Hello All,
This thread is a Work-In-Progress...
NOTE: If you are a novice user on W8.1 (I'm not sure on W10 - haven't tested it but I would bet it performs the same as on W8.1) and are looking for a quick answer as to which AV you should use, then I strongly suggest Emsisoft Internet Security. It is almost bug free and has very good learnability and usability. The product is particularly well-suited to the novice user.
I feel compelled to post this thread since I see users making the same misguided, uninformed mistakes over-and-over. What is contained herein is solely my own thoughts on how to go about developing your own optimized security configuration. My ideas have developed over time and are based upon hard-won, real world experience. In other words I've made most, if not all, the mistakes. If I can prevent even just one user from experiencing the disappointment, confusion and frustration that I have experienced then I will be satisfied.
This is not meant to be a comprehensive guide to which types of softs you should include in your security configuration. There exists such infos here at MT. See @Umbra's suggestions here: http://malwaretips.com/threads/umbras-concept-of-layered-config.12352/ .
Ultimately, each user must decide for themselves what works best for them - both personally and on their specific system.
0. Ground "Zero"...
Be patient and tolerant. Your attitude towards IT will greatly influence your user experience. As you gain knowledge and experience your attitude toward IT quirks, bugs, problems, etc will change. A bad attitude towards IT security will ensure you do things that are both utterly stupid and very high-risk...
Letting bugs, strange soft behaviors and other issues get to you serves no purpose whatsoever. Calmly solve the problem... even if it takes weeks or months. If you try your level best to solve issues to no avail, then you still have a lot of options available such as alternative softs, a "wait-and-see" posture, or just let it go.
Your peace-of-mind in all matters IT is completely up to you...
1. Get rid of OEM crapware; perform a clean install of Windows. OEM crapware needlessly consumes system resources.
NOTE: Simply removing installed OEM crapware via Windows Programs and Features is not enough as it leaves remnants behind that can continue to cause various problems.
2. Once you lighten your system load, don't add too many security softs. In fact, don't overload your system with too many softs... period.
It makes absolutely no sense to go through all the trouble of a clean install of Windows only to add too many security and other softs that consume all the system resource capacity you just liberated via the clean install. The goal is a configuration that provides a solid base-line security along with good system responsiveness.
3. If a security soft doesn't work, you can't get it to work and\or you can't figure out how it works, then it is useless. After your best efforts, drop that soft and move on. Common sense...
System and soft reliability and dependability are the absolute first priority. Common sense...
4. Unrealistic expectations of hardware and softs causes nothing but bitter disappointment and resentment.
If you expect that any security configuration or model will protect your system 100 % - well - all I will say is that it is not technologically possible. The current technological state of OSes, hardware and softs are such that no matter what configuration\security model you adopt, you will never protect any system 100 %.
Furthermore, hardware and softs do not work flawlessly. All manner of problems - from BSODs to bugs to hardware failures - are a fact of IT-life... an ability to cope with frustration is invaluable in this regard.
Experienced users tend to develop workarounds for bugs that are persistent. If they cannot find a workaround, they either accept the bug and ignore it or abandon the soft without getting all bent-out-of-shape about it.
5. Build a security configuration that correlates with the risk level of your computing habits. Once again, don't add too much.
The natural inclination towards IT security is to build an impenetrable fortress. While on the surface this seems to be logical thing to do, it isn't practical nor possible. What I am suggesting is this:
If you turn on your computer once per week, visit MalwareTips for 15 minutes, then turn it off - you have no need of anything other than a minimalistic security config.
If you are an over-the-top, high-risk user - click-happy, tests malware without knowing what you are doing, download & install anything-and-everything, use warez, cracks & keygens, visit the porn sites, file share, and use torrent sites - you need a well-rounded, fuller-featured security config that addresses most of the associated risks of such behaviors.
ONE CRITICAL POINT ABOUT VIRTUALIZATION: Virtualization is not a security panacea. It does have serious limitations... first, and foremost, being that during any virtual session data can be stolen. A second major concern is encryption containment. Always follow the guidance of soft publishers, security experts and advanced users when configuring light virtualization softs and virtual machines. This topic is huge and can't be covered in any meaningful way here, except to say:
WARNING !! Virtualization does not protect sensitive personal data ! When using any virtualization soft it is recommended that the user put in place guards to protect data during the virtual session. If any malicious file is permitted to run without restriction during a virtual session, then data theft and\or encryption of personal files can occur.
6. Don't use the softs that are widely distributed and regularly targeted for vulnerabilities - Microsoft Office, Microsoft Silverlight, Windows Media Player, Adobe Acrobat, Reader and Flash, Java and Java Runtime Environment, RealPlayer, etc.
The above list is not complete, but does cover the most frequently targeted softs. Reducing the attack surface is particularly effective and easy; not using a vulnerable soft means it can't be exploited on your system and there are many high quality alternatives to be found.
7. Keep your softs up-to-date... always - no matter what.
Unfortunately, there is no straight-forward, direct path to the best security config for you. Only though careful consideration and trial-and-error will any user find what works best. There's no way around it... it is a process that takes time and effort. The end results are a good user experience with adequate base-line security.
Best Regards,
HJLBX
This thread is a Work-In-Progress...
NOTE: If you are a novice user on W8.1 (I'm not sure on W10 - haven't tested it but I would bet it performs the same as on W8.1) and are looking for a quick answer as to which AV you should use, then I strongly suggest Emsisoft Internet Security. It is almost bug free and has very good learnability and usability. The product is particularly well-suited to the novice user.
I feel compelled to post this thread since I see users making the same misguided, uninformed mistakes over-and-over. What is contained herein is solely my own thoughts on how to go about developing your own optimized security configuration. My ideas have developed over time and are based upon hard-won, real world experience. In other words I've made most, if not all, the mistakes. If I can prevent even just one user from experiencing the disappointment, confusion and frustration that I have experienced then I will be satisfied.
This is not meant to be a comprehensive guide to which types of softs you should include in your security configuration. There exists such infos here at MT. See @Umbra's suggestions here: http://malwaretips.com/threads/umbras-concept-of-layered-config.12352/ .
Ultimately, each user must decide for themselves what works best for them - both personally and on their specific system.
0. Ground "Zero"...
Be patient and tolerant. Your attitude towards IT will greatly influence your user experience. As you gain knowledge and experience your attitude toward IT quirks, bugs, problems, etc will change. A bad attitude towards IT security will ensure you do things that are both utterly stupid and very high-risk...
Letting bugs, strange soft behaviors and other issues get to you serves no purpose whatsoever. Calmly solve the problem... even if it takes weeks or months. If you try your level best to solve issues to no avail, then you still have a lot of options available such as alternative softs, a "wait-and-see" posture, or just let it go.
Your peace-of-mind in all matters IT is completely up to you...
1. Get rid of OEM crapware; perform a clean install of Windows. OEM crapware needlessly consumes system resources.
NOTE: Simply removing installed OEM crapware via Windows Programs and Features is not enough as it leaves remnants behind that can continue to cause various problems.
2. Once you lighten your system load, don't add too many security softs. In fact, don't overload your system with too many softs... period.
It makes absolutely no sense to go through all the trouble of a clean install of Windows only to add too many security and other softs that consume all the system resource capacity you just liberated via the clean install. The goal is a configuration that provides a solid base-line security along with good system responsiveness.
3. If a security soft doesn't work, you can't get it to work and\or you can't figure out how it works, then it is useless. After your best efforts, drop that soft and move on. Common sense...
System and soft reliability and dependability are the absolute first priority. Common sense...
4. Unrealistic expectations of hardware and softs causes nothing but bitter disappointment and resentment.
If you expect that any security configuration or model will protect your system 100 % - well - all I will say is that it is not technologically possible. The current technological state of OSes, hardware and softs are such that no matter what configuration\security model you adopt, you will never protect any system 100 %.
Furthermore, hardware and softs do not work flawlessly. All manner of problems - from BSODs to bugs to hardware failures - are a fact of IT-life... an ability to cope with frustration is invaluable in this regard.
Experienced users tend to develop workarounds for bugs that are persistent. If they cannot find a workaround, they either accept the bug and ignore it or abandon the soft without getting all bent-out-of-shape about it.
5. Build a security configuration that correlates with the risk level of your computing habits. Once again, don't add too much.
The natural inclination towards IT security is to build an impenetrable fortress. While on the surface this seems to be logical thing to do, it isn't practical nor possible. What I am suggesting is this:
If you turn on your computer once per week, visit MalwareTips for 15 minutes, then turn it off - you have no need of anything other than a minimalistic security config.
If you are an over-the-top, high-risk user - click-happy, tests malware without knowing what you are doing, download & install anything-and-everything, use warez, cracks & keygens, visit the porn sites, file share, and use torrent sites - you need a well-rounded, fuller-featured security config that addresses most of the associated risks of such behaviors.
ONE CRITICAL POINT ABOUT VIRTUALIZATION: Virtualization is not a security panacea. It does have serious limitations... first, and foremost, being that during any virtual session data can be stolen. A second major concern is encryption containment. Always follow the guidance of soft publishers, security experts and advanced users when configuring light virtualization softs and virtual machines. This topic is huge and can't be covered in any meaningful way here, except to say:
WARNING !! Virtualization does not protect sensitive personal data ! When using any virtualization soft it is recommended that the user put in place guards to protect data during the virtual session. If any malicious file is permitted to run without restriction during a virtual session, then data theft and\or encryption of personal files can occur.
6. Don't use the softs that are widely distributed and regularly targeted for vulnerabilities - Microsoft Office, Microsoft Silverlight, Windows Media Player, Adobe Acrobat, Reader and Flash, Java and Java Runtime Environment, RealPlayer, etc.
The above list is not complete, but does cover the most frequently targeted softs. Reducing the attack surface is particularly effective and easy; not using a vulnerable soft means it can't be exploited on your system and there are many high quality alternatives to be found.
7. Keep your softs up-to-date... always - no matter what.
Unfortunately, there is no straight-forward, direct path to the best security config for you. Only though careful consideration and trial-and-error will any user find what works best. There's no way around it... it is a process that takes time and effort. The end results are a good user experience with adequate base-line security.
Best Regards,
HJLBX
Last edited by a moderator:
