- Jun 24, 2016
- 2,487
A good antivirus is a must have. It minimizes the times you have to enter damage control mode to clean up the mess caused by a successful malware attack. Antivirus has always been the go-to solution to fight malicious software and cyber criminal tactics. And it still is. Malware, phishing scams, ransomware, DDoS – these are just a handful of the threats that lurk on the Internet.
HOW TO CHOOSE THE BEST ANTIVIRUS
To start with, you must know and have clear: there is no best antivirus ever created to give you online invulnerability. There are, still, some great antivirus software that may or may not suit you depending on your system software and hardware.
Then, how do i choose the best for me?
When it comes to your personal best security software, things you should check before making it your main security layer:
We should start with the most important security advice. Don't let a machine decide wether something's safe or not. That should be the last line of defence. The safest method to avoid infection, is trusting nothing. This can be achieved with modules or programs like Application Control or anti-executables. Let's sum it up: safest way to not get infected = don't let anything execute. Application Control modules (such as the one included in Kaspersky Internet Security), anti-executable programs (such as VoodooShield), and software restriction policies (such as Hard_Configurator by Andy Ful), can be configured to "not let anything execute", only what's necessary. Although this may seem crazy, it's the safest way to avoid malware. These kind of configurations will block the execution of any program, script, or software that attempts to run in your system. This includes malicious software and safe programs. Of course, these modules like AC or SRP include options to whitelist your desired software or executables, but the point is clear.
Things occur in the background, things to cannot see (such as scripts execution, payload downloads, process injections). The only way to keep your system under control is to restrict it from executing anything. Let's take Hard_Configurator as an example. Once downloaded and configured, this hardening tool will whitelist all the import files and software your OS needs to function, your desired used software and shortcuts. Any other software that tries to run which you haven't whitelisted, won't. For example, if you haven't whitelisted Discord, discord.exe will try to run from AppData/Roaming, but... news! It won't happen. You'll get an error, because nothing can execute unless you have indicated. Now imagine that shady crack you downloaded for Camtasia, which you whitelisted because your antivirus told you it was safe, uses powershell.exe to download a suspicious malicious payload into AppData temp folder, and gives the PS the instruction to execute. News! It won't. Because your default-deny software is configured to not allowing anything to run unless you've said so. Head to MT forums, read about anti-executables, Application Control and SRP. Check for Hard_Configurator, VoodooShield, Exe Radar Pro.
Another modules you would like include:
Let's talk about the firewall.
Some AV’s can filter and scan your internet traffic to detect incoming threats before they reach your device. A firewall is really a DO IT on this Internet Age. Windows built-in firewall is always a good option, but if you're considering paying for an Internet Security suite, make sure it includes a decent firewall that's actually worth disabling Windows'. Many security software include awsome firewalls, like Emsisoft, Kaspersky, Norton. Don't forget to research on that before using it. You can always combine your free product with a third-party firewall like Comodo or ZoneAlarm, even use Windows'.
Alright RoboMan, you just told us what to do, now what shouldn't i do?
Well then, thanks for asking mysterious stranger:
FINAL ADVISES:
At the end of the day, most antivirus will be the same. They'll all offer you decent protection and detection, and you'll find out you can choose the one that fits you the best. Most of the times, you will find this great security software you love. It includes awesome modules and it makes you feel protected. Still, you're not sure, because if has no firewall. But you will have researched, found out you could harden Windows Firewall with Windows Firewall Control. Maybe you feel Windows Defender is not enough , but you have read about ConfigureDefender which you can use to maximize its potential.
Harden your OS, cover all of your OS' weak points. Keep it simple, reduce the attack surface. Not always the more is the best. Sometimes less is more. Knowledge is your best tool. Educate yourself, surf safely.
Feel free to comment anything to add.
HOW TO CHOOSE THE BEST ANTIVIRUS
To start with, you must know and have clear: there is no best antivirus ever created to give you online invulnerability. There are, still, some great antivirus software that may or may not suit you depending on your system software and hardware.
Then, how do i choose the best for me?
When it comes to your personal best security software, things you should check before making it your main security layer:
- CPU usage and RAM consuming: make sure your system has enough hardware as to run the selected software. You don't want to turn your security into a nightmare.
- File detection ratio and real time protection: despite nowadays signature based solutions are kind of...not so good, they still have years of useful life, even more now that AV Vendors are including more modules to complement the basics. To be sure your software has a decent detection ratio and real time protection security, the best you can do is test by your own on a Virtual Machine. Everything on how to do this can be found on the MalwareTips Malware Vault (reach 100 posts!). As well, you can find testings by our Testers or videoreviews by our AV Reviers.
- Script blocking and Behaviour Blocker: now most malware is zeroday, more security layers are required. You can always install more software as to cover all weak points, but it's always nice to have one-for-all software that protects you as many would do. Be sure the antivirus you're installing has a decent Behaviour Blocker to analize on the background every file that tries to create, modify or whatever on your system. This would not only block malware that tries to run, but detect and stop active malware to download payloads.
- Malware removal: research. Google is your best ally when you don't want to do your own tests. Google and our precious Malware Testers. Be sure your AV is capable of efficiently removing and disinfecting all malware. And if you're choosing a free product, be sure you don't have to pay for removal!
- Ransomware protection: welcome to 2017, Ransomware party! Be sure your suite has a good ransomware protection, though many behaviour blockers will help you here, an extra security layer to avoid this head ache malware is a very good option. Many Security Suites have one now, as it's a must because of the danger it talks about.
We should start with the most important security advice. Don't let a machine decide wether something's safe or not. That should be the last line of defence. The safest method to avoid infection, is trusting nothing. This can be achieved with modules or programs like Application Control or anti-executables. Let's sum it up: safest way to not get infected = don't let anything execute. Application Control modules (such as the one included in Kaspersky Internet Security), anti-executable programs (such as VoodooShield), and software restriction policies (such as Hard_Configurator by Andy Ful), can be configured to "not let anything execute", only what's necessary. Although this may seem crazy, it's the safest way to avoid malware. These kind of configurations will block the execution of any program, script, or software that attempts to run in your system. This includes malicious software and safe programs. Of course, these modules like AC or SRP include options to whitelist your desired software or executables, but the point is clear.
Things occur in the background, things to cannot see (such as scripts execution, payload downloads, process injections). The only way to keep your system under control is to restrict it from executing anything. Let's take Hard_Configurator as an example. Once downloaded and configured, this hardening tool will whitelist all the import files and software your OS needs to function, your desired used software and shortcuts. Any other software that tries to run which you haven't whitelisted, won't. For example, if you haven't whitelisted Discord, discord.exe will try to run from AppData/Roaming, but... news! It won't happen. You'll get an error, because nothing can execute unless you have indicated. Now imagine that shady crack you downloaded for Camtasia, which you whitelisted because your antivirus told you it was safe, uses powershell.exe to download a suspicious malicious payload into AppData temp folder, and gives the PS the instruction to execute. News! It won't. Because your default-deny software is configured to not allowing anything to run unless you've said so. Head to MT forums, read about anti-executables, Application Control and SRP. Check for Hard_Configurator, VoodooShield, Exe Radar Pro.
Another modules you would like include:
- File Shredder, DNS Protection, Password Managers, Phishing protection, Antispam, Browser protection.
Let's talk about the firewall.
Some AV’s can filter and scan your internet traffic to detect incoming threats before they reach your device. A firewall is really a DO IT on this Internet Age. Windows built-in firewall is always a good option, but if you're considering paying for an Internet Security suite, make sure it includes a decent firewall that's actually worth disabling Windows'. Many security software include awsome firewalls, like Emsisoft, Kaspersky, Norton. Don't forget to research on that before using it. You can always combine your free product with a third-party firewall like Comodo or ZoneAlarm, even use Windows'.
Alright RoboMan, you just told us what to do, now what shouldn't i do?
Well then, thanks for asking mysterious stranger:
- Don't rely on AV-Testing like AV-TESTS, AV-COMPARATIVES, PC-MAG, etc. Despite some of them may actually be, let's say, "accurate" they do not represent your system or how malware and antivirus software would behave on your specific system. For this, trust your own tests or MalwareTips testers, whose virtual environment is much more similar to yours.
- Do not rely as well 100% on a single test: two days and two malware packs are not enough to conclude Kaspersky is the best against ransomware malware. If you're not willing to make your own tests, research for many tests that could actually represent your system. Make sure fresh packs are used and system configuration is settled as you would use it.
- Do not use more than two antivirus or same software: OK, most of you knew that. Still many new members have no clue on what i'm talking about. Two or more antivirus suites or software with the same purpose, say two firewalls, will NOT give you more security layers. On the other hand, this will conclude on excessive CPU and RAM usage, BSOD, incompatibility and less security, since they will end up disabling components and highlighting as possible malware.
FINAL ADVISES:
At the end of the day, most antivirus will be the same. They'll all offer you decent protection and detection, and you'll find out you can choose the one that fits you the best. Most of the times, you will find this great security software you love. It includes awesome modules and it makes you feel protected. Still, you're not sure, because if has no firewall. But you will have researched, found out you could harden Windows Firewall with Windows Firewall Control. Maybe you feel Windows Defender is not enough , but you have read about ConfigureDefender which you can use to maximize its potential.
Harden your OS, cover all of your OS' weak points. Keep it simple, reduce the attack surface. Not always the more is the best. Sometimes less is more. Knowledge is your best tool. Educate yourself, surf safely.
Feel free to comment anything to add.
Last edited: