I avoided AV software for most of my life. Though, when I worked as a student admin, I would always install AV for the majority of my users. Most users (especially older) simply could never learn not to download that cool new 'freeware' app or game or not double click a downloaded exe (the fact that hidden extensions are still the default on Windows OS is absurd).
As a more savvy user, I did not desire the typical AV bloatware (Norton, McAfee, etc) stealing up half my cycles and spinning the hard drive without pause. I knew enough not to try and 'open' resume.doc.exe.
However, AV's have trimmed down, SSDs are becoming more common place, and it seems the biggest attack vector is browser based. For the last few years, I've run a few different AVs (Kaspersky, ESET, Bitdefender are decent).
I run adblockers, don't install Flash games or Applets, but it is nearly impossible to stop all browser based attacks. I'm not sure the AVs have helped much, but they give some sort of psychological benefit, at least.
There really is no good solution anymore unless you're willing to give up 90% of the web (via NoScript or using a primitive console based browser). I believe the future for tech-aware users will be browsers in some sort of container / VM that reset themselves upon each session, with absolutely no control to the file system or data from other sites.
>> I'm not sure the AVs have helped much, but they give some sort of psychological benefit, at least.
I find this a very dangerous way of thinking. You use the placebo (well, not even a placebo, just useless) and then you stop worrying that much about opening downloaded files, checking their hash if you trust the source, visiting dodgy websites...
An analogy taken to the extreme, would be to smoke and binge drinking without worries because you're taking homeopathic "solutions" (sic).
Not necessarily! It depends! It could be that the constant popups about updating the AV, about allowing access to trusted programs etc. constantly reminds him of the aspect of security and has this aspect in the back of his mind while browsing, so it may actually enhance security awareness. As in "I'm the sort of person who cares a lot about viruses, so much that I have an AV and adblocker etc., so I'm also the kind of person who doesn't just install any crap."
Installing an AV doesn't automatically reduce your defenses. Only if you over-trust it.
>> Installing an AV doesn't automatically reduce your defenses. Only if you over-trust it.
Recent news might point otherwise and there's a debate about it. Does an antivirus really protect you from a real threat? On the other hand, as you're running extra software you're increasing your attack surface, which makes you more vulnerable.
I've seen very clever people pointing to the latter and marketing efforts to make me believe the former. Still, haven't made up my own opinion. In any case, I stick to just Windows Defender and EMET (https://support.microsoft.com/en-us/kb/2458544) to mitigate.
At the moment the number of hypervisor escape exploits are fairly limited, so running a browser in a virtual machine where the system image is always destroyed has a certain cachet to it. I know a couple of people who have Chromebooks for browsing (at least one got the CB for free at Google I/O and they felt that was all it was good for :-)
When I get some time I'd like to clean up my air-gap browser, which was a webcam looking at a laptop with a browser open, where mouse and keyboard actions were translated at the Webcam into bluetooth messages which drove the laptop. Not very practical but wonderfully tin-hattish.
Nice, but for maximum tin-hatted-ness, can I suggest mechanical arms typing on the laptop keyboard and moving/clicking the mouse? Who knows what lurks in that Bluetooth stack and firmware? :-)
NoScript with the occasional whitelist has been a perfect solution for me. I don't feel like I'm missing any part of the web, in fact, most of it is better without JS. At this point, sometimes I go weeks without having to add anything to the list. I don't think it would be a good solution for my mom but she only uses an iPad now so it doesn't matter.
Another NoScript user here and the web is better because of this addon. It's amazing the quantity of websites that auto-play their videos, just by blocking those scripts alone NoScript has helped my blood pressure immensely.
Usually setting the global whitelist to allow *.$currentpage.tld and maybe 10 to 20 others, that become obvious as you go, is more than enough to get 99% of the way there.
Be careful which you choose. Some of them are extremely primitive compared to the major GUI browsers. For example, I was shocked to learn recently that there is no upstream for w3m, and that w3m doesn't do SSL out-of-the-box. And yet, w3m is used to render HTML by all sorts of other console-based applications.
I used to use commercial antivirus products like McAfee and Norton and Trend Micro etc. I went with Avast Home for free. I scan with Emisoft Emergency Kit because it can fit on a USB drive and be portable.
No matter what you do eventually you will get infected by some exploit. Be it Flash, Java, some pop-up ad, or just an email sent to your email client that exploits it.
I got a lawyer still runs XP and Vista and uses ClamAV because it is free. I worry that her systems might be infected, but her husband runs the tech support for their firm. She used to have employees steal data via floppy disks, and these days a simple virus infection can steal data.
> I got a lawyer still runs XP and Vista and uses ClamAV because it is free. I worry that her systems might be infected, but her husband runs the tech support for their firm.
Scary. Small law firms are a prime target for cryptolocker-type attacks. In that case you need a solid backup / restore system.
At first my lawyer offered me a job to help with computers. But later said no because her husband takes care of the computers and has to do it a certain way.
I don't know how they are set up for backups. I only know they use XP and Vista and ClamAV looking at their desktops.
Maybe a more secure os? I gather Chromebooks or Linux work quite well
I wonder if anyone's tried making something that looks like regular Windows but it actually Windows running in a VM under Linux. Might be a way to make something hard to hack but usable by people who only know Windows? Maybe it could have something like Git for versioning the Windows images so you could just roll back to when Cryptolocker got installed?
>> I believe the future for tech-aware users will be browsers in some sort of container / VM that reset themselves upon each session, with absolutely no control to the file system or data from other sites.
Or you could set-up a linux box just for web browsing.
OS X is a UNIX, so file extensions don't matter a whole lot. You can double click a plain Mach-O executable file and it'll run it in a Terminal window. For application bundles (folder with name ending in .app), OS X will warn you if the file was downloaded/not signed by a key trusted by Apple.
While it's true that they don't have meaning to the lower levels of the system, file extensions matter a whole lot to the higher-level frameworks and the GUI that ordinary people use.
Thanks, as someone who hasn't used a UNIX os since Highschool I am not very familiar with them.
As an aside I am thinking about installing a light UNIX distro on my netbook. Win 7 is so painful with only 1GB of RAM. (I love being poor student).
Now I got some money so I can either buy a new laptop for $350 or attempt to save some money by installing a light UNIX distro. Problem is, I dont want to learn another OS.
Yes, I do. AV is hairy systems code that hooks the OS in a bunch of places, and IT managers demand that it be very manageable, so it tends to have remote management and reporting UIs.
The long and nasty history of RCE flaws, not just horrible stuff like this but subtler stuff buried in the file format parsers, is all the data I feel like I need.
Right. (But that's one AV vendor. Others have the same possibility, of course.) But is it still better (more secure) to run without any AV at all? Something like this leaves you vulnerable to that flaw, but no AV leaves you vulnerable to everything (unless a firewall saves you).
Yes, unless you are clueless and execute any executable that manages to hop onto your machine.
AV is complex code that handles huge amounts of untrusted data, so it's a major increase in attack surface. Also, it cannot work, as it's an instance of blacklist security, which never works. So, no upside, huge potential downside.
Well, if Microsoft applies their secure programming guidelines also to Windows Defender that might be the best (and default) choice if you're worrying about attacks like these.
...and it also recently introduced HVMI (Hypervisor-based Memory Introspection)
technology that completely isolates the antimalware solution by deploying it in
a Type 1 hypervisor outside of the operating system.
"This kind of isolation separates the antimalware engines from rootkits or
exploits running in the user environment," the company said.
This completely misses the point. Yes, it protects the AV from exploits in other user software, but it makes exploits in the AV software itself even worse.
Whitelisting is one of the only proven security technologies in a world where you can download and run arbitrary executables. Bit9 should be a requirement on office PCs.
Personally, I won't trust those AV software which are free but claims themselves have FULL function. There is no free lunch in the world. Sometimes, we make jokes on Qihoo 360, we say itself is already a virus. A lot of pop-ups, consuming computing resources. It is very annoying!
How does BitLocker help? It seems like it would just add overhead to your VMs... It also seems like PCoIP would be better then RDP. A firewall is going to do nothing unless it block out-bound traffic.
As a more savvy user, I did not desire the typical AV bloatware (Norton, McAfee, etc) stealing up half my cycles and spinning the hard drive without pause. I knew enough not to try and 'open' resume.doc.exe.
However, AV's have trimmed down, SSDs are becoming more common place, and it seems the biggest attack vector is browser based. For the last few years, I've run a few different AVs (Kaspersky, ESET, Bitdefender are decent).
I run adblockers, don't install Flash games or Applets, but it is nearly impossible to stop all browser based attacks. I'm not sure the AVs have helped much, but they give some sort of psychological benefit, at least.
There really is no good solution anymore unless you're willing to give up 90% of the web (via NoScript or using a primitive console based browser). I believe the future for tech-aware users will be browsers in some sort of container / VM that reset themselves upon each session, with absolutely no control to the file system or data from other sites.