Anti-virus and anti-malware programs?

[rojo]

I agree, and that is also the advice of my IT Bro-In-Law. He has actually abandoned AV s/w as early as WinXP.

He says "unless you are downloading things that you should not be downloading, the risk is minimal and any benefit of AV is not worth the use of CPU resources".

Of course, I am talking about his personal computers.....for his job he has AV s/w to protect the fools from themselves.

Now, for people that may be a little less tech-savvy and less likely to be able to recognize suspicious websites, links, emails, etc, a decent (low resource) AV program is likely still a good idea.

This is horrible advice. You wouldn't send your kid to public school without booster shots would you? Running a Windows PC online without virus protection is basically the same thing. You might be OK if everyone around you is protected, but you just as easily might not. Your PC is at risk of spreading the next 0-day worm attacking an unpatched vulnerability. Machines with a virus scanners are also at risk of this, but to a much lesser extent. At least there's a chance that the virus scanner's heuristic engine will detect and stop the wormy behavior. Microsoft doesn't get everything right, but their decision to force Windows Defender to stay active on machines without 3rd party antivirus software was a good one.

 

[slipperybidness]

This is horrible advice. You wouldn't send your kid to public school without booster shots would you? Running a Windows PC online without virus protection is basically the same thing. You might be OK if everyone around you is protected, but you just as easily might not. Your PC is at risk of spreading the next 0-day worm attacking an unpatched vulnerability. Machines with a virus scanners are also at risk of this, but to a much lesser extent. At least there's a chance that the virus scanner's heuristic engine will detect and stop the wormy behavior. Microsoft doesn't get everything right, but their decision to force Windows Defender to stay active on machines without 3rd party antivirus software was a good one.

Again, if you are wise with your browsing, the links that you click, and your email, then the risk tends to be minimal, especially with the newer Win10. Yes, there is still risk, and yes there is still risk even if you run AV s/w.

If you are not wise in this regard, or you have children or a spouse that is not wise in this regard, then do yourself a favor and install 3rd party AV s/w.

I know people that have abandoned 3rd party AV s/w for over a decade and have yet to get a virus or ransomeware. I know people that pay good $ for AV s/w that have been infected. YMMV

 

[AcuDefTechGuy]

Better safe than sorry.

I use the free AVAST on all my PCs and MacBook.

It doesn't appear to be slowing down my computers. If it is slowing down the computers, it must be very insignificant because I don't notice the computers slowing down.

 

[rojo]

Again, if you are wise with your browsing, the links that you click, and your email, then the risk tends to be minimal, especially with the newer Win10. Yes, there is still risk, and yes there is still risk even if you run AV s/w.

If you are not wise in this regard, or you have children or a spouse that is not wise in this regard, then do yourself a favor and install 3rd party AV s/w.

I know people that have abandoned 3rd party AV s/w for over a decade and have yet to get a virus or ransomeware. I know people that pay good $ for AV s/w that have been infected. YMMV

The people you know who have abandoned 3rd party AV software for over a decade could be unwitting nodes on a CnC botnet or have a key logger cloaked in a rootkit and never know. The most effective viruses are those that exhibit no symptoms and provide no indication to the user that the infection is present. And with the NSA's exploit toolkit freshly released to the public, this is not a good time to browse without a condom, no matter how careful the user is in pulling out. I have nothing against Darwinism when the scope of the damage is limited to a single computer, but I cannot tolerate negligent behavior that results in a thousand-node botnet or compromised SMTP credentials causing mayhem for the rest of us. Nor should you. I should also remind you that the Web is not the Internet. There are more dangers probing your defenses than just treacherous websites and emails, and not all require user interaction.

 

[jinjuku]

I'm in the camp of using MS Security Essentials. I'm also in the camp of using a restricted user account for day to day operations. I'm also in the camp of using a managed DNS service. I'm also in the camp of being judicious of what I introduce my computer to webite and anything I plug into it wise.

I also keep backups.

Anti-Virus products pretty much aren't catching enough stuff to warrant their use IMO. It's really changing to network based intrusion, gateway based A/V, etc... to mitigate threats.

Also if you have Windows Ultimate or Enterprise editions you can Garden Wall your entire machine with AppLocker.

 

[panteragstk]

Again, if you are wise with your browsing, the links that you click, and your email, then the risk tends to be minimal, especially with the newer Win10. Yes, there is still risk, and yes there is still risk even if you run AV s/w.

If you are not wise in this regard, or you have children or a spouse that is not wise in this regard, then do yourself a favor and install 3rd party AV s/w.

I know people that have abandoned 3rd party AV s/w for over a decade and have yet to get a virus or ransomeware. I know people that pay good $ for AV s/w that have been infected. YMMV

I get what you're saying and I follow it, but I still protect my machines and keep them up to date. Just because I'm careful, doesn't mean that something will get in without my knowledge.

That logic is along the lines of "I don't need car insurance because I'm a careful driver". Doesn't work.

Granted, I use a great UTM to block anything questionable from even getting in in the first place...at least I hope so.

 

[sholling]

Urging people to skip state of the art malware protection to save $25/yr is just plain irresponsable. It's like urging your friend to have his doctor to skip hand sanitization and instrument sterilization to save himself $50 on his surgery. He'll probably be ok but you've put him at unnecessary risk. Not a good thing.

 

[slipperybidness]

@rojo
@jinjuku
@sholling
@panteragstk

I'm most in agreement with jinjuku on post #25

I'm not saying "don't protect yourself". What I am saying is that 3rd party AV software is NOT some magic bullet that will prevent you from getting and spreading viruses. When you look at the advantages vs. disadvantages of 3rd party AV, it becomes clear that you need a multi-faceted approach to protect yourself and you should not be relying on 3rd party AV as your primary line of defense.

All of the items mentioned by jinjuku tend to do a better job than 3rd party AV s/w, while using less resources for the CPU, the $ has nothing to do with it.

If you think 3rd party AV s/w will protect you 100% of the time, and if you rely on 3rd party AV s/w for 100% of your protection, then the Norton marketing dept has gotten one over on you! And, I use Norton as the example b/c it is not the best 3rd party AV s/w by far, it simply has the best/most marketing.

And, yeah, BACKUPS are critical!

 

[BoredSysAdmin]

I get that AV software could be seen by many as cheap insurance, like oil changes. Unfortunately, it's not true anymore. Many, no nowadays most malware is specifically made and tested to evade common av solutions.
I'm with jinjuku on this one, windows defender which comes free with win10 is a major step above security essentials.
In addition, I'm also using OpenDns, pihole, ublock origin and keeping sure my windows and other software are updated.
Additional steps like removing local admin rights from the account you use daily is not a bad idea. Having backups of your crucial data is a must.
With these systematic measures, you'd be better protected than any single av product could realistically do.
Most importantly, don't open shady attachments and don't click to install "video software required" to play a video online. 10/10 its malware.

 

[slipperybidness]

I get that AV software could be seen by many as cheap insurance , alike oil changes. Unfortunately it's not true anymore. Many, no nowadays most malware is specifically made and tested to evade common av solutions.
I'm with jinjuku on this one, windows defender which comes free with win10 is major step above security essentials.
In addition I'm also using OpenDns, pihole, ublock origin and keeping sure my windows and other software are updated.
Additional steps like removing local admin rights from account you use daily is not bad idea. Having backups of your crucial data is a must.
With these systematic measures you'd be better protected that any single av product could realistically do.
Most importantly, don't open shady attachments and don't click to install "video software required" to play a video online. 10/10 it's malware.

What is pihole???

I also like that idea of disabling the Admin privileges for the daily account! It may become a hassle here and there, but much less hassle than a virus!

Yeah, avoiding shady attachments is also critical.

And, of course the "best" attacks typically come disguised as legitimate emails "from someone on your address list". Good old social engineering is still a huge threat, and no AV software will defeat that!

 

[jinjuku]

Urging people to skip state of the art malware protection to save $25/yr is just plain irresponsable. It's like urging your friend to have his doctor to skip hand sanitization and instrument sterilization to save himself $50 on his surgery. He'll probably be ok but you've put him at unnecessary risk. Not a good thing.

It's not that it's not being recommended (CC Cleaner was compromised last year). Just other layered, defense in depth, approaches.

A lot of the browser based exploits are totally transparent to A/V. That's why we are having the larger discussion of HBS's, Firewall UTM, Managed DNS etc...

We are WAY beyond a A/V products to adequately protect compute environments now.

 

[BoredSysAdmin]

What is pihole???

This: https://pi-hole.net/
It's neat system which you could install on tiny low powered RasPi and serve as your whole network adblocker. This means even mobile devices (on wifi) get ad blocking without any special effort.
Reason I mentioned pihole and ublock origin since it's common to deliver malware using ads

 

[slipperybidness]

It's not that it's not being recommended (CC Cleaner was compromised last year). Just other layered, defense in depth, approaches.

A lot of the browser based exploits are totally transparent to A/V. That's why we are having the larger discussion of HBS's, Firewall UTM, Managed DNS etc...

We are WAY beyond a A/V products to adequately protect compute environments now.

You saw the recent attacks coming in with Closed Caption text files?

That is freaking crafty! No AV s/w caught that one.

 

[slipperybidness]

This: https://pi-hole.net/
It's neat system which you could install on tiny low powered RasPi and serve as your whole network adblocker. This means even mobile devices get ad blocking without any special effort.
Reason I mentioned pihole and ublock origin since it's common to deliver malware using ads

Nice! I have not seen this yet, but I am a huge fan of the RPi.

Lately, I've been doing projects with the RPi Zero. An amazing and amazingly-cheap little device.

Have you seen the RPi Onion Router project? That one looks like a good idea too.

Side Note--that form factor on the Pi Zero, allows for some really slick gaming hardware. Can't seem to post an image, but do an image search for a "Pi Cart"

 

[BoredSysAdmin]

Nice! I have not seen this yet, but I am a huge fan of the RPi.

Lately, I've been doing projects with the RPi Zero. An amazing and amazingly-cheap little device.

Have you seen the RPi Onion Router project? That one looks like a good idea too.

No, I have not. Imo Tor network is soo slow. Rather use VPN service I got with my Usenet subscription.
Also tbh, I run my pihole and few other helpful mini servers on my home VMware boxes using ubuntu mini-distro.

 

[jinjuku]

You saw the recent attacks coming in with Closed Caption text files?

That is freaking crafty! No AV s/w caught that one.

Then there are attacks piggy backed on DNS requests.

 

[TLS Guy]

A lot of divergent opinions I note. That is a sign there is no right or perfect answer. That rule applies to all fields of technical endeavor.

If the problem had a perfect solution we would all do it. This thread is absolute evidence that this remains a problem. I can build machines, but on the software operating arena I'm a neophyte. Fortunately I have sons who are not.

My eldest son is who we rely on to keep us out of trouble. Unfortunately between our two places we have five machines running Windows 10.

My son was head architect of LUMI and ran developers in four countries. They closed US operations a few months ago and he joined TCF Bank in the Twin Cities. Last week he was appointed their chief of software engineering and development.

Now he insisted we shut down everything that was Windows 10 well over a year ago.

He strongly advises against third party software. I trust him on this. He used to use them, but says the time for those type of products is long past.

So we have Windows defender. we have U-Block Origin on all the machines. Neither my wife or I have admin privileges. So we have Team Viewer on all the computers. When a program or update is required that needs admin he does it remotely via Team Viewer. Also via Team Viewer he checks deep into our machines remotely on a regular basis to look for any signs of rogue programs or infection. When this happens I see lines of code that mean nothing to me, but does to him. Since starting this we have had zero infection. That does not mean we won't, but the chances are excellent it will be found.

I know this program is not possible for most. But it is apparently the case rogue programs can hide deep in your system and and evade all but expert attention.

Sholling I hope you are retired, as I think your career is pretty much if not entirely obsolete.

 

[BoredSysAdmin]

Better safe than sorry.

I use the free AVAST on all my PCs and MacBook.

It doesn't appear to be slowing down my computers. If it is slowing down the computers, it must be very insignificant because I don't notice the computers slowing down.

https://www.wired.com/2017/03/clever-doubleagent-attack-turns-antivirus-malware/

On the other hand, Mac OS is lacking native A/V functionality at all.
Anecdotical evidence my colleague's (Sr. Systems Engineer/admin) fiance's personal information got severely compromised and lots of her accounts were compromised. On installing AV on her Mac - he discovered heaps of installed malware. Could it be down to malware on mac or bad password practices - could be both or either? it hard to say.

So, No, Do not buy into old wives tales that Macs don't get viruses - they absolutely do.

 

[psbfan9]

I use the installed MS W10 security/firewall and the free Norton Security that Comcast/Xfinity offers.

I also use:

Privacy Badger; https://www.eff.org/privacybadger

HTTPS Everywhere; https://www.eff.org/https-everywhere

UBlock Origin; https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/

I have no idea if the above work, but they help me feel better, so it's a win.

 

[BoredSysAdmin]

I use the installed MS W10 security/firewall and the free Norton Security that Comcast/Xfinity offers.

I also use:

Privacy Badger; https://www.eff.org/privacybadger

HTTPS Everywhere; https://www.eff.org/https-everywhere

UBlock Origin; https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/

I have no idea if the above work, but they help me feel better, so it's a win.

HTTPS Everywhere generally is good, but on occasion could mess up a poorly made website into appearing to be broken. If some site doesn't load, try to disable it and see if it helps.