running without any AV - no antivirus! opinions?

Ok, I read as far as someone giving a simple guide in that other thread on how to turn an admin account into a limited user account but now I read in this reply that it might have a glitch:

Can anyone remake a simple guide explaining the whole SuRun + SRP + LUA + DEP set up?

Some of these tweaks scare me because I've tried creating a guest account once and as you know, everything changes. Then there are stuff like you can only allow program files folder execution but what about portable applications and usb/external disk mounting that might require a different access?

One of my main headaches when I tried Linux was that the structure was so different from XP that if you wanted help, you have to go into details with what you did and I see this setup as being even scarier because it's not as simple as going to an antivirus' forum and asking them what I did wrong, it involves making sure I didn't make a separate mistake like how my printer right now is constantly chucking a Visual C++ Runtime error after I installed and removed Litestep then narrowing it down to this setup's mistake.

 

Instead of running a limited user account you could always run an admin account and just run certain programs with reduced rights. Dunno if Its safer but its much easier and more convenient imo.

 

Wouldn't that leave me exposed to scriptbased malware?

I also don't get how to install programs into Sandboxie. I know how to run them on it but when the installation fails, I don't know whether it was due to not having explorer also sandboxed or it was a case of a malware installation not getting through.

 

You can configure your SRP to block scripts.
It depends on what you are trying to install in sandboxie, not everything will work as sandboxie blocks certain things. If you are wanting to test software you might be better off using a virtual machine or something like returnil.

 

Perhaps I have done something wrong ? Just Installed SuRun to an existing Admin Account. Now everything is set as Standard User ( i.e Limited) except for the programs that I have given elevated permissions to. There may be more fancy stuff that I could do but I would have thought that this was more than enough.

 

Yeah, I considered Returnil but someone recommended to ShadowDefender due to Returnil not being able to shadow multiple drives. I can't afford it right now though.

PC isn't also that powerful for virtual machines either.

How do you configure SRP to block scripts?

 

There was a good thread on these forums somewhere. I don't have time to search for it now but when i do i'll see if i can find it.

 

Here's a good thread for SRP setup. https://www.wilderssecurity.com/showthread.php?t=197456

 

When referring to virtual machines, VMware for example is a real one, and it definitely requires quite a bit of memory and speed. But programs like Returnil and Shadow Defender are really 'virtualizers' (they work on the same principle), but they are fairly light to run on any computer.

 

I read up to page 3 of that thread and it seems like SRP is bypassable especially if you were the one unknowingly installing a malicious program.

 

my gaming pc has never had anything installed other than malware bytes anti malware free scanner, it's backed up to an external hdd and behind a nat router. it's only used for games, over 200 and many of these are online games in over 12 months i have never had a problem, but as i said it's only used for games not sure i would risk nothing on the pc i use for surfing etc, however i also cannot remember the last time nod blocked anything, key is safe surfing and i never peer to peer other than some games updates.
a lot of pc's i clean up have super anti everything installed and they still get infected:/

 

Anti-virus is needed by those who can't use it. A paradox, but there you go.
If you know what you're doing, you don't need one.
Mrk

 

That sums it up pretty well. My wife is computer illetrate, and of course she has no clue how to use a AV but I did install one on her PC.

On my computer I am not using any AV since one year without any problems.

 

I disagree. In ignorant people's hands, an antivirus is no more a false sense of security if not a deliberate desensitization of what counts as security in the casual person's mind.

99% of people who can't use antiviruses, don't put antiviruses there and still get infected when people install it for them because often times it's a poor AV or they fail to both update and realize some basic methods of securing their PCs.

At the same time, how large do you think the amount of people who know what they're doing are?

If this was the case, then you'd have a much more improved and less confusing guide for lay-men splashed all across the web. One that need not force a PC user to read even 1 discussion forum of Wilders as the basic summary is not only constantly updated but presented in a universal page where the url is merely copy pasted anytime someone asks.

No. The irony is, that as most things in this world, the simplest solutions are never the ones most well known.

At this point, the easiest solutions would be for a big enough majority to switch to Linux and generate enough demand so that suppliers would provide ports of programs (especially games) into it that it fills one of the holes Linux is severely lacking in the desktop environment.

This same single ideal would also improve every parts lacking in Linux support: better free documentations written for the lay-men, more people to ask help that are actually willing to help and don't have the elitist volunteer syndrome, better support from third parties, more knowledge of what different programs are such as how Firefox is actually not Internet Explorer but is actually a sub-category of web browsers...

Of course, in modern times, this seems just as unlikely as a bunch of people protecting themselves better by embracing better security programs rather than the status quo programs like Norton and McAfee but I just thought I'd throw it out there to better cement my disagreement with this paradox.

 

Hello LuckMan212!

Best of the day and the season.

My thoughts?

Well my first thought is you have already kind of made up your mind to do it and go sans AV. and that is your call.

I know where you are coming from do you and I NEED an AV resident on the PC. For you and me it's probably okay because we know or think we know how to protect ourselves. You could do weekly or daily web based scans with mainline AV's anyway.

With the ASW stuff you have and the FW it's unlikely for you to get hit BUT there is some risk as you say you found a few NOD 32 stops in the past.

I've never been concerned about using PC resources to support security SW but some users get exercised by that issue.


It is possible to go sans any security software, if you are prepared to load your OS clean each day from an external drive. It then is just a matter of avoiding the dark side and IF you get hit, wipe and reboot clean.

Good luck.


PS This is not a recommendation for my clients but ideas just for you

 

I don't know if you agree with me or no, except the first sentence ...

I'm doing my job trying to get things in layman terms ... I am fighting the elitist syndrome as much as I can, believe me ... The percentage of knowledgeable users is about 1%, btw.

99% of users do not put anything anywhere - they just use their machines. Out-of-date anti-virus programs they might have are pretty much useless, so why bother if they're gonna get infected in the first place? Might as well save some money.

Which is exactly my point - they need it, but they can't use it. And if you do know what to do, including some of the alternatives mentioned, then you sure don't need it.

BTW, there's no golden solution just as there is no golden solution to stupidity or mediocrity. Until the moment you have licensed computing where you have to pass the test to use them and then get punished by law for misdeeds, just like driving, nothing will change. This won't ever happen, though...

Computers are geek tools made by geeks for geeks and thus completely unsuited for masses.

Mrk

 

Hi Mrk:

Yes, FWIW I agree with your post here. I'm not exactly sure what Paul is disagreeing with, my read is that he is agreeing but it is a bit unclear to me anyway. No surprise there!

Over the last year I have become more and more convinced that the masses should not attempt to secure their own PC's it is just too d...n complicated. As you say they are made for geeks by geeks.

Yet I feel I'm whistling in the wind to the masses and preaching to the choir in the security forums.

I'm not really discouraged though since even helping one user may make it valuable.

I really get exercised by the "one solution fits all" mind set on 99% of the vendors parts. Since every users www risk profile is different and their knowledge level also vary it is just not possible to have a single solution.

For me the layered defence still is the "best" approach PLUS a solid backup and recovery system for the inevitable crash.

See ya

 

Unless I missed it why didnt anybody mention rollback rx? If I did sorry..

Thanks,

Chris

 

Disagreeing...like what my first sentence said.

There are lies, damned lies and statistics.

The problem with the "I" statement is that it can be used as a straw man.

There are problems with education...

"MY teacher" still got me the education I needed.

The media gets away with throwing more hurtful insults just cause Sarah Palin is a woman

"I" made fun of BOTH Sarah Palin AND other male politicians

Just because you might have done something doesn't mean there's enough people doing it or optimizing the pedagogy of security.

In fact, even in these so called knowledgeable userbase you will find that there are pseudo-experts dulling the effectiveness of what they are saying so the blame is not always on the non-geek users. Often times, the geek community even does more harm than good in bridging the gap.

Except everyone pretty much use their machines. Geeks may do more or different things with their machines but at the end of the day, most of them do it out of their sense of "use".

This is like one of those myths people throw out when they meet enough people who can't cope with what their saying. Sometimes they're over-explaining it, sometimes they're over-simplifying it and sometimes they just relate to past experiences and rather than quench a person's curiosity, they often hand scripted diatribes such as install this or use this.

Even Wilders is not exempt from this. How many times will you hear some person ignore the question and simply say: Use this or that cause I'm using it? or I don't understand your question, use this? In fact, isn't AV comparison banned in Wilders precisely because the so called knowledgeable userbase turns out to sometimes be biased pseudo-experts?

Not sure what you are implying here.

1) It ignores the fact that there are free/cheap security alternatives.

2) Out-of-date AV programs that are good still detect a decent amount of viruses and malware especially ones that don't involve anything p2p or copyright protection related.

My argument though is that they do have the possibility of knowing how to use it...if the learning material was better optimized for them. How often do they encounter this though?

This is my criticism with your point. It is based around an often knee-jerk cynicism that often times create more barriers for people who want to know rather than help optimize it for them.

It is like a dogma of "Ok, everything that I can learn from is good enough. Everyone who requires more skills than I do though cannot be taught because they can't learn from the materials I learned therefore they can't use it."

It's these kind of mindset that creates for elitists who allow for people who aren't as good run amok fundamental solutions.

But there are fundamental things which helps lead to better solutions. Following these fundamental things helps not only the seeker but the one who possess the knowledge to better communicate their expertise.

Unfortunately, as the improvement in pedagogy goes, the more pseduo-experts enter and the large the pseudo-experts the harder it is for people who want to learn not be able to because these pseudo-experts often believe that the seekers should have the capacity to learn in the same standards as they and not seek an easier way so that more people can learn just as the original experts paved the way for allowing them the fruits of their knowledge.

That's another criticism I have with your point. It makes no room for growth, progress nor consideration for pseudo-experts and therefore I find it flawed in that manner.

Let me ask you this: Did driving help reduced and improve driving knowledge that radically?

Do you see every other 3rd world people build racing cars out of scraps? Do you see gov'ts being intelligent enough to realize that bailing out auto-industries is bad cause of the progress in driving knowledge? Do you even see people not using their cellphones while driving cause the information of safety is so impacted in their minds through gaining their driver's license that it takes a decade before someone is stupid enough to risk it?

Are you saying nerds did not and cannot invent the computer? Of course not.

Bottomline is that many of these modern day geeks can't hold the straps of their earlier more pioneering geeks and the same can be said for these modern day geeks' capabilities once the future geeks take their place.

The thing is...the masses have suited to computers that is why security programs and instructional websites would bother writing anything on securing their PCs. In fact, that is why they already call it the "Personal" Computer and even if you want to argue the fact that it is more of a MS brand, Apples are even more praised as "suiting" the masses to use these "geek" devices.

In fact, a rich person that is part of the masses is more likely to access these geek tools made for geeks earlier and better compared to a poor average geek because they can not only afford the technology but they can hire more willing to teach well geeks than the poor geek.

Edit: Btw just read this quote: education theorists tend to be “pedagogical plainsmen ‘preferring intellectual plains to intellectual hills and valleys’... [and are] devoted to ‘the weary process of shoveling to fill valleys and steady erosion to remove mountains of human talent.’ ”

http://www.dana.org/news/cerebrum/detail.aspx?id=3228

 

Even though it goes against the grain the of the thread title. I really just think a good AV will keep you safer then you will ever need. Sometimes, we complicate this, a hell of a lot more then it needs to be. This thread is proof.

 

trjam, that's true but I'm just annoyed how often AVs detect AutoHotkey programs as viruses. Sure, I can add it to it's ignore list but it's still frustrating having to out-guess even a good AV of whether something is legit or not.

 

Am i correct the free version cannot be updated, you have to download the next version? Or can you manually update?

 

A real part of the problem is simply the rich trove of solutions. More options = more confusion.

All too true.

The mindless AV comparison threads are banned since they are, well, mindless. When a dozen people start yelling at each other to use "X"! (or Y! or Z!) and don't back it up with a pertinent technical rationale...., we're into the regime of mindlessness. Bring a cogent technical rationale to the discussion, and comparison threads would work fine.

In part, I would say that there is a bit of mismatch in expectations. Most users approach a PC as an appliance, not a precision tool. If you walk up to an "appliance", you want to be able to use it on an almost intuitive basis. Think of an ATM located in a country which uses a language that you don't speak - most of us could probably get local currency out of it after a try or two. That's because the interface is quite simple (minimal options) and fairly intuitive. It's difficult to walk down the wrong path since there are so few of them presented to you. Most of us know the basic paradigm from out home country. The paradigm doesn't change a whole lot. PC security is (or should be) like that, IMHO.

It wasn't the "driving"...., it was the accidents and near misses, i.e. the "experience". Sometimes you just need to live it or simulate it under controlled conditions for the information to take hold.

It's not that they can't "hold the straps", but that the specific straps have, by and large, changed.

Blue

 

Thanks BlueZannati. I don't entirely agree with all your conclusions but just for providing a third perspective is well appreciated.

I will say that I personally know less about appliances than computers so I find fault in that analogy. I think, in general, repetition and as you said controlled simulation go a long way and that saying most people treat computers as applications kind of throws in question what the difference between the two words are.

As far as the driving bit was concerned though, it wasn't that I was denying it didn't help. It was more to show how even in something as common as driving tutorials, there can be ways to improve things even more.

A person who knows they have the option to be a race car driver by just following basic lessons for example would have less incentive to participate in an illegal race.