Default Deny VS traditional AVs

[509322]

Chromebook is a web box with little to no functionality Offline, not to mention it can't run anything outside the Google Store.
As for security, I'm sure everyone knows the number of attacks doesn't equal to how much secure it is or not (common mistake that makes people believe OSX and/or Linux are safer than Windows, when they're not).
I can make a keylogger for Linux in 5 min. with no systems in place to stop me (believe me, I've done it for research sake), while on Windows the same can't be said.
Chromebook can take malware like any other OS, the Google Store is no stranger to malware.
So no I don't fall for all this advertising of Chromebook being invulnerable to Malware and being the safest ever, for me it's like any other and you guys are over-hyping it.
Wanna be secure practice safe habits, there's no miracle Software nor OS that will keep you safe from stupid.

The targeting of applications and OSes has everything to do with security. Migrating to a (much) less targeted platform is the same concept as reducing attack surface - which is one of the best methods to thwart attacks.

You don't need 554 layers on a Chromebook to be secure. Compared to Windows, only a relatively minor amount of things that the user needs to do to remain comparatively very secure.

No one ever said Chromebook was invulnerable. You are assigning meaning and intent as you wish. What has been said repeatedly is that Chromebook is much less targeted as compared to Windows.

People here have posted numerous times not to install Android apps and other stuff from the Google Store. Because everybody knows that Google cannot control nor police its store properly and it is full of malicious stuff.

For those that neither have the knowledge nor the inclination for security soft geek level stuff, Chromebook is the safer, more easily used option.

And if you're a gamer, need to use Windows-only apps, etc … well, then... Chromebook isn't for you. Nor does Google want it to be for those types.

As far as privacy, LOL, Microsoft is just as bad, if not worse, than Google. It's been well-proven. Research it.

 

[509322]

Yes, default deny is for more adept users, but to say AV is for beginners is clearly ridiculous, as both this thread and MalwareTips as a whole ably demonstrates. Of course beginners use AVs, but so do a lot of advanced users, plus the dreaded Average Joe who you seem to have so much contempt for.

Out of interest, what sort of user is Emsisoft aimed at?

Default-deny is easy. If people can use NVT OSA, System Hardener, ERP, @Andy Ful 's Hard Configurator, etc …, then those people can learn the basic concepts of default-deny.

Default-deny is not for application and program collectors, willy-nilly happy clickers = those that want to download stuff and not take personal responsibility or put forth any further effort than some AV or reputation system telling them what to do.

Being paranoid all the time doesn't help either. Feeling the need to inspect every single thing that happens on a system is not helpful one single bit.

 

[509322]

I have a very different opinion about default deny; for me it is much better suited for average/beginners than for advanced users.

The former group cant be trusted to make choices about what file will run and advanced users will run only files that they really need, so an antivirus with behavior blocker is their safe belt in a rare judgment mistake.

Edit: @Andy Ful approach is the perfect balance between security and "annoyance" (user input), it is something that advanced users and begginers can use without impacting their activities.

The "dumb" default- deny has no value for the advanced user (except for hobby) and while it is very good for begginers it demands initial configuration, something that in the "real world" can only be properly done in a corporate environment.

1. Beginners... those that put forth the effort can learn.
2. People should only be using what they need in the first place.
3. The ideal is to use default-deny as part of a security-in-depth (layered) protection.
4. Default-deny rarely causes major inconveniences. Blocking what you just downloaded willy-nilly doesn't count; it is supposed to block it. To allow it, merely flip a single control to OFF.
5. Configuration of default-deny is easy. So easy that children and grandmas can do it.

 

[Deleted member 178]

Yes, default deny is for more adept users, but to say AV is for beginners is clearly ridiculous, as both this thread and MalwareTips as a whole ably demonstrates. Of course beginners use AVs, but so do a lot of advanced users, plus the dreaded Average Joe who you seem to have so much contempt for.

That is a fact, when you start dabbling in security, what was tbe first thing you learn? About AVs, then you have 2 choices:
Stop there and or learn more which automatically orient you to default-deny mechanism.
If you manage to master default-deny, you aren't a beginner anymore even if you still use an AV. So my statement is right.

Out of interest, what sort of user is Emsisoft aimed at?

Back in the old time (online armor, mamutu) , it was for geek user mostly, it had lot of granularity and offered lot of control. Now from what i know before i left, they focus now on beginners, for that they simplified it to the max. Geeks dont bring money.

 

[Electr0n]

I nowadays prefer a combination of Comodo firewall (default deny) and weekly scans from HMP and MBAM and frequent backups. Traditional AVs and default deny both can be bypassed, combining them would mean greater protection to some extent but system resources also get affected. So I would go with common sense and default deny.

 

[509322]

I nowadays prefer a combination of Comodo firewall (default deny) and weekly scans from HMP and MBAM and frequent backups. Traditional AVs and default deny both can be bypassed, combining them would mean greater protection to some extent but system resources also get affected. So I would go with common sense and default deny.

Default-deny almost invariably blocks or contains what the antivirus misses. That's the point of layered defense.

 

[Electr0n]

Default-deny almost invariably blocks or contains what the antivirus misses. That's the point of layered defense.

Yep, but it should also block almost everything that the antivirus might catch right( because that's it nature, block everything)? Apart from the occasional nasties that are specifically designed to evade default deny systems, am i right?

 

[Deleted member 178]

Yep, but it should also block almost everything that the antivirus might catch right( because that's it nature, block everything)?

depend its scope, anti-exe, SRP, HIPS, BB, etc... all have defined scopes, for example, HIPS cover almost everything but you pay the price by being disturbed by alerts. Anti-exe usually don't monitor dlls or drivers execution.

Apart from the occasional nasties that are specifically designed to evade default deny systems, am i right?

right. mostly exploits that gain "System" privileges and so are at same level than the security software which make it useless.

 

[Evjl's Rain]

I'm using both: a zero-weight simple AV for signatures (no BB, no webfilter) and comodo firewall for missed stuffs
zero-weight AV means the AV which you can't really notice its existence on your PC compare to itself without the AV (and it must be free!!! or it's a waste of money)

Default-deny blocks everything without a clear indicator of a file being safe or unsafe. We need to spare some time to determine its safety by analyzing tools, which I don't have time for
With a zero-weight AV, it blocks most of the malwares => less work for comodo = less time to analyze malwares

it is different in every user. 1 encounters malwares frequently/every month, the other get 1 or very few per year

 

[Electr0n]

depend its scope, anti-exe, SRP, HIPS, BB, etc... all have defined scopes, for example, HIPS cover almost everything but you pay the price by being disturbed by alerts. Anti-exe usually don't monitor dlls or drivers execution.

I am using comodo firewall with CS settings and HIPS turned on, so that takes care of pretty much everything I guess considering the fact that I don't download that much?

I'm using both: a zero-weight simple AV for signatures

May I ask which AV are you using? I have been using avast free with file and webshield only but have noticed that it significantly impacts the performance of my machine. That's why I am sticking with comodo only for now, but a light AV won't hurt.

 

[Evjl's Rain]

May I ask which AV are you using? I have been using avast free with file and webshield only but have noticed that it significantly impacts the performance of my machine. That's why I am sticking with comodo only for now, but a light AV won't hurt.

it depends on what you like
for me, my zero-weight AVs which I have been pairing with CF for months are Zemana antimalware/antilogger (if you can grab a free license) and immunet (disable the useless clamAV, only use cloud engines)

zemana refused to acknowledge my bug report of extreme memory usage after several hours of usage so I put it in second place
immunet has far better signatures than zemana

they are disastrous to use alone but when we pair with CF, they perform well

 

[shmu26]

If you are advanced enough and paranoid enough to set up a default/deny solution on your computer, you don't really need it. You are sufficiently careful and informed to avoid infection without it.
If you use default/deny to keep an uninformed user out of trouble, that's good. That is default/deny put to good work.

 

[uninfected1]

Back in the old time (online armor, mamutu) , it was for geek user mostly, it had lot of granularity and offered lot of control. Now from what i know before i left, they (Emsisoft) focus now on beginners, for that they simplified it to the max. Geeks dont bring money.

That's a shame. I'll miss you plugging Emsisoft products .

 

[JM Safe]

Chromebook is a web box with little to no functionality Offline, not to mention it can't run anything outside the Google Store.
As for security, I'm sure everyone knows the number of attacks doesn't equal to how much secure it is or not (common mistake that makes people believe OSX and/or Linux are safer than Windows, when they're not).
I can make a keylogger for Linux in 5 min. with no systems in place to stop me (believe me, I've done it for research sake), while on Windows the same can't be said.
Chromebook can take malware like any other OS, the Google Store is no stranger to malware.
So no I don't fall for all this advertising of Chromebook being invulnerable to Malware and being the safest ever, for me it's like any other and you guys are over-hyping it.
Wanna be secure practice safe habits, there's no miracle Software nor OS that will keep you safe from stupid.

+1

 

[shmu26]

+1

+1

 

[JM Safe]

The targeting of applications and OSes has everything to do with security. Migrating to a (much) less targeted platform is the same concept as reducing attack surface - which is one of the best methods to thwart attacks.

You don't need 554 layers on a Chromebook to be secure. Compared to Windows, only a relatively minor amount of things that the user needs to do to remain comparatively very secure.

No one ever said Chromebook was invulnerable. You are assigning meaning and intent as you wish. What has been said repeatedly is that Chromebook is much less targeted as compared to Windows.

People here have posted numerous times not to install Android apps and other stuff from the Google Store. Because everybody knows that Google cannot control nor police its store properly and it is full of malicious stuff.

For those that neither have the knowledge nor the inclination for security soft geek level stuff, Chromebook is the safer, more easily used option.

And if you're a gamer, need to use Windows-only apps, etc … well, then... Chromebook isn't for you. Nor does Google want it to be for those types.

As far as privacy, LOL, Microsoft is just as bad, if not worse, than Google. It's been well-proven. Research it.

Each OS is different, take for example Windows and Unix-based OS (linux): on Windows most of users use 3rd party security products. In linux theorically you are secure without other security products because of root concept.

 

[shmu26]

Security geeks don't get their systems infected, although it doesn't hurt to set up a little security, for peace of mind.
Uninformed users should have someone more advanced set up default/deny for them.
Uninformed users who insist on the freedom of installing anything and everything will have to bear the consequences of their actions, because we can't help them.

 

[212eta]

Default Deny

 

[MoriartyOW]

Both = Kaspersky with TAM enabled.

 

[Brie]

Nope. Not really. Not for home users. It is the piled-in garbage that Microsoft ships with general OS that is Windows. It benefits a tiny fraction of all users and places all other users at-risk. Not any kind of common sense security model.

And apps that use it perform terribly on Windows, in general. It's garbage.

Chrome OS\Chromium OS does just fine without it. And most of the paranoid people here that are so bent out of shape about security should move to Chromebook... never to return to Windows.

chromebook can not operate a wifi, modem or printer.