Kitz Forum
Computer Software => Windows 10 => Topic started by: bob.gas on November 14, 2018, 02:29:26 PM
-
As title.....
What security software are you all using for windows 10 please?
-
the stuff that comes built-in with windows 10.
no need for anything else.
that and common sense does the job.
-
At the end of the day Windows defender and a good backup plan....
-
I certainly wouldn't be relying on Windows Defender and common sense, that's just asking for trouble, better than nothing but there are better options.
In independent tests Windows Defender detects less viruses than good free antivirus protection, and as for common sense a lot of computer uses don't have it. My wife recently clicked a link that was highly suspect and luckily blocked by Avast, my children are a bit better.
https://www.alphr.com/security/6745/best-free-antivirus?amp
-
Thanks for the input guys.
I have Avast, Malwarebytes and Super antivirus, so probably stick with that for now.
-
I certainly wouldn't be relying on Windows Defender and common sense, that's just asking for trouble, better than nothing but there are better options.
In independent tests Windows Defender detects less viruses than good free antivirus protection, and as for common sense a lot of computer uses don't have it. My wife recently clicked a link that was highly suspect and luckily blocked by Avast, my children are a bit better.
https://www.alphr.com/security/6745/best-free-antivirus?amp
It was your wife that was lacking the common sense, not the computer.
I've never used anything other than what I said, and never had any issues.
-
the stuff that comes built-in with windows 10.
no need for anything else.
that and common sense does the job.
This, always.
-
It was your wife that was lacking the common sense, not the computer.
I've never used anything other than what I said, and never had any issues.
Yes it was, but it's users that use computers, not computers using computers ;)
The majority have probably never had any issues, doesn't mean it will carry on that way, especially if any of the users are not tech savvy and there not as well equipped to spot something dubious.
I've never had any issues driving a 44t artic, I would not recommend the average forum user jumps in one takes it for a spin though ;)
-
Yeah to be fair ronski common sense is mostly all you need, your wife no offense was lacking it by clicking the link.
Windows defender I am not a fan off because of its habit of running background scans which is stupid, but in the latest windows 10 it has some very good anti malware technology that beats a lot of commercial solutions that are aimed at home users. If you on build 1803 or newer, goto the security dashboard and check "core isolation" also check "app and browser control" and then in that section "exploit protection", the latter is what used to be EMET, but is now integrated into windows defender. It sadly doesnt come with hardly anything preconfigured, so out of the box doesnt do a whole lot, but if configured right it will be practically impossible to penetrate. By default CFG etc. will protect windows binaries but rules can be created to protect browsers and other binaries. I am still waiting for the day Windows enables Applocker for consumers and also has pre configured rules for it aswell, but they really want to keep that one for enterprise only. :(
An example today I got a paypal email telling me my account was restricted, all I had to do was look at the sender yep its a spoof, common sense, also hover over the link reveals the true destination without having to click it.
Avast isnt too bad, but for it to work really well, I would enable the hardened mode and put it in the normal (not agressive) setting, in that mode, anything not verified as whitelisted needs manual overide to be executed on the system, its not convenient, but its powerful in that mode.
-
Our common sense is a whole lot better than the average person's common sense. My wife's common (computer) sense isn't that bad, but when she's tired she's less likely to notice something untoward.
Edit: Typo's
-
I use Avast and its served me well for years.
But when I look at Avast's reporting logs the web protection part i.e. if I click on a bad link and it blocks it, as only ever been activated once or twice over a 12 month period.
The reason I like Avast is the feedback forum they have. So if you have any problem you can leave them a message on the forum and they will reply sometimes within 10 minutes. They are very hands on.
-
some info on hardened mode here, moderate is the better sub mode.
https://forum.avast.com/index.php?topic=142172.0
-
I certainly wouldn't be relying on Windows Defender and common sense, that's just asking for trouble, better than nothing but there are better options.
In independent tests Windows Defender detects less viruses than good free antivirus protection, and as for common sense a lot of computer uses don't have it.
Not true. Windows Defender is not the most performant (https://www.av-comparatives.org/tests/performance-test-october-2018/) AV software out there, but it does admirably well in real world protection tests.
https://www.av-comparatives.org/comparison/
https://www.av-comparatives.org/tests/real-world-protection-test-october-2018-factsheet/
Free versions of both AVG and Avast led to compromised systems.
In their most recent test, only Bitdefender, Panda, F-Secure and Trend Micro matched Windows Defender in blocking 100% of threats.
https://www.av-test.org/en/antivirus/home-windows/
https://www.av-test.org/en/antivirus/business-windows-client/
It's ranked fifth best for business users (sorted by Protection). At work we use the managed variant of Defender (SCEP) on some servers and a large percentage of the client estate and it works just as well as our other AV product, which is from one of the top vendors in the Enterprise AV space.
the stuff that comes built-in with windows 10.
no need for anything else.
that and common sense does the job.
This.
At work, it took many, many years and a relentless campaign of education to get our users to think about security differently and that has made the biggest (positive) impact.
-
While we're at it don't use an administrator account for normal usage. A standard user account is fine.
The idea of 'common sense' is comforting but no-one is perfect and people can and do make mistakes - even those relatively aware of such matters. Many people consider a computer a tool and have better, in their opinion, things to do than spend a while learning how to stay relatively safe online.
There are instances where common sense will be of no use, of course, and there will be no antivirus definitions for the exploits. In those instances monitoring the behaviour of software by running it in a sandbox is about the best that can be done though this comes with an extensive performance penalty.
Much of the paid-for software is no better than Defender, though, not least because Microsoft of course have access to all those lovely undocumented APIs and can use them to monitor the behaviour of applications more deeply.
-
DUMP WINDOWS SECURITY NOW. 13 rival suites that put Windows Defender to shame
That's on the cover of PC Pro's January 2019 magazine, and the article inside starts as follows.
DUMP WINDOWS DEFENDER NOW
Are you still relying on Windows 10 built in antivirus tool? Sure it's better than nothing, but if you think it's just as good as any other suite we've news for you. This month, we pit Windows Defender against alternative solutions from big names such as AVG, Kaspersky and Norton. We weigh up how effective each one is at blocking viruses and compare ease of use and performance. As the results make clear, there's a big difference between the best and worse packages out there and we hope it's not giving too much away to reveal that not for the first time Windows Defender comes dead last.
Make of it what you will.
-
first question i would is... how much where the magazine paid to produce the article?
-
Good point that, I suppose all 13 different companies clubbed together :lol:
-
only has to have been one company to have skewed the whole result.
the fact that they even dare to mention "Norton" is enough to think the tests they ran are poor at best !
-
My issue with these tests is it involves a person manually running malware exe on their computer with admin rights. Which is just stupid. Yes stupid people exist on the internet, but the tests need to be realistic.
The security business on PC's is a huge market its absolutely massive. I think most of it is based on hype and fear. We are led to believe things like drive by infections are really common, and that bad common sense is only a small factor. e.g. People sell anti ransomware software that costs in excess of £40 a year for just one single device, so think about it, over 5 years you spend £200 on something that has a very small "chance" it will save you say £200 on a ransom, its an expensive form of internet insurance. If you was protecting say 3 family devices that would be £600 over 5 years.
I think its very telling that in the past on security forums I often used to see a person post saying he got infected how to remove etc. and me and others were obviously curious and would ask how he/she got infected in the first place, 9 times out of 10 they would vanish probably too embarrassed to say they downloaded a dodgy exe of the internet and just ran it. The other 1 time out of 10 usually confirmed that. I think the most realistic danger is from email attachments, and a lot of modern anti virus no longer even scans emails anymore from programs like outlook as they consider webmail to be the thing now, e.g. emsisoft doesnt do it. This was what motivated me to do my "free" protection write up for kitz which I hold my hands up is still not published sorry.
We really need to have people using restricted account as a default thing, in linux you dont login as root and do your daily browsing on that account. Linux also doesnt have executables routinely run from its temp folder, windows is a complete mess right now in terms of file isolation, so many updater's, and installers run from the temp folder which is horrible security practice, its a sane security policy to block all executable's in writable folders, but made difficult by what these app developers are doing, this includes the user profile folder which is meant for user data not program binaries. I even have started seeing binaries been placed in the ProgramData folder.
Also there is probably at least some links between people involved in security software and malware authors themselves, what better way to sell your software than to make some kind of malware to build up demand for it.
-
An important thing to remember when deciding whether to install any “security” software is that it may, itself, cause problems. The problems can be minor, such as false positives in virus scans, or more major, such as interfering with proper operation of essential system software.
Of course, it may also save you from viruses, malware and nasties.
The word “may” appears in both scenarios, it might never happen. But in my own experience, the first “may” is pretty much a dead certainty, whereas the second “may” is quite unusual. Ie it nearly always causes more problems than it solves. Just my opinion. :)
-
I would say problems are far more likely then it actually preventing a infection, I agree with you on that 100%.
-
An important thing to remember when deciding whether to install any “security” software is that it may, itself, cause problems. The problems can be minor, such as false positives in virus scans, or more major, such as interfering with proper operation of essential system software.
A lot of commercial AV software does MitM to scan for malware in encrypted connections.
https://news.ycombinator.com/item?id=10727431
https://www.itpro.co.uk/security/29665/does-antivirus-software-do-more-harm-than-good/page/0/1
From that IT Pro article:
"However, users who were running antivirus software or were behind some corporate/university firewalls observed ERR_CONNECTION_CLOSED errors," he adds. "They were not able to access the site at all. Inspecting packet transmissions with Wireshark revealed that the connection was being downgraded to TLS 1.1. This is highly suspicious since the site supported HTTP/2 which requires TLS 1.2.
"Bizarrely, disabling antivirus or going off-campus made it possible to connect to the site using the exact same computer and browser."
It became clear that the antivirus program – in this instance, Avast, although Holt's previously had issues with AVG, Kaspersky and others – and university firewalls were severing the TLS connection, then creating their own between them and the server so they could decrypt the traffic in between.
"Unfortunately, the TLS stack used by the firewall and the antivirus programs were outdated and did not support modern protocols or cipher suites. This not only broke the connection in this case and many others, but compromised the security of all other HTTPS connections it made, even if the server supported more secure configurations that the browser would have preferred!" he explains.
For me personally, it is unacceptable that a third party software is allowed to weaken my browser's security.
Also from that article:
But what about the rest of us? We asked resident security guru Davey Winder for his thoughts. "Remember, all software has bugs. Would I suggest you don't use any AV software? No, of course not. Similarly, I wouldn't suggest you reply upon any antivirus software alone to protect your networks and data. A multi-layered security posture is the way forward for most people, most of the time; and antivirus remains a valid layer within that posturing."
-
Yeah I have tried to warn about it as well, nod32 e.g. does it. Its a big no no.
The good news is I can see nod32 is preparing a better system, as they have implemented javascript scanning as a separate function in the latest version and I expect that will replace its MITM scanning next year probably if they have any sense. Luckily the MITM can be disabled.
-
Which AV does not do MITM scanning?
I like Davey Winders articles in PC Pro (he did not write the AV article), they are always interesting.
-
emsisoft doesnt, at least not for http/https. instead they filter known malware sites on dns name, rely on traditional file access scanning and detect malware type behaviour from behaviour analysis. If I have a a/v deployed, I nearly always disable http/https scanning.
-
Thanks Chrysalis.
Just been reading some more of that pcpro article it turns out that they didn't actually test the AV software themselves, they took results from the most recent tests from av-comparitive.org and av-test.org combined them and took the averages. I suppose like everything it's the authors interpretation of the results.
-
whats the situation now is windows 10 built in defender enough or free avg anti virus software any good?
-
As I mostly use Linux I have automatically updated IP blocklists on the router, use Firefox, Windows 10 stock when I need it and a monthly automatic scan on my NAS just in case anything dodgy got through.
I'm of the opinion that security software causes more problems than it solves.