The wisdom of using Windows without on-access AV scanning?

Discussion in 'other anti-virus software' started by Gullible Jones, May 9, 2009.

Thread Status:
Not open for further replies.
  1. Hi everyone... For various reasons, I recently gave up on Linux, and am now using Windows 2000.

    The good: Windows is lighter and faster than Linux, by a long shot.

    The bad: it seems to need antiviral software, and said software tends to bog it down a lot.

    (Part of the issue might be my current use of Threatfire, but I'm not really sure.)

    Anyway, I'm wondering if a Windows setup with only on-demand scanning would be considered problematic. I could do things like running day-to-day stuff as a restricted user and installing things with RunAs, using Sandboxie for programs that access the internet, and running software firewall; but would that be enough, especially given the probable unfixed vulnerabilities in Win2k?
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    If you know what you're doing, and it sounds like you do, then you'd probably be ok with just on-demand. TF indeed will slow things down a bit too btw. Check out the LUA/SRP threads here at Wilders also, for more useful info.
     
  3. vizhip

    vizhip Registered Member

    Joined:
    May 2, 2009
    Posts:
    83
    I think I would run my e-mail through sandboxie as well to prevent anything from getting in that way...

    By making all external points go through sandboxie, you limit your exposure and vulnerability...

    Another thought is to add another hard drive and obtain a software package to create an image backup of your system so that you can restore quickly in case something DOES manage to get through...

    Windows 2000 is a great operating system, but it does have a few vulnerabilities, even with the available software. Many companies have discontinued support of 2000... so mainly you have to make up a lot of it by careful behavior on your part...

    Regards -
    -Bob
     
  4. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Pick up a copy of windows xp. Second hand / Discount are both quite cheep.

    And you dont need an AV if you are a smart guy and userstand your processes.
     
  5. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    As you seem used to the unix/linux world, my wild guess would be to use group policy / SRP while running under limited account as Kerodo proposed.

    I am not saying you won't eventually need an AV, at least on demand, but it seems it would be the best way to start a secure use of windows...
     
  6. Thanks guys (and gals).

    This group policy/SRP stuff - are there any online resources on it?
     
  7. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    The bible:
    http://technet.microsoft.com/en-us/library/cc786941.aspx
    and
    http://www.mechbgon.com/srp/

    Some discussions:
    https://www.wilderssecurity.com/showthread.php?p=1230623#post1230623
    https://www.wilderssecurity.com/showthread.php?t=232857
    https://www.wilderssecurity.com/showthread.php?t=197456

    Be careful though, I don't know the differences between Win2000 and XP... But you could find some good info on technet and windows site.
     
  8. Thanks.

    Huh, I didn't know about IE7's protected mode. Interesting, I may have to try that. It looks like Microsoft is really cleaning up its security act.
     
  9. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    Protected mode works only on Vista, as part of UAC policy.
     
  10. Oh. :\ And Chrome doesn't work on Win2k... Shame. Guess I'll be sticking with Mozilla then.

    (There is a way of getting Chrome to work on Win2k, supposedly, but it seems to involve patching the kernel with a dubious third-party binary patch. No thank you. :eek: )

    Although, regarding all these extra security features in XP - I may wind up buying a copy of XP Pro, if it's that much better.
     
  11. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    If you get XP family premium, then you can follow the steps from tlu's thread about SRP, especially one of his last post where he gives the registry tweak as a .reg file.

    If you have the pro version, then fair enough, you have everything to play!
     
  12. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    SeaMonkey and K-Meleon are both very good on 2K.

    Win2K can be run safely without an AV. I haven't used one on 2K in the last 2 years. You can build a very effective restricted or user mode with classic HIPS. I use SSM for this but there are others that will work just as well. A potent combination would be classic HIPS defending the OS itself, a good firewall to control traffic, and SandBoxie to isolate the attack surface (internet apps, software that opens files from outside sources, etc), and a non-MS browser.
     
  13. HIPS... Hmm. Is OSSEC good for that or is it only Intrusion Detection?

    And how about hardening tools? I've found Seconfig already, but how is Samurai? Is it still any good, or is it obsolete as of 2.7?
     
  14. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    What post from tlu?

    What means ACL?
     
  15. If it's the same thing as on Linux, then it would stand for "access control list".
     
  16. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
  17. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hi Gullible Jones,

    I've been a happy user of Win2K for years. As others have noted, you seem to know what you are doing, and noone_particular's advice will keep you protected.

    Yes, Win2K is light and fast. Unfortunately, there will come a time when other new software won't work on it...

    But until then, enjoy!

    ----
    rich
     
  18. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hi Lucy,

    Unfortunately, SRP is not available on Win2K. It's Group Policies is very limited, compared with SRP. Here's what it looks like:

    Win2kPolicies.gif

    An informative early (2001)Technet article mentions this:

    http://technet.microsoft.com/en-us/library/bb457006.aspx
    Things have certainly come a long way!

    ----
    rich
     
  19. ... Wow. Shame about that.

    Hopefully hardening, a good HIPS program, and running as a restricted user will be enough...

    (Still looking for a free HIPS program BTW. Currently using Samurai, but it's more hardening software, seems kind of limited in the HIPS department.)

    Edit: Scratch that, I just saw Samurai in action when I tried out the free version of PrevX... Pretty nice, it detects when drivers are loading and asks me if I want to load them or not.

    (The driver in question was part of PrevX. Funnily enough, PrevX and Samurai seem not to like each other; PrevX reports Samurai as adware. I wonder why.)

    Edit again: Hmm, I do not like PrevX. On reboot, it tells me my system is infected without specifying what the agent is... and then prompts me to scan the system, and shows no infectious agents detected. I don't appreciate that sort of rubbish from security software.
     
    Last edited by a moderator: May 10, 2009
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Trust No Exe runs on 2000, it is an easy replacement for SRP, simply apply a deny execute from user space

    Surun is an easy way to implement LUA under 2000 (like in unix, you will like it)

    Regards Kees
     
  21. Ooh thanks, I'll check out Trust-No-EXE; that looks really cool. I'd also try SuRun but unfortunately I've already switched to admin mode. :(
     
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Does not matter, just create a second admin, or unhide the internal admin
     
Loading...
Thread Status:
Not open for further replies.