Default Deny VS traditional AVs

Do you use traditional AV or default deny?

  • Default Deny

  • Traditional AV

  • Both


Results are only viewable after voting.

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
For me it's not a case of either or. People should take a layered approach to security and I don't mean adding 50 security programs that do the same job. Windows 10 comes with WD enabled so that's signatures sorted, then there's SRP, SUA, backups and, then some solid zero day protection CF, VS ect. Add an Ad blocker and use common sense and you're good to go.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
Just to add; Default deny is definitely not only for advanced users, average users would see more benefit from it. Kaspersky seem to agree when it comes to TAM:

Capture.PNG
 

Libera Milanesi

Level 2
Verified
Aug 19, 2018
52
F

ForgottenSeer 58943

chromebook can not operate a wifi, modem or printer.

Say what?

Chromebook is actually really really good dealing with printers, especially in that 100% of the time it will instantly find the right driver for virtually any printer in existence. WiFi is easy to configure on CB's, and you have flexibility such as changing your DNS and such. Modem? As in dialup? All cable modems have a web gui, so of course Chromebook can access their panels. :unsure:
 

Brie

Level 10
Verified
Well-known
Jan 1, 2018
494
For internet connection help, see: Manage Wi-Fi networks - Chromebook Help

You can also use a Printer on a Chromebook... I am not sure where you heard that you could not. For some Printers with vendors like HP, there may be an app available to ease the process [HP Printers - Printing from a Chromebook | HP® Customer Support]. Google Cloud Print is also a thing.
Say what?

Chromebook is actually really really good dealing with printers, especially in that 100% of the time it will instantly find the right driver for virtually any printer in existence. WiFi is easy to configure on CB's, and you have flexibility such as changing your DNS and such. Modem? As in dialup? All cable modems have a web gui, so of course Chromebook can access their panels. :unsure:
ok. thank you both. my next computer will be a chromebook. (y)
 

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,487
I can assume the whole purpose of using a default-deny solution as a standalone layer of protection is to have control over unexpected matters when you're on full knowledge of what you do and execute. If you need the signatures of an AV, then you're probably downloading and executing unknown stuff.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
Kaspersky TAM could be useful for anyone.
i think its not available for kav/kfa/kscf , right ?
Yeah, it's only available in KIS, KTS and security cloud paid. It can be useful to anyone, but average users would benefit from it more in my opinion. An advanced user is a lot less likely to try and run unknown files than your average day to day user. I enable TAM on all the systems I have Kaspersky installed on in the house, but on my own system I use a completely different setup.

The point I was making above is that even Kaspersky being the huge security company that it is feels that TAM their kind of anti-exe is optimal for beginners. It should go without saying that anyone can use it and benefit from it, but an advanced user is going to need it a lot less than the average Joe who clicks on anything.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
thats not avaliable for kaspersky small office security or other endpoint versions too. but its not hard to make your own TAM with application control.
if your kaspersky product has application control, you can replicate what Trusted application mode does. They work the same
- go to application control setting menu
- uncheck trust digitally signed application
- "change trust group for unknown applications" => untrusted
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
I see Lockdown
if your kaspersky product has application control, you can replicate what Trusted application mode does. They work the same
- go to application control setting menu
- uncheck trust digitally signed application
- "change trust group for unknown applications" => untrusted
That's how I set KIS up alongside TAM too. It's a solid setup isn't it.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
That's how I set KIS up alongside TAM too. It's a solid setup isn't it.
yes, extremely solid, close to impenetrable but I truly believe TAM and the changes I showed above are identical because I tried to monitor what TAM did and it simply put every single file which were unknown to KSN to untrusted = block/not executable. I don't know how they are different from each other
I noticed some performance drop with TAM but maybe not with the replicated settings

I think with the above settings, TAM can be safely disabled, for better system performance

according to kaspersky
The Trusted Applications mode in Kaspersky Internet Security 2017 blocks all applications that are not considered Trusted (for example, the applications on which there is no information in Kaspersky Security Network database or those received from an unreliable source). Only known and trusted applications are allowed to run.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
thats not avaliable for kaspersky small office security or other endpoint versions too. but its not hard to make your own TAM with application control.
I agree it's simple. there's multiple softwares that can do it. But, again - The only reason I posted the screenshot above was to show which users Kaspersky really aim TAM. Personally I could run Windows or any other OS with nothing and be perfectly fine. The only reason I bother with security tweaks and software is for fun and to see what setups would suit certain family members. I think KIS is extremely good value for money for my family members, it has multiple layers of security plus the software updater comes in handy for them. But I have a couple of family members who only use an ad blocker and VS and they're perfectly fine, but they're not happy clickers. If someone knows how to really make the most of Windows built in security all they really need is that, a decent browser and an ad blocker.
 

JM Safe

Level 39
Thread author
Verified
Top Poster
Apr 12, 2015
2,882
For me it's not a case of either or. People should take a layered approach to security and I don't mean adding 50 security programs that do the same job. Windows 10 comes with WD enabled so that's signatures sorted, then there's SRP, SUA, backups and, then some solid zero day protection CF, VS ect. Add an Ad blocker and use common sense and you're good to go.
I agree. I use 3rd party software in my config because of fun of tweaking and trying new combo but I could use my PC with WD enabled (+PUA protection enabled with Powershell command) and UAC & SmartScreen and a backup image. That would be enough because of my experience and safe habits.
 

JM Safe

Level 39
Thread author
Verified
Top Poster
Apr 12, 2015
2,882

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
I agree. I use 3rd party software in my config because of fun of tweaking and trying new combo but I could use my PC with WD enabled (+PUA protection enabled with Powershell command) and UAC & SmartScreen. That would be enough because of my experience and safe habits.
Same here. I think a lot of us here at MT just use third party security software for a bit of fun lol.
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
I agree it's simple. there's multiple softwares that can do it. But, again - The only reason I posted the screenshot above was to show which users Kaspersky really aim TAM. Personally I could run Windows or any other OS with nothing and be perfectly fine. The only reason I bother with security tweaks and software is for fun and to see what setups would suit certain family members. I think KIS is extremely good value for money for my family members, it has multiple layers of security plus the software updater comes in handy for them. But I have a couple of family members who only use an ad blocker and VS and they're perfectly fine, but they're not happy clickers. If someone knows how to really make the most of Windows built in security all they really need is that, a decent browser and an ad blocker.
And if the family members are under-aged, adult filtering will do much by blocking proxies /p2p where the youngster gets their games/warez from
 
  • Like
Reactions: AtlBo and ZeroDay

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
...
Being paranoid all the time doesn't help either. Feeling the need to inspect every single thing that happens on a system is not helpful one single bit.
:emoji_ok_hand:(y)
I remember the times when I did so. I inspected every outbound connection using Windows Firewall Control (Sphinx Software). I also used many Sysinternals and NirSoft tools to inspect the system. But, I knew much less about infection vectors as compared to the present day.
I have the impression that almost all good AVs lose much energy and unnecessary impact the computer resources to inspect & analyze & mitigate the threats which can be simply blocked in the home computers (scripts, admin tools, SMB, unnecessary services, etc.). It is like they believed that computers in the home network require similar protection architecture as computers in enterprise networks.
Blocking the exploit/malware is always safer than inspecting & analyzing & mitigating.
 
Last edited:

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
Just to add; Default deny is definitely not only for advanced users, average users would see more benefit from it. Kaspersky seem to agree when it comes to TAM:

View attachment 196305
It's a double-edged sword. Default-deny integrated into AVs usually works off a massive whitelist so it makes it a lot more user friendly than something like VS or SAP. The problem is, if a malicious application triggers a block, the majority of the population would instantly allow the offending application to run and then be outraged when they got infected.

Happens with "advanced" users too. Drop a piece of malware called "GoogleUpdate.exe" onto an advanced user's system and watch them either allow it to execute because they assume it's legitimate or have a small panic attack while debating with themselves whether it's legitimate or not.
 
Last edited:
  • Like
Reactions: AtlBo

JM Safe

Level 39
Thread author
Verified
Top Poster
Apr 12, 2015
2,882
@Lockdown correct me if I am wrong but you dislike Windows for security and then on your profile you have "From AppGuard", so a software which works on Windows OS...
 
  • Like
Reactions: RoboMan

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top