How to know if my Antivirus is really necessary?

SearchLight

Level 13
Verified
Top Poster
Well-known
Jul 3, 2017
625
Everyone here makes a valid point regarding the potential risk of being infected and better to be safe than sorry. That said, much has been said about using the lightest av possible. So I will ask the question every body might be thinking: from experience, what light AV would one recommend to provide the "safe" factor?

KIS and KAF have been widely recommended by some but it has so many components that need to be tweaked that the average user might be baffled as what to set. I myself tried using them but then found my browsing slowed because Kaspersky injects scripts into its browser monitoring. I had to uncheck the feature to speed things up. My point being is that if one starts unchecking various components that are designed for protection for the purpose of speed or using less RAM, then it defeats the purpose of having that specific AV in the first place.

It seems like we now have come full circle to to using Windows Defender again, which everyone originally seemed to hate:) From what I have been reading by others, it sounds like if one uses Windows Defender supplemented by something like VS and/or OSA, and follows good internet habits, one should be good to go. You don't need all the bloat. Agree?

Of course if anyone finds that there security solution works for them, by all means continue to use it.

Btw, if there are any CF/cs devotees who might be offended by my suggestion, no offense intended. I know many here feel that Comodo Firewall tweaked is all that one really needs.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
From what I have been reading by others, it sounds like if one uses Windows Defender supplemented by something like VS and/or OSA, and follows good internet habits, one should be good to go. You don't need all the bloat. Agree?

Sure, Windows Defender + VoodooShield or OSA would be great combos. One could even say that WD is a full suite but without the bloat of many 3rd party suites. WD + Malwarebytes Anti-exploit (perpetual Beta, free and stable) would also be an option.. Just realize the differences between VS, OSA & MBAE. All three are different beasts and aren't comparable to each other.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Everyone here makes a valid point regarding the potential risk of being infected and better to be safe than sorry. That said, much has been said about using the lightest av possible. So I will ask the question every body might be thinking: from experience, what light AV would one recommend to provide the "safe" factor?

KIS and KAF have been widely recommended by some but it has so many components that need to be tweaked that the average user might be baffled as what to set. I myself tried using them but then found my browsing slowed because Kaspersky injects scripts into its browser monitoring. I had to uncheck the feature to speed things up. My point being is that if one starts unchecking various components that are designed for protection for the purpose of speed or using less RAM, then it defeats the purpose of having that specific AV in the first place.

It seems like we now have come full circle to to using Windows Defender again, which everyone originally seemed to hate:) From what I have been reading by others, it sounds like if one uses Windows Defender supplemented by something like VS and/or OSA, and follows good internet habits, one should be good to go. You don't need all the bloat. Agree?

Of course if anyone finds that there security solution works for them, by all means continue to use it.

Btw, if there are any CF/cs devotees who might be offended by my suggestion, no offense intended. I know many here feel that Comodo Firewall tweaked is all that one really needs.
I agree. About VS and CF, they are only usable in some countries because according to my 1 year experience using them, they blocked way too many safe programs in my language. VS and CF are made in US => great whitelisting for English programs
they are not commonly used in Asian countries => too many false blocks = unusable for average users
therefore, we have no choice to opt-in a good AV and hope not to be infected

kaspersky is slow, that's fact. Disabling script injection does not decrease protection (for web protection only, not other supplemental componenents) but have a huge huge increase in browsing speed (Still heavier than other AVs because KIS has a thorough scan)
I don't use kaspersky for myself because it's still heavy even after all my attempts to tweak
 

roger_m

Level 41
Verified
Top Poster
Content Creator
Dec 4, 2014
3,014
How do you know 2nd opinion scanners had the definitions to detect such malware? Haha, I'm just pulling your leg and being too unrealistic...or is IT?. ;) :D
That's a fair question and it's quite simple really.

If I scan my system with multiple second opinion scanners and they all fail to detect any malware, then more than likely my system is clean. But of course, there is a small chance that that my system is infected and they all failed to detect the malware. If I scan my system in a month of two, with the same scanners and they once again fail to detect any malware, then it is highly unlikely that my system is infected, as I believe that it's a reasonable assumption that at least one of the scanners would have added detection for any missed malware.

To take it even further. I often go for years without reinstalling Windows and antivirus software and second opinion scanners never find any malware on my systems.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,456
That's a fair question.

I don't really have any specific source per say, but I've simply drawn my conclusion based on what I see/read on whats happening around the world in this regard.

From what I can see/read, a lot of the major breaches, malware attacks really have been focused on business and governments as of late. It's far more lucrative for them and let's be honest hackers are trying to make money.
Now that's what I personal would call a honest, good and also very friendly opinion. You for sure have gained one extra plus in my book of respect but, I actually partially agree with you on some points. The Hacking landscape have changed the last 20 years ( give or take a year or two ), a small good overview is shown here, and yes nowadays is absolutely about money, Big Money!

Yes, it is a very fair question and especially when some sad people just love to spam it ( Not you @Raiden ) and start scream like spoiled children if questioned, but them self 100% ignore everything and is much rather plain rude and offensive. Reading are for sure not their strongest skill.

News, is one of my favorite forum/section on MT and that's also why I enjoy from time to time share things I find interesting. Not always security news but I highly recommend the news sections as they hold a lot of nerd/geek information and actually shows many times genuine examples of what happens and what can happen in the Hacking landscape. 100% Free education and always 24/7 moderated and approved, before allowed in public. Can't get much better then that IMO.

Company and Governmental attacks! Yes of course it happens, too much if you ask me but what some seem to forget is that more or less each and every one of this companies, governmental authorities etc has a base, a ground that they are build on. People! Common simple citizens and that's the equivalent of, Home users. Those are also the ones that in the end has to pay in one way or another. For example, most I can guess has not missed out on the recent hacking cases in the US that time and time again have crippled whole towns IT infrastructure. Too many " Home users " and even companies has directly been effected. This is not just some " whitepaper " theory examples of super complicated vulnerabilities but actual genuine fully working Hacking examples. Another one that also seem to pass by way too easy, is the constant scandals on Googles platform Play Store especially when it comes to amount of people that gets infected. That Google removes malicious apps is of course great but, is a very poor help and comfort for the victims that already got infected. Google should really shape up as millions and millions of there customers getting hacked, shouldn't be acceptable but it is because it's, Home users! One case example out of too many, over 10 million users ( that's almost all citizens in Sweden! :eek: ) and one don't need to study rocket science or even be the sharpest knife in the draw to understand who was infected when it comes to apps like games and funny photo/video. Please also don't forget another and much more close example here on MT, the Malware Removal Help forum/section. That place is flooded with, Home users!

@Raiden (y)(y)(y)
 

SearchLight

Level 13
Verified
Top Poster
Well-known
Jul 3, 2017
625
Sure, Windows Defender + VoodooShield or OSA would be great combos. One could even say that WD is a full suite but without the bloat of many 3rd party suites. WD + Malwarebytes Anti-exploit (perpetual Beta, free and stable) would also be an option.. Just realize the differences between VS, OSA & MBAE. All three are different beasts and aren't comparable to each other.

I don't remember WD having browser and/or phishing protection, so what would you add to the mix for that? Thanks:)
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
@SearchLight : "I don't remember WD having browser and/or phishing protection, so what would you add to the mix for that? Thanks:) "

WD has network protection. If you use the new Edge it has Smartscreen. Add µBO and you're covered. If you feel the need for protection of other browsers you can use your choice Windows Defender Browser Protection, Bitdefender Traffic Light, Malwarebytes Browser Extension or Emsisoft Browser Protection. Netcraft if you feel you need the phish protection.

And if you use µBO in medium mode in any browser you don't really need any other extensions.
 
Last edited:

monkeylove

Level 10
Verified
Well-known
Mar 9, 2014
489
Definitely. You never know what flash drives are inserted that were used elsewhere, and that contain malware that WD did not detect. And you can't expect novice users to remember to scan flash drives using other programs, not to switch to another browser that has no adblockers in case they can't view a page properly, etc.

Given that, it's best to use an antivirus, addons in browsers in default mode, and a set-and-forget backup system.
 

SearchLight

Level 13
Verified
Top Poster
Well-known
Jul 3, 2017
625
For those considering reverting back to WD, myself included, does anyone know how to reset WD back to its default settings? I played around with the settings long time ago in the group policy editor, and I think in the registry but don't remember what the defaults were. Became a hassle, so I opted for 3rd part AV.

From what I am Google searching, there does not seem to be a one button reset for default settings or some type of script or hack that would accomplish the same.

Suggestions? I am sure there are others here who did the same. Would be good to know. Thanks.
 

SearchLight

Level 13
Verified
Top Poster
Well-known
Jul 3, 2017
625

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Using that now. Works and setting WD for High in AFCD. Will add VS next. It would be nice if Andy could add a color to each security button to highlight what settings one applied. I think I am good to go, light but strong WD + VS.
It is not possible. Only for ASR rules, they are 2^14 = 16 384‬‬ possibilities (and much more with Audit setting).:giggle:
Although, the more "ON" settings, the stronger is the protection.
 
Last edited:

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
@SearchLight @uduoix

See especially last two paragraphs from ConfigureDefender user guide:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Group Policy settings can override but do not change native Windows Defender settings. The native settings are automatically recovered when removing Group Policy settings. The ConfigureDefender utility removes the settings made via direct registry editing under the policy key: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender This is required because those settings would override ConfigureDefender settings.

The ConfigureDefender utility may be used on all Windows 10 versions. But, on Windows Professional and Enterprise editions it will only work if your Administrator has not applied Defender policies by using another management tool, for example, Group Policy Management Console. These policies are set to "Not configured" by default. If they have been changed by Administrator, thenthey should be reset to "Not configured". Group Policy settings may be found in Group Policy Management Console: Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Defender Antivirus The settings under the tabs: MAPS, MpEngine, Real-time Protection, Reporting Scan, Spynet, and Windows Defender Exploit Guard should be examined.

Please note: Group Policy Refresh feature will override ConfigureDefender settings if Defender Group Policy settings are not reset to "Not configured"! ConfigureDefender should not be used to configure the settings, alongside other management tools deployed in Enterprises, like Intune or MDM CSPs.
 
4

436880927

3. Hackers in general have changed their approach. Home users really aren't the target anymore. Hackers IMO are being more selective and their primary focus is to attack and infect businesses and governments. While home users can still get infected, its largely due more to poor habits than anything.
With all due respect, I have access to a lot of intelligence services which provide me with samples recently found in the wild - collected through numerous sources such as their own connections, honey-pots and manual hunting - and the 1,000,000+ samples I receive monthly as part of having the resources I have claim otherwise. A majority of them are targeted towards people irrespective of whether they are a home or business consumer.

The sample collections are not always completely unique. Normally, uniqueness ranges between 100,000-300,000 samples. However, that's still a lot of unique samples being recently found in the wild.

VirusTotal Intelligence is one of my favorite because of the YARA rules feature - it allows me to setup a collection of YARA rules which will be applied on VirusTotal files with real-time scanning support. In layman's terms, it allows me to find fresh samples of a particular malware family/variant if the signature still matches once that sample finds its way onto VirusTotal. Furthermore, this can be used to setup "heuristic" signatures so you can find new files which are likely going to be malicious.
 

SearchLight

Level 13
Verified
Top Poster
Well-known
Jul 3, 2017
625
3^14 = 4 782 969‬ possibilities for ASR rules with ON, Disable, Audit settings.:(
But only one possibility if all of them are ON.:giggle:

I did not mean each toggle switch within the GUI. I only meant a color for each of the three buttons only labelled DEFAULT, HIGH, and MAX to know quickly what I had set as parameters. Just a suggestion.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I did not mean each toggle switch within the GUI. I only meant a color for each of the three buttons only labelled DEFAULT, HIGH, and MAX to know quickly what I had set as parameters. Just a suggestion.
I have understood you well, but these three buttons are prepared to apply only the initial setup, and the users can adjust some settings in many ways. If you have DEFAULT setup and will set to ON one ASR rule, that will also make your setup not DEFAULT, not HIGH, and not MAX. The same will happen with HIGH or MAX if the user will change any single setting.
Your idea would make sense if there will be only those three buttons without the possibility to tweak the options. (y)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top