc will be having certain useraccounts boot into a shadowed mode with returnil, and giving them a vm shortcut in the middle of their desktop so they can use internet, word & p2p sandboxed. Whats the easiest way I can have certain useraccounts {all except mine} on host os enter automatically into a "shadowed" mode when they login??

Thanks

 

My main security is my OS, PCLinuxOS. And software fw Firestarter.