Anit-Virus and spy ware

rouchie

rouchie

Rising Star
Hi all, my new build is coming (eventually) with just the Microsoft Defender Package for Firewall and antivirus. I have previously been a bit belt and braces running Norton 360 and spybot. My question is will the Defender package cover all my needs or should I look at anthing else to keep my new beastie safe?
 
NoddyPirate

NoddyPirate

Grand Master
Windows Defender seems to get great reviews generally but does have a few holes in it according to some - but I think it's important to say that no AV program will cover you 100% - some sensible safe practices and careful browsing/handling of attachments, etc is the best policy.

Many here seem to suggest using MalwareBytes for the occassional scan to support Windows Defender over the long term.

FWIW - I have BitDefender - mostly for the parental control features - and I like it.....
 
D

Deleted member 41971

Guest
rouchie said:
Hi all, my new build is coming (eventually) with just the Microsoft Defender Package for Firewall and antivirus. I have previously been a bit belt and braces running Norton 360 and spybot. My question is will the Defender package cover all my needs or should I look at anthing else to keep my new beastie safe?
Click to expand...

a lot of internet security is common sense, i.e. not clicking on any dodgy links or open any unknown files or go to infected websites, windows defender and security has improved a lot and should cover the average user, malwarebytes has also a free edition where you can run a scan say once a week or whatever your needs etc with windows. Also, when needed patch software from windows or other programs as that closes holes as well as features for viruses to exploit.
 
ubuysa

ubuysa

The BSOD Doctor
Third party security products need to connect deep into the operating system, I suspect that many don't always limit themselves to documented APIs either. Using undocumented features often results in BSODs when a Windows update modifies the action of those undocumented features.

I've analysed several dumps on here for BSODs that were third-party security product related. If you're going to run one then be prepared for things to break in the future.

In any case, as mentioned, the biggest risk to any PC's security is the user.
 
B

Bigfoot

Grand Master
I have used Norton for many years and it has never caused me problems. Early versions used to hog resources, but nowadays I don’t notice. Some of the AV programmes installed at work by IT can be horrendous. In a previous company it took me 30 minutes to log on, as the AV grabbed the CPU and RAM.
 
NoddyPirate

NoddyPirate

Grand Master
Bigfoot said:
Why do you need to control your parents? Actually, having witnessed my mum using a laptop and iPad, I don’t really need to ask. I still think she hasn’t worked out that the screen is touch sensitive.
Click to expand...
Well, my mother is a talker and needs controlling. Although, she uses her hands when speaking so much that if we tie them behind her back she sounds quite muffled. My Dad is dead and I don't want him to come back and scare the kids just yet.

I'm hoping the software will help with both. Ad Blocker for her and Anti-Spyware for him.
 
Last edited:
ubuysa

ubuysa

The BSOD Doctor
Bigfoot said:
I have used Norton for many years and it has never caused me problems. Early versions used to hog resources, but nowadays I don’t notice. Some of the AV programmes installed at work by IT can be horrendous. In a previous company it took me 30 minutes to log on, as the AV grabbed the CPU and RAM.
Click to expand...
Fair enough, but you have to pay for it. Why would you pay for some add-on software when the built in software is plenty good enough and is free! :unsure:
 
S

Steveyg

MOST VALUED CONTRIBUTOR
No Anti-Virus on earth will save your computer from you.

Free Windows Defender is just as good as any of the other AV's on the market, except it's free with Windows so a no brainer when it comes to choosing.

At the end of the day you're the real threat to your own computer so it's important to learn and practice safe browsing
 
ubuysa

ubuysa

The BSOD Doctor
Having championed Windows Defender I'll 'fess up here.

I use Windows Defender for my anti-virus and anti-exploit needs - but I use Comodo Firewall as my firewall. I use this in preference to the Windows Firewall for three main reasons:

1. Comodo Firewall is so much easier to configure than the Windows firewall. Comodo has many options that aren't even available in the Windows firewall too (like all except the IP address/MAC address listed for example). It's very easy to see what rules are defined and the logs are very easy to use and understand as well. Like all firewalls though, the Comodo firewall requires a decent understanding of networking principles and addressing to use it well.

2. The Comodo firewall includes Comodo's groundbreaking containment technology and 'default deny' ethos. All unrecognised processes are run in containment (ie. in a sandbox) where all resource accesses are virtualised. This means that unknown processes cannot access real resources but neither do they know that they're running in a sandbox. This is genuine zero-day exploit protection and complete ransomware protection. Yes, containment takes some setting up and any new (and otherwise unknown) software you install will likely run in the sandbox at first, but it takes only a few seconds to mark it as trusted.

3. Comodo Firewall is free. You can pay for a 'supported' version but the full software is completely free.

TBH neither Comodo Firewall, nor the full Comodo Internet Security suite - which includes their anti-virus, is a tool for the basic non-technical user. This is very much a tool for those who have a pretty good understanding of how their network (and system) works and what protections are necessary and available.

On top of that I use Macrium Reflect to take an image of my system drive every night to an external drive and keep the last 7 system drive images (I use Syncback to synchronise my user data to the same external drive). The drive is on a USB controlled switch and I run a batch job each night that disconnects the network connection, powers on the external drive, runs the Macrium backup job, runs the Syncback user data backup job, disconnects the external drive and then reconnects the network. That way the drive is only online for the 10 minutes or so that it takes to run both backups and since the network is disconnected for that time, any ransomware infection I might get cannot 'phone home' for its encryption key and thus cannot encrypt my backup drive. The drive is also protected by the Defender Ransomware Protection just in case.

If I do ever get infected by anything, or even if I just suspect I may have been infected, I can restore any one of the last 7 days drive images (or my user data of course) and whatever was there is gone.

The 'best' security is security in depth, a multi-layered approach. My backup regime has been designed as a last ditch fail-safe means of securing both my system and my data. The only thing I'm not doing is keeping the backups off-site and to cover that hole I also use Google Backup and Restore to a (paid for) Google Drive to constantly keep all my user data in the cloud (sensitive personal data is encrypted on my PC in any case, so it's also encrypted in the cloud).

ubuysa's rule #1: you always pack your own parachute.
 
S

Steveyg

MOST VALUED CONTRIBUTOR
ubuysa said:
Having championed Windows Defender I'll 'fess up here.

I use Windows Defender for my anti-virus and anti-exploit needs - but I use Comodo Firewall as my firewall. I use this in preference to the Windows Firewall for three main reasons:

1. Comodo Firewall is so much easier to configure than the Windows firewall. Comodo has many options that aren't even available in the Windows firewall too (like all except the IP address/MAC address listed for example). It's very easy to see what rules are defined and the logs are very easy to use and understand as well. Like all firewalls though, the Comodo firewall requires a decent understanding of networking principles and addressing to use it well.

2. The Comodo firewall includes Comodo's groundbreaking containment technology and 'default deny' ethos. All unrecognised processes are run in containment (ie. in a sandbox) where all resource accesses are virtualised. This means that unknown processes cannot access real resources but neither do they know that they're running in a sandbox. This is genuine zero-day exploit protection and complete ransomware protection. Yes, containment takes some setting up and any new (and otherwise unknown) software you install will likely run in the sandbox at first, but it takes only a few seconds to mark it as trusted.

3. Comodo Firewall is free. You can pay for a 'supported' version but the full software is completely free.

TBH neither Comodo Firewall, nor the full Comodo Internet Security suite - which includes their anti-virus, is a tool for the basic non-technical user. This is very much a tool for those who have a pretty good understanding of how their network (and system) works and what protections are necessary and available.

On top of that I use Macrium Reflect to take an image of my system drive every night to an external drive and keep the last 7 system drive images (I use Syncback to synchronise my user data to the same external drive). The drive is on a USB controlled switch and I run a batch job each night that disconnects the network connection, powers on the external drive, runs the Macrium backup job, runs the Syncback user data backup job, disconnects the external drive and then reconnects the network. That way the drive is only online for the 10 minutes or so that it takes to run both backups and since the network is disconnected for that time, any ransomware infection I might get cannot 'phone home' for its encryption key and thus cannot encrypt my backup drive. The drive is also protected by the Defender Ransomware Protection just in case.

If I do ever get infected by anything, or even if I just suspect I may have been infected, I can restore any one of the last 7 days drive images (or my user data of course) and whatever was there is gone.

The 'best' security is security in depth, a multi-layered approach. My backup regime has been designed as a last ditch fail-safe means of securing both my system and my data. The only thing I'm not doing is keeping the backups off-site and to cover that hole I also use Google Backup and Restore to a (paid for) Google Drive to constantly keep all my user data in the cloud (sensitive personal data is encrypted on my PC in any case, so it's also encrypted in the cloud).

ubuysa's rule #1: you always pack your own parachute.
Click to expand...
There's packing your own parachute ..... and the there's packing 17 separate chutes positioned at different location during the drop in case anything might happen to one of the other 17 chutes.

I picture your house with the wall absolutely clattered in sticky notes of all the ways viruses could infect your system and then even more stickies with solutions to each of those threats haha

Jason Bourne isn't trying to access your computer mate
 

Attachments

  • tumblr_o16n2kBlpX1ta3qyvo1_1280.jpg
    tumblr_o16n2kBlpX1ta3qyvo1_1280.jpg
    137.4 KB · Views: 146
ubuysa

ubuysa

The BSOD Doctor
Steveyg said:
There's packing your own parachute ..... and the there's packing 17 separate chutes positioned at different location during the drop in case anything might happen to one of the other 17 chutes.

I picture your house with the wall absolutely clattered in sticky notes of all the ways viruses could infect your system and then even more stickies with solutions to each of those threats haha

Jason Bourne isn't trying to access your computer mate
Click to expand...
My user data is beyond value - so is yours I'd bet. :)

Having setup that backup regime it runs automatically every night without requiring any input from me - I just check that each backup has run clean each morning.

If you plan ahead and think about how you are going to ensure that you don't loose data and how you're going to recover after a malware event (or any other kind of problem) and then put automatic or semi-automatic procedures in place to implement those plans then there is no need of sticky notes to imagine all the ways you could be infected. I have carefully selected the security tools that I use to defeat any malware and/or any screw-ups on my part ensuring (as much as I can) that there are no single points of failure and that my protection is multi-layered. Finally I have a redoubt where I have planned to make my last stand and that's the nightly backup routines to an HDD that is usually offline.

"You always pack your own parachute" was a mantra we used when I was a senior sysprog in large IBM mainframe data centres, where in excess of 5000 mostly customer-facing users will go offline if you screw up. That's where you really learn the five-Ps - Proper Planning Prevents Poor Performance. It's better to spend many hours now putting in place tools and procedures to protect your system and data than to spend a lifetime crying over irreplaceable data that you lost. ;)
 
S

Steveyg

MOST VALUED CONTRIBUTOR
I'm just poking fun mate, I go for the multiple back ups in different locations route for anything I deem important.

Everything else can get wiped. Inconvenient at times but nothing I can't get back to quickly with appropriate backups
 
rouchie

rouchie

Rising Star
Bigfoot said:
I have used Norton for many years and it has never caused me problems. Early versions used to hog resources, but nowadays I don’t notice. Some of the AV programmes installed at work by IT can be horrendous. In a previous company it took me 30 minutes to log on, as the AV grabbed the CPU and RAM.
Click to expand...
Thanks, I agree but am moving away from Norton 360 purely because the advice I am getting says Windows built in security is as good/ better and free!
 
You must log in or register to reply here.
Top