How to set up a security system WITHOUT using AV/AM software?

[Nico@FMA]

that's interesting. maybe I am brainwashed by MT.
do you see reports that users of voodooshield, or AppGuard, or NVT ERP, are getting infected?

Its not that users get infected DUE to using these programs. I said they get infected while using these programs assuming their safe.
What i am trying to say is that some newer malware still gets in and these programs seem powerless to stop it.
But then again you cannot blame these programs for it since some of the ways of getting in are outside the scanning and detection scope of these programs.

Imagine a 2 way firewall that is suppose to protect you against hackers and does a fine job at it. Now the hacker comes into your house and sits directly behind the PC and uploads a malicious program using a USB stick.
Then your PC is hacked and your firewall is eating dust.
So no you are not getting brainwashed, its just that Cyber criminals adopt new techniques to deliver their venom on to your system, since they are very much aware of what programs like Appguard and others can do. Refine, adopt and overcome its a endless race.

 

[shmu26]

Its not that users get infected DUE to using these programs. I said they get infected while using these programs assuming their safe.
What i am trying to say is that some newer malware still gets in and these programs seem powerless to stop it.
But then again you cannot blame these programs for it since some of the ways of getting in are outside the scanning and detection scope of these programs.

Imagine a 2 way firewall that is suppose to protect you against hackers and does a fine job at it. Now the hacker comes into your house and sits directly behind the PC and uploads a malicious program using a USB stick.
Then your PC is hacked and your firewall is eating dust.
So no you are not getting brainwashed, its just that Cyber criminals adopt new techniques to deliver their venom on to your system, since they are very much aware of what programs like Appguard and others can do. Refine, adopt and overcome its a endless race.

I am just trying to understand how the malware gets in.
Let's say you have teamviewer installed, with a weak password, and it gets brute-forced. That I can understand.
Let's say you run COMODO at default settings with 3000 "trusted vendors", and you get hit by malware with a sig. That I can understand.
Let's say you surf bad sites with an outdated version of IE running on windows XP. That I can understand.

Is this what you are talking about?

 

[HarborFront]

Its not that users get infected DUE to using these programs. I said they get infected while using these programs assuming their safe.
What i am trying to say is that some newer malware still gets in and these programs seem powerless to stop it.
But then again you cannot blame these programs for it since some of the ways of getting in are outside the scanning and detection scope of these programs.

Imagine a 2 way firewall that is suppose to protect you against hackers and does a fine job at it. Now the hacker comes into your house and sits directly behind the PC and uploads a malicious program using a USB stick.
Then your PC is hacked and your firewall is eating dust.
So no you are not getting brainwashed, its just that Cyber criminals adopt new techniques to deliver their venom on to your system, since they are very much aware of what programs like Appguard and others can do. Refine, adopt and overcome its a endless race.

Agree to what you said.

If I'm a determined hacker I'll get a copy of Appguard and have it install onto my PC and play with it. I'll go to MT forums, Wilders Security forums and BleepingComputer forums etc. and raise naive questions there. Oh, I'll also write to the developer and question his product.

Then I'll develop a malware to bypass or infiltrate Appguard. Can anyone stop me?

 

[Nico@FMA]

I am just trying to understand how the malware gets in.
Let's say you have teamviewer installed, with a weak password, and it gets brute-forced. That I can understand.
Let's say you run COMODO at default settings with 3000 "trusted vendors", and you get hit by malware with a sig. That I can understand.
Let's say you surf bad sites with an outdated version of IE running on windows XP. That I can understand.

Is this what you are talking about?

Read my text again i will highlight it for you ok?

Another big issue is that while one might be "THE" perfect all knowing computer user, todays malware comes in so many forms that anyone thinking that running a PC just on good surf and PC habits will do it for you. WRONG Death wrong guys.
Having a APP or browser extension or a collection of both sure helps no argue there. Fact is however that the majority of the latest infections walk right past any of these configurations. Did you not got hit yet? Good for you yet do realize that blog after blog and security after security magazine is reporting wave after wave of infected computers using exactly the same configurations as you can see here on MT and many other forums, and NO APP, Browser extension did anything to stop it. My point here is a few years ago we did have Trojans and malware popping up all over the place, think about netsky and that sort of crap. Now the last 3 years ransom crap is rampant and now you see more data collecting type of malware, hidden in legit files, injected into legit websites. One does not even have to click on a link. My point its not YOU that has to mess up. Now while Windows 10 seem to be reasonable safe, have you guys seen how many Windows 10 infections there are? its 3 times as much as when Windows 7 was around the same age as Windows 10. And the funky part about it is? That some of this malware cannot even be classed as malware since its so well hidden. A whole new generation of "dangers" is surfacing leaving all these fancy anti exe, app lock and browser extensions eating dust. None wants a Anti NSA setup, since you cannot achieve it anyway, one does not want to have a bunker hill type of defense either since it only bogs down the system. But the big draw back with all these security addons and such is that you got so many potentially weak links where a good Internet security suit does do better.
Everyone keeps focusing on light on resources, high detection rate yet most end up asking @TwinHeadedEagle for a clean up.

Just get yourself a GOOD Internet Security Solution then keep windows updated, use smart screen or Google malicious protection and use your brain. Beats any of these plugin based security apps.

Maybe a bit of topic and it may sound harsh but i am getting a little tired of always the same type of configurations that effectively do nothing much. (Still better then nothing obviously) But i am just saying, i see members here on the forum reply to these sort of topics and i am thinking guys you know better then that.

Kind Regards,
Nico

 

[shmu26]

Agree to what you said.

If I'm a determined hacker I'll get a copy of Appguard and have it install onto my PC and play with it. I'll go to MT forums, Wilders Security forums and BleepingComputer forums etc. and raise naive questions there. Oh, I'll also write to the developer and question his product.

Then I'll develop a malware to bypass or infiltrate Appguard. Can anyone stop me?

how are you going to monetize your hacks of rarely used programs?
hackers are in it for the money, unless it is a targeted attack on a big business or political figure

 

[Nico@FMA]

how are you going to monetize your hacks of rarely used programs?
hackers are in it for the money, unless it is a targeted attack on a big business or political figure

Darkweb all the way, there are thousands of silk-road type of websites where a hacker IF and only IF they got a credible hack/tool can make some serious money.
Sometime ago here in the Netherlands a few lulsec guys got arrested, turns out they did make easy 50k a month just by writing hacktools and sell them on the dark web. Most of these guys where bare 16 year old.

 

[neon]

I have 3 systems, so I get to try different things on different systems.

On primary system I still use Adguard. The element picker\blocker works a little better. uBlock Origin is probably the best freeware alternative, unless you want to bugger yourself with uMatrix or NoScript (both ugh in my experience... too much work and alters webpage too much).

Notice in the image I am using W7 on a puny, underpowered Pentium system - hence uBlock Origin instead of Adguard - which starts with Windows.

Thanks any changes on Windows 10 ?
Regards

 

[shmu26]

Read my text again i will highlight it for you ok?



Kind Regards,
Nico

okay, so if someone is using a non-sig-based setup, and he doesn't bother to check his installation files on virus total, so it is the user's fault.
and as for those fileless attacks from websites, they are kind of rare if you use a good browser and keep it up to date, and especially if you disable flash.

 

[Ink]

I'm not here to dispute or please great minds. I'm here to find answers to my needs.

Like I mentioned if suggestions (great for you) but don't meet my requirements in the opening post then I'll not accept them because my needs are different from yours.

Out of curiosity:

1. Why have you chosen to use Windows over other Operating systems?
2. What do you use Windows for?
3. Why are the requirements to your needs very specific?
4. What can you gain from a signature-less security setup?
5. How will you be able to determine if the code running on your PC is genuine or for nefarious activities?

Take a look at McAfee Real Protect (aka Raptor) - Beta Phase -Behavioural-based
http://www.mcafee.com/us/downloads/free-tools/how-to-use-realprotect.aspx
Discussion here: https://malwaretips.com/threads/mcafee-real-protect-raptor-beta.39708

Edit:
McAfee Cloud AV Free (Limited Release)
https://home.mcafee.com/Secure/CloudAV/HowItWorks.html
Discussion here: https://malwaretips.com/threads/mcafee-cloud-av-still-in-beta-have-you-tried-it.64098

 

[HarborFront]

how are you going to monetize your hacks of rarely used programs?
hackers are in it for the money, unless it is a targeted attack on a big business or political figure

Not necessary must be due to money. And not necessary must be targeting big business or political figure, ok?

 

[Nico@FMA]

okay, so if someone is using a non-sig-based setup, and he doesn't bother to check his installation files on virus total, so it is the user's fault.
and as for those fileless attacks from websites, they are kind of rare if you use a good browser and keep it up to date, and especially if you disable flash.

No again thats not what i said buddy. Alright imagine yourself a well known program say OpenOffice you download the setup.
Now the realistic question do you really going to upload the 300MB setup file to the VT site? simple reply NO.
Yet there are thousands of download sites, one looks even more legit then the other yet some of them have low or outdated security standards and for whatever reason some of their software gets injected or their website gets beyond their knowledge compromised and a malicious code is manipulating your download stream. Then your security is bypassed using a legit program.
So as i said before it has nothing to do with dumb users as many times it does not have to be your fault.
Webservers and sites from both respectable websites and less respectable sites get compromised nearly every day, specially sites with a HUGE visitor base. The Cyber criminal does not need their trick to last weeks or months like the old days, but just 12 hours or 24 hours is enough to spit their venom.
Do you understand my point now?

Regards
Nico

 

[hjlbx]

Thanks any changes on Windows 10 ?
Regards

No

 

[shmu26]

No again thats not what i said buddy. Alright imagine yourself a well known program say OpenOffice you download the setup.
Now the realistic question do you really going to upload the 300MB setup file to the VT site? simple reply NO.
Yet there are thousands of download sites, one looks even more legit then the other yet some of them have low or outdated security standards and for whatever reason some of their software gets injected or their website gets beyond their knowledge compromised and a malicious code is manipulating your download stream. Then your security is bypassed using a legit program.
So as i said before it has nothing to do with dumb users as many times it does not have to be your fault.
Webservers and sites from both respectable websites and less respectable sites get compromised nearly every day, specially sites with a HUGE visitor base. The Cyber criminal does not need their trick to last weeks or months like the old days, but just 12 hours or 24 hours is enough to spit their venom.
Do you understand my point now?

Regards
Nico

That's a real problem. that is actually my biggest worry: when a trusted download site gets hacked. However, the malicious download will probably not have a sig from the actual vendor, in such a case. So if you are patient enough to check the sig, you will probably be okay.

 

[HarborFront]

Out of curiosity:

1. Why have you chosen to use Windows over other Operating systems?
2. What do you use Windows for?
3. Why are the requirements to your needs very specific?
4. What can you gain from a signature-less security setup?
5. How will you be able to determine if the code running on your PC is genuine or for nefarious activities?

Take a look at McAfee Real Protect (aka Raptor) - Beta Phase -Behavioural-based
http://www.mcafee.com/us/downloads/free-tools/how-to-use-realprotect.aspx
Discussion here: https://malwaretips.com/threads/mcafee-real-protect-raptor-beta.39708

Edit:
McAfee Cloud AV Free (Limited Release)
https://home.mcafee.com/Secure/CloudAV/HowItWorks.html
Discussion here: https://malwaretips.com/threads/mcafee-cloud-av-still-in-beta-have-you-tried-it.64098

1) In my whole life I have been using Windows on my desktop so there's no choosing here.
2) For my work and leisure. I have only one tablet and that is MS SP3
3) Nothing specific. Just want to try out a sig-less system vs my current AV/AM system. Of course any system one's set up must have limits, right? Even Windows OS has many versions like for home, pro, education and enterprise. Each version also has its limits.
4) Factors like number of software, ease of use, definition updates (or no), efficacy of system etc will be monitored and compared
5) NOT sure for sig-less system since I'm not there yet. Need help here and elsewhere.

I have raised the question of whether BB/heuristis/HIPS meet my requirements in my opening post. I have yet to receive a reply to it yet.

Thanks

 

[hjlbx]

That's a real problem. that is actually my biggest worry: when a trusted download site gets hacked. However, the malicious download will probably not have a sig from the actual vendor, in such a case. So if you are patient enough to check the sig, you will probably be okay.

Better watch out... your unencrypted software updates just got hacked and poisoned your system.

Good grief... digital certs can be stolen, counterfeited or purchased very cheaply and easily from COMODO.

 

[Nico@FMA]

That's a real problem. that is actually my biggest worry: when a trusted download site gets hacked. However, the malicious download will probably not have a sig from the actual vendor, in such a case. So if you are patient enough to check the sig, you will probably be okay.

No because by the time people actually find out the code is either removed but the harm is still done.
In short said there are 10 times more way's to legitimate infect users then there are malicious ways.
Ask yourself the question how people get caught by the latest generation ransom wares while they are running a solid security.
Ask here on MT how many people actually did everything they could do yet they still got infected. Is that their fault? Nope
Could they avoid it? in 99.5% of all cases nope. Did it still happen? Hell yes.
So yes that is very concerning. Most older and more experienced members here on MT can tell you exactly what revolution the malware world goes trough. Even freaking spam emails stopped by Gmail spam filter STILL infect you with malware while you even did not open your spam box.
Just by logging into Gmail, and Gmail loads into your browser and viola... you are done.
Sounds impossible? Nope it happens every day.

Or what about malvertizing?
Malware is occurring on publishers’ sites without their knowledge. Since sites sell their media through programmatic, third-party demand partners, and exchanges, it has become almost impossible to control the ads that are served – not without outside help anyway. In addition, hackers target specific sites and companies and insert malware through server or infrastructure hacks.

Symantec discusses in their Internet Security Threat Report that malvertising has reached “new heights.” Cyphort Labs reports a 325% increase in malvertising from 2013 to 2014, and asserts that it is only continuing to increase, affecting over tens of millions of people from popular, well-respected domains. source

Do you really think that URL filtering is stopping this? Nope since most of these domains first infect thousands before anyone starts doing something about it.

So many ways to bypass security its unreal.

 

[shmu26]

No because by the time people actually find out the code is either removed but the harm is still done.
In short said there are 10 times more way's to legitimate infect users then there are malicious ways.
Ask yourself the question how people get caught by the latest generation ransom wares while they are running a solid security.
Ask here on MT how many people actually did everything they could do yet they still got infected. Is that their fault? Nope
Could they avoid it? in 99.5% of all cases nope. Did it still happen? Hell yes.
So yes that is very concerning. Most older and more experienced members here on MT can tell you exactly what revolution the malware world goes trough. Even freaking spam emails stopped by Gmail spam filter STILL infect you with malware while you even did not open your spam box.
Just by logging into Gmail, and Gmail loads into your browser and viola... you are done.
Sounds impossible? Nope it happens every day.

Or what about malvertizing?
Malware is occurring on publishers’ sites without their knowledge. Since sites sell their media through programmatic, third-party demand partners, and exchanges, it has become almost impossible to control the ads that are served – not without outside help anyway. In addition, hackers target specific sites and companies and insert malware through server or infrastructure hacks.

Symantec discusses in their Internet Security Threat Report that malvertising has reached “new heights.” Cyphort Labs reports a 325% increase in malvertising from 2013 to 2014, and asserts that it is only continuing to increase, affecting over tens of millions of people from popular, well-respected domains. source

Do you really think that URL filtering is stopping this? Nope since most of these domains first infect thousands before anyone starts doing something about it.

So many ways to bypass security its unreal.

malware pushers are definitely working hard. But your alternative -- just use a good internet security suite and some common sense -- has not proved effective

 

[shmu26]

Better watch out... your unencrypted software updates just got hacked and poisoned your system.

to tell you the truth, I am puzzled why that doesn't happen.

 

[LabZero]

The reality of the facts is well explained in this thread.
In most cases, we talk of advanced attack, a combination of malicious activity, DDoS, botnet, malware, phishing, executed in different moments.
The idea is to create a series of attacks capable of exploiting any vulnerabilities in the surface. More a structure is complex and more it creates a big attack surface !
The attackers use a specific sequence of events, techniques, and tools that is unique for each required target.

The advanced attacks are designed to bypass our current defensive technologies or to distract attention from one area to another one. In short, they have been designed and tested like any other product, with a specific objective, and with a set of expected results.

Today, malware is built like any other product that's bought, sold, and traded as in any business. The new malware that use different techniques that may not be identified with the traditional tools, will have a greater value. Malware that exploit vulnerability are very much required and there are many buyers for this type with different motivations.

It is impossible totally avoid these malicious vectors.

Attacks that use elements of social engineering (phishing), falsified credentials, or other techniques of obfuscation may be very difficult to detect because they can be inactive for long periods of time ... as often I say " flying under the radar".

We talk of security tools and thinking to be reasonably safe that it is a good thing, but when and if we are infected with an advanced malware, it is very likely that we are not aware of it, and even when you realize you're infected, it could be too late.

How many of us know exactly the actions of a each malware, admitted to understand these actions?

You can say: yes, but these are rare malware. ..
I answer: wrong if you think that a simple adware can just show some stupid ads page. ...

 

[Xtwillight]

malware pushers are definitely working hard. But your alternative -- just use a good internet security suite and some common sense -- has not proved effective

What mine you what effective is?
No Securty Programms 100% for sure!

Can additional security tools Make it safer? yes and no.
Any program can new weak points respectively, No programm Is 100% without weakness.
Alone in the Windows OS Registry hierarchy, is there many places Where manipulated can be.

To many cooks(security tools) Spoil the food (Spoil the safety).

One UAC - One Firewall - One Antivirus or IS is better around conflict to avoid.
yes man can certain security tools together, but Not all fit together.