Old School AV without cloud?

[remm]

Anyone know of a free, lean, AV that is not full of useless features that have to be disabled, and does not use cloud services, or where you can disable them?

What about BD free? Does it use cloud svc? Or can they be disabled?

Have been using AVAST but ever since the W7 SP1 update, it has caused extremely slow boots. (Re-installing, etc did not help and I only have 3 programs run at startup, AVAST, Comodo and Stickies. AVAST is the problem as without AVAST boot is 42sec.) TIA.

 

[Tookeri]

I'm not updated on MSE but I don't think that uses cloud services as much as some other AV's. I know there are lots of people using MSE here so they will be able to give you a better answer.

Personally I wouldn't use an AV without a cloud service. You need the information in the cloud for a good protection. I think the HIPS functionality in an AV is very important, and that wouldn't work without the cloud.
But I prefer non-free AV's simply because I think the paid ones offer better protection, so I'm probably not the best person to give you advice here.

 

[remm]

I'm not updated on MSE but I don't think that uses cloud services as much as some other AV's. I know there are lots of people using MSE here so they will be able to give you a better answer.

Personally I wouldn't use an AV without a cloud service. You need the information in the cloud for a good protection. I think the HIPS functionality in an AV is very important, and that wouldn't work without the cloud.
But I prefer non-free AV's simply because I think the paid ones offer better protection, so I'm probably not the best person to give you advice here.

Thanks for the reply... I should have said "except MSE" Not a fan of MS (except for the OS and Word).

HIPS has been around much longer than cloud services. Anything that can be done in the cloud can be done locally. I respect you prefer to use cloud services for your AV protection but some don't. Thanks again for the feedback though, appreciate it!

 

[Tookeri]

No, I can't agree with you there. Some cloud functionality won't work only locally. Examples: web protection that checks every site you visit in the cloud. And checking programs during launch to get reputations from the cloud. Even though the AV scans with real-time, I want it to check its reputation from the cloud and warn me if the program isn't considered "trusted" = known as safe and is used by many others.

These kinds of functions won't work locally because it's impossible to store and update information on every client computer about all web sites + all programs and versions that exist.

 

[remm]

No, I can't agree with you there. Some cloud functionality won't work only locally. Examples: web protection that checks every site you visit in the cloud. And checking programs during launch to get reputations from the cloud. Even though the AV scans with real-time, I want it to check its reputation from the cloud and warn me if the program isn't considered "trusted" = known as safe and is used by many others.

These kinds of functions won't work locally because it's impossible to store and update information on every client computer about all web sites + all programs and versions that exist.

And those are the exact functions I disable. I don't want websites checked, or program reputations checked. Just scan the file and that's good enough. Everyone is entitled to their opinions and preferences. And everyone has their own reasons for their opinions and preferences.

Just looking for an old school AV... if one exists anymore...

 

[Tookeri]

And those are the exact functions I disable. I don't want websites checked, or program reputations checked. Just scan the file and that's good enough. Everyone is entitled to their opinions and preferences. And everyone has their own reasons for their opinions and preferences.

Just looking for an old school AV... if one exists anymore...

I hear you and I respect that! Sorry that I misunderstood. Hopefully others can give you advice on this.

 

[Alejandro85]

"The cloud" is more of a marketing lie from AV vendors more than a reality. Actually, if you examine them carefully you'll find that almost every function of it works locally, using "the cloud" for fetching updates of signatures. Naming cloud sounds so much futuristic and non tech-savvy people are fooled into thinking it's superior, while it's technology we we're using since many years ago.

Regular filesystems scans work entirely local (making it "cloud" means uploading your entire HD, which will take ages and ruin privacy). Website protection uses a kernel-mode driver to route all internet traffic though the antivirus for scanning before allowing it. Again 100% local. WOT like, reputation-based "scan" uses mostly a locally cached DB to block DNS requests, that data is fetched during the regular DB update, not on-demand.

The only thing that completely requires "the cloud" is signatures update, a totally reasonable request. The AV downloads signature files from the vendor server and adds them to a local database for use in subsequent scans. That's nothing new, such methods were available since years ago!

Now, about particular products. In that sense, MSE is more like what you want. It's extremely simple, with very few features, about only file scans, updates, real-time protection and that's about it. Very lean program. Bad thing about it is that it has normally poor detection rates compared with other AVs.

 

[NimoTony]

"I only have 3 programs run at startup, AVAST, Comodo and Stickies."

I run Comodo 'free' AV--you already have Comodo--Comodo what? AV, firewall ??(running Avast and Comodo might be the problem)

I am running Comodo 5.5.195786.1383 and it works perfectly--boot time is approx 30 seconds

 

[Tookeri]

"The cloud" is more of a marketing lie from AV vendors more than a reality. Actually, if you examine them carefully you'll find that almost every function of it works locally, using "the cloud" for fetching updates of signatures.
...
Website protection uses a kernel-mode driver to route all internet traffic though the antivirus for scanning before allowing it. Again 100% local.

I don't know what AVs and cloud services you're describing, but it's not my AV. Sure, it works locally, but it asks the cloud for information and that information is used to determine what action to take. If the could connection can't be established, it's not uncommon that extra precaution is taken. F-Secure Security Cloud

 

[Alejandro85]

It's a different name for the same thing!!!!!!!
We already know technologies like that since the last decade, if not more, but now they name it "ask the cloud for information" instead of "update virus signature database from our servers" that has been so widely used in the 90s and 2000 decades.

The only different thing I can get from all is that data is collected from users and reputation is added to their databases, but they barely mention how to figure out is it's malicious or not. My guess is that data is collected from your installed programs and visited websites and their own (traditional, signature and heuristics based) analysis results are uploaded.
That's the only novelty, a signature database with counters on how many users use it and have it infected. At most, more frequent updates, perhaps real-time if bandwidth and CPU cycles allow, hardly a different paradigm, but minor tweaks over long existing methods.

BTW, do you really know what kind of info is being sent about you? Having such spyware piece running on my PC is not something I would like. Everyone has "good intentions", but it's freaking to have something collecting potentially private data about you without you realizing (or worse, with you approving).

 

[Tookeri]

What you think is a "spyware piece" I think is a great security feature, so I think we have to agree to disagree
Isn't it great that information from other users can help you, assuming the information is anonymous?! But if you can't trust that it's anonymous then I would be very skeptical too.

I think this is more a question of trust. I don't trust that many companies but I fully trust my AV company and I've been following everything they do for a long time, and they've been around longer than most other AV companies. I know from local logs and through support contact how my privacy is treated, what's logged and not, for example my visited web sites are never logged not even locally, and I know that the same privacy policy apply for the cloud. This is a good explanation: Doing threat analysis big data while preserving user privacy

I've had issues where I contacted support to help me troubleshoot them, but because my information is anonymous all collected data on me is useless. It's bad for my troubleshooting, but good considering privacy. And I rather have it that way than the other way around.
My AV company have always been very open with how they handle privacy and that's one of the reasons why I chose them. I don't follow other AV companies as close as my own, so I can't say if this applies to all.

PS. sorry @remm that we continue this OT discussion

 

[Callender]

Privacy issues

Well this is interesting. I've always assumed that my security software knows what sites I've visited and what I've downloaded.

You could take a look at this comment from SuperAntiSpyware staff that explains what happens regarding privacy when they collect a users data:

SAS Privacy

That's not to suggest that all security software providers do the same thing!

 

[Tookeri]

That's good, but different from my examples. First, it says nothing how connections to their server are logged, only the data itself. Second, the information was posted on this forum instead of posting a link to the SAS web site so you can confirm it.

When it comes to security and privacy I believe being skeptical is a good thing

 

[remm]

Sorry I have been absent. I had family visiting for a week and got side-tracked.

I appreciate the replies. And I understand the distinction Alejandro makes about basically using the cloud like a server to fetch updates, rather than the traditional cloud model where the clent's info is uploaded into the cloud. However, I don't believe we can assume every AV vendor is using their cloud services the same way, and from a general article I read about AV cloud services last week, what the AV does is either:

1. upload copies of files off the client to scan in the cloud OR...
2. generate sig files from the client's files so that the actual file is not copied or upload, only the sigs... then the sigs are compared against the viral db in the cloud, saving local resources on the client the trouble of doing the actual scanning.

In the latter case the AV who uses sigs also noted that when offline a parial db of the most threatening infections is cached locally so that the AV can continue to do an adequate job offline, though not as effective as when online.

Now I have two issues:

1. I don't want my files OR sigs from my files uploaded anywhere, for any reason. To me, it's an issue of privacy. I like to exercise my right to privacy in all instances I can, not because I have anything to hide but b/c I have something to protect... that RIGHT to privacy. I do not use HTML-enabled mail or Web services... I use an email client and encrypt all mail... I don't use social networking... I studied online privacy from 1995-2000 and I know from history we cannot trust anyone online to do anything they are saying... and the laws run behind the need, so there is little to no oversight as technology pushes forward.

Also, even if I didn't care a whit about privacy and was fine with uploading my entire life to the cloud, I spend a lot of time offline, working on my computer and I want to use a traditional AV model that uses my own resources and a full db to do as good of a job offline as on.

I also don't want any "Web modules" like Web rep or phishing 'protection' b/c all this amounts to some company with the ability to log everywhere you go online as you "volunteer' this info when you agree to use these services that are useless anyway. (And yes, I am aware of companies like double-click that have Web bugs on every site and compile profiles, but I have an edited host file that keeps my browser from connecting to such sites, and I block Web bugs, ads, scripts, etc.) To each his/her own.

Also don't want a FW in my AV... I use Comodo FW. I like one program that does one thing, and does it well. So just looking for a simple AV. That's it. No bells and whistles. I am guessing there is no such software like this anymore that is up to date. Form has won out over substance.

Thanks again, guys.

 

[Tookeri]

I tried searching but mostly found old posts with instructions for only updating definitions offline. And being a few years old I'm not sure it's still relevant.

You're looking for an AV with real-time scanning right? If you spend a lot of time offline maybe there's no need for it?! There is an AV without real-time scan that requires the user to manually scan files: Free Antivirus for Windows - Open source GPL virus scanner but that's probably not what you're looking for.....

Another thought is to use your firewall to try to find out and only allow the connections for the AV to update the definitions. And not allow any other connections. At least in theory it should work.

I think what you're looking for might be as hard to find as a new car without all modern electronics all cars seem to have these days

Finally, one more privacy example of my AV company: they have a privacy VPN app that a user got a campaign code to try for free and the user needed to reinstall the app after a phone update and lost subscription time. The answer: we avoid collecting any data that could be used to identify our users, the campaign code isn't linked to app store usernames or IDs, sorry for the inconvenience source
That's how I want it, privacy as prio 1

 

[Callender]

Possible Solution

Well I use a few on demand scanners in addition to my installed AV and one of those is:

Crystal Security

I use the portable version with real time protection disabled. However it's also possible to enable protection and start with windows. It does use cloud scanning but if you block the single executable with your firewall it will disable cloud scanning and the program will only query the internal database when scanning.

Information:

Fully integrated Internal database - Active protection and Checkup
Each detected potentially dangerous file is analyzed with Internal and Cloud database.

Program is able to continue work successfully without any network and cloud connection.

Cloud detection is by VirusTotal and Internal database is by Malc0de and ThreatCenter.

Easily enable/ disable protection whenever you like.

There's a checkbox available to disable uploading of files anyway.

Downside: It's highly configurable but digging through the settings isn't easy.

Since you don't wan't additional cloud protection I'd suggest running it alongside a program like:

Universal Spyware and virus tracker

It will monitor system folders and any other locations that you specify for any new EXEs or DLLs that are created or modified with the option to quarantine files if required.

 

[oneeyed]

Someone already mentioned Microsoft Essentials as a good fit for what you are asking. And I have to second that. It's a good solution to have as your real-time protection.

If you want another scanner for a second opinion, mainly when you install new programs, or transfer new documents (emails, usb key, etc...). You're better off using something like VirusTotal or Jotti.

Both allow to upload files for them to be scanned. It is similar to the cloud feature you don't like, but it's manual so you can choose which files you want to send, not automatically dumbed down like cloud AVs. Moreover both services use a pool of AVs (50+ for VirusTotal, 22 for Jotti) with the latest virus signatures definitions. It is much safer than having only 1 or 2 local scanners.

VirusTotal also allows you to scan based on the hash of a file. This allows you to bypass the 64MB upload limit and is also better for privacy. If the hash is already in its database it will show you the latest scan on the original file.

Apart from that, there are other solutions that work well as on-demand scanners, to be used locally as an aide for your main AV. If they connect to Internet, it's only for signatures updates, some don't even have that feature and you'll need to reinstall the app (or its virus definitions) regularly by yourself. Most of them can also be found as portable apps (Portable Antivirus Firewall | Category) which don't need any install and can be run from usb/external drive :
ClamWin
Microsoft Safety Scanner
Kaspersky Virus Removal Tool
Dr. WEB CureIt!
McAfee Stinger
Emsisoft Emergency Kit Scanner

Some are advertised as removal tools, but they are actually regular scanners (old school like you said) based on the same engine and virus signatures as the full security suites. They just don't include all the fancy features (real-time protection, cloud, etc...).

N.B: I tend to also agree with what Alejandro85 said. The "cloud" is mostly marketing hype.

 

[Tookeri]

I think I've forgot to mention my own "hack" to check files on both VirusTotal and HerdProtect(68 AVs) without uploading any files or installing any program:

VirusTotal+HerdProtect - Check Files with Simultaneously using Send To context menu

 

[remm]

@Tookeri, Callender and oneeyed: Thanks very much for spending so much time with those suggestions. I am so sorry I got waylaid again. I looked into some of these and will see what I end up doing. You're right, Tookeri - looking for an old school AV is like looking for a new car without electronic gadgets.

Appreciated your time, all of you. Thanks again!

 

[andrew129260]

This should answer most peoples questions about what an AV software collects:

http://www.av-comparatives.org/wp-content/uploads/2014/04/avc_datasending_2014_en.pdf