I'm not saying that my system setup is the best in the world, there will always be Advantages and Disadvantages. But your recommendation offers much greater risk. Not everyone is smart as you, who can easily remove and correct malwares, viruses and system errors. There are those who needs the immediate end result in a much User Friendly way. It’s paranoia but it’s called awareness.
Yes, added system protection requires money. But without it the risk of expending more will be greater, not to mention the hassle and the time lost of fixing your PC.
If you strongly disagree with my setup, then share your detailed guide in how to combat all the system threats. Please bare in mind, that “Instant System Restore” prevents complete alteration of the frozen Drive. The deleted files, installed and uninstalled programs will be restored after restarting your computer. If you value the contents of your computer, then you’ll take all the necessary precautions.
I got your point, and I’m not bashing your post out of ignorance. You missed my point the this “Kung Fu” setup is ultimate. This doesn’t only prevent your petty concerns of “DLL”, but my approach is more holistic. In decision making, you’ll always choose the decision the offers the less risk.
Yet again, don’t get me wrong for rebutting your statements. If you can share your ideas in full details, I would appreciate that.
The reason why I'm so against "complete restrictions" like preventing executables or freezing your hard drive is because people begin to rely on principles which are essentially flawed by defeating the original purpose of computers. For me, it's unacceptable to completely restrict execution of files on my computer or to limit the frequent changes that I make to my system. I'd personally be embarassed to ever admit to resorting to such obtuse measures.
Understanding of the system comes with practice and actually trying things out - sometimes through failure. Business environments are obviously excluded, because system failure can turn into a disaster. On a personal computer, you can layer your protection and still have berth between those layers.
Backups are one thing. (external drives and online) System restore is another. They protect important data
after something fails. I don't believe that they should be passive processes. Malware can hide in backup files too, so I like to know what I have and need on my computer. When I have something important, I'm saving it somewhere else. No deep freeze.
Another voluntary line of defence is sandboxing. I'm using Sandboxie, which has some advanced settings that help me prevent infection. Removable drives and network files run sandboxed automatically, unless I choose to disable the feature with two clicks. This completely prevents spreading from infected flash drives. That's one of my main concerns, because I had problems a few years ago. Sandboxie is completely unintrusive and I can sync changes made inside a sandbox with a few more clicks.
If I run a more common kind of virus, I see the sandbox growing with edited executables. I delete the sandbox and carry on. I only sandbox programs that come from a more unusual place. I set it so that keygens and cracks will always be run into a sandbox with no access to the internet, to prevent and detect spyware. (I get a warning if something tries to access the internet)
This way I can also run and use infected files without worrying. Sometimes I can't get around that. In very (very) exceptional cases when I want to install complex software and try it out, I run it inside a virtual machine. It's a little slower, so I'm obviously not going to do this very often, but I have better control over "system snapshots" that way.
My first lines of defense are Avast, Security Essentials (which I don't know that well) and Chrome. I care more about my online security than a lot of the data on my laptop, so I invest more time into that. Chrome has some good features about script execution and I trust that.
Adding more antivirus software won't make that much a difference, because I'm doubling the allocated resources for an infinitesimal improvement. (most of their definitions match anyway)
It's not "absolute", but it's enough. Any more investment would cost me more time than fixing problems when they do arise. The fact that I can work very efficiently between these layers of protection is crucial. And it helps me better understand the weaknesses and exploit vectors.
I think everyone should consider working together with their computer, rather than asking it to do stuff and trusting it. That's because when something fails (and it probably will for most people) you know what goes on and aren't completely lost.
---
oh and I disabled "autorun.inf" on any drive. That's the most crippling thing I've done so far, but I can find the executable that needs to be run anyway. Inserted flash drives won't open the folder and clicking on their icon (or choosing context menu options) won't run the virus either. I completely forgot about this feature.
I'm always displaying system and hidden files and their extensions. That's probably the most important thing someone can do. Even more important than "preventing executables". If someone doesn't understand the basics, they'd probably select "allow" when double clicking on malware with an innocuous icon. Changing the default system icons can help there, but I didn't go that far.
Adding an executable to the whitelist can also be a vector for viruses. It's easy to change the file metadata, so checking the "modified date" of the file might not even work from Anti-Executable's perspective. IMO that program is fundamentally flawed and dangerous for those who don't completely understand it. Adding security in one place lowers it in others.. That's how humans work when they trust things. If it works for you, I congratulate
you, but I wouldn't recommend shortcuts to strangers. I got sidetracked when I mentioned that program in the previous paragraph...
