Security without real time av

Someone asked me if it’s possible to have a system frequently using the internet to have no real-time antivirus, but still prevent viruses. I said yes, but it’s risky. Then he asked me if I could make a kind of scheme on how it could be done. I’m no expert, but this is how I figured it would look.

  1. The most important of them all: Common Sense. Basically, most virus sources are already dubious. You can avoid them by common sense. If I’m not mistaken, viruses often require to be manually run by the user. So checking first the net before running it, better yet, before downloading it is greatly helpful.
  2. Firewall for obvious reasons
  3. USB Guardian/USB Disk Security to prevent USB borne, autorun-dependent viruses. Just in case you really don’t want an antivirus running.
  4. On-Demand scanner (AV with real-time shields disabled, automatic updates, scans external drives automatically as well, scans weekly)
  5. Download manager so downloads can be easily monitored aside from faster downloads. Apparently, also prevents some downloads from automatically running (this is yet to be confirmed). It can also be configured to scan all downloads with the av selected.
  6. Sandboxie, or preferably, virtualization softwares such as returnil or something of the like. for testing dubious programs/sites if needs arise.
  7. Emsisoft Emergency Kit. Some helpful tools in case of infection.
  8. Back-up DVD/recovery CD. Just in case. Some people are too lazy, hence the above.

Link to some of the popular products in the market to help you research on the best security products to fit your system:
Most of which are free ;D

Anything else to add or edit? :-\

08/07/11 Added USB protection
08/08/11 Added to parenthetical sentence in number 4 (…scans external drives…), added link

Depending on your browser of choice, add a script blocking utility, such as Noscript and use it properly. Doing so will eliminate a very large proportion of web based/drive-by malware.

I think such security setup must have HIPS and on demand scanner.

  1. There must be HIPS. I can offer 2 variants:
    1.1 There exists one prog - DefenseWall Personal Firewall (paid, 30-days trial). It doesn’t have av, it’s very strong HIPS, passes all tests I’ve seen. The developer says it can be the only protection. I think that’s true.
    1.2 CIS with av monitor disabled - maybe used as the only protection as well.

  2. Regular scans with Hitman Pro or/and MBAM can be added as well.

  3. Here in forum guys discuss this issue of no real-time av.

  4. Some other scanners and hips can be picked up for the Probably the Best Free Security List in the World

  5. Regular updating web browser, office programs like Acrobat Reader etc. Secunia helps do that.

  6. Time machine: Comodo Time Machine or Keriver etc (that’s optional, but rather helpful).

  7. System partition imaging, like Clonezilla, to restore the system partition if it fails to boot (optional as well).

Well, the browser – no, the products would be entirely up to them since it is a personal choice. However, I did not indulge in the browsers since some of these add-ons provide for productivity (some university sites use scripts and i’ve observed that most sites I visit do not work well without scripts and flash. This is okay for the technology-inclined, not so much for others. I would like this to be useful to most people rather than a select few), time-constraints often cause frustrations. It would not be a good idea to add these security add-ons to those frustrations. Hope this clears things out. :smiley:

I’ll be enumerating my comments regarding the above for easier reading.

  1. Don’t most firewalls include a HIPS component, nowadays? Popular ones often do, so I didn’t bother to add it.
  2. Hitman Pro and MBAM is under the category of on-demand scanners. And so is a resident AV with shields/components disabled. So I left it out. The products are a personal choice. I try not to suggest too much so they could find one that best suits their system.
  3. Thank you for the link. It is of great help and am considering their comments along with others.
  4. I’ve referred people who asks me to this section as well. :smiley: Thanks for the reminder. I’ll be adding it later.
  5. Most popular products, by default, update automatically. Or am I mistaken? Mind if I ask for a few examples if I am? Just to make sure that mine isn’t one of those.
  6. Ought to be optional, I agree. Since many encounter problems with these kinds of products. Not really for people who are non-technology-inclined, hence, it wasn’t mentioned. This can be supplied by the recovery cd anyway. And much easier and less of a gamble to use in my opinion.
  7. I supposed this is also a rescue disk? Or is that an error on my part?
  1. If firewall’s HIPS is as good as of D+ or DW that’s ok.
  2. Disabled resident av is anyway some burden on the system. On-demand scanners give no load at all. Cloud scanners like Hitman Pro are supposed to have much larger antiviral base.
  3. Yeah, useful.
  4. Yeah, useful.
  5. Yeah, all products I know update automatically. Anyway a user must be vigilant on the point.
  6. It depends. Time machines are less reliable but more convenient - handy.
  7. Sure, that must be a rescue disk or an image in another partition. That’s more reliable then a Time machine but less convenient.


But HIPS is ok…

Yes, I find that most people complain less to me when they used HIPS such as WinPatrol or sometimes even Defense + in clean pc mode than using NoScript, FlashBlocker or anything of the like. Quite possibly because these people install less and uses the browser more than any other program. In addition, they quite often visit different sites for research and found the dr. web scanner, wot, mcafee add on, or add-ons of the like much convenient for them (they told me this because they have little things to do with these add-ons and it also provides them with feedback from other people so it makes researches easier for them).

With HIPS, it hardly does anything for them since they hardly install anything at all.

And also we have to disable auto runs in our computer…

So that we cannot be infected by a pen drive…

And LUA and SRP as well.

Yes, that too. ;D But I sometimes use the autorun so

Allow me to do some reading on this topic for now. :wink: