I can make it even shorter. As long as antivirus vendors exist, the AVs are NOT enough. There is a reason that several AVs exist. This makes the attackers' lives harder.
Microsoft quietly reveals whether you need a third-party antivirus software in Windows 11
- Thread starter Gandalf_The_Grey
- Start date
Well... last infection I had was back in 2011... I think... when I was 13. But I will make sure to post here if I ever get infected again.This is also a reason why most people can sometimes get infected.
Just for the reference, this was me when WannaCry attack happened: (yes, I never got to experience any ransomware)
Actually—no. The only reason why 3rd party antivirus companies exist is because Microsoft never bothered to provide any (functional) protection before the release of Windows 10. Only then Microsoft realized that users shouldn't pay for protection and developed competing product. People still living in the past are keeping them alive.
Don't believe me? Here... I'll prove you!
Go ahead and take a look what popular antivirus software vendors (Avast, AVG, Avira, Bitdefender) looked like in 2011/2012. Pay attention to protection modules their software package came with. After that, visit websites of same antivirus vendors and see what protection modules they sell now.
Have you noticed how all antivirus vendors started to bundle VPNs, drivers/software updaters, system cleaning tools and are selling them as a separate modules? Yeah, Microsoft gives protection for free so if they wanted to keep customers they had to sell something.
When first AV apps for Android came, they were strictly apps scanning your device to find malicious apps. Now they are cleaners, optimizers, VPNs, device locators, app lockers; literally everything. Do you see it now?
This is very true, but it does not necessarily contradict what @RansomwareRemediation posted. His post is related to the present and future, so any history of AVs development cannot make it untrue. Let's hope other vendors survive in the market, and people will still use several AVs. The hegemony of one option is unhealthy.
Of course! Every competition is good competition, people should have variety of software to choose from. However, the fact is majority will settle with the default option, especially if it's free.
All I'm saying is I agree with Microsoft here. You don't need antivirus software because Defender became very capable and it won't cause you any issues with Windows whatsoever. Along with your tool, it can protect your PC even better than some 3rd party options that cost money.
I'm still saying; people get infected because or their own stupidity. The only way to get malware is by running malicious files, whether it be by downloading and running it from a web browser, e-mail or torrent client. There are no other ways to get infected.
Out of all people on planet Earth, I'd expect everyone here to be champions in security. Though it seems that some people here still think "more and complex" means better when in fact it isn't.
Last edited:
Although this is almost always true at home, some exceptions can happen, for example:
- If one of the family computers is infected, the malware can spread to other computers over the home network.
- Malware (like the Emotet worm) can infect someone nearby and spread by brute-forcing your Wi-Fi network.
- Attackers can remotely infect your router by using an exploit.
- Attackers can remotely exploit one of the IoT devices and then exploit your computer.
First: Your wrong, router malware is very common MIRAI botnet ring a bell? If it wasn't an issue you would see vendors never release updates but they do. What is uncommon is APT level implants that survive firmware upgrades/router resets that takes some engineering and time and resources but common unpatched routers are a huge problem.
Second: OK who do you trust then? RU maybe CN or even NK. I know which government I would choose to be honest about security. NO one is denying or defending Trump related issues and brain farts and no one is defending some of the weird units in his administration but I would trust what the NSA or USA government has to say over others.
I'll give you this one. This is a number 1 concern in enterprise environments. Though when I was setting up my PCs at home, file and printer sharing was disabled by default on all of my PCs. Before anyone asks, network was set as private, yet I would have to manually enable everything before I could see other devices. Nonetheless, I keep file sharing disabled as I prefer to send files to other PCs using services like toffeeshare.com or justbeamit.com.
We need to keep in mind though that as time goes by, less and less people own a PC at home and they are being replaced by tablet computers which can pretty much do the same beside gaming. Majority in the world either has only one PC at home or doesn't have it at all (I know a lot of people that uses their phone as one and only device). So I wouldn't have it is large concern for home users; but it remains the issue for businesses that run large number of PCs and local network, yes.
It can; Emotet works by targeting unsecure and easy to guess passwords. Modern Wi-Fi routers are protected from these types of attacks. Keep in mind that brute forcing Wi-Fi isn't anything new and is as old as is the Wi-Fi technology itself.
Hackers can only hack the router three ways:
1. Your ISP gets hacked and hacker uses their connection to your ISP-provided router and launches an exploit
2. Your router uses exposes itself to the world wide web; has ports open, UPnP, or has firewall disabled
3. Your device is hacked and you're using default password for entering router's internal page
Obviously, there are ways Wi-Fi network can be hacked, but here I talk exclusively about hacking a router itself, not the network. Cover these three and you will never be hacked. Up until 2022, I was using ISP provided router from 2014 and none of my devices were ever hacked (I know, right?).
They can! And one infected device is enough. However, how many realistically IoT devices you own at home and how many of them are connected to the internet, or have ability to use online services? Of all IoT devices possible, I only have Smart TVs, phones and computers. I have IoT washing machine, but I never connected it to the internet nor installed an app because I don't need it.
All of these are real concerns, but for typical home user aren't really a concern. We have to keep in mind that businesses are real target, not you.
So MIRAI botnet... it works by scanning the internet for exposed IoT devices and abuses default and unsecure passwords. Something you can avoid by simply doing a digital hygiene which is exactly what I'm talking about—stop exposing your devices to the world wide web and use strong password (even though the first thing is more than enough).
Any IoT can be connected to the internet, it just can't have open ports to it and be exposed on the internet. This is where your router's firewall comes into place.
I don't trust any government. I just do a research myself using multiple sources and come with some conclusion. It's also worth not to lose your mind over government statements.
How to you practice safe hygiene when your router has a open Telenet/SSH port with hard coded default admin credentials? Only a firmware upgrade can fix that.
And most people working in high level security companies got their start in government especially NSA. It's not simple but I'd trust USA vs others.
you are missing one: the router/modem has a vulnerability. an RCE kind is the worst. Vulnerabilities has nothing to do with your settings, passwords. Worse thing still when it does not have an update function.
Plenty of those. How many people use their ISP supplied router? Even the big companies do not update firmware often.
Hackers comes in many grades. Those that pass and are willing become cybercrooks. Those that don't hack you and me. I'll admit it with no shame I have been hacked before. I wasn't as good in cyber defense then, with still lots more room to grow.
Last edited:
If you're using ISP router, contact them. They have ability to open/close ports as you wish.
I can say that all routers issues by Croatian ISPs are not exposed to the web and only they have ability to remotely connect to the router itself. None of the routers or ISP here were ever hacked due to strong security.
If you're using your own router, I doubt Telnet/SSH can't be disabled (I'm not at home, but I think my Asus lets me do that). In case you can't, I'd change username, use a strong password and quickly contact router's manufacturer.
If router isn't exposed to the web, the only way to hack it is through your ISP (if hackers attack them), by hacking your device and gaining access to router internal page and by hacking your Wi-Fi and gaining access that way.
Not everything is visible buddy. Just like how malware goes step by step inside your system, you never see those things visible on screen, and they don't need to touch your desktop icons nor start menu nor systray. And you never see a window opening when they run things.
Last edited:
Correct. Again, unless your devices aren't hacked (which you'd obviously notice) and your router isn't exposed to the web (which you can easily test)—you're safe.
People seriously need to chill and stop reading clickbait articles, especially regarding security. We can find million possibilities for attacks, but chances of them happening are almost non-existent.
I just stick to my security philosophy and I never get hacked. Pretty much none of these vulnerabilities found ever concern me. For large chunk of them you basically need physical access to device which ain't happening.
... or as I posted, "Although this is almost always true at home, some exceptions can happen".
It is possible, but at home, in most cases, the attackers do not bother to be silent. Almost all attacks can be easily discovered when checking the artifacts of malware persistence. More evasive threats can be mainly identified by temporarily blocking LOLBins and using a strict WDAC policy, which allows only Windows signed processes.
Microsoft quietly reveals whether you need a third-party antivirus software in Windows 11
Microsoft explains if Windows 11 needs third-party antivirus in 2026 as Defender matches top tools and AI-driven threats reshape security.www.windowslatest.com
It's always the case you think you have never been infected or compromised until you are infected. Just assume you are pwned or compromised and move forward.
Acceptance does not mean you make it easy for attackers, you have to at least make them work a little.
Acceptance does not mean you make it easy for attackers, you have to at least make them work a little.
You may also like...
-
How I disabled 13 AI features in Windows 11 safely, no third-party apps needed- Started by Gandalf_The_Grey
- Replies: 4
-
How would you describe Microsoft Defender's protection in 2026?- Started by RoboMan
- Replies: 19
-
Windows 11 is finally killing off legacy printer drivers in 2026
- Started by Gandalf_The_Grey
- Replies: 6
-
Mozilla slams Microsoft's attempts to force Copilot on customers- Started by Parkinsond
- Replies: 9
-
Microsoft outs Windows 11 KB5085516 to fix internet access to OneDrive, Edge, Teams, Copilot
- Started by Gandalf_The_Grey
- Replies: 2