How to set up a security system WITHOUT using AV/AM software?

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
If you want a serious lockdown user-friendly combo : NVT ERP + Appguard ; it was my first combo when i decided to ditch AVs and i kept it for very long.

I only moved to ReHIPS + Appguard because ReHIPS gave me an anti-exe + sandbox in one soft , so i could replace Sandboxie and ERP by it.

If you want a free lockdown user-friendly combo : ERP + Vodooshield would do the trick.

I am a big fan of lockdown combos : i actually use ReHIPS + Appguard + HMPA to cover most of the vector attacks ; on top of them i have some registry/network OS tweaks to tighten my system.

And adding some basic firewall (like Windows Firewall Control or Windows 10 Firewall Control or TinyWall)?
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
It sounds to me like you are striving for a lock-down security config with 99.999% reliability, that does not rely on a local or a cloud data base.
If that is the case, the best combo for you would probably be ReHIPS+AppGuard, or NVT ERP+AppGuard.
AppGuard is a bit expensive, and takes some getting used to, but it's very strong protection when configured properly. I am the wrong one to ask about how to configure it, but there are threads on MT you can read.
Of course, a user mistake will bypass any security config.

Yes, that's the intent of my post.

FI, I've no experience with those software you mentioned although I know of their existence. I need to slowly work my way through them.

If you want a serious lockdown user-friendly combo : NVT ERP + Appguard ; it was my first combo when i decided to ditch AVs and i kept it for very long.

I only moved to ReHIPS + Appguard because ReHIPS gave me an anti-exe + sandbox in one soft , so i could replace Sandboxie and ERP by it.

If you want a free lockdown user-friendly combo : ERP + Vodooshield would do the trick.

I am a big fan of lockdown combos : i actually use ReHIPS + Appguard + HMPA to cover most of the vector attacks ; on top of them i have some registry/network OS tweaks to tighten my system.

Yes, I'm planning to move in that direction. Will need your help greatly in the future. Thanks

It can start with the browser, Google's SafeBrowsing in Chrome can decline malicious downloads, block phishing pages and more, likewise for Edge/IE with Smartscreen in-browser.

Is this something you are looking for as part of your security?

In Chrome I have set Google's SafeBrowsing. Does Windows SmartScreen requires definitions to work? If no, then It's acceptable to me.

As long as no definitons/signatures are required to be used then it's ok to me.

Do you know whether Windows EMET tool uses definitions?

Thanks
 
Last edited by a moderator:
D

Deleted member 178

In Chrome I have set Google's SafeBrowsing. Does Windows SmartScreen requires definitions to work? If no, then It's acceptable to me.

As long as no definitons/signatures are required to be used then it's ok to me.

Do you know whether Windows EMET tool uses definitions?

Thanks

Only Windows Defender regularly updates its definitions , Smartscreen connect to MS servers to authenticate a program. EMET uses only the users inputs.
 
  • Like
Reactions: Xtwillight
H

hjlbx

If you don't mind me asking, but what is the objection to filtering updates ?

Filtering updates - and even some signatures like hash-only - are usually just tiny updates in *.dat (data) or similar files - as opposed to some of the more complex AV signatures which are larger and sometimes contain executable code.
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Only Windows Defender regularly updates its definitions , Smartscreen connect to MS servers to authenticate a program. EMET uses only the users inputs.

Thanks

So connecting to MS server to authenticate is no difference like VS connecting to their server for program authentication. I supposed a list of trusted programs is there for verification and updating by its developer will be required, right? If this is the case then SmartScreen (like VS) don't meet my intent.
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
If you don't mind me asking, but what is the objection to filtering updates ?

Filtering updates - and even some signatures like hash-only - are usually just tiny updates in *.dat (data) or similar files - as opposed to some of the more complex AV signatures which are larger and sometimes contain executable code.

Every time I need to manually update! To me they are no difference from signature/definition of AV/AM software. And since I want to have a "signature-less" system then filter updates does not meet my intent.
 
H

hjlbx

Every time I need to manually update! To me they are no difference from signature/definition of AV/AM software. And since I want to have a "signature-less" system then filter updates does not meet my intent.

Why do you have to manually update ?

When you say "filtering updates" I am thinking adblocker, DNS filter, etc updates - and not AV signature updates.

* * * * *

I've been following this thread a bit. For a signature-less config with solid security, you just need to combo a few softs. As I expected you've been hammered by everybody with their concept of what constitutes great security.

You have to arrive at that final decision on your own by evaluating different softs; what works for me personally - on my specific system - might not work for you. Same applies to all the other advice you've been given.

As I said, the same softs will be mentioned over-and-over:

https://malwaretips.com/threads/default-deny-software.64274/#post-551609

You can add Sandboxie to the list in the above link.

I suggest for configuration guidance that you take a look at @Umbra's MT guides - they're all pinned in the soft's dedicated sub-forum. Get the links on the MT front page under Software.
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Why do you have to manually update ?

When you say "filtering updates" I am thinking adblocker, DNS filter, etc updates - and not AV signature updates.

* * * * *

I've been following this thread a bit. For a signature-less config with solid security, you just need to combo a few softs. As I expected you've been hammered by everybody with their concept of what constitutes great security.

You have to arrive at that final decision on your own by evaluating different softs; what works for me personally - on my specific system - might not work for you. Same applies to all the other advice you've been given.

As I said, the same softs will be mentioned over-and-over:

https://malwaretips.com/threads/default-deny-software.64274/#post-551609

You can add Sandboxie to the list in the above link.

I suggest for configuration guidance that you take a look at @Umbra's MT guides - they're all pinned in the soft's dedicated sub-forum. Get the links on the MT front page under Software.

Yes, I'm referring to filter updates in the extension/add-on in Chrome/Firefox browsers. Don't the filters in uBlock Origin and Adguard Adblocker require manual update?

Agree. For a solid sig-less config I'll need a few software just like my current system using AV/AM software. I also need to evaluate the software in question and with some helpful feedback I'll decide what's best for me.

Many users provide helpful contribution but, unfortunately, some software they recommended don't meet my intent. Like the SB which you recommend is one under consideration. However, if I choose to use ReHIPs then SB becomes irrelevant as put forth by one of the members here.

FI, I'm starting to produce a list of software which will meet my intent with the help given so far in this thread and reading from other sections. From there I'll study their strengths/weaknesses, ease of use, level of protection etc before proceeding to selecting them for the set up of my sig-less system. It will take sometime for that to happen, that's for sure, and with further questioning in their respective software section will also be required.

In the event that setting up a sig-less system CANNOT afford a protection level equal to or better than one using AV/AM software then I'll need some from the latter to complement the former.

Thanks
 
Last edited:
D

Deleted member 178

Many users provide helpful contribution but, unfortunately, some software they recommended don't meet my intent. Like the SB which you recommend is one under consideration. However, if I choose to use ReHIPs then SB becomes irrelevant as put forth by one of the members here.

i want warn warn you that ReHIPS is still a beta and not yet user-friendly, if you are not used to diagnose issues, better avoid it. Sandboxie free (or paid) + one of the combo i mentioned will be better for you.
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
i want warn warn you that ReHIPS is still a beta and not yet user-friendly, if you are not used to diagnose issues, better avoid it. Sandboxie free (or paid) + one of the combo i mentioned will be better for you.

Yes, I'm aware of that and that's the reason also I'm unwilling to try an unfriendly beta.

FYI, I did install SB recently but then realized it default to MS Edge browser which I'm not using. To use Chrome and Firefox I'll need to pay for it. So I took it off. I'm still considering whether to pay or not for now.

Thanks
 
H

hjlbx

Don't the filters in uBlock Origin and Adguard Adblocker require manual update?

No manual update required for both uBlock Origin or Adguard. Here is screenshot of uBlock Origin dashboard (essentially the same with Adguard but no screenshot shown):

PS - Default-deny config - whether you use a single soft, combo or tweak an internet security suite to be default-deny - will always trump any signature-only config.

At the moment, I use on 3 systems:

  • AppGuard on all systems
  • uBlock Origin or Adguard
  • And let Windows Defender and Firewall do their thing

That's it...

  • If I malware test, then I disable Windows Defender and add Rollback RX.

That's it...

  • If I have to take laptop to public wifi hotspot (extremely rare for me), then I add Webroot.
  • When I bring system home, I promptly remove Webroot.

That's it...

Cap1.PNG
 
  • Like
Reactions: DardiM
D

Deleted member 178

Yes, I'm aware of that and that's the reason also I'm unwilling to try an unfriendly beta.
FYI, I did install SB recently but then realized it default to MS Edge browser which I'm not using. To use Chrome and Firefox I'll need to pay for it. So I took it off. I'm still considering whether to pay or not for now.

1- Sandboxie doesn''t work with Edge
2- Nope Sandboxie is free for chrome/FF and all variants , the only difference between free and paid version, is that the paid one automatically force the browser in the sandbox, free version you have to sandbox the browser manually.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
upon install, sandboxie automatically detects your default browser, and makes you a special shortcut for it, so that might have been the source of the confusion.
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
No manual update required for both uBlock Origin or Adguard. Here is screenshot of uBlock Origin dashboard (essentially the same with Adguard but no screenshot shown):

PS - Default-deny config - whether you use a single soft, combo or tweak an internet security suite to be default-deny - will always trump any signature-only config.

At the moment, I use on 3 systems:

  • AppGuard on all systems
  • uBlock Origin or Adguard
  • And let Windows Defender and Firewall do their thing

That's it...

  • If I malware test, then I disable Windows Defender and add Rollback RX.

That's it...

  • If I have to take laptop to public wifi hotspot (extremely rare for me), then I add Webroot.
  • When I bring system home, I promptly remove Webroot.

That's it...

View attachment 117754

Ok, saw it now. I supposed it's enabled by default. But I think I'm impatient because each time when I go into uBlock Origin and click 3rd-party filters I always click the 'Update now' and sure it shows the orange color filters which need to be be updated. Don't understand why it did not update before I click them

Thanks
 
Last edited:
  • Like
Reactions: shmu26

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
1- Sandboxie doesn''t work with Edge
2- Nope Sandboxie is free for chrome/FF and all variants , the only difference between free and paid version, is that the paid one automatically force the browser in the sandbox, free version you have to sandbox the browser manually.

OK, I might have seen wrongly. It could be IE. When I saw that and when I tried using Chrome/Firefox I just gave up instantly when it requires me to pay.

Maybe I should have read more on SB before trying it.

Thanks
 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
upon install, sandboxie automatically detects your default browser, and makes you a special shortcut for it, so that might have been the source of the confusion.

You are right. My default is Edge/IE (I don't know which) but I'm frequently using Chrome and Firefox because they're more secure and come with many extensions/add-ons to play with.

I think if SB can allow user to select only one browser during installation then it would be better. If user wants to have more browsers then he'll need to pay for it.

Thanks
 
H

hjlbx

OK, I might have seen wrongly. It could be IE. When I saw that and when I tried using Chrome/Firefox I just gave up instantly when it requires me to pay.

Maybe I should have read more on SB before trying it.

Thanks

Sandboxie is only worthwhile if you use paid version. At $50 lifetime license for up to 3 installs on separate systems it is a very good deal.

If you want fully functional sandbox for free, then the only option available is COMODO - and I don't recommend that for you right now. It requires at least intermediate IT knowledge and it has a lot of unexpected behaviors that you will not understand. Plus, the settings\configuration will be a bear wrestling match.
 
  • Like
Reactions: DardiM
H

hjlbx

You are right. My default is Edge/IE (I don't know which) but I'm frequently using Chrome and Firefox because they're more secure and come with many extensions/add-ons to play with.

I think if SB can allow user to select only one browser during installation then it would be better. If user wants to have more browsers then he'll need to pay for it.

Thanks

When using Sandboxie, you have to set the default browser to IE, Chrome or FF. Then SBIE will auto-detect and create a desktop sandboxed browser launch shortcut.
 
  • Like
Reactions: DardiM

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Just curious, what is the intention to make a sig-less security solution. By far, after reading this whole thread, you seemed to be pretty desperate for that (thats what I felt) to the point I'm suspecting why "anti-AV/AM". :rolleyes:
 
  • Like
Reactions: DardiM

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Sandboxie is only worthwhile if you use paid version. At $50 lifetime license for up to 3 installs on separate systems it is a very good deal.

If you want fully functional sandbox for free, then the only option available is COMODO - and I don't recommend that for you right now. It requires at least intermediate IT knowledge and it has a lot of unexpected behaviors that you will not understand. Plus, the settings\configuration will be a bear wrestling match.

Talking about COMODO. I gave up on it too. I tried installing them before on my Windows 10 Pro MS SP3 but they failed to install. This is a known problem even at COMODO's forums.

Finally, I think I found the solution in one of the net's forums. I'll need a fresh-install OS and immediately install COMODO's products. After that then proceed to install other software. And each time when I screwed up my system and re-formatted it COMODO just did not come to my mind then.

Yah, I did read about its complexity and weird behavior as well. Now, I'm aiming for Emsisoft AM 12 as I already have Xvirus Personal Firewall (free) installed. Simple Allow/Deny firewall which stealth ALL my ports that even my previous Privatefirewall can't.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top