Been antivirus free for a little while now

Discussion in 'Security and Anti-Virus Software' started by Hungry Man, Mar 17, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    My security consists of:
    1) Chrome Beta with built in XSS auditor turned on.
    2) DDWRT router with adblock script/ a malware black list.
    3) Windows 7

    That's it. No windows defender and no more MSE. Been virus free.



     
  2. ssssssssss

    ssssssssss Notebook Evangelist

    Reputations:
    234
    Messages:
    542
    Likes Received:
    0
    Trophy Points:
    30
    It must be ten years since I had a virus, I just have to eradicate them from other people's systems with depressing regularity...
     
  3. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    I haven't had a Virus on Windows 7 yet.

    I've definitely removed my fair share of them for people.

    Oh and UAC off. That thing is a useless pain. But UAC is more about protecting the users from themselves, it has very little to do with malware.
     
  4. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    Do you really find UAC such a bother? How often do/did you have to deal with it?
     
  5. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    I dislike being asked whether I REALLY want to do things. Chances are, I really do. I tried just turning it down but I saw no real value in it so I turned it off completely.

    Now I don't deal with it at all and I really don't feel any less secure.

    Oh I also have javascript disabled on certain sites. It speeds them up and secures them even more. I honestly don't think that rogue javascript is something that Chrome has to worry about 99% of the time (outside of clever exploits that manage to stay in the sandbox and garner information) but it does stop some annoyances.
     
  6. ssssssssss

    ssssssssss Notebook Evangelist

    Reputations:
    234
    Messages:
    542
    Likes Received:
    0
    Trophy Points:
    30
    I sacked off NoScript etc cos I got bored with having to enable fifteen domains for every damn AJAX site, & moved over to running a VM for web surfing. Install as many damn viruses as you want, suckers, I'll burn the machine and set a new one up next time I go on the net.

    And agreed on UAC, it does my head in. Yes, I just clicked on the program to run it, so I'm sure I want to run it - I didn't change my mind in the 0.00000001 seconds it took you to pop the dialogue box up. Agreed it is probably useful for >95% the Windows userbase tho.

    (on a similar note: I just got a slimline Xbox. When I eject a disc, it makes an irritating 'ping' noise. Why? I'm right next to it - I just pushed the button, and my arms are only of average length. I pushed it because I wanted to eject the disc. I can see the tray ejecting with the disc in it. WHY DO YOU FEEL THE NEED TO MAKE A NOISE??)
     
  7. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    Yes, noscript was a bit of a pain although after a few days and after you've visited all of the most visited sites you pretty much forget it's there. I have javascript allowed globally but I've used Chrome to block javascript on a few sites (streaming sites etc) that I would simply prefer to not give the chance.

    This is one security measure I'd recommend to anyone since it speeds up that particular site while also keeping it more secure. You can't say that about most security measure, they almost always have some negative effect.

    The only problem with it is that I already KNOW those sites. But I also know they're often vulnerable. Keeping javascript globally enabled means I am subject to malicious code, but I'm not worried.

    And yeah, UAC is a paiiiiiiiin. I just didn't need it. I know a lot of people will benefit from having to second guess each click, but I'm not one of them.

    And yes, the xbox is a decent analogy lol
     
  8. ssssssssss

    ssssssssss Notebook Evangelist

    Reputations:
    234
    Messages:
    542
    Likes Received:
    0
    Trophy Points:
    30
    It's so difficult explaining things like Javascript & arbitrary code execution, XSS scripting etc to your average man on the street though...

    You obviously have knowledge behind what you're doing - same as me, you could probably name ten different ways of mitigating these attack vectors, with pros & cons for each.

    The difficulty comes with trying to explain to Grandma that websites have the ability to completely own your computer though. The whole model needs redesigning to account for security from the ground up, although I can't see that happening. Every web browser in default installed state is so vulnerable to malicious code (yes, even Chrome - there's wide speculation that Google bought out whoever was going to hack it at pwn2own, but that the vulnerabilities actually existed).
     
  9. Pitabred

    Pitabred Linux geek con rat flail!

    Reputations:
    3,300
    Messages:
    7,115
    Likes Received:
    3
    Trophy Points:
    206
    With all security of any sort turned off on your machine, how can you be sure you don't have a virus or your machine hasn't been rooted?

    All of the advice in this thread is horrible. Disabling UAC is just silly... it's not about protecting the user from themselves. It's about warning the user that "Hey, this program is trying to do something restricted... did you intend for that?" It's finally putting a Unix-style security model on Windows.

    As for antivirus... even with all your protections, there could be something that slips through. I'm guessing you've uninstalled Flash? Go ahead and turn off real-time scanning and all, but not using AV at all on a Windows machine? That's just playing with fire for no good reason.
     
  10. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    I'd be very surprised if Google bought out pwn2own. The fact is that Google has long encouraged people to show them bugs in Chrome so that they can fix them. There's even a 20,000 dollar reward for anyone who can successfully exploit Chrome and get out of the sandbox.

    Out of the box I'd say Chrome is still the most secure browser.

    I think it's more likely that whoever was signed up had planned on using a bug that had been patched the week before pwn2own (Google released a rather large security update the day before the cutoff that patched 14 exploits as well updating the V8 and Webkit.)

    Simply by enabling XSS auditing in about:flags I feel that that is all the "tweaking" I need to do in Chrome. Obviously it's not all the tweaking I've done, but I'd still feel pretty safe. V8 + sandboxing makes malicious javascript feel pretty tame. I know of a few exploits myself and I personally have never run across them (it's possible they're patched by now but I'm fairly certain they aren't.) Even those exploits can only gain very limited information.

    I set up a LOT of computers for people (and I get payed to sometimes for it too! haha) and it's very very difficult to explain that the McCaffee antivirus that they paid for is in fact not doing a great job and they can do much better with a free antivirus. They don't want to hear that and most of the time I just don't bother because they won't want to uninstall a program that they've paid for.

    Pitabred, I'm sure to scan once a month or so. I've dealt with dozens of infected computers and there's often at least some sign of infection.

    Yes, UAC is a great step towards the unix-style security model. I'm just not interested in it. It can stop viruses from doing things that take certain permissions but that's it. It's more of a pain than anything else.

    As for flash, it's not installed except for the one that comes in Chrome. As of Chrome 10 flash is sandboxed, which is a huge security feature considering how terrible flash can be in that area.

    As for no good reason, I just no longer see any reason to keep it on the computer. If I get a virus I'll remove it and go back to using an AV but I don't think I will.

    UAC will stop a virus from totally destroying the entire OS on the computer lol you won't have a virus messing around in a lot of folders. However it won't protect your personal data that's stored on your desktop and it won't prevent much of anything else.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page