"Overkill": excessive protection and the false sense of security

[RoboMan]

How many times have you seen it? Or suffered it? It's the overkill disease and these are the most common forms in which they can be found:

• What else can I add to my setup? I currently have Kaspersky Total Security + VoodooShield Pro + OSArmor + Comodo Firewall (cruelsister settings!)
• What's a good antispyware to add to BitDefender Internet Security + MalwareBytes?
• Which anti phishing extension can I add to Chrome? Already have MalwareBytes Browser Extension, Webroot Security and Norton Extension.

Well I got news for you overkill believers! It doesn't work. It just doesn't.

---------------------------------------------------------
We've been raised with a false sense of security, which is: the more, the better. WRONG.
We even affirm sometimes: if you're a novice user, then yes you need to install lots of programs. WRONG.
---------------------------------------------------------

We shall be clear on this subject, since it's really a delicate matter: doesn't matter who you are or what you do, overkill is bad for your system.

There's no gain on triple antivirus, triple signatures, penta real time analysis software or fourty four anti-executables. Overkill murders the fun of an optimized system. Plus it doesn't protect you more.

Here's why:

We tend to believe, more security means less infection. Although this may be true, it shall be explained. When we say more security is better, reading between the lines is needed. More security means covering all weak points on a system: files execution, removable medias infections, browser attacks, exploits, information stealing, etc. You need to be sure all possible attacks against your system are covered. Good news, many programs on the market do this with one single product, called "SUITES", and generally under the names of Internet Security, Total Security. Suites like, for example, Kaspersky Total Security offer a great variety of modules, such as virtual keyboard for transactions, disk encryption, real time protection, parental control, signatures, anti-executable (variation from), and lots of extra modules. In most of the cases, novices (specially) and even experts, a well configured suite is all you need. Go add VoodooShield and OSArmor to Kaspersky Total Security. You'll find a super charged system, with two programs that literally do nothing, since their job is already done by the aforementioned suite.

When you wonder: I want the best protection for my needs, think not in "how many software should I have", but rather "which software can offer me all I need". Sometimes you will need to combine, that's true. But there's an unnecessary action on combining software with the same functions.

"Two antivirus is better since, if one misses something, the other one will catch it." - this type of thought will get you infected. You 100% rely on human-coded software. You're done.

Plus, as well, and the most important disadvantage on overkill: your system performance drop to the ground, for no real extra security.

"I prefer security over performance:" - you prefer a false sense of security, with an extra dose of unnecessary SSD writes.

When searching for your perfect security setup, stop thinking on how much you need to spend or how many softwares will you combine. Start thinking on your weak points. The easiest malware entrances.

Browser: isolate your browser. Use an ad-blocker. Phishing and malware protection when you surf. Block scripts and Java/Flash. Use a browser container like Sandboxie.
Removable media and autoruns: disable autoruns from all media.
Scripts and macros: disable Windows Script Host. Disable unneeded interpreters. Use an anti-executable.
Files and general downloads: use basic signatures, or maybe it's already cover by your browser isolation!
Backups: always have a data and system backup/image. Be always ready for the worse!

You're done.

See what we have done there? That's a minimum system impact and most weak points are covered.

We navigate through an insecure/hacked site? The browser is isolated, we're covered. We download an unsafe file? Covered by our security browser extension. We recieved a suspicious mail file? WSH is disabled. Oh, we even have an anti-executable that detected a file execution on AppData. We're safe. No need for a mountain of RAM eaters.

Do not miss the point. Don't kill your SSD and performance for a false sense of security. All barriers can be penetrated when you don't care about learning online security. Read. Learn. Teach. Basic three rules for a safe enviroment. There's always a last alternative if you don't want to learn. Use Umbra Total Security and just forget about any malware issue on your PC and all the PC 50KM around (even if they don't have it installed since it cleans systems over-the-air).

Comment and discuss!

 

[Deleted member 178]

Not saying my latest edition Umbra Total Security 2023 (yes we are years ahead) is capable of assimilating every security apps previously installed while boosting your cpu calculating power!

More seriously, @RoboMan you just detailed what i kept repeating: cover the entry points by complementary apps not redundant ones.

 

[Deleted Member 3a5v73x]

Scripts and macros: disable Windows Script Host. Disable unneeded interpreters.

Wut are those?

 

[Deleted member 178]

Wut are those?

Mysterious entities created to feed the paranoia of security geeks.

Security forums are the only place in the world where paranoia is seen as a virtue and not a mental sickness...

 

[Sunshine-boy]

Good post Plastic Man
https://wikileaks.org/ciav7p1/cms/files/2014_EN_BreakingAVSoftware_JoxeanKoret.pdf
1- according to this research more engine in AV means more Vulnerability and risk for my windows.
2- more security tool means more whole in windows since they can be exploited and change from AV to spyware .
3- using an AV without a good bug bounty is dangerous. better to use Apps that have good bug bounty(Windows Defender, Avast, 360, Kaspersky and Symantec are good examples)
Simple free Av(WD,360, Kaspersky, Avast)+windwos inbuilt tools(SRP, App locker, Hyper-V)===best practice

 

[Moonhorse]

Browser: isolate your browser. Use an ad-blocker. Phishing and malware protection when you surf. Block scripts and Java/Flash. Use a browser container like Sandboxie.

There isnt really talk about this, is it necessary when using chrome/ firefox?

I would understand sandboxing forks like palemoon, basilisk etc.

I would use sandboxing when using antivirus like qihoo 360, or either tool re:hips wich is doing it best
But like if you have already anti-exploit / browser protection would it still be wise to install sandboxie as example?

if someone is using avast free + OSA as example, would he benefit by using sandboxie on browser, since it means installing another piece of software? Or is it meant to be like using sandboxie with the antivirus, when not having OSA

 

[DeepWeb]

Mysterious entities created to feed the paranoia of security geeks.

Security forums are the only place in the world where paranoia is seen as a virtue and not a mental sickness...

You know earlier this decade there were tinfoil hat people who said that the NSA was collecting massive amounts of data, that Bitlocker was broken, that Intel's CPUs were leaking cryptographic keys, that WPA2 was a broken standard, that Kaspersky phones back to the Russian government, that Facebook is selling your private messages to advertisers. :notworthy:

It's a great decade for conspiracy theorists and tinfoil hats. All of their suspicions turned out to be true and it raises the question, if those suspicions are true, then what about the others that are still left floating around? My next setup will be a modern AMD CPU and something that has a TPM chip, preferably a Chromebook that I want to connect to my own private server because I have way too many spare HDDs and SSDs lying around when I upgraded to SSD. I think the future is hardware-based security and people moving to their own personal clouds because we are growing increasingly skeptical and that's good.

 

[Aleeyen]

Having too many security apps is like having the Great Wall of China, it costs a lot on resources, you become over confident and you just can't manage it properly. You don't even know where it gets breached.

 

[artek]

There isnt really talk about this, is it necessary when using chrome/ firefox?

I would understand sandboxing forks like palemoon, basilisk etc.

I would use sandboxing when using antivirus like qihoo 360, or either tool re:hips wich is doing it best
But like if you have already anti-exploit / browser protection would it still be wise to install sandboxie as example?

if someone is using avast free + OSA as example, would he benefit by using sandboxie on browser, since it means installing another piece of software? Or is it meant to be like using sandboxie with the antivirus, when not having OSA

It might even make you less secure. Both Chrome, and Firefox on windows have their own sandbox/isolation schemes, and you really have no idea how sandboxie interacts with your browsers baked in security features. If you trust this tiny company to do a better job than Google idk what to tell you.

 

[brod56]

Updates are also a very important factor in your security. Adding many programs while being on an outdated version of Windows is pointless. Be aware of the vulnerabilities.

 

[vaccineboy]

It might even make you less secure. Both Chrome, and Firefox on windows have their own sandbox/isolation schemes, and you really have no idea how sandboxie interacts with your browsers baked in security features. If you trust this tiny company to do a better job than Google idk what to tell you.

I think less secure might be a bit too much but Sandboxie is an overkill itself nowadays.
Experts in this forums are responsible for feeding paranoia to noobs. I'm a noob myself but have trained myself to obsess with other stuffs,
like pr0n.

 

[JM Safe]

Overkill is not good. Period. Honestly I always suggest 2 on demand scanners, but in real-time AV (or AntiEXE) + SBIE is enough. I use also ZAL because of 0 day malware prevention. But having 2 or 3 AVs at the same time (no joking I saw this on Security Configs) is not very good and could cause conflicts and unstable OS.

 

[JM Safe]

I think less secure might be a bit too much but Sandboxie is an overkill itself nowadays.
Experts in this forums are responsible for feeding paranoia to noobs. I'm a noob myself but have trained myself to obsess with other stuffs,
like pr0n.

Sandboxie is not overkill, Chrome sandbox concept is a bit different than Sandboxie. Sandboxie can help a lot to avoid malware infections via the browser.

 

[vaccineboy]

Sandboxie is not overkill, Chrome sandbox concept is a bit different than Sandboxie. Sandboxie can help a lot to avoid malware infections via the browser.

With an adblocker, the chance of getting infected via browser is reduced to really really small (I believe, experts back me up here) so having Sandboxie is most likely a placebo to me.

Experts here are bad because instead of preaching sane practices, they are immersing in an imagined apocalyptic cyber world and purposefully drowning susceptible souls while devilishly laughing at them. I guess sheeps will be sheeps until one morning, tired after configuring softwares all night before going to work (non-IT), they ask themselves: when was the last time I, or my happy-clicking porn-loving dad, get a virus?

 

[mlnevese]

The way some people behave makes me believe they think you can't even turn on a computer without it getting infected by 10 different 0 day malware and being attacked by at least 3 different countries...

 

[ichito]

When searching for your perfect security setup, stop thinking on how much you need to spend or how many softwares will you combine. Start thinking on your weak points. The easiest malware entrances.

Browser: isolate your browser. Use an ad-blocker. Phishing and malware protection when you surf. Block scripts and Java/Flash. Use a browser container like Sandboxie.
Removable media and autoruns: disable autoruns from all media.
Scripts and macros: disable Windows Script Host. Disable unneeded interpreters. Use an anti-executable.
Files and general downloads: use basic signatures, or maybe it's already cover by your browser isolation!

You're done.

And that's why MT should rethink factors and rating of users security config

 

[stefanos]

There isnt really talk about this, is it necessary when using chrome/ firefox?

I would understand sandboxing forks like palemoon, basilisk etc.

I would use sandboxing when using antivirus like qihoo 360, or either tool re:hips wich is doing it best
But like if you have already anti-exploit / browser protection would it still be wise to install sandboxie as example?

if someone is using avast free + OSA as example, would he benefit by using sandboxie on browser, since it means installing another piece of software? Or is it meant to be like using sandboxie with the antivirus, when not having OSA

I use Avast pro . Have sandbox + OSArmor. Very light combo

 

[Thales]

Good @RoboMan and I'm just repeating myself... less is more!

 

[RoboMan]

And the most important fact about overkilling your system, the first thing I learnt here when I joined: "The more programs you have, the biggest attack surface"!

 

[DeepWeb]

I agree with Umbra and RoboMan. In hindsight we spent too much time worrying about our security and not enough just enjoying using our devices. But I have personally reached the point where I ran out of things to tweak and I can just focus on using my computer.