Going AV less- suggestions are welcome

Discussion in 'other anti-malware software' started by ams963, Jul 7, 2012.

Thread Status:
Not open for further replies.
  1. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Hi,

    I've gone AV less for the first time in one of my pcs. So please give suggestions and advice on my setup and anything that needs to be added, removed or replaced. My new setup is:

    HitManPro + Keyscrambler
    Sandboxie + DriveSnapshot
    Norton ConnectSafe + NoScript | AdBlock Plus | WOT | LastPass
    Skydrive : 7-Zip encrypts backed up files
    Windows XP Firewall

    OS : Win XP SP3 32bit

    Best Wishes,
    Iron Man
     
    Last edited: Jul 7, 2012
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Looks fine to me.
     
  3. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    Looks good:thumb:

    I bet the system feels lighter now
     
  4. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    855
    Are you using the standard Windows XP firewall? Are you behind a hardware router?

    Your security is strong enough for any internet facing program that runs in a sandbox, assuming you've set up those sandboxes well.

    Edit: Your signature has changed to reflect the XP Firewall.
     
    Last edited: Jul 7, 2012
  5. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,100
    Location:
    Adelaide
    Instead of using 7-Zip to encrypt your SkyDrive backups, perhaps take a look at Duplicati.
     
  6. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    Did you set this up to run automatically? If so, please share! :)
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    I know its more than enough. For the past year and a half I used a somewhat similar setup: SBIE, NoScript, Adblock and Windows firewall. Never seen anything that looks like malware knocking on my door.

    Bo
     
  8. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    You have everything covered as far as I see. Nice light setup. Keep it.
     
  9. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Thx funkydude. Really appreciate it. :thumb:
     
  10. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Yes it does feel lighter. I'm a soft pillow which is hard to penetrate for the malware. :D
     
  11. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Nope I am not behind a hardware router sadly. :'( No money you see.

    Yes I've hardened sbie with all the knowledge I've acquired from all of my friends here in the forum. :)
     
  12. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Security wise they are the same. They offer the same strength of encryption- 256 AES. Duplicati may have advantages over 7-Zip with other features but not in security afaiu. Anyways I'm backing up my important files to the cloud - Skydrive only don't intend to backup to FTP or DVDs. I already backup drives and all the files within it. I do not even use Skydrive desktop app just the usual uploading and downloading. So no constant resource eating and bandwidth eating. For that reason 7-Zip perfectly fits the purpose. It's very small and eats nothing except disk space.

    Thx for the suggestion though. :)
     
  13. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Nope. Actually it should read I've manually encrypted files backed up files to Skydrive using 7-Zip.
     
  14. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Ah thx for the confirmation Bo. Nice to know you also used a somewhat similar setup. Oh and if malware do knock on my door I've got HMP licensed to remove them once and for all. And after the latest MRG Flash test I feel confident HMP will certainly kick a$$ if malware do slip by. :)
     
  15. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Thx buddy. Yeah I'll be keeping it for a long time. I love the setup so much that I've adopted a similar setup in my other pc.
     
  16. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Make sure you submit unknown files to jotti or use one of your scanners prior to letting it loose on your real system. I try to download much of what I need from known good sources, but one cannot always do that.

    If in doubt, start the unknown in sandbox or vm, or make sure to run it restricted. Sandbox analyzer might help in such situations.

    The only good thing about an AV for me is that older, known virii are caught by them for the most part. I don't trust them for current problems, but that is just me.

    Sul.

    Edit: point in fact - just today a gal I know who uses win7 and UAC with Firefox and IE uses her machine for work purposes (from home). She finally listened to me after years of nagging, and about a year ago she bought this machine. I installed win7 (was oem) and set it up right. She has been very good about being cautious, no problems. This week her in-laws were visiting (complete noobs) and they somehow got her chock full of nasties. They were under UAC and she had Avira on and up to date. How? It doesn't matter. It only matters that when you only depend on UAC and an AV, only those who really understand what UAC is trying to tell them seem to fare well. That is of course not a fact, only an opinion I have after seeing this sort of thing happen over and over.
     
  17. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Yes I download only from trusted sources and apps from either majorgeeks or main website verified by firefox or wot or I trust in writing the website name correctly. No redirection because of noscript so no going to malicious site before downloading. Also WOT and Norton ConnectSafe prevents any phishing and malicious site which might impersonate as the original site.

    And I check with HitmanPro and VirusTotal. For my other pcs I've got EAM, MBAM and WSA along with HitmanPro and VirusTotal.

    The difference is I'm not quite a noob(one Noob is in this forum is enough :argh: ). So careful surfing the web and rarely any downloads. :)
     
  18. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,187
    Location:
    in a remote land :)
    Browsers isolated with Sandboxie inside Shadow Defender's Shadow Mode set to run on each boot.

    bye bye malwares. :D
     
  19. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    @Ironman

    Threatgate programs

    I would like to know what browser, e-mail, media player, P2p if any, downloaders you are using and whether you have covered them all with Sandboxie?


    Systemwide protection

    As a second safetynet you could install something to cover system wide protection: suggestions

    1. Surun http://kay-bruns.de/wp/software/surun/
    You will be running as a limited user, with the advantage to easily switch to admin using the same profile (you will get a smarter UAC on XP)

    2. Install a free easy to use HIPS like Spyshelter.
    - remove keyscrambler OR
    - disable all Spyshelter keylogger protection (keep only system protection)

    3. Use WindowsDefender as an IDS
    Disable program execution monitoring option and WindowsDefender will still inform you when critical area's of your PC's is changing at little or no CPU or disk I/O cost. The intrusion detection system works great (giving you an option to allow or block) when you join Microsoft Spynet as an advanced user.

    Regards Kees
     
  20. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Hmm...I would rather go without any security software than use an old non-supported Shadow Defender. It was a great software but as malware landscape is shaping up quick that old software would sure be bypassed easily soon.
     
  21. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    @Kees1958
    I'm using Firefox and Internet Explorer 8(as you know XP is only up to :cool:. I'm too afraid to remove IE as it seems to be too closely attached to Windows. Email Client is Office Outlook 2007 but I don't use though. I use browser based email like gmail. Media Player is VLC and WMP. No P2P. No downloaders.
    I've only forced my browsers and pdf reader to start in sandbox.

    I'm the only one to use this pc so I want less hassle and want to have only one account- no other way than using admin. But I'll check out Surun. Will installing surun do the job? I don't have to do anything right? Just install and I'll get into limited user?

    Spyshelter site is down. I guess it's going down Shadow Defender's path. Totally creepy. :blink:
    How about ERP? Anyways, I thought I'd go with as less as possible. Now I'd need an AE? Hmm......

    I had trouble with WD and not going back to it. Never ever.
     
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    SUrun will do the job. See http://www.dedoimedo.com/computers/surun.html for an English tutorial (thx to Mrk & Tlu). Install it and keep the rest of your setup. You will be safe for sure.

    Spyshelter sit is up. Since XP is a matured/phased out OS, latest Spyshelter free will do fine (even when Spyshelter is discontinued, it will do fine on XP).
     

    Attached Files:

    Last edited: Jul 8, 2012
  23. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    I've been running 32 bit XP SP-2 standard account- LUA off without AV for almost two years now.
    XP firewall, SBIE (free)/IE 8, Keyscrambler (free), WinPatrol Plus, Comodo Time Machine, MBAM free on-demand.
    WMP and VLC are run sandboxed. So far, I've stayed malware free and my old P4 CPU certainly benefits from not having to deal with the drag of real-time scanning.

    Good luck, I hope you will let us know if you pick up any nasties with your setup.
     
  24. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Hmm.....SuRun is too much of a hassle. I do not like to enter password and manually run apps as administrator each time I need to do something. That's the whole point of going AV less. Less hassle, easy and simple security.

    As above. I had OA on all of my pcs. I wanted to go for a quiet and easy security in my XP pc. So no Spyshelter or any AE at the moment.

    Thx for your suggestions though. Do you think I'm okay with the setup I'm using now?
     
  25. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Speaking for myself, the reason to go without an AV is that I don't want the "heaviness" that it usually brings with it and I don't feel it works all that well against new issues.

    But, once you decide to drop that traditional defense, you need to do something about the normal admin account. If you decide not to use SuRun, I am assuming you are also deciding not to be LUA. I am not saying that is a bad idea, just that you have to be all that much more vigilant and very anal in how you do things to stay in an admin account for daily use and remain free of problems.

    There are obviously ways you can mitigate the threats.

    I understand your dislike for the credential prompts. What I do most of the time requires admin very frequently. For me then, LUA is a big PITA. But examine what you do. You stated that you don't download much and if you do it is from trusted sources. I would ask, what is it that you do that needs the SuRun prompt to pop up that often? I ask because, perhaps you are in the middle of setting your system up for your new approach, and while that is tedious now with all those prompts, it might level off once you get it set up the way you like, and then not much changes that often, thus you are not annoyed by the SuRun prompt.

    Thats the way it works for a lot of people I would imagine, providing they don't do much after they set things up that require admin.

    Just some food for thought.

    Sul.
     
Thread Status:
Not open for further replies.