I avoided AV software for most of my life. Though, when I worked as a student admin, I would always install AV for the majority of my users. Most users (especially older) simply could never learn not to download that cool new 'freeware' app or game or not double click a downloaded exe (the fact that hidden extensions are still the default on Windows OS is absurd).
As a more savvy user, I did not desire the typical AV bloatware (Norton, McAfee, etc) stealing up half my cycles and spinning the hard drive without pause. I knew enough not to try and 'open' resume.doc.exe.
However, AV's have trimmed down, SSDs are becoming more common place, and it seems the biggest attack vector is browser based. For the last few years, I've run a few different AVs (Kaspersky, ESET, Bitdefender are decent).
I run adblockers, don't install Flash games or Applets, but it is nearly impossible to stop all browser based attacks. I'm not sure the AVs have helped much, but they give some sort of psychological benefit, at least.
There really is no good solution anymore unless you're willing to give up 90% of the web (via NoScript or using a primitive console based browser). I believe the future for tech-aware users will be browsers in some sort of container / VM that reset themselves upon each session, with absolutely no control to the file system or data from other sites.
>> I'm not sure the AVs have helped much, but they give some sort of psychological benefit, at least.
I find this a very dangerous way of thinking. You use the placebo (well, not even a placebo, just useless) and then you stop worrying that much about opening downloaded files, checking their hash if you trust the source, visiting dodgy websites...
An analogy taken to the extreme, would be to smoke and binge drinking without worries because you're taking homeopathic "solutions" (sic).
At the moment the number of hypervisor escape exploits are fairly limited, so running a browser in a virtual machine where the system image is always destroyed has a certain cachet to it. I know a couple of people who have Chromebooks for browsing (at least one got the CB for free at Google I/O and they felt that was all it was good for :-)
When I get some time I'd like to clean up my air-gap browser, which was a webcam looking at a laptop with a browser open, where mouse and keyboard actions were translated at the Webcam into bluetooth messages which drove the laptop. Not very practical but wonderfully tin-hattish.
NoScript with the occasional whitelist has been a perfect solution for me. I don't feel like I'm missing any part of the web, in fact, most of it is better without JS. At this point, sometimes I go weeks without having to add anything to the list. I don't think it would be a good solution for my mom but she only uses an iPad now so it doesn't matter.
Another NoScript user here and the web is better because of this addon. It's amazing the quantity of websites that auto-play their videos, just by blocking those scripts alone NoScript has helped my blood pressure immensely.
Be careful which you choose. Some of them are extremely primitive compared to the major GUI browsers. For example, I was shocked to learn recently that there is no upstream for w3m, and that w3m doesn't do SSL out-of-the-box. And yet, w3m is used to render HTML by all sorts of other console-based applications.
I used to use commercial antivirus products like McAfee and Norton and Trend Micro etc. I went with Avast Home for free. I scan with Emisoft Emergency Kit because it can fit on a USB drive and be portable.
No matter what you do eventually you will get infected by some exploit. Be it Flash, Java, some pop-up ad, or just an email sent to your email client that exploits it.
I got a lawyer still runs XP and Vista and uses ClamAV because it is free. I worry that her systems might be infected, but her husband runs the tech support for their firm. She used to have employees steal data via floppy disks, and these days a simple virus infection can steal data.
Maybe a more secure os? I gather Chromebooks or Linux work quite well
I wonder if anyone's tried making something that looks like regular Windows but it actually Windows running in a VM under Linux. Might be a way to make something hard to hack but usable by people who only know Windows? Maybe it could have something like Git for versioning the Windows images so you could just roll back to when Cryptolocker got installed?
>> I believe the future for tech-aware users will be browsers in some sort of container / VM that reset themselves upon each session, with absolutely no control to the file system or data from other sites.
Or you could set-up a linux box just for web browsing.
Well, if Microsoft applies their secure programming guidelines also to Windows Defender that might be the best (and default) choice if you're worrying about attacks like these.
...and it also recently introduced HVMI (Hypervisor-based Memory Introspection)
technology that completely isolates the antimalware solution by deploying it in
a Type 1 hypervisor outside of the operating system.
"This kind of isolation separates the antimalware engines from rootkits or
exploits running in the user environment," the company said.
This completely misses the point. Yes, it protects the AV from exploits in other user software, but it makes exploits in the AV software itself even worse.
Whitelisting is one of the only proven security technologies in a world where you can download and run arbitrary executables. Bit9 should be a requirement on office PCs.
Personally, I won't trust those AV software which are free but claims themselves have FULL function. There is no free lunch in the world. Sometimes, we make jokes on Qihoo 360, we say itself is already a virus. A lot of pop-ups, consuming computing resources. It is very annoying!
How does BitLocker help? It seems like it would just add overhead to your VMs... It also seems like PCoIP would be better then RDP. A firewall is going to do nothing unless it block out-bound traffic.
[+] [-] hiram112|10 years ago|reply
As a more savvy user, I did not desire the typical AV bloatware (Norton, McAfee, etc) stealing up half my cycles and spinning the hard drive without pause. I knew enough not to try and 'open' resume.doc.exe.
However, AV's have trimmed down, SSDs are becoming more common place, and it seems the biggest attack vector is browser based. For the last few years, I've run a few different AVs (Kaspersky, ESET, Bitdefender are decent).
I run adblockers, don't install Flash games or Applets, but it is nearly impossible to stop all browser based attacks. I'm not sure the AVs have helped much, but they give some sort of psychological benefit, at least.
There really is no good solution anymore unless you're willing to give up 90% of the web (via NoScript or using a primitive console based browser). I believe the future for tech-aware users will be browsers in some sort of container / VM that reset themselves upon each session, with absolutely no control to the file system or data from other sites.
[+] [-] NetStrikeForce|10 years ago|reply
I find this a very dangerous way of thinking. You use the placebo (well, not even a placebo, just useless) and then you stop worrying that much about opening downloaded files, checking their hash if you trust the source, visiting dodgy websites...
An analogy taken to the extreme, would be to smoke and binge drinking without worries because you're taking homeopathic "solutions" (sic).
[+] [-] akavel|10 years ago|reply
https://www.qubes-os.org/screenshots/
https://www.qubes-os.org/
https://www.qubes-os.org/intro/
and the (microkernel-based) Genode OS with somewhat similar approach:
http://genode.org/documentation/release-notes/15.11#Rigid_se...
http://genode.org/documentation/release-notes/15.11#Genode_a...
http://genode.org/about/
and finally NixOS/Nix, which I hope will at some point become integrated in some way with the above OSes (as well as many others):
http://nixos.org/
[+] [-] ChuckMcM|10 years ago|reply
When I get some time I'd like to clean up my air-gap browser, which was a webcam looking at a laptop with a browser open, where mouse and keyboard actions were translated at the Webcam into bluetooth messages which drove the laptop. Not very practical but wonderfully tin-hattish.
[+] [-] kgwxd|10 years ago|reply
[+] [-] rpgmaker|10 years ago|reply
[+] [-] lfam|10 years ago|reply
Be careful which you choose. Some of them are extremely primitive compared to the major GUI browsers. For example, I was shocked to learn recently that there is no upstream for w3m, and that w3m doesn't do SSL out-of-the-box. And yet, w3m is used to render HTML by all sorts of other console-based applications.
[+] [-] gtk40|10 years ago|reply
[+] [-] orionblastar|10 years ago|reply
No matter what you do eventually you will get infected by some exploit. Be it Flash, Java, some pop-up ad, or just an email sent to your email client that exploits it.
I got a lawyer still runs XP and Vista and uses ClamAV because it is free. I worry that her systems might be infected, but her husband runs the tech support for their firm. She used to have employees steal data via floppy disks, and these days a simple virus infection can steal data.
[+] [-] tim333|10 years ago|reply
Maybe a more secure os? I gather Chromebooks or Linux work quite well
I wonder if anyone's tried making something that looks like regular Windows but it actually Windows running in a VM under Linux. Might be a way to make something hard to hack but usable by people who only know Windows? Maybe it could have something like Git for versioning the Windows images so you could just roll back to when Cryptolocker got installed?
[+] [-] elorant|10 years ago|reply
Or you could set-up a linux box just for web browsing.
[+] [-] giancarlostoro|10 years ago|reply
[+] [-] ghrifter|10 years ago|reply
Is this the case for Apple's OS well (Yosemite or whatever its called nowadays)?
[+] [-] tptacek|10 years ago|reply
[+] [-] AnimalMuppet|10 years ago|reply
[+] [-] nikbackm|10 years ago|reply
[+] [-] mikecb|10 years ago|reply
[+] [-] caf|10 years ago|reply
[+] [-] bitwize|10 years ago|reply
[+] [-] scottyates11|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] sbarker|10 years ago|reply
[+] [-] basicplus2|10 years ago|reply
[+] [-] johhnnnhyrocko|10 years ago|reply
[+] [-] mox1|10 years ago|reply
1. http://appleinsider.com/articles/15/08/10/mackeeper-to-pay-o...