- Oct 3, 2022
- 380
Carl fish security config 2023
- Thread starter carl fish
- Start date
- Status
- Feb 7, 2023
- 1,739
Kaspersky and CyberLock is an overkill. Also, it does take time to get used to Mac. Specially the shortcut key combos. It is best to read the manual.
- Oct 3, 2022
- 380
@carl fish I think it is best to refer to a basic security principle : DEFAULT DENY. That means anything not specifically allowed should be denied. It also means you keep a white list of what is allowed. The Default Deny principle can be applied to several areas. In this case, you can use an anti-executable. Anti-executables setup a whitelist of all the apps on your drive. And when a new one appears, whether you are installing something or when a malware lands on your PC, it pops up and asks you whether to allow or not. Examples of anti-executables are Faronics AntiExecutable, WDAC, and CyberLock. CyberLock is the more powerful of the 3, it verifies whether the exe is signed and verifiable, then it consults an AI engine and a reputation database. Then if it is not on the whitelist, it pops up and asks you. And if you click on 'details' on the pop up, it shows the full path of the exe, so that may give you another clue as to whether to allow it to run.
Microsoft Windows Defender Application Control (WDAC) is another anti-executable.(free) It keeps a whitelist and checks signatures. But it is more laborious to maintain because you have to add to the whitelist manually. So to install a new program, you have first add the installer hash to the whitelist. Then after you installed the program, you have to add the programs path or publisher to the whitelist. The easiest way to implement WDAC is to use WDAC Toolkit. But you can do it just using Powershell, The file list can also contain black list deny's. One thing about WDAC is that it doesn't ask you, it just tells you it is blocked and reports it in Event Viewer. So this maybe a good feature if you are deploying to n00bs - they can't make a mistake and allow something that they shouldn't.
Faronics is an older anti-executable. It keeps a whitelist and when it encounters an unknown exe, it pops up and asks you. However the pop up doesn't show you the full path, it just shows the file name. So it is harder to decide whether to allow the new exe or not. I find it rather slow.
Many people have shunned antivirus programs because they rely on the vendor capturing malware. From the malware samples, they derive key fragments which serve as a signature so that the malware can be recognized. And they also analyze the behavior of the malware for use in their heuristics AV component. But the key thing is that these things all come from known malware. If a new one appears that is totally unlike older malware, then it will slip through. Anti-executables couldn't care less about whether a new exe is malware or not - it checks the whitelist and if it is new it asks you.
To supplement the anti-excutable, you need a tool that detects malware scripts, because scripts are not exe's. And these malware scripts use native Windows commands to do their deeds. So the anti-executable won't see them. For that task, there is NoVirusThanks' OSArmor. Or you can create a black list using Windows' Software Restiriction Policy or AppLocker or WDAC to deny Windows commands that are commonly abused by malware scripts. The list of these commands is at LOLBAS
I find that it is best not to rely on a single antimalware tool but instead employ different tools to cover different segments of threats.
Microsoft Windows Defender Application Control (WDAC) is another anti-executable.(free) It keeps a whitelist and checks signatures. But it is more laborious to maintain because you have to add to the whitelist manually. So to install a new program, you have first add the installer hash to the whitelist. Then after you installed the program, you have to add the programs path or publisher to the whitelist. The easiest way to implement WDAC is to use WDAC Toolkit. But you can do it just using Powershell, The file list can also contain black list deny's. One thing about WDAC is that it doesn't ask you, it just tells you it is blocked and reports it in Event Viewer. So this maybe a good feature if you are deploying to n00bs - they can't make a mistake and allow something that they shouldn't.
Faronics is an older anti-executable. It keeps a whitelist and when it encounters an unknown exe, it pops up and asks you. However the pop up doesn't show you the full path, it just shows the file name. So it is harder to decide whether to allow the new exe or not. I find it rather slow.
Many people have shunned antivirus programs because they rely on the vendor capturing malware. From the malware samples, they derive key fragments which serve as a signature so that the malware can be recognized. And they also analyze the behavior of the malware for use in their heuristics AV component. But the key thing is that these things all come from known malware. If a new one appears that is totally unlike older malware, then it will slip through. Anti-executables couldn't care less about whether a new exe is malware or not - it checks the whitelist and if it is new it asks you.
To supplement the anti-excutable, you need a tool that detects malware scripts, because scripts are not exe's. And these malware scripts use native Windows commands to do their deeds. So the anti-executable won't see them. For that task, there is NoVirusThanks' OSArmor. Or you can create a black list using Windows' Software Restiriction Policy or AppLocker or WDAC to deny Windows commands that are commonly abused by malware scripts. The list of these commands is at LOLBAS
I find that it is best not to rely on a single antimalware tool but instead employ different tools to cover different segments of threats.
Last edited:
- May 31, 2017
- 1,663
Oh, but it is soooooo nice to know your computer is locked when you are browsing the web or checking email and are about to click on something you are unsure of
. That, along with about 20 or so other major features.Most people who claim VS/CL is overkill with a traditional AV, has most likely never ran VS/CL on their production machine. No offense, but honestly, if someone is going to claim something is overkill, please make sure you are familiar with the product and its capabilities, and that you have used it for several days.
- Apr 16, 2017
- 2,094
yeah, I am not sure what "overkill" means in this context. fwiw, I just paired VS/CL with Kaspersky Standard (on a win10_VM). I am not seeing any conflicts, no slowdowns. Can I prove VS has saved my ass over the past several years, no, but I have not been infected and VS doesn't interfere with my computer usage. (but I'm not running VS with DeepInstinct or with Checkpoint Harmony). Do I need VS with Kaspersky Standard...? I just prefer running VS absent some clear reason not to. So I agree with DanOh, but it is soooooo nice to know your computer is locked when you are browsing the web or checking email and are about to click on something you are unsure of
Most people who claim VS/CL is overkill with a traditional AV, has most likely never ran VS/CL on their production machine. No offense, but honestly, if someone is going to claim something is overkill, please make sure you are familiar with the product and its capabilities, and that you have used it for several days.
on this one.
- Feb 7, 2023
- 1,739
I suggest you get familiar with Kaspersky first. Then you’ll realise you can’t offer anything that they haven’t offered already, as then can already lock a PC down + they can do a lot more than that.Oh, but it is soooooo nice to know your computer is locked when you are browsing the web or checking email and are about to click on something you are unsure of
Most people who claim VS/CL is overkill with a traditional AV, has most likely never ran VS/CL on their production machine. No offense, but honestly, if someone is going to claim something is overkill, please make sure you are familiar with the product and its capabilities, and that you have used it for several days.
- May 31, 2017
- 1,663
As I have already posted on MT, my local clients run either Kaspersky Small Office or Windows Defender + VS/CL, so I am familiar with it. I was simply recommending that if someone is going to have an opinion on a product, they should use it for a few days first so they can see what all it has to offer.
- Feb 7, 2023
- 1,739
- Jan 8, 2011
- 22,361
Yes, it’s no more difficult than switching to any other OS (ie. Linux, Android, iOS, Chrome OS etc.). The biggest change would be getting familiar with the keyboard shortcuts changes, the rest is a breeze.
A good question is why are you looking to switch?
- Mac OS is not immune to malware or exploits
- Mac versions of Antivirus lack extra proactive features that are usually found on the Windows versions
- An Apple ID is required to use the App Store and other Apple services
The minimum spend for a new Mac is $600 - Mac mini
- AppleCare+ is optional. Insurance may cover
- If you’re buying an older refurb/used model, check they are compatible for Ventura and the upcoming Sonoma upgrade later this year
- I recommend using your own existing accessories, such as displays, mouse and keyboard. Check if your keyboard is Mac-compatible
A word of caution, Apple cut corners on the base level for the M2 spec lineup.
New 256GB Mac Mini and 512GB MacBook Pro Have Slower SSD Speeds Than Previous Models
While the new Mac mini with the M2 chip has a lower $599 starting price, the base model with 256GB of storage has slower SSD read and write...
www.macrumors.com
- Apr 16, 2017
- 2,094
My wife switched from windows to macOS and she had some concerns at first, but learned macOS quickly and would not go back to windows.
- Feb 7, 2023
- 1,739
Same. Unfortunately I have to use Windows as well.
- Feb 25, 2017
- 2,505
Cmon... Unfortunately? I couldn't live without Windows and with all its tweaking possibilities. And I am sure you are feeling the same...
- Feb 7, 2023
- 1,739
I am not tweaking anything (apart from uninstalling OEM bloatware and disabling startup items). I like it as vanilla and boring as possible. I also have ChromeOS Flex. I gotta keep current with all of them for work.Cmon... Unfortunately? I couldn't live without Windows and with all its tweaking possibilities. And I am sure you are feeling the same...
- Apr 16, 2017
- 2,094
really, I have a mac mini with a 4k monitor, a nice backup but I do find it boring...
- Jan 8, 2011
- 22,361
Paid $50-100?
Newest compatible operating system: macOS High Sierra (Verify Here)
| Name and Information | Available for | Release date | Support status |
|---|---|---|---|
| Security Update 2020-006 High Sierra Security Update 2020-006 Mojave | macOS High Sierra 10.13.6 macOS Mojave 10.14.6 | 12 Nov 2020 | Unsupported as of 12 Nov 2020 |
So Your Mac Isn't Getting macOS Updates, Now What?
Is Apple dropping support for your Mac with the release of Monterey?
www.howtogeek.com
High Sierra Great in 2023? Yes!
wow Im impressed with High Sierra for my beloved MacBook Air 2010 4GB 11"! for 3 days everything has been solid, fluid and great in 2023 this was an upgrade from Sierra, ElCap Snow leopard. So If you have an older MacBook in the closet or need to use older programs, High Sierra NOW works in...
forums.macrumors.com
Paid $50-100?
Newest compatible operating system: macOS High Sierra (Verify Here)
Name and Information Available for Release date Support status Security Update 2020-006 High Sierra
Security Update 2020-006 MojavemacOS High Sierra 10.13.6
macOS Mojave 10.14.612 Nov 2020 Unsupported as of 12 Nov 2020
So Your Mac Isn't Getting macOS Updates, Now What?
Is Apple dropping support for your Mac with the release of Monterey?
High Sierra Great in 2023? Yes!
wow Im impressed with High Sierra for my beloved MacBook Air 2010 4GB 11"! for 3 days everything has been solid, fluid and great in 2023 this was an upgrade from Sierra, ElCap Snow leopard. So If you have an older MacBook in the closet or need to use older programs, High Sierra NOW works in...
Would a 2011 Mac book still be able to run a newer version using open core legacy patcher?Paid $50-100?
Newest compatible operating system: macOS High Sierra (Verify Here)
Name and Information Available for Release date Support status Security Update 2020-006 High Sierra
Security Update 2020-006 MojavemacOS High Sierra 10.13.6
macOS Mojave 10.14.612 Nov 2020 Unsupported as of 12 Nov 2020
So Your Mac Isn't Getting macOS Updates, Now What?
Is Apple dropping support for your Mac with the release of Monterey?
High Sierra Great in 2023? Yes!
wow Im impressed with High Sierra for my beloved MacBook Air 2010 4GB 11"! for 3 days everything has been solid, fluid and great in 2023 this was an upgrade from Sierra, ElCap Snow leopard. So If you have an older MacBook in the closet or need to use older programs, High Sierra NOW works in...
- Jan 8, 2011
- 22,361
It’s something you’d need to investigate/research further.
Related:
- 2022: OpenCore Legacy Patcher delivers unofficial Ventura support for older Macs
- 2021: https://www.intego.com/mac-security...y-make-users-security-and-privacy-precarious/
Running the latest versions of macOS won’t guarantee your hardware components are free from exploits and unpatched vulnerabilities.
- Jun 11, 2019
- 405
You can try some kind of secure DNS. For example, NextDNS or Adguard DNS.
- Status
Similar threads
