Hi
I would like to find out if it’s possible to set up strictly a security system for home use using Windows OS WITHOUT using AV/AM or software using a prelist of whitelist/blacklist/blocklist by the developer and if such a set up would afford the same or better prevention and protection than one using AV/AM software. The reason being using definition/signature or use of a prelist updates is a hassle and makes the software reactionary to zero-day attacks. If it’s possible, one day, I might move in that direction.
Of course a combination of both (with AV/AM software and without use of AV/AM software) would be the best but that’s not the intent here.
Malware is an umbrella term encompassing viruses, worms, trojan horses, spywares, ransomwares, adwares, spywares, scarewares, keyloggers, rootkits and other malicious programs.
Requirements of such software
1) Can use free and/or paid software in real-time and on-demand.
2) There should be no usage of a virus/malware database of definitions/signatures
3) No verification is allowed against a virus/malware database (resident or cloud)
4) No updating of virus/malware definitions/signatures allow. No use of a pre-whitelist/blacklist/blocklist/reputation list which requires updating from developer. In short, user control to allow/deny is what’s needed here. Whitelist/blacklist generated by program/user is ok here. Program updates to cover security vulnerabilities (holes) is also acceptable.
5) Should preferably have alert ability/message notification to inform the user of virus/malware attack attempts.
AV/AM software having applicable features incorporated meeting the above requirements are also not acceptable as they don’t meet the intent. One example I can think of is SecureAPlus which makes use of cloud AM scanning for detection and comes with application whitelisting. However, its whitelisting feature makes use of a trusted prelist of trusted applications by the developer. It is therefore not acceptable. VoodooShield is another such whitelisting application. Although user allow/deny the application but it makes use of cloud database to verify against the application which makes it unsuitable here.
I believe the required software would be leaning more towards prevention and protection rather than detection and removal.
Windows OS
Let’s start with the OS itself. UAC, SRP, AppContainer etc. would be appropriate, right? How about EMET and any other Windows setting and MS tools/utilities that are appropriate for this case?
3rd-party Apps
Use of virtualization techniques software such as Sandboxie, Shadow Defender etc should fall here.
SBGuard, WinAntiRansom, CryptoPrevent, SSRP etc. also come to my mind as applicable.
How about AE like AppGuard, NVTRP etc. Do they use a prelist of some sort by the developer?
I suppose Malwarebytes Anti-Exploits Premium can also be considered as one good addition, right?
Do anti-keyloggers (Zemana AntiLogger, Spyshelter Anti-keylogger etc) make use of a database of keyloggers for verification?
How about software using purely behaviour blocking, heuristics or HIPs like ReHIPs? Do they make use of a malware database as well? What good examples are there?
All AV/AM software utilizing a definition/signature database, SpywareBlaster, Adwcleaner, Trojan Hunter, HitmanPro.Alert, Malwarebytes Antimalware, Voodooshield, SecureAPlus etc would not meet the requirementss laid down.
What about extensions/add-ons or software for web protection? uBlock Origin, Ghostery, Adguard Adblocker etc don’t make the grade as their definitions need to be upgraded.
With such limited options would prevention and protection against the malwares mentioned in the third paragraph be adequate? And does such software alert the user of any attempts by virus/malware attack?
What would your security configuration like if not using AV/AM software?
Data encryption, backup, network attack protection etc will not be discussed here. Software no longer in existence will also not be discuss in order to shorten discussions.
Thanks
I would like to find out if it’s possible to set up strictly a security system for home use using Windows OS WITHOUT using AV/AM or software using a prelist of whitelist/blacklist/blocklist by the developer and if such a set up would afford the same or better prevention and protection than one using AV/AM software. The reason being using definition/signature or use of a prelist updates is a hassle and makes the software reactionary to zero-day attacks. If it’s possible, one day, I might move in that direction.
Of course a combination of both (with AV/AM software and without use of AV/AM software) would be the best but that’s not the intent here.
Malware is an umbrella term encompassing viruses, worms, trojan horses, spywares, ransomwares, adwares, spywares, scarewares, keyloggers, rootkits and other malicious programs.
Requirements of such software
1) Can use free and/or paid software in real-time and on-demand.
2) There should be no usage of a virus/malware database of definitions/signatures
3) No verification is allowed against a virus/malware database (resident or cloud)
4) No updating of virus/malware definitions/signatures allow. No use of a pre-whitelist/blacklist/blocklist/reputation list which requires updating from developer. In short, user control to allow/deny is what’s needed here. Whitelist/blacklist generated by program/user is ok here. Program updates to cover security vulnerabilities (holes) is also acceptable.
5) Should preferably have alert ability/message notification to inform the user of virus/malware attack attempts.
AV/AM software having applicable features incorporated meeting the above requirements are also not acceptable as they don’t meet the intent. One example I can think of is SecureAPlus which makes use of cloud AM scanning for detection and comes with application whitelisting. However, its whitelisting feature makes use of a trusted prelist of trusted applications by the developer. It is therefore not acceptable. VoodooShield is another such whitelisting application. Although user allow/deny the application but it makes use of cloud database to verify against the application which makes it unsuitable here.
I believe the required software would be leaning more towards prevention and protection rather than detection and removal.
Windows OS
Let’s start with the OS itself. UAC, SRP, AppContainer etc. would be appropriate, right? How about EMET and any other Windows setting and MS tools/utilities that are appropriate for this case?
3rd-party Apps
Use of virtualization techniques software such as Sandboxie, Shadow Defender etc should fall here.
SBGuard, WinAntiRansom, CryptoPrevent, SSRP etc. also come to my mind as applicable.
How about AE like AppGuard, NVTRP etc. Do they use a prelist of some sort by the developer?
I suppose Malwarebytes Anti-Exploits Premium can also be considered as one good addition, right?
Do anti-keyloggers (Zemana AntiLogger, Spyshelter Anti-keylogger etc) make use of a database of keyloggers for verification?
How about software using purely behaviour blocking, heuristics or HIPs like ReHIPs? Do they make use of a malware database as well? What good examples are there?
All AV/AM software utilizing a definition/signature database, SpywareBlaster, Adwcleaner, Trojan Hunter, HitmanPro.Alert, Malwarebytes Antimalware, Voodooshield, SecureAPlus etc would not meet the requirementss laid down.
What about extensions/add-ons or software for web protection? uBlock Origin, Ghostery, Adguard Adblocker etc don’t make the grade as their definitions need to be upgraded.
With such limited options would prevention and protection against the malwares mentioned in the third paragraph be adequate? And does such software alert the user of any attempts by virus/malware attack?
What would your security configuration like if not using AV/AM software?
Data encryption, backup, network attack protection etc will not be discussed here. Software no longer in existence will also not be discuss in order to shorten discussions.
Thanks
Last edited:
