Do we actually need so many security programs?

[Deleted member 178]

Don't forget one category: Q&A/testers like @Lockdown and me. We have to reproduce or imagine improbable/unconventional/crazy stuff because some users will do.

Personally, i have many sec softs and tweaks running at same time because it is my hobby and work field .
But to be honest I don't really need any of them , my computer habits are so restricted that I will probably never open a suspicious doc/file...and in the rare case I need to do such risky thing, I have my test machine for that.

Security forums fuel paranoia and fear, which incite people to add more security apps instead of learning how attacks performs.

As a long time security forum member, one phenomenon i observed is competition and ego , the one ready to every lenghts to show off the most big awesome invulnerable fortress.

 

[shmu26]

My setup is
1.Windows defender
2. NVT OSArmor
3. Windows firewall control.

I don't believe its too much. of course I have been wrong before.

That is not piling. You have a very reasonable security config IMHO.

 

[mlnevese]

Sometimes I see configs in this and other forums that makes me wonder how the computer is even booting...

 

[Thales]

I am not fan of overkill configs or unused programs, so it's a NO!

 

[Burrito]

I now run two computers with Norton, MBAM Premium, and Cylance. Nothing turned off. It's overkill. I initially just did it experimentally... but it works so smoothly and with no lag... I ended up liking and keeping it.

But I don't recommend this type of overkill for most.

 

[spaceoctopus]

If it concerns your malware and virus protection, well, too much is bad for sure, wether it is for security or performance. But security is not only Anti-malware. Encryption, backups for example form part of security. The idea is having a good balance between them.

 

[spaceoctopus]

I feel that the security program is installed not in the pc body but in the uneasy mind of the user.

@show-Zi Well said. Too much pilling of security softwares reveals that the user needs to do some research. Except in the case of a security specialist, which is another story.

 

[oldschool]

@show-Zi Well said. Too much pilling of security softwares reveals that the user needs to do some research. Except in the case of a security specialist, which is another story.

+1!

 

[509322]

@show-Zi Except in the case of a security specialist, which is another story.

Such people do not use any security softs.

Many do not use Windows.

 

[Moonhorse]

Sometimes I see configs in this and other forums that makes me wonder how the computer is even booting...

I dont think this exist much here on mt
Most of us are just combining firewall + av + anti-exe any kind of bb/hips kind of software to have more powerful internet security than full security suites ( mostly paids) offer. Piling/ stacking whatever we should call it is smart, unless software overlaps very badly

People who post their conf on this forum, will be adviced very fast by activer users we have here, They will tell the truth about overkill setups if theres one

Sadly the hype sometimes goes bit too far, and might cause people get paranoid and stacking the software(me included), when in reality they probably never will have close call with any kind of malware in ' real life'

So do we need so many security programs ?
-Probably not, but most of people here are enthusiast and really interested to improve their security/ privacy so i wouldnt call anyone stupid/paranoid that is piling/stacking/ trying new things out. Only way you learn something, is by trying it out yourself

 

[Arequire]

Sometimes I see configs in this and other forums that makes me wonder how the computer is even booting...

Vanilla Windows Defender configs, eh? Little performance joke there for ya.

 

[Deleted member 178]

As an old sage once said :

"in the hand of a master, the most inoffensive object can become the most deadly weapon"

In infosec, like in war, it is not the tools that define efficiency, it is the strategy you developped around it.

 

[LDogg]

Having too many security programs for little common sense reason makes no sense. Having less to reduce attack surfaces is a better way of looking at it. For me I use Syshardener, ConfigureDefender/Hard_Configuer, WD & Forticlient with 2 on demand scanners, why you may ask because most common attack surface areas are covered and less is more.

~LDogg

 

[shmu26]

Having too many security programs for little common sense reason makes no sense. Having less to reduce attack surfaces is a better way of looking at it. For me I use Syshardener, ConfigureDefender/Hard_Configuer, WD & Forticlient with 2 on demand scanners, why you may ask because most common attack surface areas are covered and less is more.

~LDogg

If you use both syshardener and hard_configurator, you have 2 tools tweaking the same system settings, and this is not recommended. Because this tool might be changing the settings from that tool, and in the end, you don't know what your true settings are.
It is recommended to use only one tool to tweak system settings.

 

[Andy Ful]

SysHardener does not show the actual settings. So, If the setting was changed by Hard_Configurator, that cannot be seen in SysHardener. Also, some settings are differently managed by SysHardener and H_C, like blocking script files by extension. If one chose to unblock this feature in H_C it still remains disabled by SysHardener, and vice versa! The similar problems can happen with blocking vulnerabilities in MS Office and Adobe Reader. Some vulnerabilities will be still blocked by H_C, even when they were unblocked by SysHardener.
The advanced user can use both H_C and SysHardener, but I would recommend making some tweaks to avoid the overlapping settings.

 

[Eddie Morra]

True, many computers have been hacked, simply because security software have SYSTEM rights, so AV's vulnerability is more than critical, like DoubleAgent. and they do not always disclose it, obviously, they just quietly patch it.

DoubleAgent required administrative rights to be deployed. It was either a protected area on file-system or registry (I'd have to check because I cannot remember - it was a pretty crap invention for the purpose of attention).

If you have administrative rights, you can give yourself SYSTEM rights by registering and starting a Windows Service via the SC Manager APIs. There was no privilege escalation from DoubleAgent alone.

DoubleAgent was possible because of Microsoft, not AV vendors, anyway.

Edit:
Fixed a typo.

 

[Andy Ful]

The source of the problem was a 15 year old vulnerability in Windows. Yet, only some AVs were vulnerable to DoubleAgent POC. I would say that AV vendors were also partially (a little) responsible for this situation.

 

[outlawxtorn]

I just use WD+Hard_Configurator+Voodoo Shield.

 

[Andy Ful]

I just use WD+Hard_Configurator+Voodoo Shield.

You can skip VS, without losing much safety. You can also keep WD + VS (without H_C) and tweak WD via ConfigureDefender (standalone version). If so, then you can use RunBySmartScreen (standalone version) to safely run application installers via right-click Explorer context menu.

 

[outlawxtorn]

Thanks for the suggestions! I removed VS, set the recommended settings in H_C, and used it to set WD to high protection.