The thread for people who do NOT use resident AV

Discussion in 'other anti-malware software' started by flatfly, Apr 23, 2016.

  1. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,239
    No Real-time AV used for many years. Closest I get is when testing HMPA 3 and scan with
    HMP. Occasionally run MBAM free. Both come up clean on scans.

    Run browser and certain apps "sandboxed". Limit extension add-ons in browser along with
    using a custom auto proxy configuration URL file for blocking.

    Harden OS which include reg tweaks, disable/remove Windows services and components along with
    using hardware/software firewalls for inbound/outbound connections. Admin account only used
    for installing/removing apps and any updates when needed, otherwise run as "restricted user".

    System-wide virtualization used when needed and of course many image backups available
    to restore OS.

    I limit security apps AMAP and felt AV wasn't no longer needed with my security setup.
     
  2. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,165
    Location:
    Slovakia
    Would you mind sharing? I gather tweaks, maybe I have missed something, so far 18500 people looked at it, so it was worth putting together. :)
     
  3. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Nice list, will look at it when I can sit down for a period of time...

    EDIT:
    "HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters" /v "DisabledComponents"
    I've never had this key's value stay on 255...
     
  4. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,165
    Location:
    Slovakia
    Well, mine stays on ff at all times, but I apply tweaks daily. Even MS sugests, it should be ff, not ffffffff, that slows down the boot by 5 seconds.
     
  5. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Mine resets back to 0, regardless if I apply it with Elevated, Safe Mode, or Hidden Admin. All the other IPv6 stuff works though.
     
  6. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,239
    Would like to share, but I don't use Windows 10 OS.
     
  7. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,360
    Location:
    Milan and Seoul
    I went for long periods without an AV and two of my old XP machines have had no AV for almost three years without any infections as they are always run with Shadow Defender. My main machine is very powerful and whether I run it with or without Avira I can't tell the difference in terms of speed. It is a layer albeit not the first defense, as I rely on Sandboxie and sometimes Shadow Defender as the main security with UAC at Max . Furthermore I like to be notified when something is flagged. I really don't think that Sandboxie and Avira are overkill, also downloading anything to keep needs to be scanned with AV technology, there are other ways but they are time consuming IMO.
     
  8. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I don't depend on AV's anymore, I do have Zemana running in RT but use it mainly for it's right click scan (I scan everything I download)... I depend on ERP, MBAE and SBIE to protect my pc along with OpenDNS, my Hosts file and browser extensions to block any crap from the web. I run Shadow Defender whenever I think it's necessary.
     
  9. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Sandboxie and HitmanPro.Alert seem to be enough to keep me out of trouble.
     
    Last edited: May 8, 2016
  10. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    I know I can be rather safe with Sandboxie, Malwarebytes AntiExploit and any good FW asking outgoing and blocking incoming connections. But still mostly use resident AV in my security setups.
     
  11. Since Vista using build-in only
    • Set Windows Firewall to block outbound connections by default also
    • Harden setup by disabling legacy, remote, shared and unused services
    • Enable UAC to block elevation of unsigned and disable UAC installer detection
    • Set a ACL deny file execute/traverse folder for Everyone on internet facing folders
    • Set Software Restriction Policy default level basic user with Symantec tweak for MSI
      (block execution in user folders, allow run as admin to install/update software)
    Since Windows 7 refined to
    • Mitigate Office Apps through Trustcenter, EMET and RunAsInvoker (UAC virtualize)
    • Limiting installed programs to ASLR enabled programs only (including their DLL's)
    Since Windows 8.1 added
    • Smartscreen on the desktop (requiring admin consent to discard execution block)
    • Set UAC to prompt for credentials (using elevated task-trick for a few programs)
    Since Windows 10 using
    • AppContainer OS-sandbox for all internet facing programs (Apps & Chrome)
    • Bought a Windows Lumia phone to sync Mail & Calendar via outlook.com
      (de-installed Internet Explorer, Windows Media Player and Outlook 2007)
    Since Memprotect using
     
    Last edited by a moderator: Jun 16, 2016
  12. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    883
    Location:
    USA
    +100
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,391
    Location:
    Under a bushel ...
    +101 :thumb:
     
  14. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,031
    In the rare case I get infected, I only ever restore from a clean image as an absolute last resort. I prefer to remove the malware infection. If I spend time cleaning the malware and making sure it is completely removed, I may learn something and improve my malware removal skills. This is important to me, as I often have to remove malware from customer's computers. Considering it is rare for them to have backups, there is no clean image to restore from. I could do a clean install of Windows, but I would need to backup their data first, and then when I'm done installing Windows, restore their data, and then install and software they use. Cleaning the malware seems like a much more straightforward approach.

    I realise that some people are paranoid and worry that they may miss something when cleaning malware. But, I'm not at all paranoid when it comes to computer security, and believe I can remove all malware when a computer is infected.

    I do the same if I ever have problems with any of my PCs. I do my best to diagnose and fix any issues I have instead of restoring from a working image, no matter how long it takes. It's usally a learning exerience, and increases my computer knowledge. If I was to do a restore, I would learn nothing.
     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,994
    Location:
    Among the gum trees
    Real malware removal is much more than just running a handful of programs on a machine. A fully trained malware removalist will generate a log with something like FRST, then create a custom script for each machine. After that there are several other steps to clean the machine up. I've seen this done enough times to know it is way over my head. I have also been told by one of those trained malware removalists that the only way to be sure the machine has no malware is to reinstall Windows. That said, some forms of malware can remain even after formatting a drive.

    There are schools to learn the correct way of removing malware but it takes time to learn. Me running Combofix or whatever isn't going to teach me anything and can leave a machine unbootable if the wrong file/s are removed, so I will not try, but to each his own.

    Here's one example.

    http://www.bleepingcomputer.com/forums/t/532535/malware-removal-training-program/

    Edit: My # 2,100th post. :geek:
     
    Last edited: Jun 30, 2016
  16. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,031
    @Krusty13 I certainly don't claim to be an exeprt at malware removal. However, I have been doing it for 26 years, and if several malware scanners show that a computer is clean, and my own checks don't find anything suspicious, then I tend to believe it is clean. It has been my experience form cleaning malware from my own computers, that once I remove malware from a computer, malware scanners will not find anything that's been missed a few months or even a year of so later on.

    It's rare for me to use ComboFix, but when I have used it, it has given me no problems. If I did cause problems, then more than likely I would be able to fix them.
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,994
    Location:
    Among the gum trees
    Remember when Poweliks first came out? No scanners could detect it, and that is where advanced skills came in. But anyway, I wish you luck.
     
  18. plat1098

    plat1098 Guest

    No third party security/firewall suite either, having gotten rid of all of it due experiencing one glitch and bug and conflict after another with Windows 10, enough already. So, it's Windows firewall + HitmanPro Alert + VoodooShield. Windows Defender is "on" but really only for updates to keep Windows happy. I'll run AdwCleaner or HitmanPro or something once in a blue moon, and use an ad blocker for Firefox. No additional "real time protection," no thanks. No malware to date, not even a PUP, and the machine runs so much better, a big plus. :cool:
     
  19. guest

    guest Guest

    Malware removal is mostly a game for geeks/researchers now, in real world, ITs would back up important documents (and scan them on a spare system to verify if they are infected) then reinstall the system. In corporation you don't have time to play "hide & seek" with malwares, time is money.
     
  20. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    441
    Location:
    England
    @marzametal

    Do you have HitmanPro.Alert installed ?
    It is known to sometimes revert that setting to 0 Links

    Edit: HmpA 3.5 beta appears to not revert the setting now, on my machine at least - whether this was intentional or a side effect I don`t know.
     
    Last edited: Jul 7, 2016
  21. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,165
    Location:
    Slovakia
    Huge corporations maybe, but common companies do not have time for that. We have reported problems with a printer and they told us, that a printer driver has to be reinstalled, but IT guys have no spare time to do it, eventhough they do stuff remotely when it is really really needed.
     
  22. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    1,020
    I have my data separated into 2 major sections.
    1- The OS & Applications part
    2- User data part
    ..each section is totally self contained and can be restored together or separately. As a side benefit it makes migration to a whole new system somewhat easier.

    I rarely**** around with trying to untangle malware when I have the option to restore. Not that I've had to restore recently. It's a geek game and I'd rather be using my system. It isn't worth it and time is money. And it's really the only way to be 100% sure.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.