Guide | How To Why I don't feel the need to use realtime AV

[BSOD]

In the short amount of time that I have spent on this forum, I have learned a lot: by experimenting and reading what other users have to say. I have seen a lot of security setups here where the user employs heavy realtime AV protection. I have been using an AV ever since I started using computers 7 - 8 years back (I am 20) but only recently have I discovered how I don't need the extra security provided.

Reasons for not using realtime AV:
I have a lot of data (songs, movies, e-books, installed software, TV-Shows, personal data, documents, games, etc.) on my HDD. Constant scanning (even the scheduled ones) of these files slow down my system.

My PC isn't a beast. It has modest specs and most AVs drive the start-up time, response time, etc. significantly above than what it would be without an AV. I am not impatient but I do like it when my computer boots up quick.

Notifications, nag screens.

How I protect myself:

Safe browsing:

Broswer hardening:
http://www.techsupportalert.com/content/how-harden-your-browser-against-malware-and-privacy-concerns.htm

Suspicious links and websites:
http://www.techsupportalert.com/content/how-tell-if-website-dangerous.htm

USB immunization:

Umbra's Thread:
http://malwaretips.com/Thread-How-to-protect-your-USB-from-getting-infected

Bitdefender USB Immunizer:
http://labs.bitdefender.com/projects/usb-immunizer/overview/

Panda USB Vaccine:
http://www.pandasecurity.com/homeusers/downloads/usbvaccine/

Sandbox/On-demand/[how I treat suspicious files]:

Sandboxie:
http://www.sandboxie.com/

*ToolWiz Time Freeze:
http://www.toolwiz.com/products/toolwiz-time-freeze/

VirusTotal:
https://www.virustotal.com/en/documentation/desktop-applications/

MalwareBytes:
http://www.malwarebytes.org/

*Comodo Cleaning Essentials:
http://www.comodo.com/business-security/network-protection/cleaning_essentials.php

Comodo Valkyrie:
http://valkyrie.comodo.com/

*Emsisoft Emergency Kit:
http://www.emsisoft.com/en/software/eek/

Microsoft Security Essentials/Windows Defender:
http://windows.microsoft.com/en-US/windows/security-essentials-download

Hitman Pro:
http://www.surfright.nl/en/hitmanpro/

The twice-a-month scans, of course.

Added layer of protection [I do not use this but I would recommend it to those who want more]:


*Comodo Internet Security - Firewall:
http://personalfirewall.comodo.com/ (For Defense+)

http://www.techsupportalert.com/content/how-install-comodo-firewall.htm - on how to set it up.

Other:

UAC - Default minus the dim lights.
Windows SmartScreen
Windows Firewall

*Zemanna Antilogger:
http://www.zemana.com/product/antilogger-free/overview/

*KeyScrambler:
http://www.qfxsoftware.com/download.htm

Don't get me wrong, this is an anti-malware website which promotes the use of AVs (and that's a good thing, obviously.) This is just my point of view and opinion. It's suited to my habits and needs.

Useful reads by Chiron:
How to stay safe while online:
http://www.techsupportalert.com/content/how-stay-safe-while-online.htm-0

How to avoid getting spammed:
http://www.techsupportalert.com/content/how-avoid-getting-spammed.htm

How to tell if a file is malicious:
http://www.techsupportalert.com/content/how-tell-if-file-malicious.htm

Safe computing practices:
http://www.techsupportalert.com/safe-hex-safe-computing-practices.htm

How to know if your PC is infected:
http://www.techsupportalert.com/content/how-know-if-your-computer-infected.htm

Safe surfing:
http://www.techsupportalert.com/safe-surfing.php

What's causing your PC to crash:
http://www.techsupportalert.com/content/find-out-whats-been-causing-your-pc-crash.htm

MrXidius' guide to configuring Piriform products to be fully automatic:
http://malwaretips.com/Thread-Configuring-Piriform-Software-To-Be-Fully-Automatic

Items marked with an * are products I do not use but are apps/programs that I would recommend to a friend.

 

[illumination]

I have a question, in your list you have MSE listed as one of the ways you treat suspicious files, do you leave this disabled until needed?

 

[BSOD]

I have a question, in your list you have MSE listed as one of the ways you treat suspicious files, do you leave this disabled until needed?

Yep, I am using Windows 8. Windows Defender's just always there. Realtime disabled.

 

[illumination]

I have a question, in your list you have MSE listed as one of the ways you treat suspicious files, do you leave this disabled until needed?

Yep, I am using Windows 8. Windows Defender's just always there. Realtime disabled.

I was wondering.. Looks like you have done your homework! Nice selection of on demands to cover yourself..

 

[Gnosis]

There are plenty of advanced users out there that rely on Sandboxie, and a couple of wicked on-demand scanners. They do well that way.

 

[Deleted member 178]

If i had no such love for Emsisoft or WSA, i will surely rely on Win8 defender/firewall + Sbie + SD

 

[Ramblin]

I have been using an AV ever since I started using computers 7 - 8 years back (I am 20) but only recently have I discovered how I don't need the extra security provided.


I have a lot of data (songs, movies, e-books, installed software, TV-Shows, personal data, documents, games, etc.) on my HDD. Constant scanning (even the scheduled ones) of these files slow down my system.

My PC isn't a beast. It has modest specs and most AVs drive the start-up time, response time, etc. significantly above than what it would be without an AV. I am not impatient but I do like it when my computer boots up quick.

BSOD, you are right when you say "I discovered...." because it is like discovering something when you realize that you don't need an antivirus. Perhaps in the future, you will also discover, as I did, that actually you can be safer not using one.

I see you are using Sandboxie, I also see you have in your computer "songs, movies, e-books, installed software, TV-Shows, personal data, documents, games, etc." Did you know that you can run all of those files and programs sandboxed? Thats what I do. Works great, maybe you like to try doing that. After I download a movie or a PDF file, they run in a sandbox until the day it gets deleted. I never stop using SBIE.

Personally, I don't care much about the PC booting up a little faster because I am not using an AV but it feels great to know that my computer is not getting all worked up by an antivirus, a firewall , a HIPS and 19 other things running around. I use to hear noises coming from the inside of my computer, sometimes it was the fan because of the extra work but now, my computers don't cry no more. Now, I hear nothing coming from the inside.

You mention response time. Huge difference in how my computers behave with or without an antivirus. I think this is a great benefit, specially for someone like myself that uses a sandbox for all programs and files. My sandbxes open and close fast, no delays, not even my IE sandbox has a delay even though it is normal for IE to take a few seconds to terminate after closing.

I don't know if you are still doing a lot of scans or not but not doing them is a very sweet benefit. The way I put it is like this, while most users are scanning, I am really enjoying the internet doing what I really like, which is reading and learning about different things, The scans themselves not only take a lot of time but also diminishes the life of the PC. I know people in forums like this one that spend more time in one night scanning than what I spend in a year.

Maybe not using an antivirus is the reason I never have a problem with my computers, I don't know, my XP behaves as well as my newer W7 and I never had a BSOD or had to do a reformat. Does not using real timers have anything to do with that, I don't know but I think it does.

There are a lot more benefits, I could keep going, not installing uninstalling software is a great benefit of not using the real timer. People that use antivirus are always changing them. Switching antiviruses like changing underwear is worst than some viruses. People that don't use AV don't go through that. Oh, updates and upgrades, that use to give me a lot of grief, no more.

BSOD, this are some of the benefits that I enjoy but I am not suggesting for you to remain without an AV. In my opinion, if you ever feel the urge to do a scan after opening a file or a program or after visiting a site that you think might be suspicious, them you should install a real timer.

I ll give you one piece of advice. If you are going to go without an antivirus, you should treat all files and websites the same way. Don't trust any , be extra careful with any file that you download or execute, try using SBIE a little more than what you using it now.

Bo

Note; I don't recommend to anyone to go without an antivirus, this post is to show BSOD some of the benefits that you get when you join (as he has) the "No Av club". Welcome over BSOD.

 

[Jack]

In the short amount of time that I have spent on this forum, I have learned a lot: by experimenting and reading what other users have to say. I have seen a lot of security setups here where the user employs heavy realtime AV protection. I have been using an AV ever since I started using computers 7 - 8 years back (I am 20) but only recently have I discovered how I don't need the extra security provided.

Well, I have a even easier method to avoid infection without running a real time protection!
DO NOT RUN PROGRAMS THAT YOU HAVE DOWNLOADED FROM UNKNOWN SOURCES!
Don't install Java, and always make sure the file you want to run comes from a verifed source.

All the software recommended by you is great, and I use it! However at the end of the day, YOU are the only one who can avoid an infection.

With all this being said, I see no reason, why not having an antivirus installed. For instance, right now I'm using Comodo Internet Security, and their is no slow down or performance issues. Avast, ESET and Symantec, offer an light antivirus, so you have your choices.


Why would you need an antivirus? Do you remember the recent BleepingComputer breach, in which the Combofix download was infected wit the Sality virus?
The file was from a trusted source, I would not have scanned it and not run it in Sandbox.... Their was a slim chance, but maybe an antivirus would have detected the compromised download!

 

[Deleted member 178]

Why would you need an antivirus? Do you remember the recent BleepingComputer breach, in which the Combofix download was infected wit the Sality virus?
The file was from a trusted source, I would not have scanned it and not run it in Sandbox.... Their was a slim chance, but maybe an antivirus would have detected the compromised download!

it is why i think system-wide virtualization is the future

 

[Ramblin]

Why would you need an antivirus? Do you remember the recent BleepingComputer breach, in which the Combofix download was infected wit the Sality virus?
The file was from a trusted source, I would not have scanned it and not run it in Sandbox.... Their was a slim chance, but maybe an antivirus would have detected the compromised download!

Thats the time to use Virus total.

Bo

 

[BSOD]

Well, I have a even easier method to avoid infection without running a real time protection!
DO NOT RUN PROGRAMS THAT YOU HAVE DOWNLOADED FROM UNKNOWN SOURCES!
Don't install Java, and always make sure the file you want to run comes from a verifed source.

Yep, I do not have Java installed nor do I run programs that I have downloaded from unknown sources.

I haven't been infected in the past 3 - 4 years. I think I am doing it right!

Thanks

I ll give you one piece of advice. If you are going to go without an antivirus, you should treat all files and websites the same way. Don't trust any , be extra careful with any file that you download or execute, try using SBIE a little more than what you using it now.

Bo

Note; I don't recommend to anyone to go without an antivirus, this post is to show BSOD some of the benefits that you get when you join (as he has) the "No Av club". Welcome over BSOD.

Yep, I can relate to some of what you've said. Having no AV is pretty awesome. Thanks for officially welcoming me over to the daaark side.

 

[Ramblin]

Yep, I do not have Java installed nor do I run programs that I have downloaded from unknown sources.

I haven't been infected in the past 3 - 4 years. I think I am doing it right!

Thanks

3 - 4 years!....I think so too.

Bo

 

[illumination]

Why would you need an antivirus? Do you remember the recent BleepingComputer breach, in which the Combofix download was infected wit the Sality virus?
The file was from a trusted source, I would not have scanned it and not run it in Sandbox.... Their was a slim chance, but maybe an antivirus would have detected the compromised download!

This is exactly why my choices revolve around using a real time AV. They may not be 100% effective, but greatly reduce the odds.

 

[Gnosis]

I like to think that Threatfire BB would have caught that, but I don't know.

 

[Spirit]

Even if I am wwe wrestler,i have license gun,hi-fi security camera,power lock & alarm system
but still it give me a peace of mind if I have security person

 

[Ramblin]

Why would you need an antivirus? Do you remember the recent BleepingComputer breach, in which the Combofix download was infected wit the Sality virus?
The file was from a trusted source, I would not have scanned it and not run it in Sandbox.... Their was a slim chance, but maybe an antivirus would have detected the compromised download!

Hey Jack, I might be wrong but I think most antiviruses took a few days before they began to detect the malicious Combo fix file as a virus. Even people that scanned the file the day that it was released got infected. Scanning that file, probably, was not a good solution for at least a day or two.

Bottom line, the best protection against this exact kind of problems for someone like myself is to keep doing exactly as I am doing. No scans. If I don't download that file, I don't execute the file out of the sandbox, I don't get infected.

Bo

 

[thecombo101]

Great, now I don't know whether to join the No AV Club or the Umbra Corp.

 

[illumination]

I know i use virtualization myself, but also back it up with a good firewall, HIPS, or BB, and AV.. I do not experience these "issues" some speak of, nor do i feel it slows my system down so much that it makes a difference.. As Jack stated there are a few solutions out there that are so light, you can barely feel their presence, if at all.. I personally do too much work on my system to be full blown virtual all the time, it would just hamper my productivity. I also believe in layers, relying on one or two means of protection is just not for me, i want over lapping protection, knowing im covered in any scenario..

I do believe Umbra feels the same way

 

[Overkill]

I personally do too much work on my system to be full blown virtual all the time, it would just hamper my productivity

Shadow Defender has bit me in the butt a few times, but it was me forgetting it was active when I shut down or rebooted or I had too much new data downloaded/transferred to my machine and when it started to commit, it would hang or freeze up then I had no choice but to shut it down manually and I lost all my stuff from that session.
I only use SD when i'm not going to be adding stuff to my machine or when my wife uses it lol
I do agree virtualization is the future just like Matt Rizos has mentioned in his defensewall or sandboxie videos, it's a matter of time until more people start relying on these types of security solutions vs. traditional AV's.

 

[Jack]

Bottom line, the best protection against this exact kind of problems for someone like myself is to keep doing exactly as I am doing. No scans. If I don't download that file, I don't execute the file out of the sandbox, I don't get infected.

Bo

Yes, I agree that a good online behavior will save both of us at the end of the day, and makes an antivirus not need it!

I have explained to my family, and to some of my friends how to avoid malware while online, however after I finish "my speech", they still want to have an antivirus installed on their computer. And I can understand them, apart from the fact that an antivirus provides an extra layer of defense, it also gives them some peace of mind.

Yes, scanning with a on-demand scanner, running a program in a Sandbox before installing it, or submitting it to virustotal, will prevent most infections, however most people don't like the hassle.