Best security for different scenarios

[RoboMan]

Morning everybody!

Today I woke up with a huge desire of seeing blood spilled everywhere. Therefore I thought of this little game we all can participate in.

I want you to think of the very best security software for each of the following scenarios.

Take into account:

• You must suggest home products, no enterprise editions whatsoever.
• You can suggest tweaked software (like... Kaspersky, with Application Control ON, configured to Untrust unknown files... but you must specify if the product you suggest is tweaked or default).
• Suggested software may be both free or paid.

-----------------------------------
Scenario #1

I am a novice user, with no idea of security. I just wish for good protection while I surf the web. I do not want interactions because I do not understand them.
-----------------------------------
Scenario #2

I am a gamer. I do online stream at Twitch. I interact with my followers at Twitch, Instagram, Twitter. I want to be safe at all times, but I do not want my gaming or streaming to be interrupted.
-----------------------------------
Scenario #3

I am a sowhat medium-knowledge user. I want my security to be handled by myself, I wanna be able to tweak my software to respond the way I like it. I want to be able to decide wether a detected file should be deleted or not.
-----------------------------------
Scenario #4

I am a professional worker. I daily use online banking to do money transfers, payment. I do all my shopping online and usually find good deals on offers I recieve via e-mail. I do homeoffice and participate in videoconferences all day. I get sent daily e-mails with sheets, PDF's and general documents to work with.
-----------------------------------
Scenario #5

I work with sensible data. I need very strong protection, lockdown of my system if possible. I don't care if I get false positives or several files/executables get blocked. I just need maximum security, even if usability is sacrificed.
-----------------------------------
Scenario #6

I am an advanced user. I don't really need much rather than a basic protection to complement my knowledge on the matter of security. I can tweak whatever I need if necessary, but I don't want to somehow overload my system with software that's gonna do what I already know I have to do.
-----------------------------------

Feel free to use the following template to answer!!

[B]Scenario #1[/B]:
[U]Tweaked?:[/U]

[B]Scenario #2[/B]:
[U]Tweaked?:[/U]

[B]Scenario #3[/B]:
[U]Tweaked?:[/U]

[B]Scenario #4[/B]:
[U]Tweaked?:[/U]

[B]Scenario #5[/B]:
[U]Tweaked?:[/U]

[B]Scenario #6[/B]:
[U]Tweaked?:[/U]

 

[kC77]

from my last few days of testing mass execution recent samples (from malware bazaar) in a VM, ive so far tested (antivirus versions only not internet security packages)
Windows Defender (Hardened)
Kaspersky Standard
Sophos Home Premium
F-Secure Safe
G-Data Antivirus
Avast Free
Eset Antivirus

I would NOT recommend and im amazed to say it is ESET (total failure lots of cryptos ran and data lost) and second failure (worse) was Sophos Home Premium which missed many things but one of which was a drive wiper, destroying the OS & making the VM unbootable
Id also NOT recommend G-Data as it is just too slow to detect/decide/quarantine and also still missed a fair few. (cancelled the test as it went on too long)

out of the remaining I was absolutely shocked as id never tested it before was Avast Free, completely aced the test, really quick. (id often thought of avast as a poor choice but never tested)

so whatever you choose here is my Thumbs up list
1.Windows Defender (Hardened) (Zero executions of any sample! & super fast)
2. Avast Free (Zero executions of any sample! & super fast)
3. F-Secure Safe (some malware did run, but deepguard killed the process, and the system was clean)
4. Kaspersky comes in a close 4th, it let malware run, but did clean itself up and after a reboot system was clean

Now for the not reccomended list
G-Data - Way too slow to do anything, takes ages to make its mind up and still missed detections, test had to be cancelled as it was just too slow and it missed things
ESET - Im totally shocked by this, but LOTS of malware got through, and wasnt detected, many cryptos eating up CPU power, and my test images were encrypted
Sophos Home Premium - The absolute worst of the lot..... This missed a Drive wiper malware, 6 minutes into the test the machine crashed and then wouldnt boot



Scenario #1:
f-secure safe, or avast free or windows defender hardened:

Scenario #2:
f-secure safe, or avast free or windows defender hardened:

Scenario #3:
f-secure safe, or avast free or windows defender hardened:

Scenario #4:
f-secure safe, or avast free or windows defender hardened:

Scenario #5:
windows defender hardened:

Scenario #6:
windows defender hardened:

 

[harlan4096]

1.Windows Defender (Hardened) (Zero executions of any sample! & super fast)

Hardened? Why not in default settings? as his competitors? Probably because would get a big fail.

 

[SeriousHoax]

Hardened? Why not in default settings? as his competitors? Probably because would get a big fail.

The result in default settings will probably be similar too if only exe samples are tested.

 

[kC77]

Hardened? Why not in default settings? as his competitors? Probably because would get a big fail.

Well thats a great idea for a test! brb
(i tested hardened as thats how i run on my production machine)

one big advantage that 3rd party AV's have is that out of the box they have better default settings than defender and many more apps behaviour blockers etc.
I like hardened defender as i dont actually want or need an antivirus, I like to control exactly what .exe can or cant run via SRP and defender to sit there silently just there as a warning.... should i get a hit, id lkeley restore from backup or rebuild.... but in my 20+ years online ive yet to actually get an infection (outside of a test VM)
common sense, safe browsing, layered protection (security should be at the gateway level) use pihole/adblocking/secure DNS with malware protection/backup often/harden windows using SRP, store immutable backups, patch OS/apps/firmmwares/routers immediately and patch often the last thing and least important for me is endpoint AV.

yes the AV is the LEAST important of all.... (prevention is better than needing a cure)

anyway brb will give that test a go non hardened (i expect a fail)

 

[cryogent]

OFFTOPIC
@kC77 Hardened with ConfigureDefender from Hard_Configurator or something else?

 

[HarborFront]

Well thats a great idea for a test! brb
(i tested hardened as thats how i run on my production machine)

Do you have steps in hardening WD? Can share?

I'm learning to harden the followings

1) Windows 11 Pro
2) MS Defender
3) MS Edge
4) MS Office
5) Windows Firewall

all using Group Policy.

My KIS recently expired. I intend to give WD a try which I have avoided over the years by using 3rd-party security software.

I think there are no hardening guidelines here using MS products solely.................likely users prefer 3rd-party security software.

 

[WhiteMouse]

@HarborFront I read the offiial documents from MS, lots of them

For most users, I think security by compartmentalization is the best balance between security and usability. Use the default settings without tweak on WIndows, just accept that your Windows PC is gonna get infected at some point; store sensitive things like password and 2fa code on mobile devices which is less likely to get infected than PC.

Everybody from any scenario above can use this.

 

[HarborFront]

@HarborFront I read the offiial documents from MS, lots of them

For most users, I think security by compartmentalization is the best balance between security and usability. Use the default settings without tweak on WIndows, just accept that your Windows PC is gonna get infected at some point; store sensitive things like password and 2fa code on mobile devices which is less likely to get infected than PC.

Everybody from any scenario above can use this.

Yes, a lot of MS documents to read. Just read those (or that sections) for home user and ignore those for enterprise/endpoint use.

Implementing too many things in too short a time will also screw oneself up when issues appear.

 

[kC77]

OFFTOPIC
@kC77 Hardened with ConfigureDefender from Hard_Configurator or something else?

Hi Yes from Hard Configurator! excellent tool!

 

[kC77]

Do you have steps in hardening WD? Can share?

I'm learning to harden the followings

1) Windows 11 Pro
2) MS Defender
3) MS Edge
4) MS Office
5) Windows Firewall

all using Group Policy.

My KIS recently expired. I intend to give WD a try which I have avoided over the years by using 3rd-party security software.

I think there are no hardening guidelines here using MS products solely.................likely users prefer 3rd-party security software.

basically just by using Hard Configiruator with most recommended settings.... then in configure defedner to Highest, and in firewall hardener adding the rules in there is a good start

 

[kC77]

Hardened? Why not in default settings? as his competitors? Probably because would get a big fail.

drumrollll please.........................

Spoiler: Windows Defender Default Settings = Fail

the test is still ongoing but by using default (non hardened settings) much malware is running...... and the test still hasn't finished .....
I would NOT recommend windows defender without hardening!

even so it still beat ESET, with default defender my pictures were Not encrypted.
Im going to reboot and do a scan and see how far defender alone gets at leaning it

 

[Kongo]

Yes, a lot of MS documents to read. Just read those (or that sections) for home user and ignore those for enterprise/endpoint use.

Implementing too many things in too short a time will also screw oneself up when issues appear.

I addition to @kC77 you can check out some of those tweaks from here:

Windows 11: Harden Windows 11 for Security. How to secure Windows 11.

Windows 10: Harden Windows 10 for Security. How to secure Windows 10.

Following every advice from there will probably impact usability of your system in a negative way, but you can try the ones that you think are important.

 

[RoboMan]

Way to hijack my thread guys

 

[Kongo]

Way to hijack my thread guys

 

[HarborFront]

basically just by using Hard Configiruator with most recommended settings.... then in configure defedner to Highest, and in firewall hardener adding the rules in there is a good start

Recently, I was testing RBS, ConfigureDefender, DefenderUI Pro and previously Hard-Configurator. All have one common problem, and that is there's no backup/restore feature prior to executing the app.

If I enable the settings and later there are some issues, then it's difficult for me to troubleshoot. I prefer to have backup/restore to the initial state before/after applying the settings in the app something like O&O Shutup10.

 

[HarborFront]

Way to hijack my thread guys

Sorry about that

 

[Andy Ful]

Recently, I was testing RBS, ConfigureDefender, DefenderUI Pro and previously Hard-Configurator. All have one common problem, and that is there's no backup/restore feature prior to executing the app.

If I enable the settings and later there are some issues, then it's difficult for me to troubleshoot. I prefer to have backup/restore to the initial state before/after applying the settings in the app something like O&O Shutup10.

Hard_Configurator can backup/restore the initial state or any current state just like O&O Shutup - I am not sure why you did not use it. Any application with complex settings should have such a feature to be useful. Anyway, this feature usually cannot recover your favorite custom settings. Why? If you install H_C after O&O (advanced setup), then the settings saved by the H_C will differ much from your favorite custom settings. This can also happen after software updates, Windows Updates, or you can manually change some settings.

If you want to test software then a much better way is to rely on the System Restore Points. Complex software like H_C or O&O Shutup has got such ability. If not, then you can simply make it manually. Some software can also revert the settings to Windows defaults, which is probably safer (if you are aware of it) than relying on the backup/restore feature of a particular application.

Edit.
It is also good to have :

• a way to quickly apply the favorite custom setup and quickly revert it to Windows default settings - the favorite settings can work for several months without any issues and suddenly break something.
• a way to see what concrete setting has blocked the running program/process - this can be usually done by using software with Logs or alerts with detailed info.

 

[Andy Ful]

Similar to AV + H_C:

• Kaspersky with @harlan4096 settings (tweaked KIS)
• Notron 360 + Simple Windows Hardening
• Comodo IS + Simple Windows Hardening
• Avast (Hardened Mode) + Simple Windows Hardening
• Defender (MAX settings) + Simple Windows Hardening

For #1 and #2 scenarios, the initial setup adjustments must be done by an advanced user.
For the #6 scenario any good AV.

There can be also configurations of AV + VoodooShield or OSArmor, etc. For example Avast (Hardened Mode) +SWH can be mostly replaced by Avast + VS.

Edit.
SWH can be replaced by OSA in the above configurations.

 

[Andy Ful]

About Twitch: