HarborFront

Level 46
Verified
Content Creator
Hi

I would like to find out if it’s possible to set up strictly a security system for home use using Windows OS WITHOUT using AV/AM or software using a prelist of whitelist/blacklist/blocklist by the developer and if such a set up would afford the same or better prevention and protection than one using AV/AM software. The reason being using definition/signature or use of a prelist updates is a hassle and makes the software reactionary to zero-day attacks. If it’s possible, one day, I might move in that direction.

Of course a combination of both (with AV/AM software and without use of AV/AM software) would be the best but that’s not the intent here.

Malware is an umbrella term encompassing viruses, worms, trojan horses, spywares, ransomwares, adwares, spywares, scarewares, keyloggers, rootkits and other malicious programs.

Requirements of such software

1) Can use free and/or paid software in real-time and on-demand.

2) There should be no usage of a virus/malware database of definitions/signatures

3) No verification is allowed against a virus/malware database (resident or cloud)

4) No updating of virus/malware definitions/signatures allow. No use of a pre-whitelist/blacklist/blocklist/reputation list which requires updating from developer. In short, user control to allow/deny is what’s needed here. Whitelist/blacklist generated by program/user is ok here. Program updates to cover security vulnerabilities (holes) is also acceptable.

5) Should preferably have alert ability/message notification to inform the user of virus/malware attack attempts.


AV/AM software having applicable features incorporated meeting the above requirements are also not acceptable as they don’t meet the intent. One example I can think of is SecureAPlus which makes use of cloud AM scanning for detection and comes with application whitelisting. However, its whitelisting feature makes use of a trusted prelist of trusted applications by the developer. It is therefore not acceptable. VoodooShield is another such whitelisting application. Although user allow/deny the application but it makes use of cloud database to verify against the application which makes it unsuitable here.

I believe the required software would be leaning more towards prevention and protection rather than detection and removal.

Windows OS

Let’s start with the OS itself. UAC, SRP, AppContainer etc. would be appropriate, right? How about EMET and any other Windows setting and MS tools/utilities that are appropriate for this case?

3rd-party Apps

Use of virtualization techniques software such as Sandboxie, Shadow Defender etc should fall here.

SBGuard, WinAntiRansom, CryptoPrevent, SSRP etc. also come to my mind as applicable.

How about AE like AppGuard, NVTRP etc. Do they use a prelist of some sort by the developer?

I suppose Malwarebytes Anti-Exploits Premium can also be considered as one good addition, right?

Do anti-keyloggers (Zemana AntiLogger, Spyshelter Anti-keylogger etc) make use of a database of keyloggers for verification?

How about software using purely behaviour blocking, heuristics or HIPs like ReHIPs? Do they make use of a malware database as well? What good examples are there?

All AV/AM software utilizing a definition/signature database, SpywareBlaster, Adwcleaner, Trojan Hunter, HitmanPro.Alert, Malwarebytes Antimalware, Voodooshield, SecureAPlus etc would not meet the requirementss laid down.

What about extensions/add-ons or software for web protection? uBlock Origin, Ghostery, Adguard Adblocker etc don’t make the grade as their definitions need to be upgraded.

With such limited options would prevention and protection against the malwares mentioned in the third paragraph be adequate? And does such software alert the user of any attempts by virus/malware attack?

What would your security configuration like if not using AV/AM software?

Data encryption, backup, network attack protection etc will not be discussed here. Software no longer in existence will also not be discuss in order to shorten discussions.


Thanks
 
Last edited:

CMLew

Level 23
Verified
Why not start from setting up safe surfing behaviour? Once u got that, you don't need any security software literally.

Practically, you're asking a software where pratically I believe >95% doesnt fulfill your criteria.
 

_CyberGhosT_

Level 53
Verified
Trusted
Content Creator
Why not start from setting up safe surfing behaviour? Once u got that, you don't need any security software literally.

Practically, you're asking a software where pratically I believe >95% doesnt fulfill your criteria.
I agree with this, and to do it properly, you have to shape the protection around the user and their habits
not around the PC as much, sure you need compatiability but you get my drift ;)
 
  • Like
Reactions: safe1st and askmark

HarborFront

Level 46
Verified
Content Creator
Why not start from setting up safe surfing behaviour? Once u got that, you don't need any security software literally.

Practically, you're asking a software where pratically I believe >95% doesnt fulfill your criteria.
Hi, I'm not asking for a software but a combination of non-AV/AM software. Thanks for the reply
 

_CyberGhosT_

Level 53
Verified
Trusted
Content Creator
Start with VoodooShield as your base, make sure your browsers are covered with the correct Plugins and a good tuned firewall like
the default firewall you already have, add WFC to that, and practice safe habits and your good to go.
But I warn you if you dont have safe browsing or click habits you will get to know the resident Eagle pretty fast ;)
 

HarborFront

Level 46
Verified
Content Creator
Start with VoodooShield as your base, make sure your browsers are covered with the correct Plugins and a good tuned firewall like
the default firewall you already have, add WFC to that, and practice safe habits and your good to go.
But I warn you if you dont have safe browsing or click habits you will get to know the resident Eagle pretty fast ;)
Thanks

Like I said VS don't make the grade for it has its cloud components for verification. Can firewall, without BB/heuristics/HIPS, prevent virus/malware passing through? Also, what plugins can you recommend for my Chrome and Firefox browsers?

Thanks
 
  • Like
Reactions: _CyberGhosT_

_CyberGhosT_

Level 53
Verified
Trusted
Content Creator
Wait, I just noticed that green dot flashing on my avatar and a light went off in my head, Install Linux and
you don't have to run any of that software lol
See a config with "no AV no AM" :p
Seriously though, only you know your browsing habits so shape your plug ins around that,
there are so many to choose from, if you follow that thread pablozi posted thats a good place to start, it took me a while to make it to a "Sig free" config in Windows 10 because I did my homework and I did it successfully. You can too, there is a wealth of info here at your finder tips brother ;)
 
  • Like
Reactions: askmark

shmu26

Level 83
Verified
Trusted
Content Creator
Thanks

Like I said VS don't make the grade for it has its cloud components for verification. Can firewall, without BB/heuristics/HIPS, prevent virus/malware passing through? Also, what plugins can you recommend for my Chrome and Firefox browsers?

Thanks
firewall alone is not strong enough.
modern malware will bypass it.
 

shmu26

Level 83
Verified
Trusted
Content Creator
Thanks

Like I said VS don't make the grade for it has its cloud components for verification. Can firewall, without BB/heuristics/HIPS, prevent virus/malware passing through? Also, what plugins can you recommend for my Chrome and Firefox browsers?

Thanks
if you don't want VS because of cloud component, so use NoVirusThanks EXE Radar Pro free beta. It is stronger and lighter than voodoo.
 

HarborFront

Level 46
Verified
Content Creator
voodooshield for default/deny
hitmanpro.alert for fileless exploits
disable flash and java
use a little common sense
you are safe.
Hi

I already mentioned that AV/AM software having applicable features incorporated meeting the above requirements are also not acceptable as they don’t meet the intent. Similarly for VS and HMPA.

VS has its cloud component and HMPA has its detection and removal capability using its cloud. So they don't make the grade. It's no point having software and disabling their important capabilities, right?

FYI, I have these 2 software in my system now so I roughly know their capabilities.

Thanks
 
Last edited:
  • Like
Reactions: shmu26

HarborFront

Level 46
Verified
Content Creator
Wait, I just noticed that green dot flashing on my avatar and a light went off in my head, Install Linux and
you don't have to run any of that software lol
See a config with "no AV no AM" :p
Seriously though, only you know your browsing habits so shape your plug ins around that,
there are so many to choose from, if you follow that thread pablozi posted thats a good place to start, it took me a while to make it to a "Sig free" config in Windows 10 because I did my homework and I did it successfully. You can too, there is a wealth of info here at your finder tips brother ;)
I said for home use with Windows OS. Where's this pablozi thread you mentioned? Can provide the link? Yup, a "Sig-free" (and others) config is what I'm aiming for. Thanks
 
Last edited:
  • Like
Reactions: _CyberGhosT_

HarborFront

Level 46
Verified
Content Creator
if you don't want VS because of cloud component, so use NoVirusThanks EXE Radar Pro free beta. It is stronger and lighter than voodoo.
In my opening post I also questioned NVTRP and AppGuard as to whether they use a malware database of any sort for their operation for I have not use them before. Can you confirm this? Thanks.