Hi all,
I’ve been thinking about my personal methods/thoughts on the whole secuirty issues… i’ve stuck w/ it for years and it’s never failed me… but i wana ask you guys, if I’m really on track here, or am i just as clueless as a dumb blond in a nuclear submarine?
To summarize, I’ve used comodo and a bunch of other internet suites etc for as long as i can remember… a few years back, gaining much knowledge on how these threats work, I decided to rely less on software protection and more on manual methods… and most specially because of resource/performance impact of these Security suites etc…
Here are my understandings on the matter at hand:
-
the only file types that are a potential threat to your system are EXECUTABLES (exe, vb, etc)… JPG, video files, Music, or other NON EXECUTABLES are NO THREATS - ofcourse except for non-exec documents that has a way to take advantage of vulnerabilities of its executing/host application: i.e., Word document that uses macros vulnerabilities of Microsoft word etc etc… but these are really RARE occassions and i can easily spot these things, so i dont consider non exect types potentially threatening in general.
-
The only way you can get a threat into your system is if you voluntarily (knowing or unknowingly) copy the threat from a source to your computer (download, file copy, etc)… or if a shared resource (like a shared/writable folder on your PC) is on a network and there’s a worm spreading copies of itself to any writeable network location…
-
… the only way for this threat to be activated and/or actually infect your system and do damage to it is if you voluntarily EXECUTE them (knowingly like by double clicking on them, or unknowingly like double clickin on a usb drive w/ autorun.inf instructions to execute the threat)… heck i even play around w/ trojan’s and viruses on my pc, keep them there so i can study them , and i know they’re just files / inactive untill they’re executed…
ofcourse there is a rare exception on threats that has the ability to execute itself via OS vulnerabilities and script routines etc. but again, RARE stuff…
-
… and when a threat is active / able to do stuff on your PC, that threat will be there in your list of running programs, processes and services…
-
and that… removing an ACTIVE threat means manually ending the threat’s processes, deleting the file, and removing it from your startup entries (in the registry)…
With the above knowledge, and for each of the above I:
- take extra precaution handling, running, installing executable file types… and dont really care to scan or be paranoid about any other non-executable files, specially images and music files … like c’mon, i laugh sometimes at people running scans on mp3 and jpg files… sheesh…
I also have gotten into the habit of setting my system to SHOW ALL FILES , regular or system files, and showing the EXTENSIONS of known file types, so that i can tell if an executable is using a JPG icon to fool me…
-
I have the habit of ignoring email attachments and other things I do not need, or do not expect… and when i do need to copy files I scrutinize each executable file … again… i dont care about copying images/videos/music files … they can never hurt my system (99%)
-
for those executable files that I need to copy, install, or run, while some I would know to be CLEAN such as those being downloaded from official websites of known developers, most executables i run has the potential to be a bad boy, coz i really do download a lot, try lots of cool software for PC… some useful, some just for fun… and i do admit to running keygens and cracks to software that i wana try for a long time… Please follow forum policy
anyway back to the point, I do run a lot of potentially dangerous applications/installers on my system and i never get infected because i simply:
a) run a quick scan using whatever free AV i have installed like AVG, AVAst, etc… and for very suspicious files I run them through virustotal.com
b) if checks prove an executable is clean i install it… then i immediately run PROCESSEXPlorer and Autoruns and sometimes TCPViewer (all by Sysinternals) to check for PROCESSES that are running that i do not recognize, startup entries that shouldnt be there, as well as check for unexpected network traffic from any of these processes…
c) for the 99%/most part, all those 3 areas are usually clean and from here I CONCLUDE that whatever i just ran/installed is OK… and i go on w/ my life.
d) sometimes i go so much as to running the application in a virtual enviornment first and comparing snapshots of the system before and after running the app… to see if thre’s anything suspicious
-
Should i spot a process that is unknown to me, or unexpected, or as per research is confirmed to be a threat, I would simply end it, delete the file and startup entries, and study it’s effects… if it doesnt do much to my system then I go on w/ life… if it does (Like what happened to me just recently where it mesed up my registries and task manager etc), i simply restore my system’s image and have a fresh system running again… that’s so much better than running AV removal that removes the threats but can never really put a system back to it’s normal state (coz there’s no way AV’s can reveres all the things /changes a virus has done, really)…
-
well , number 4) answered this already…
So… for many years, I was able to protect myself w/ the above philosopy on these threats… and I can honestly say that at least in the last 5 years, I’ve probably been infected 4 times only, but never really experienced major intrusions, identity theft… etc… i was simply in belief also that whatever antivirus in paranoid mode can do, i am simply doing more manually and more effectively (i dont need to rely on virus definitions) … and the most wonderful thing about this is not just the effectiveness of my process as proven in many years, the fact that there’s almost zero ANNOYANCE from FALSE POSITIVES! ← this gets terrible annoying w/ paranoid security suites…
Now, I may be contented w/ all this already, but I think it’s about time I ask other experts what they think of this too. Specially since all this i learned by myself, by experience, and by lots of trial and error… and reading around… i never really had formal computer science education etc… (i did Business / Marketing major w/c is far from what i do now in the IT industry hhaaha)
So the question of it all is, AM I IN THE RIGHT TRACK HERE?
It’s not that I dont trust these AVs, infact i have very high respect for comodo, and it’s cloud style, etc… but I always felt these AVs are for the regular users who
- dont know what to look for in a system , dont know how to check, dont know the processes well etc
- dont have time or cant be bothered to worry about these steps… people who like the convinience of just running something and not worry about all this stuff…
Not that there’s anything wrong w/ the above, but at least for me, i felt more comfortable in being in control and most importantly not have to worry / be scared of false positives…
Right now i got Comodo suite installed, it’s great, but darn it’s raising all these false positives (or so i think it is)… even flagged applications in my programs archives (cracks and keygens included) w/c ive already been using for many years w/o issues…
I know this has been a long read, thanks so much for going thru this for me, and I would really appreciate your thoughts on this…
Regards
TJ
