Recently, antivirus programs have become as relevant in their demand as operating systems. Why? An answer that even a novice PC user can give: too many viruses divorced on the already familiar Internet. However, there is an opinion that it is possible to do without antivirus programs. They say, “don’t climb where you don’t need to, be careful, and everything will be fine.”

Indeed, even the creators Windows Vista when OS claimed that their system was the most secure of all existing ones. In fact even Vista made in such a way that if there are no anti-virus programs on the computer, it informs the user about this, and with a very “quivering voice.” Although this OS and the next one after it " Windows 7" and have your own " Windows Defender », Microsoft I felt that this was still not enough.

In fact full protection Only a free OS can protect you from all viruses - Linux. However, it is much easier for “mere mortals” to use the usual Windows.

So is it possible to do without anti-virus programs (working in Windows) or is it still not possible? Which antivirus programs are best to choose?

To answer the first question, let's give a small clear example. Some people live without taking medications that increase immunity against the influenza virus. However, they do not get sick. Others use immune-boosting drugs but still get sick. Why does this happen? There can be many reasons. This includes a person’s environment, his level of immunity, his personal hygiene habits, and so on. In other words, It cannot be said that an antivirus program, like a drug with an antibiotic, will definitely help. A lot depends on what content sites the user visits, what disks and flash drives he inserts into his computer.

Thus, you need to be a responsible user, even if you have an antivirus installed. Whether you need antivirus programs or not is up to you to decide. Of course, today the network is simply replete with viruses. Some people “bump into” them, but others don’t. Most experienced users believe that such programs are still needed.

Some people prefer Firewall, somebody " Kaspersky", somebody NOD 32. However, these antivirus programs are paid. Therefore, now free or shareware are gaining popularity. free antiviruses type Avast, which, by the way, provides good protection.

Warning: What is described in the article is somewhat outdated, because... I abandoned Windows in the era of Windows 2003.

Every time my friends ask me: “Which antivirus is better?”, I can only say one thing: “An antivirus is like a court shaman. Some are better, some are worse, but it’s impossible to determine who performs better.” An antivirus does not guarantee protection against viruses; moreover, it has every moral right to miss a new infection and begin detecting it 2-3 days after the “incident”. Those. It is not very suitable as a primary means of protection.

Below is described windows settings, which will allow you to protect yourself from any real (i.e. naturally occurring) viruses without using antiviruses. This configuration has been running for 3 and a half years on a terminal server, where users (in better times up to 70 people) are not at all shy about dragging all sorts of assholes on flash drives, surfing the net anywhere, etc.

Theory

Any self-respecting virus, once launched, seeks to gain a foothold in the system in one way or another, i.e. creates executable file or a library that is written in one way or another into the launch. “Auto” launch or in the form of an “addition” to other executable files (debugger, hander, plugin, etc.) is not important. Important: There is a barrier called "code running". Even good old viruses that write themselves into executable files should still be able to write to the files they are supposed to run.

Of course, there are viruses that reproduce without creating files (for example, ms-blast). But the condition for the appearance of this virus must be the availability of the server for requests from virus carriers or the execution of code through an exploit in the browser\network component. In the case of a hole in the browser, further replication is not possible (since you need to access browsers on other machines, and this requires raising a server where other users will go and motivating users to go to this particular node). In the event of a hole in the network component and reproduction without saving to disk, the technique I described will most likely not work and an epidemic is possible. However, I’m not sure that antiviruses will catch such a 0day exploit, plus they (holes) are fixed quite quickly, so I put this scenario aside as unlikely. The presence of firewalls further reduces their danger. Timely (automated) installation of updates can quite save you from non-0day.

So, the main everyday danger is represented by viruses that launch “from a file” (if only because they survive a computer reboot). If we somehow prohibit the launch of “wrong” files, then the problem will be solved (since a virus that is not saved in a file will not be able to survive a reboot, and if launched with user rights, even a banal relogin).

Windows has a technology called the Restricted Application Launch Policy. It can be activated in the “prohibit everything that is not allowed” mode. If we put a complete ban on all files, including libraries, for everyone, including administrators, then we will get an exact guarantee that an extraneous file (not included in the list of allowed files) will not be launched. At least I have not yet heard that there are holes in this technology. I would like to draw your attention to the fact that libraries should also be prohibited, because the notorious configurator is launched from flash drives by running the library by tricking rundll32.

However, bans and permits will not make sense unless rules are formulated that will prohibit the launch of “outsiders.”

Security model

Before describing the configuration in detail, I will formulate the theoretical principles of its organization:

1. Where the user can write is closed for launch.
2. What the user can run is not writable.

These two simple rules allow you to protect the system from the user launching viruses - a virus cannot form where the user cannot write, and where the virus can write will not give the desired effect - launching from there will be prohibited. At the same time, this protects (on the terminal server) from the launch of third-party applications with unknown gluttony for resources.

Problems

But behind this rosy simplicity there are a lot of pitfalls.

Stone number one: wild software. Software that stores executable files in the user profile, software that wants to be written “to its directory.” In the proposed model, the rule strictly applies: software (executable files) in their own directories, user data and settings in their own, and these directories do not overlap. (In fact, this is a recreation of the classic Unix way with /usr/bin and ~, mounted with a ban on +x). Servers are configured for a task (rather than tasks being selected for a server), so the presence of such programs may automatically mean the impossibility of implementing the described system. There is a lot of wild software, and sometimes it surprises (for example, Adobe Illustrator wants to write a lot to the Windows directory).

Stone number two: scripting languages. This will not protect us from a malicious user, however, the ban on running script extensions completely protects us from viruses. (the logic is this: even if the virus runs the script by launching an allowed interpreter, it will not be able to survive a reboot, since it will need to launch the interpreter with the script after loading, and the creation of files from which it can be launched, including shortcuts, is prohibited).

Stone number three: shortcuts will not work for users. This can be partially solved by placing necessary shortcuts in all users, but users really don't like being prevented from creating shortcuts. This can be partially solved by creating personal quick launch panels to which the user does not have write rights (i.e. they are updated at the user’s request).

Stone number four: many updates will not be installed (since they are prohibited from launching). To solve this problem, you need to unwind Group Policy, install updates and roll it back.

Stone number five: network components, like IIS/Exchange. They still can't break the habit of writing anywhere (and in the case of IIS, executing code anywhere), but I hope you're not running Exchange on a terminal server.

In other words, protection does not come with little blood.

Settings

The ban can be specified in the server’s group policy (I usually use a policy with loopback processing and assign it to all terminal servers), or in local politics(gpedit.msc).

Path to the policy - Computer Configuration, Windows Settings, Security Settings, Software Restriction Policies. The first time you use them, you need to create them - right click on Software Restriction Policies, “New Software Policies.”

First, the paths that are allowed (additional rules) are configured:

Everything that is in c:\windows, c:\windows\system32 c:\program files is allowed to run. c:\documents and settings\all users\desktop, c:\documents and settings\Start menu. Everything else is prohibited. In particular, it is imperative to prohibit launching from the root of the disk, because By default, users can write to the root of the disk (yes, this is a Microsoft feature for compatibility with old stupid software). Allowing launch from c:\documents and settings\All users\* (wholesale_ should also not be allowed - there is a directory of shared documents open for writing to all users.

Everything except the above is prohibited. More precisely, in the course of work you may want to allow individual directories (for example, network shares), but you must strictly follow the described rule: you can run it, you cannot write it. You can write, but you cannot run.

The ban is included in two stages - first in secruty levels (Disallowed), then in the root Software Restriction Policy in Enforcement - in “All software files” and “All users”.

Usage group policy The good thing about the domain is that if you mess up the policy and can’t run anything (even gpedit), then this can be corrected from a third-party server.

Practical operation

The configuration has been in use for several years without any significant changes, during which time there has not been a single case of infection terminal server(at the best of times, up to 70 people with IE6/7 and a bunch of flash drives) or workstations for Windows control XP (about three dozen in three companies). In the logs I periodically see messages about the prohibition of launching this or that file (most often from temporary internet files). During this time, a lot of software was discovered that was incompatible with the configuration - from Autodesk view (DWG viewer, it works somehow, but with swear words) to Thunderbird (which tries to store plugins in the user’s profile).

Operating this configuration in automatic mode will most likely be unsuccessful (this doesn’t work, that doesn’t work), but with a little care it allows you to forget about the problem of antiviruses (and in the conditions of a terminal server it allows you to significantly save on hardware, since the load on the server is greatly reduced).

Moreover, even one computer works in this mode under administrator control (the specifics of the software used) - during this time there has not been a single successful infection (although theoretically it is possible in such conditions).

Windows 2008/7/Vista

Here I can no longer speak very confidently, but in the small amount of time I watched them, they changed the names of the directories (in particular, for applications and all users), which requires a significant reworking of the policies (from half a kick of Windows 7 with those described above paths did not allow the user to run programs).

Is it possible to somehow protect your laptop or computer 100% from viruses without an antivirus? What can replace antivirus? Most, even advanced ones, will tell you no.

It is not true. One hundred percent Windows protection without antivirus is possible. I will describe it on this page in the last section.

What can you do to protect your PC without antivirus software?

For large quantity users, obtaining and using antivirus software can be troublesome and expensive.

Safe browsing without antivirus

One of important advice, regardless of whether you have an antivirus or not, you should use Safe Browsing.

You will never get a virus without being on the Internet and without reading from other sources: disks, flash drives, mail, etc.

Don't download files unless you are 100% sure the source is safe, don't surf sketchy sites, and so on.

If something seems too good to be true, then the likelihood of contracting the virus increases.

These tips should be followed even if you have an antivirus, because they are not perfect, and some viruses can easily bypass them.

What can you do to protect your laptop without antivirus?

The next step is to make sure that your browser latest version, then it will be more difficult for hackers or viruses to exploit security holes to harm your system.

Also install all updates for Windows security(control panel => center Windows updates) – they are free and will close a lot of holes.

Another one interesting idea Use browser extensions that focus on security.

For Firefox you use the free one - NoScript. It blocks any website scripts that could potentially cause problems on your Windows system.

For Google Chrome, you can try it - install and use SaferChrome for free.

Using free Linux to protect your laptop from viruses without an antivirus

You can significantly reduce your risk of getting a virus if you use Linux rather than Windows.

Of the entire collection of viruses, approximately 90% of viruses are from Windows, and 9.95% are from Mac OS X.

For the free Linux operating system, there are practically no viruses - you can use it without an antivirus

How to replace antivirus

Here we come to last section, in which I promised 100% protection for your laptop or computer without an antivirus.

How to do this - what to replace the antivirus with? For this there is great program(download link at the end of this post) – Toolwiz Time Freeze.

What is its essence? As soon as you install it, launch it and click on the start button, the program will immediately place your system in a “safe”.

In this case, after the reboot, all programs, videos, pictures, music or films that you have downloaded/installed and have no doubt about their safety will be deleted.

To avoid this, the program provides three options: Enable "Folder Exclusion" when enabling Time Freeze, add folder and add file.

Tell the program what you don’t want to delete, and it won’t touch it—not bad, really.

Although I still recommend using some kind of antivirus if you use Windows (there are many decent free alternatives), these tips should certainly help reduce your chances of getting infected. Just be smart with what you do.

Any tips you can add? Maybe after reading this post you think that an antivirus is still really necessary? Then let me know in the comments! Good luck!

Developer URL:
www.toolwiz.com/

OS:
XP, Windows 7, 8, 10

Interface:
Russian

The vast majority of Windows users know and are already accustomed to the fact that this operating system must be protected with some kind of full-fledged antivirus. And it's not just like that! Indeed, working in this system without an antivirus, it is very easy to pick up some infection from the Internet. But! Modern Windows systems (for example, Windows 8, Windows 10) are much more secure than their predecessors. And here the question arises: “Is it possible in the most latest systems Oh Windows lines still work without installation third party antivirus, what’s more, there’s a built-in one?”

I once tried to conduct a similar experiment on older Windows versions. Each of these systems already has a built-in antivirus from Microsoft by default, but is it any good?

Experience without antivirus in Windows XP, Wikndows Vista and Windows 7

Windows XP had a defender called Microsoft Security Essentials did not appear immediately after the release of this system.

I tried to work on this system a couple of times without an antivirus even before Microsoft appeared. Security Essentials. Those. It turns out that I was working in a completely unprotected system, with the exception of the built-in firewall.

A firewall is not an antivirus, but network control in all programs to protect against various attacks. For example, it can be used to block the possibility necessary programs connect to the Internet or allow connection under certain conditions.

The result of this work was a very quick infection of the computer with all sorts of advertising programs first of all, and then he made more serious threats. At the same time, I observed a very careful mode of working on the Internet, did not visit very suspicious sites, but nevertheless, apparently, without any protection, everything from the Internet is attached to Windows XP. And also because XP itself had much less protection and more vulnerabilities than its successors.

When Microsoft Security Essentials appeared, I thought that it was, in principle, a replacement for an external antivirus and tried to repeat the experiment. Demolished external antivirus(Kaspersky stood then) and tried to work. The result was the same. I picked up the infection quite quickly, while working on the Internet while also being careful.

Therefore, in Windows XP, I would highly recommend not working without a full-fledged external antivirus! But this system is a thing of the past; it has not been supported or updated by developers for many years! And in general, for those who still use it, I recommend switching to a more modern system, if, of course, the computer can handle it. But today, for the vast majority of users, the computer will certainly support one of the latest systems in the Windows line. Gone are the days when many people had an ancient 1 GB processor in their computer. depending on the strength of RAM, for example :)

About computer components, for example, find out what RAM, processor, etc., can be found in a separate article

Starting with Windows Vista, another product began to be introduced into the system: Windows Defender. But still in those already legacy systems Windows Vista and Windows 7 it was rather weak. And perhaps the systems themselves again had certain vulnerabilities. And it’s also risky to work in these systems without a full-fledged external antivirus that will replace the built-in defender!

Experience without antivirus in Windows 8 (8.1) and Windows 10

Once again, I repeated my experiment of working without an external antivirus in Windows 8.1 and Windows 10. For 2 years now I have been working using only the built-in Windows Defender. And it seems that security in the latest Windows releases has indeed reached a higher level.

In the last Windows build 10 Windows Defender looks like this:

Through the “Virus and Threat Protection” section you can run a quick or advanced virus scan.

Running Windows 8 and 10 without external antivirus (previously Avast was installed free version and before that I tried Kaspersky), I downloaded a couple of antivirus scanners(DrWeb CureIt and Kaspersky Virus Removal Tool) and performed a full scan of the computer. As it turned out, I didn’t pick up anything serious on the computer, except for a few unwanted applications, which, in fact, are not viruses and which I add myself to the exclusions of any anti-virus programs.

Having then checked the computer with the same Avast and Kaspersky, I was once again convinced that while working without them, my computer had not become infected. Neither one nor the other found anything.

Conclusion

Windows systems, starting from Windows 8, already have sufficient built-in protection so that you don’t have to worry about installing a heavier external antivirus, which will eat up much more system resources than Windows Defender.

And some antiviruses, especially if configured incorrectly, can greatly slow down the operation of the operating system!

Of course, this is all true if you work carefully! Those. do not download anything from some “left” sites, do not visit suspicious sites in general. Software I strongly recommend downloading only from the official websites of developers, and on various blogs and someone’s personal websites, where they post links to download programs. The risk of infection in this case is very high even when using a full-fledged antivirus from third-party developers!

Discusses how to ensure computer security using some reasonable user rights management measures.

The number of viruses is growing exponentially every day. Accordingly, the costs of protection with the help of anti-virus programs increase, which “eat up” more and more computer resources, such as processor load and RAM. And, probably, almost everyone thought: “Is it possible to do without antiviruses and other similar programs?” It is partly possible.

Oddly enough, the main source of PC security threats is its user. That is, the fundamental measures to improve security are actions arising from the principles of reasonable computer management. The main idea of ​​the approach discussed below is based on correct use security policies implemented in the operating room Windows system(on Linux this approach is the default). The problem is that in Windows, by default, any user is granted administrator rights, i.e. maximum possible in the system. In this case, all malicious programs, such as viruses, that enter the system also receive administrator rights and the damage from their functioning is maximum.

The solution is to limit the user's rights as much as possible to a level that makes it possible to perform only the most necessary actions, as a result of which malicious programs will only be able to perform actions permitted by the user. Specialists from Beyond Trust, one of the world's leading security providers, have confirmed the correctness of this concept. Why were gaps studied in versions of Windows, the Intenet Explorer browser and Office package. It turned out that about 60% of all vulnerabilities are eliminated through the introduction of a limited account. If we talk about critical vulnerabilities that can cause serious damage, this figure is 81% for all Microsoft products and 90% for Windows 7. For Interne! Explorer and Office programs This approach eliminates all vulnerabilities. In Windows 7 and Vista, user account control is easily bypassed through the rights transfer mechanism inherited from Windows NT. Rights control in Windows is possible for any object, accessible to the user. Due to the fact that by default in all versions of the OS Windows user administrator rights are granted, the browser also receives administrator rights, inherited by any program it opens. When the malware forces the browser to launch the infected executable file, it immediately begins its dirty deeds.

Restrictions on user rights can be implemented using built-in Windows tools.

User demotion in action.

In Control Panel, go to User Accounts.

For WindowsXP: ? “Create an account”, enter a name? select “Restricted account” and at the bottom click “Create” account”(or“Ready”). In the next window? “Change account”, select the account you created? “Create a password” and enter it at the bottom? “Create a password”.

For Vista and Windows7: In “Manage another account”, select “Create a new account”, enter the account name? " Regular access"? "Create an account". In the next window, select the account you created? “Create a password” and enter the password.

If you want to use your old familiar name for an account with limited rights, then create a new account, but with administrator rights. Log in with this account and go to User Accounts. In your previous account, click on “Change account type”, select “Regular access” (for XP, select “Limited access”).

Switch between accounts

From time to time it becomes necessary to switch to the administrator account (to remove or install programs, etc.). Although Windows has the ability to switch between accounts using built-in tools, for more comfortable work it's better to take advantage special programs, such as the free SuRun (works in all versions, starting with XP). If you need to expand rights or start specific program you will need a quick transition between accounts. Why in context menu shortcut desired application you should go to "Start as Administrator" and SuRun will launch the application. When you need elevated rights at every start, activate “Don’t ask this question for this program” and “Automatically run this program with elevated right”.

User with absolute rights

When working with Explorer, it becomes necessary to increase rights to gain access to certain directories. In order for the Explorer window to be launched by SuRun with administrative rights, activate “SuRun Explorer this” in the context menu of the desired directory. Similarly, you can get administrative rights for the “Control Panel”. To do this, right-click on the Desktop and select “System Panel on Administrator” from the menu. To implement these features in Windows7, you need to make some changes to the registry.

Limiting user rights helps control actions malware, the development of which, however, does not stand still. When malware enters a system, it tries to increase its own rights by any means possible. That's why good antivirus Still worth having for protection.