Whitelisting seems like a trivial pursuit - you can never whitelist everything. Comodo has a whitelist with something like 16million applications and it's not enough at all. Blacklisting is the same but to a further extent. Just my opinion. I think whitelisting is much better than blacklisting.
I'm not saying otherwise. I just don't understand why use an on-demand blacklist (antimalware scanner). Its efficiency will be far inferior than a real-time one. I don't think anyone can disagree? (I'm ditching the lousy ones. I'm only considering quality ones, both on-demand and real-time.)
I guess that's exactly what it is Everyone here would never use anything that they would feel uncomfortable or insecure with. So in the end it all comes down to personal comfortable choices.
I was mainly wondering about that it gives you a "false sense of security" Using something that gives you that feeling can never be good, can it?
Default deny stops new items on your computer from running. But if you've put something on your computer you've downloaded it on purpose (most likely) so chances are you trust that item. Anything based in social engineering will cause you to let default-deny whitelist the item. Instead of an all or nothing setup like blacklisting and whitelisting you should cripple items. That's why UAC is better than default deny, it doesn't stop all applications from running it just stops all applications from running as Admin.
Come on, m00nbl00d, you can't be serious What if this, what if that That's utter nonsense for users like most of us who hang out in these forums, especially you with your overwhelming wealth of pc knowledge. The chances of YOU accidentally allowing malware on your machine is infinitesimally minute, that running real-time av every waking minute your pc is on, just on the extreme off-chance you might possibly catch an infected file, likely over the course of several years is a terrible trade-off. As for AppLocker failing completely, I can't see that. I’ve seen the odd anomaly with it, but never did it even come close to failing to completely protect the system. It might be you did a bit too much of that 1846 or whatever registry tweaking and messed something up badly? Just sayin'
Yes, I'm serious. It's not a matter of if. It's a matter of convenience. I don't use antimalware anymore. The last time I used one was MBAM, and that was more than a year ago. I just got tired of manually updating and all that. Got sick of it. Which is why I said that, if I were to run an antimalware application, and if I had a strong computer, I'd rather use a real-time antimalware (say MSE) and set and forget. If it happens to flag something, so be it... otherwise, let it be there. I have relatives using it, and it's light and doesn't bother, unless needed. Silent updates and all that. No user interaction. I just don't see myself manually scanning every possible file I download. For most of it, I open them in Sandboxie. From time to time, I check with VirusTotal some installer, if I can't run it in Sandboxie for some reason. The laptop I'm using now is really weak, so no virtual machines. But, I'd say that 99% of installers I download, which could be resumed to upgrades to flash, browser, media player, notepad++, password manager and pretty much, provide hash values. -edit- Except Chromium. But, this one comes out hourly or something like that -end edit- Hardly many sources that also provide the files would become hacked and hash values changed. haha I'm not that paranoid... Maybe I should... dunno. LOL I can't see how... 1806 shouldn't mess with AppLocker, to the best of my knowledge, nor should my Chromium low IL. That's just about the tweaks I got, plus standard user account, UAC and EMET.
Okay I see what you're saying, for computer un-savvy folks, I guess I could see av used, although I'd prefer Sandboxie. It's the one 3rd party security application I have no problem using on machines without SRP or AppLocker. Fantastic little application
Yes, sandboxie is noob friendly once it's set up. I know that for you it may work much better than an AV but for the average user it's not. Windows is made for the average user and therefor the security it uses should aim itself at them. Not to say it shouldn't also have advanced features.
It's probably the spartan looking GUI that scares some people, but Sandboxie only needs a few settings enabled to make it a veritable fortress. Windows has improved, especially Win7x64 with its patch guard. The addition of Defender and Security essentials offers another free choice for those who want to use them. UAC at least runs applications with a standard token in the admin account, so another security enhancement as well. It still comes down to the fact that most infetcions occur to those who are obsessively click-happy, so there has to be some onus on them to exercise some common sense. I think it was Mrkvonic who said "don't click on crap". Wise words.
PEople don't know what those settings are =p Win7 has improved! I'm very very excited to see Win8's improvements. I would not be surprised if 64bit security software is broken again though =p
True enough. Maybe tzuk (Sandboxie developer) could change the default installation to bolster its security, although it has to be a bit tricky to strike the balance between adequate security without the expense to user experience. It seems to provide okay security at its current defaults, if memory serves I forgot what they were exactly, it's been so long since I installed it on one of our computers, and of course I enhanced the security to a degree such as forcing processses in the box, as well as restricting 'net access to only selected processes.
No matter what Sandboxie will provide some level of security. Programs made for Windows aren't likely expecting to get sandboxed. If only it were free! Hopefully Comodo's sandboxing picks it up =p
I have come to believe that Sandboxie is the perfect example of how to determine what kind of person a given user is. If the user really cares about security, then they are willing to take some time to understand how Sandboxie works. They can see it keeps things separate, and that you need to "recover" things you want to keep. They can see that it requires you to understand where things are going so you can find them. That is all it requires. I have found a very distinct set of groups - those who want to stop having problems at least give it a good try, even if it is not the right tool for them. And those who kind of look at it, and once they find out they have to do something other than click a button, quickly lose interest. I don't know if there is a way to get the button clickers to want to use it. UAC is quite popular with them though because they only have to click once to get things done, no matter what that thing is lol. I am referring to regular home users, not enthusiasts who try it but don't like it or those who feel they have other tools and don't need it. Really, Sandboxie is pretty easy to use, and by default pretty secure. With a little bit of tweaking as you have mentioned, its almost "set and forget". Sul.
Chose "other" with a very simple setup: 1. Firewall protected Router with at least WPA2 or above encryption for the wireless 2. All systems on the internal network behind their own firewall 3. Returnil System Safe Pro 2011 No need for complicated setups or multiple AVs/AMs etc. The more complicated you get, the more likely you will introduce unintended vulnerabilities in your setup - remember, KIS is always a good thing thing... JMHO Mike
Make that Sandboxie + DefenseWall + Comodo Defense+/Firewall =p I can't imagine anything getting past that. That's a ridiculous amount of restrictions on every application on the computer. If there were DefenseWall for 64bit I might just break my no-buying rule.
Yes that is a ridiculous rule indeed! You need to make exceptions if you want to enjoy the great stuff that's available. You know Windows 8 won't be Free either
Me neither The fact is, you could easily pare that down to even a single one of those properly configured running in a Standard environment and you're good to go, virtually bullet proof
Yes, DefenseWall on its own is very strong but I like to really lock specific programs down, which Sandboxie and Comodo would do well.
I'm a student =p Windows 8 will be nearly free if not completely. Also I'm willing to pay for an OS but not security software.
I can: the user that has administration privileges, and that is not aware or don't care about rouge software, scareware, and malware in general... in other words, the large majority of windows users. In the other hand, there are the knowledge users who know how to keep their systems safe and functional, without the need to sacrifice nothing more than the the minimum in terms of usability. They will never flood the computer with lots of security apps because they don' t need it, and because they keep focus on whatever do they need the computer for. And there are also are the knowledge users that are security enthusiasts, and they are the only people i can imagine using such a combination of security programs... Bottom line, the best security tools are used by those who need them the least, and most times is useless to present them to average users, they will always prefer something that don't bother. So i would i protect my home PC? My sig. I would i protect a average user home PC? AV+Imaging.
Actually the whole point is that they can't. Whereas AV's are "all or nothing" you either block it or set it free programs like Sandboxie, DefenseWall, and Comodo Defense+ allow you to run the program (malicious or not) and minimize/ prevent any damage it may try to commit. Once properly set up there's really nothing anyone can do without deliberately turning off their defenses (why would they if they're silent?) to infect themselves.
Nothing can prevent a administrator to install whatever he wants (or that he think he wants) in his system... Most times people are tricked to install malware on their systems (software craks or keygens with trojans, rogue software, movies or pictures with .exe extension...) If they don't have a AV to block those, they will simple click "yes" on UAC prompt, and disable everything that stand in their way. How to protect a newbie administrator that wants to install or open something that he think is benign? A AV must be in place to tell him that the software is malicious, or he will not be able to distinguish and he will disable Defensewall, Comodo, etc. in order to install what he thinks is harmless (the same way he must do when he wants to install legit software). What i want to say is that the only way to protect a newbie administrator (majority of windows users) is by using a AV. Going any further will imply that he is no longer his computer administrator and that sooner or later he will have problems and will need assistance to install legit software he wants.