Originally Posted by DuckieHo
However, defense-in-depth is a standard security technique. The resource, time, and monetary cost of AV is virtually zero. Even if it only helps protect you from just one intrusion, that would easily justify the cost-benefit for the majority of users. I do agree AV is really only effective on known malware and is virtually useless on zero-days and more sophisticated attacks.
You are wrong in that user "intuition and knowledge is the ultimate defense against malware". The vast majority of users do not have enough knowledge nor are stay current on hacking enough to simply just rely on themselves. Smart browsing is just only one
way to reduce risk. Smart browsing does not protect against from attacks like DNS poisoning, USB/LAN propagation, ect.
Personally, I ran Untangle UTM (AV, spam, intrusion detection, DDoS protection, firewall) -> NoScript -> MSE
Untangle is unnecessary for a home network, even software firewalls on your computer are not necessary. More then 90% of your home networks today are behind hardware. The only firewall you would ever need on a home computer is windows firewall (that comes with windows by default). Software stacking is probably got to be the lamest excuse at staying "protected" I have ever heard. I personally guarantee you I am more secure then you on the net right at this moment, and I don't run a single thing you've listed. Intuition and knowledge is the ultimate defense.
Originally Posted by DuckieHo
Nope. Sandboxes are still just application that run within an OS and can have flaws and can be broken out of.
way to protect your computer is not believing in a single best way. There is no single silver bullet. The best approach to security is by layered defense or security through depth. Combining different techniques, technologies, and software to make it harder. Think about it.... safes and vaults are rated in time to crack. Nothing that is accessible can ever be 100% secure.... you can only make it more secure than others.
If you are really worried about security, there's Qubes OS. Here's a very good interview with Joanna Rutkowska (a Qubes founder): http://www.tomshardware.com/reviews/joanna-rutkowska-rootkit,2356.html
A real sandbox cannot be broken out of, you do understand most sandboxes like Sandboxie run at kernel-mode. I would strongly disagree about layering your protection as well. You're only creating extreme latency within your network for no reason. A hacker will never be able to get past a router unless the routers firmware is exploitable (extremely rare). The only other way in is if you download and run a RAT or similar malware on your computer that triggers UPnP. But again, this is only caused by you failing to check unknown software before you use it (sorta like crossing the street without looking both ways). I've never been, nor will ever be "hacked" within my home network in my life time. The best way to protect yourself is through knowledge. The more you understand of how hackers plant bots, trojans, etc. And how they attack your machine, the more you will be able to distinguish safe from bad content. I can tell you what is a virus and what it does just by looking at it. Paying for high cost software is just a gimmick, and people like you are a sucker for buying it. Avira free + DD-WRT will keep you safer then all of the stuff you have listed. And both are completely free. If you are worried about security, there is BackTrack
that will allow you to pen test your network. Tho like I said before, there is no need to go spend high dollar on software. If you want to be sure you are safe, run something like Avira free or Avast free. There isn't any more consumer level protection one would need. They will protect just as good as any commercial grade software. And if you are a network nut like me, you can setup your own hardware firewall for poops and giggles such as Smoothwall
. Tho again, its unnecessary.Edited by Warmonger - 9/11/12 at 4:02pm