1

I've Windows 7 with latest updates without any antivirus software.

I use ZoneAlaram Free Firewall to restrict application from accessing Internet without my knowledge (every new application requires ok/cancel in firewall's popup).

  1. Administrative account is locked with password and for everyday usage I use restricted Windows account.

  2. Also I've enabled Application whitelist policy in secpol.msc snap-in. Only applications from C:\Windows and C:\Program Files are allowed to run. When I download something (from trusted sources, of course) what I want to install I place installer into C:\Program Files and start it from there (this happens rarely). I've added .js, .ps1, .vbs into list of executables in security policy to prevent attacks from 'viruses' which encrypt user's files (idea from https://www.bleepingcomputer.com/tutorials/create-an-application-whitelist-policy-in-windows/

  3. In google chrome I've disabled all plugins, removed extensions.

Except zero-day or any other unknown vulnerabilities in Windows, Office, Google Chrome what should I be afraid of? I know my method is not 100% secure, from time to time I download free one time antivirus software (drweb cureit) and verify my system. What do I miss?

If I want to use some application (skype, etc.) and want to be sure that it does not have access to my files is it safe to run it under special account (create restricted account, for example, skype-user, and start skype using runas)?

P.S. I've replaced taskmgr with process explorer, disabled through sysinternals autoruns utility everything what I do not think is required to the extent of working system, of course.

Vitaliy
  • 123
  • 4

2 Answers2

3

In depth defense recommends that you put multiple defense lines to protect your system against as much attack vectors as possible. What you describe sounds good because you try hard to control what will be executed on your system.

But IMHO, antiviruses are specialized pieces of software that research downloads and file systems for known signatures, independantly of the way they would be later triggered, and that later control again at execution time. IMHO this a complementary to your security measures, because I cannot find that in what you describe.

So I cannot really say what is the risk of not running an anti virus. I really depends too much of your usage of the system and of internet data. But as antivirus could do controls different from what you already have, my advice would be to use one free antivirus (Avira or Avast have good reputation) in addition to your other security measures.

Serge Ballesta
  • 25,952
  • 4
  • 42
  • 84
  • The only way I'd really suggest going without AV is to do something like application whitelisting. But even with that, I'd still (consistent with your answer) manage my firewall and use drive encryption. – baldPrussian Nov 21 '17 at 18:25
0

I run multiple windows boxes with no antivirus ... have been for the last 15 or so years. In that time I have only gotten one virus, and it was because I was doing something stupid (and should have been using a sandbox ... but was in a rush).

However this is NOT recommended for an average user.

I personally do this because in my experience I have found preventative security to be far better than reactive security. I have sizable blacklist in my hosts file that is auto-updated on a weekly basis. I use Firefox/Chrome w/ uBlock Origin and NoScript/ScriptSafe (respectively). I make heavy use of VirtualBox when working with un-trusted executable files. I also keep multiple backups and strongly believe in the Nuke from Orbit when a virus presents itself.

This in my opinion works far better than wasting system resources on a scanner that runs in the background every time your computer reads a file to check it against a blacklist which may or may not be of any use against a virus which could have easily been modified to have a non-standard signature

Your mileage may vary

CaffeineAddiction
  • 7,567
  • 2
  • 21
  • 41
  • This would definitely be too complicated for the average user. I'd note that modern AV uses heuristics to help with viruses with a non-standard signature, but that can only go so far. – baldPrussian Nov 21 '17 at 18:15