Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

An experiment -- critiques welcomed


  • Please log in to reply
10 replies to this topic

#1 bellgamin

bellgamin

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hawaii
  • Local time:09:32 PM

Posted 20 July 2018 - 01:31 AM

For several months I have been testing a "minimalist" security set-up on a computer that I use a lot, but an infection would not be cataclysmic. Here is my set-up...

 

Imaging -- My minimalist set-up's central "fail-safe" is Imaging. I make a full image on Mondays. I make differentials of that full image on Wednesdays & Fridays. I put those images on a 2tb external USB Hard Drive (HD). I always disconnect from the internet when imaging or restoring. I retain images until my HD is nearly full, then I replace the oldest weekly MWF set with the newest MWF set.

 

OSArmor -- This free security app is explained HERE. By my estimate, it is ~95% set-it, forget-it. IMO OSArmor is a ruthless, bad tempered, cynical, kick-gluteus, malware-eating ogre. I loooove it!

 

EXE Radar -- This is an anti-executable app primarily based on whitelisting/blacklisting & some excellent pre-sets. I couldn't find a thread for it here at Bleeping & I am unsure about the policy re linking to external URLs, so search it out yourself if you're interested.

 

Malwarebytes Anti-Exploit (MBAE) -- MBAE prevents exploits that target browsers & other apps that are internet facing. Hitman.Alert is an option. I'm sure there are others. MBAE is part of Malwarebytes Antimalware (MBAM), I think, but I use MBAE as a stand-alone beta. The betas are frequently updated & (so far) are available for free via MBAM's forum.

 

Router -- I have an excellent router that incorporates an excellent firewall. Of course, the Windows firewall is working for me, as well.

 

Antivirus -- I do not run any real-time antivirus app. Instead, I do frequent on-demand, cloud-based scans using Herd Protect. I also upload each & every thing I download to Virus Total for scanning.

 

Concept -- Shortly after I belatedly discovered Imaging software, I asked myself WHY I should have an antivirus patrolling all the time? After all, if a malware becomes evident, all I need to do is restore a clean image and Poof! suddenly it's yesterday and I'm sailing on a calm sea with a following wind. As stated earlier, I have used this concept on my walk-about computer for several months. So far I have had no real nasties so my concept is either perfect, or untested, or I've just been lucky.

 

PLEASE -- Your comments and critiques of my odd concept will be greatly appreciated.

 

Grace & peace to all,

bellgamin


Edited by bellgamin, 20 July 2018 - 03:12 AM.


BC AdBot (Login to Remove)

 


#2 midimusicman79

midimusicman79

  • Members
  • 687 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:09:32 AM

Posted 22 July 2018 - 10:48 AM

Hi, bellgamin!

As quoted from the pinned topic in this forum, Answers to commonly asked security questions - Best practices:

Why should you use Antivirus software?

Antivirus is crucial, like seat belts or airbags. If you never actually need them, that's great. But when you do need them, there's no warning, and they can be the thing that saves you.

Using unprotected computers on the Internet is a security risk to everyone as they are prone to attack from hackers, Botnets, zombie computers and malware infection. Using anti-virus software will help minimize the risk and help to prevent the computer from being used to pass on infections to other machines. When infected and compromised, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, spammers have more platforms from which to send e-mail and more zombies are created to perpetuate the cycle.

How do folks who claim they do not use an anti-virus and never get infected know for certain that their computer is malware free? Many of today's attackers employ advanced techniques which involve sophisticated Botnets, Backdoor Trojans and rootkits to hide their presence on a computer. Without proper security tools including an anti-virus which can detect such malware, you can never be absolutely sure your computer has not been infected.


Regards,
midimusicman79

Edited by midimusicman79, 22 July 2018 - 11:28 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#3 bellgamin

bellgamin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hawaii
  • Local time:09:32 PM

Posted 22 July 2018 - 07:43 PM

 

Why should you use Antivirus software?

Antivirus is crucial, like seat belts or airbags. If you never actually need them, that's great. But when you do need them, there's no warning, and they can be the thing that saves you.

Using unprotected computers on the Internet is a security risk to everyone as they are prone to attack from hackers, Botnets, zombie computers and malware infection. Using anti-virus software will help minimize the risk and help to prevent the computer from being used to pass on infections to other machines. When infected and compromised, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, spammers have more platforms from which to send e-mail and more zombies are created to perpetuate the cycle.

How do folks who claim they do not use an anti-virus and never get infected know for certain that their computer is malware free? Many of today's attackers employ advanced techniques which involve sophisticated Botnets, Backdoor Trojans and rootkits to hide their presence on a computer. Without proper security tools including an anti-virus which can detect such malware, you can never be absolutely sure your computer has not been infected.

Regards,
midimusicman79

 

Bellgamin sez---

I am learning how to use the Bleeping BB format (gee, the font is sooo tiny) so please excuse any blunders.

 

Midmusicman79 (ref MMM79) quoted a pinned item that states in part: "Using unprotected computers on the Internet is a security risk to everyone..." (I added the underlining.)

 

If you read again my post, you shall see that my computer is far from being "unprotected." My post lists several layers of non-signature-based protection, & each of those layers is state of the art in that area. OSA, for example, is a powerful behavior blocker + exploit blocker. EXE Radar PRO is an anti-execuatable, yes, but far more than that since it has a command line monitor, vulnerable process monitor, et al. Rundll32.exe, for example, must be watched closely, as must any parents & command lines that call this or any other vulnerable item such as regsvr32.exe, wscript., cscript., msiexec, syswow64, cmd.exe,  et al.

 

OSA & EXE Radar (et alia) are security apps that sometimes call for user intervention. Therefore, the attentive user is yet another security layer.

 

Signatures still have a function, but most AVs no longer rely exclusively on sigs but also on heuristics, behavior blockers, & HIPS. Cylance for example uses NO sigs & seems to be a decent AV so far.

 

The pinned item that MMM79 cited seems mainly aimed at to those who use no AV at all. I do check all downloads with VirusTotal & I scan with HerdProtect weekly -- these are on-demand AV GROUPS, not singular patrolling AVs. In my initial post I tried to make it clear that I am not against sig-based scans but, instead, am testing the concept of not using ANY real-time/patrolling AV with its attendant overhead in terms of cpu cycles & on-board signature files. With imaging, it is feasible to place greater emphasis on detection rather than upon prevention.

 

I do fully agree with the statement that an unprotected computer that is not infected is primarily a case of luck rather than a basis for security doctrine. As for being infected & ignorant of the fact let me say 3 things:

 

1- I have better LAYERED protection than most folks whose computers are protected primarily by only an AV+FW.

2- 99.99% of infections on the computers of average users are caused by the loose screw behind the keyboard. (The people who habituate Bleeping are NOT average users.)

3- Is there such a thing as *perfect security*. An old rodeo rider's saying applies

There never was a horse that couldn't be rode.

AND

There never was a rider that couldn't be throwed.

 

 

grace & peace to all,

Bellgamin in Hawaii

 

 


Edited by bellgamin, 22 July 2018 - 10:05 PM.


#4 midimusicman79

midimusicman79

  • Members
  • 687 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:09:32 AM

Posted 23 July 2018 - 11:41 AM

Hi again, bellgamin!

The majority of the world's computer users and the Bleeping Computer members are average computer users who only use an Anti-virus and a Firewall.
 
This is because they do not have the knowledge to use additional security software like you are mentioning.

The minority of computer users use a comprehensive passive and active real-time multi-layered security software setup.
 
Which consists of an Anti-virus, Anti-malware, Anti-spyware, Anti-exploit, Anti-ransomware, Anti-Intrusion, Anti-Potentional Unwanted Program, Backup- and Disk Imaging software, Software Updaters, etc. and a Firewall.
 
As well as ad- and script blocking and even wide-spectrum blocking extensions in one's web browsers, which all contribute to stopping most, if not all, malware.

However, 90 percent of the computer security relies on the user, whereas 10 percent relies on the installed security software.

It is also important to practice safe computing and safe downloading.

Regards,
midimusicman79

Edited by midimusicman79, 24 July 2018 - 06:40 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#5 eLPuSHeR

eLPuSHeR

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 23 July 2018 - 12:54 PM

MBAE seems redundant when using OSArmor. Right?



#6 bellgamin

bellgamin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hawaii
  • Local time:09:32 PM

Posted 23 July 2018 - 03:14 PM

MBAE seems redundant when using OSArmor. Right?

Good question. Thanks for dropping by -- I was getting lonely. (^_^)

 

MBAE seeks to prevent exploits from taking effect in the 1st place. OSA doesn't prevent exploits at browser level (as does MBAE) BUT if anything gets past MBAE (shame on MBAE) OSA will stop it. In short, If MBAE were *The Perfect Security App* OSA's exploit killer would be redundant. BUT there are not yet ANY perfect security apps, so I am happy to have OSA's 2nd line of defense at a basically zero impact on resources. Also, OSA protects against MANY other nasties than simply exploits. OSA is a full-on Behavior Blocker, following in the trail blazed by Mamutu but muchly advanced beyond it.

 

If I were somehow forced to peel away all of my security except one & only one security app, I would have a very hard time deciding between OSA and Webroot Secure Anywhere (the heir of PREVX, another grrreat trailblazer for behavior blocking AND cloud).

 

By the way, since I image, the only hack I truly *fear* is a key logger. If I get 1 of those, & it somehow gets past my protection layers to connect out, it would be MAJORLY inconvenient. Restoring an image will obviate any infection, including a key logger, but it won't cancel out whatever info the logger sent home. The major difference between my machine with this experimental set-up, versus the machine whereon I do financial stuff, is that the financiial machine runs Webroot & SpyShelter (SS is anti-keylogger+FW+HIPS) plus OSA & AdInf (a file integrity checker).


Edited by bellgamin, 23 July 2018 - 03:16 PM.


#7 ichito

ichito

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 24 July 2018 - 11:45 AM

Hi @bellgamin

you are an experienced user so...why not to reject AV? Using ERP and OSA your protection will be enough hermetic and effective.  :rolleyes:


Vista: SpyShelter Firewall + Shadow Defender + Keriver 1-Click Free

XP SP3: Kerio 2.1.5 + SpyShelter Premium + NVT ExeRadar Pro + Shadow Defender + Keriver 1-Click Free


#8 bellgamin

bellgamin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hawaii
  • Local time:09:32 PM

Posted 24 July 2018 - 02:20 PM

Hi ichito! I had to look up your word, "hermetic". It actually IS a word, defined as "impervious to outside interference or influence."

 

Thanks for the comment.

 

Grace & peace to thee & thine,

Bell



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:32 AM

Posted 30 July 2018 - 03:10 PM

Malwarebytes Anti-Exploit does not protect against social engineering, the human exploit often resulting from faud, trickery, spam and phishing emails.

OSArmor runs in the background and scans the processes for any suspicious activity. It comes preloaded with more than 30 security policies that help in distinguishing between the normal and bad behavior of a process and includes the following features:
  • Basic Anti-Exploit Protection.
  • Block Process Execution.
  • Block System Process.
  • Protect Microsoft Office Applications against exploits.
  • Monitor Applications and block any suspicious process started by these applications

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 bellgamin

bellgamin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hawaii
  • Local time:09:32 PM

Posted 30 July 2018 - 07:11 PM

Malwarebytes Anti-Exploit does not protect against social engineering, the human exploit often resulting from fraud, trickery, spam and phishing emails. ... ...

=>Ultimately, NOTHING will fully protect us from our own stupidity &/or inattentiveness &/or bad judgments. The greatest security weakness has been, is, & will continue to be, the loose screw behind the keyboard. :wacko:

 

P.S. The smileys at this site need to be bigger.


Edited by bellgamin, 30 July 2018 - 07:27 PM.


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:32 AM

Posted 30 July 2018 - 07:18 PM

Yes, it as been proven time and again that the user is a more substantial factor (weakest link) in security than the architecture of the operating system or installed protection software.Security is all about layers and not depending on any one solution, technology or approach to protect yourself from cyber-criminals. The most important layer is the user...the first and last line of defense.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users