Serious Discussion Is AV software necessary on Windows in 2024?

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,351
No sir, unless you got data to show us.
I got data to show you. A real attacker’s victim list. Using weaponised PDFs.
b7b0bab0-97f7-41ab-b557-52d06d9da966.jpeg
 

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
Is lifetime licence good if you change to a new pc?
Depends on how good the company/devs handle it: Good way e.g. Adguard or shitty e.g. Mailbird. Afaik CL should be able to install at another pc (since I did it more than one). But I just asked the dev for you to be sure @danb
@Shadowra Did the person followed the instruction from the cyberlock faq how to move a license?

Some company's just let you deactivate your license (from within the account that you created) on their website (e.g. Adguard). You then can use it on another pc without any need to beg support for help. At least it was that way when I needed to do it month ago.
 
Last edited:
  • Like
Reactions: Nevi and Shadowra

Shadowra

Level 36
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,582
Depends on how good the company/devs handle it: Good way e.g. Adguard or shitty e.g. Mailbird. Afaik CL should be able to install at another pc (since I did it more than one). But I just asked the dev for you to be sure @danb
@Shadowra Did the person followed the instruction from the cyberlock faq how to move a license?

Some company's just let you deactivate your license (from within the account that you created) on their website (e.g. Adguard). You then can use it on another pc without any need to beg support for help. At least it was that way when I needed to do it month ago.

On CyberLock you can easily deactivate the license via your account panel.

On the other hand, I had an experience a long time ago with Bitdefender where the license was no longer usable because I had changed the PC's motherboard...
 
  • Like
  • +Reputation
Reactions: ErzCrz and Freki123

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
Since neither the op nor you wrote the av name at all I just assumed you both meant CL. And in case you didn't I started with the disclaimer: "Depends on how good the company/devs handle it."
I remember reading about the bitdefender way (I hate such ways to handle lifetime licenses).
Some company s just handle lifetime licenses in a very customer friendly way and other try to f... you over as soon as possible.
 
Last edited:
  • Like
Reactions: Nevi

B-boy/StyLe/

Level 3
Verified
Well-known
Mar 10, 2023
147
I got data to show you. A real attacker’s victim list. Using weaponised PDFs.
View attachment 281880
Yes, PDF seems to be still a pain for a lot of users. I recently watched two clips related to PDF files and double-extensions.





I've added some additions under the first video, but my comment was deleted for some reason. I guess I will block THE PC Security Channel in my YT recommendations from now on because of the censorship.

What I've added there was this: "In addition to make the OS show the file extensions and to check the file to the VT, one can check if the file contains JS (for PDF files) - there are tools for that at GitHub like this one - GitHub - filipi86/MalwareAnalysis-in-PDF: Malicious PDF files recently considered one of the most dangerous threats to the system security. The flexible code-bearing vector of the PDF format enables to attacker to carry out malicious code on the computer system for user exploitation. and to disable the JS in the PDF Viewers as well (for FF - pdfjs.enableScripting), for Edge - well it's disabled there, for Adobe and Foxit and the others there are settings for that as well but since I don't use them anymore I forgot where they were located, but they should be easy to find. I prefer to use Comodo Auto-Containment and Kaspersky Free (because of the System Watcher which can roll back the changes introduced by the ransomware), and off course a system image is recommended as well. I use Macrium Reflect for that purpose (and AOMEI and Hasleo are covering its back)."
 

B-boy/StyLe/

Level 3
Verified
Well-known
Mar 10, 2023
147
Very informative and helpful video, thanks for the post :)
You're welcome! :)

They are both good indeed, but what grabbed my attention was the second one (the Linux part). Didn't aware of that possible attack vector with the archives.
I am wondering if method 1 described in the second video is related to this news:

 
Last edited:

simmerskool

Level 36
Verified
Top Poster
Well-known
Apr 16, 2017
2,545
I'm inclined to say no, because there was a case where the license was deactivated if you changed parts of the PC (like the motherboard).
thanks for this info, as I'm thinking about a new motherboard this year. Off the top of my head, a user is buying the lifetime license, so the license should run with the user, I think the AV vendors have ways to tell if user exceeds his paid license pc count... :unsure:
 
  • Like
Reactions: Shadowra

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,866
I got data to show you. A real attacker’s victim list. Using weaponised PDFs.
View attachment 281880
Statistically insignificant for two reasons. A) That's a small list, B) More PCs use MS Defender than anything else by a lot. So it is highly likely that the most victims of any attack that doesn't have sigs yet would come from Defender. I'm not 'defending' Defender here. Just pointing out that all that screenshot suggests is anecdotal at best.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,351
Statistically insignificant for two reasons. A) That's a small list, B) More PCs use MS Defender than anything else by a lot. So it is highly likely that the most victims of any attack that doesn't have sigs yet would come from Defender. I'm not 'defending' Defender here. Just pointing out that all that screenshot suggests is anecdotal at best.
It’s just one single piece of evidence, looking online or talking to experts, one can get a lot more. Defender has always been and will always be average solution, nothing to wow on.
 

Digmor Crusher

Level 24
Verified
Top Poster
Well-known
Jan 27, 2018
1,396
It’s just one single piece of evidence, looking online or talking to experts, one can get a lot more. Defender has always been and will always be average solution, nothing to wow on.
I would say Defender is top 10, probably 4 to 5 range if a list was made. Combine it with Configure Defender and probably jumps significantly. Now if you want an AV with tons of bloat ( password manager, vpn, etc.) then it isn't for you.
 

BSONE

Level 2
Feb 17, 2024
71
I got data to show you. A real attacker’s victim list. Using weaponised P

I got data to show you. A real attacker’s victim list. Using weaponised PDFs.
View attachment 281880

Very interesting, although not surprising how many Webroot devices have been compromised especially since the user base must be low.
Should I be worried about Norton though? I know the user base for this product is high in the likes of the US, UK and Australia, so statistically one would expect infections.
 

RansomwareRemediation

Level 4
Verified
Well-known
Jun 22, 2020
189
personal opinion: in real life, Windows Defender will never be able to protect you from malware.
Too basic independent antiivirus to configure and very easy to bypass, even with malware that gets into the antivirus exclusions.
Terrible antivirus against pirated software. Detects Empress software as malware :ROFLMAO:.
It is one of the "antiviruses" that consumes the most resources.
Greeting.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,866
If you are pirating software there’s a good chance no antivirus is going to save you eventually. I wouldn’t recommend Defender for those who do. But, I also wouldn’t recommend pirating anything.
 

RansomwareRemediation

Level 4
Verified
Well-known
Jun 22, 2020
189
If you are pirating software there’s a good chance no antivirus is going to save you eventually. I wouldn’t recommend Defender for those who do. But, I also wouldn’t recommend pirating anything.
but I don't use pirated software from anyone, it's EMPRESS, known for circumventing the cursed software of DENUVO, which is malware, because DENUVO behaves like such, causing you to drop fps for no reason and absurd consumption of ram.
Greeting.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,866
I’m not a fan of Denuvo, though it’s never caused me problems. However, Empress is a software designed to circumvent a software protection. And I’d wager a guess there are many tainted versions floating around the web. I can see why Microsoft wouldn’t white list it. Doesn’t seem like a reason to completely invalidate Defender. Especially since a fair amount of Windows users don’t play games at all.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top