Why you not need any Anti-Virus product(s) [2016 Edition]

Discussion in 'Serious Discussion' started by CHEF-KOCH, Dec 22, 2016.

  1. alextheg

    alextheg MDL Expert

    Jan 7, 2009
    1,776
    812
    60
    That reminds me of a saying, " Ignorance is bliss". I'd say you're taking a gamble.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,192
    1,185
    60
    :pardon: but Malware does exist.

    I do understand the argumentation that 'which not exist is difficult to protect against' is a good reason to say no to AV's because no one knows if they really can hold what they promise. But there exist several protection mechanism like HIPS which were originally designed to protect against 'typically malware behavior'. An example would to change the bootloader or change your DNS server to redirect your entire traffic (for e.g. grab your account data or a bot net). This 'detection' works on several layers, but mostly what we call 'signatures'.

    The problem is that OS itself gets more and better protection mechanism + router manufactures already realizing this too and offering better and better firmware's. This is (imho) a slow process but it's better than 10 years ago.


    If you patch your Software/OS more often or ASAP when an update comes out you also lower the attack surface + together with several known protection mechanism (which are already offered for years by the OS itself) e.g. not use an Admin account (use UAC high + password when a software gets installed). Such things are only need to be done once and then you're 'mostly' good to go. Since most stuff requires admin rights and then you get a big warning (from UAC).


    So then the malware guys frighted back and gave us Ransomeware which not want to change some OS files, it want to change and encrypt files which aren't requiring additional user rights (so no UAC promt). The problem here was that the AV still things it's okay because the user wanted to do that, how should he know the difference if it's not in any database?!

    So it shows that the guys are smart and they always find ways to bypass your AV, if they want. I not say give up because if you use an AV or not they will get into your system but I do say that as a user you not need to buy a product (which you trust) and then get disappointing if it really comes to an attack.

    My point is that you (again) better use an sandbox to deal with the infection in the first place, which means even if you got infected it gets deleted after you shutdown your sandbox. Of course a sandbox not helps against data theft (pishing) but that's another point. I think a sandbox + backups are good and an easy solution for everyone.

    I still think that your router + firmware should be the first line of defense, not the OS by itself.
     
  3. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,770
    295
    60
  4. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,522
    2,093
    120
    Almost half the pc's out there today are running Windows 7 and M$ essentials AV is not installed by default, Telling non-tech folks not to use an AV would put some Windows 7 users at risk
    I install free version of Bitdefender for people
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,192
    1,185
    60
    I need to disagree, users are forced to update the OS and it offers new protection mechanism, if you stay on a outdated OS then it's your own risk.

    You have to upgrade your OS if you want or not and there is no reason to no doing this. You also need to fill your car tank, if you want or not. On tech level stay up2date. E.g. MS (non rs1) not offered additional ransomeware protection while since RS1 they added additional driver signing which already stops most ransomeware from doing more damage. ALL without any AV btw!
     
  6. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,770
    295
    60
    People are ALWAYS at risk. Bitdefender or not...

    No AV-software helps against the real problem of zero days exploits.
    And on top of it, the company whose software you install, has access to every last thing on your computer.
     
  7. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,770
    295
    60
    The only working ransomware protection needs to be in your head, when you read your mails...
    And you think that driver will guarantee safety for ever and ever? Sure....
     
  8. bloodstone

    bloodstone MDL Novice

    Mar 5, 2017
    23
    1
    0
    i've slowly worked my way backwards from using norton, moving to avfree, to turning it off most of the time to not using any at all, besides a malware check every blue moon.

    nothing bad happened so far
     
  9. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,192
    1,185
    60
    Not true, even pros can get infected, there exist also javascript based ransomeware which works within your browser/local files. To say 'use your brain' is horrible wrong, you can't know every single new threat and how to response to it.

    The thing is if you disable everything and work on highest level then you can't use the internet because videos not working, javascript not showing and and and. Which is then pointless because you can't response or create/upload something.

    Loots of people using their browsers like an OS, they watch videos, hearing music and doing all s**t with it, so in my opinion the Browser is one of the biggest problems/weaknesses which needs really a good 'protection' (but I already explained that).

    I not say I think that low level protection can't be bypassed but if an attacker needs more effort to crack/hack something then he might switch to an easier system to get faster in/out.
     
  10. Michaela Joy

    Michaela Joy MDL Crazy Lady

    Jul 26, 2012
    4,071
    4,651
    150
    I have to agree with Chef here. You can't possibly know if a legitimate website has been hacked.

    And new threats are coming out every day.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,770
    295
    60

    And what kind of protection would you recommend? As someone who hacks a legitimate site will not use one that is rarely used, und he will not use a old script, but a new zero day exploit...
     
  12. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,575
    15,645
    270
    Sandboxie... :rolleyes:
     
  13. Michaela Joy

    Michaela Joy MDL Crazy Lady

    Jul 26, 2012
    4,071
    4,651
    150

    I would recommend:

    1 ) Do not use Java. It is not safe. If you absolutely must use it, install the Java Run time, do what you have to do and uninstall it.

    2 ) Make sure all updates are in place. Especially Microsoft Silverlight, which has been shown to have vulnerabilities.

    3 ) Make regular -external- backups of your system. If something goes awry, you can always restore from a backup.

    4 ) Read the security bulletins. At least try to get an idea of some of the zero-day exploits that are out there.

    5 ) Run an anti-virus. Any antivirus. Not necessarily real-time, but scan your machine at least once a week. I use Malwarebytes free. It works for me. YMMV though. And clean up before you scan. I use JetClean. It seems to work well, and the virus scan will be a little bit quicker.

    As Mr.X suggested, a Sandbox or virtual machine will protect you, but it's not always practical, especially in the case of high performance software like Cubase (which I use)

    That's what I do. So far...so good. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. CHEF-KOCH

    CHEF-KOCH MDL Expert

    Jan 7, 2008
    1,192
    1,185
    60
    #34 CHEF-KOCH, Mar 6, 2017
    Last edited: Mar 6, 2017
    (OP)
    It's really depending, newer malware not really care anymore about Sandboxie and VM because they check if there driver/executable are running or not and then they acting different when you test it under real environments which makes it pretty dangerous even for experts. Because you can't debug every new software/update and inspect everything. The thing is that you never know, and if you're malware is good you may never figure it out and only see the symptoms of an infection and one time is enough to send your data in a cloud - you never get your data back.

    I'm not sure what's the best personally I gave up on all products long time ago an only test here and there but simply ask yourself if you really need the software or is it only for one time, then you can simply do the suggested setup. The problem is more the software you daily use.
     
  15. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    7,897
    10,733
    240
    @CK yep I agree dude myself use only Adguard full +brain +luck =I hope don't stay paranoic also lol :g:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,575
    15,645
    270
    #36 Mr.X, Mar 6, 2017
    Last edited: Mar 6, 2017
    Yes at all you've said. But ThomasMann is asking for protection when landing on a compromised server which tries to exploit client computers, namely their browser(s). He's not trying to run malware tests and here's a huge difference. Hence I still recommend Sandboxie for browser protection. In fact for any Internet facing app protection.
     
  17. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,104
    24,378
    340
    Can recommend a proper add blocker and noscript, this combination can defend from attacking sites and or infected add banners.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. LostED

    LostED SVF Patch Lover

    Jul 30, 2009
    7,145
    21,024
    240
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,104
    24,378
    340
    Interesting :cool2:.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  20. Joe C

    Joe C MDL Guru

    Jan 12, 2012
    3,522
    2,093
    120

    I get an error:
    Secure Connection Failed

    An error occurred during a connection to cybellum.com. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...