Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2]

Author Topic: what security software for Windows 10?  (Read 912 times)

chenks

  • Reg Member
  • ***
  • Posts: 544
Re: what security software for Windows 10?
« Reply #15 on: December 07, 2018, 10:36:45 AM »

first question i would is... how much where the magazine paid to produce the article?
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2863
Re: what security software for Windows 10?
« Reply #16 on: December 07, 2018, 03:42:21 PM »

Good point that, I suppose all 13 different companies clubbed together  :lol:
Logged
Formerly restrained by ECI and ali,  now surfing along at 388/21  ;D

chenks

  • Reg Member
  • ***
  • Posts: 544
Re: what security software for Windows 10?
« Reply #17 on: December 07, 2018, 03:45:16 PM »

only has to have been one company to have skewed the whole result.
the fact that they even dare to mention "Norton" is enough to think the tests they ran are poor at best !
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 5496
Re: what security software for Windows 10?
« Reply #18 on: December 07, 2018, 06:54:28 PM »

My issue with these tests is it involves a person manually running malware exe on their computer with admin rights.  Which is just stupid.  Yes stupid people exist on the internet, but the tests need to be realistic.

The security business on PC's is a huge market its absolutely massive.  I think most of it is based on hype and fear.  We are led to believe things like drive by infections are really common, and that bad common sense is only a small factor.  e.g. People sell anti ransomware software that costs in excess of £40 a year for just one single device, so think about it, over 5 years you spend £200 on something that has a very small "chance" it will save you say £200 on a ransom, its an expensive form of internet insurance.  If you was protecting say 3 family devices that would be £600 over 5 years.

I think its very telling that in the past on security forums I often used to see a person post saying he got infected how to remove etc. and me and others were obviously curious and would ask how he/she got infected in the first place, 9 times out of 10 they would vanish probably too embarrassed to say they downloaded a dodgy exe of the internet and just ran it.  The other 1 time out of 10 usually confirmed that.  I think the most realistic danger is from email attachments, and a lot of modern anti virus no longer even scans emails anymore from programs like outlook as they consider webmail to be the thing now, e.g. emsisoft doesnt do it.  This was what motivated me to do my "free" protection write up for kitz which I hold my hands up is still not published sorry.

We really need to have people using restricted account as a default thing, in linux you dont login as root and do your daily browsing on that account.  Linux also doesnt have executables routinely run from its temp folder, windows is a complete mess right now in terms of file isolation, so many updater's, and installers run from the temp folder which is horrible security practice, its a sane security policy to block all executable's in writable folders, but made difficult by what these app developers are doing, this includes the user profile folder which is meant for user data not program binaries.  I even have started seeing binaries been placed in the ProgramData folder.

Also there is probably at least some links between people involved in security software and malware authors themselves, what better way to sell your software than to make some kind of malware to build up demand for it.
« Last Edit: December 07, 2018, 06:57:50 PM by Chrysalis »
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3762
Re: what security software for Windows 10?
« Reply #19 on: December 07, 2018, 09:01:00 PM »

An important thing to remember when deciding whether to install any “security” software is that it may, itself, cause problems.   The problems can be minor, such as false positives in virus scans, or more major, such as interfering with proper operation of essential system software.

Of course, it may also save you from viruses, malware and nasties.

The word “may” appears in both scenarios, it might never happen.   But in my own experience, the first “may” is pretty much a dead certainty, whereas the second “may” is quite unusual.  Ie it nearly always causes more problems than it solves.   Just my opinion. :)
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 5496
Re: what security software for Windows 10?
« Reply #20 on: December 07, 2018, 09:43:49 PM »

I would say problems are far more likely then it actually preventing a infection, I agree with you on that 100%.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

highpriest

  • Reg Member
  • ***
  • Posts: 237
Re: what security software for Windows 10?
« Reply #21 on: December 08, 2018, 10:53:09 AM »

An important thing to remember when deciding whether to install any “security” software is that it may, itself, cause problems. The problems can be minor, such as false positives in virus scans, or more major, such as interfering with proper operation of essential system software.

A lot of commercial AV software does MitM to scan for malware in encrypted connections.

https://news.ycombinator.com/item?id=10727431
https://www.itpro.co.uk/security/29665/does-antivirus-software-do-more-harm-than-good/page/0/1

From that IT Pro article:

Quote
"However, users who were running antivirus software or were behind some corporate/university firewalls observed ERR_CONNECTION_CLOSED errors," he adds. "They were not able to access the site at all. Inspecting packet transmissions with Wireshark revealed that the connection was being downgraded to TLS 1.1. This is highly suspicious since the site supported HTTP/2 which requires TLS 1.2.

"Bizarrely, disabling antivirus or going off-campus made it possible to connect to the site using the exact same computer and browser."
It became clear that the antivirus program – in this instance, Avast, although Holt's previously had issues with AVG, Kaspersky and others – and university firewalls were severing the TLS connection, then creating their own between them and the server so they could decrypt the traffic in between.

"Unfortunately, the TLS stack used by the firewall and the antivirus programs were outdated and did not support modern protocols or cipher suites. This not only broke the connection in this case and many others, but compromised the security of all other HTTPS connections it made, even if the server supported more secure configurations that the browser would have preferred!" he explains.

For me personally, it is unacceptable that a third party software is allowed to weaken my browser's security.

Also from that article:

Quote
But what about the rest of us? We asked resident security guru Davey Winder for his thoughts. "Remember, all software has bugs. Would I suggest you don't use any AV software? No, of course not. Similarly, I wouldn't suggest you reply upon any antivirus software alone to protect your networks and data. A multi-layered security posture is the way forward for most people, most of the time; and antivirus remains a valid layer within that posturing."
Logged
Zen | Zyxel VMG8324-B10A (with RFC4638 patch) | EdgeRouter PoE | UniFi AP AC Pro + Lite

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 5496
Re: what security software for Windows 10?
« Reply #22 on: December 08, 2018, 11:46:31 AM »

Yeah I have tried to warn about it as well, nod32 e.g. does it.  Its a big no no.

The good news is I can see nod32 is preparing a better system, as they have implemented javascript scanning as a separate function in the latest version and I expect that will replace its MITM scanning next year probably if they have any sense.  Luckily the MITM can be disabled.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2863
Re: what security software for Windows 10?
« Reply #23 on: December 08, 2018, 04:57:48 PM »

Which AV does not do MITM scanning?

I like Davey Winders articles in PC Pro (he did not write the AV article), they are always interesting.
Logged
Formerly restrained by ECI and ali,  now surfing along at 388/21  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 5496
Re: what security software for Windows 10?
« Reply #24 on: December 08, 2018, 11:26:59 PM »

emsisoft doesnt, at least not for http/https. instead they filter known malware sites on dns name, rely on traditional file access scanning and detect malware type behaviour from behaviour analysis.  If I have a a/v deployed, I nearly always disable http/https scanning.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2863
Re: what security software for Windows 10?
« Reply #25 on: December 10, 2018, 06:44:05 AM »

Thanks Chrysalis.

Just been reading some more of that pcpro article it turns out that they didn't actually test the AV software themselves, they took results from the most recent tests from av-comparitive.org and av-test.org combined them and took the averages. I suppose like everything it's the authors interpretation of the results.

Logged
Formerly restrained by ECI and ali,  now surfing along at 388/21  ;D
Pages: 1 [2]
 

anything