- Jun 6, 2017
- 477
.... one reason why iOS has its advantages over Windows.
"Overkill": excessive protection and the false sense of security
- Thread starter RoboMan
- Start date
.... one reason why iOS has its advantages over Windows.
- May 26, 2014
- 1,339
Spot on @RoboMan, very nice insights.
In all those years visiting security forums I have seen some so bad setups that makes me wonder if they actually use their computer for something besides testing security solutions.
Example:
This is simple insane and beyond stupid ...
In all those years visiting security forums I have seen some so bad setups that makes me wonder if they actually use their computer for something besides testing security solutions.
Example:
This is simple insane and beyond stupid ...
- May 3, 2015
- 1,739
This thing probably shoots half a dozen security prompts at the user just to run the calculator...
- May 16, 2018
- 1,363
Nope.
More is better.
If one is good, 5 is better, 10 is more betterer.
Our goal here is to stack as many security solutions as possible on a system.
If you don't achieve security software conflicts, slowdowns, freezes, and BSODs, you are not trying hard enough. Try harder.
More system pain = More system gain
More is better.
If one is good, 5 is better, 10 is more betterer.
Our goal here is to stack as many security solutions as possible on a system.
If you don't achieve security software conflicts, slowdowns, freezes, and BSODs, you are not trying hard enough. Try harder.
More system pain = More system gain
- Jul 6, 2017
- 2,392
We must have the right programmes and not repeat more of the same. More is not better.
View attachment 204892
How many times have you seen it? Or suffered it? It's the overkill disease and these are the most common forms in which they can be found:
Well I got news for you overkill believers! It doesn't work. It just doesn't.
- What else can I add to my setup? I currently have Kaspersky Total Security + VoodooShield Pro + OSArmor + Comodo Firewall (cruelsister settings!)
- What's a good antispyware to add to BitDefender Internet Security + MalwareBytes?
- Which anti phishing extension can I add to Chrome? Already have MalwareBytes Browser Extension, Webroot Security and Norton Extension.
---------------------------------------------------------
We've been raised with a false sense of security, which is: the more, the better. WRONG.
We even affirm sometimes: if you're a novice user, then yes you need to install lots of programs. WRONG.
---------------------------------------------------------
We shall be clear on this subject, since it's really a delicate matter: doesn't matter who you are or what you do, overkill is bad for your system.
There's no gain on triple antivirus, triple signatures, penta real time analysis software or fourty four anti-executables. Overkill murders the fun of an optimized system. Plus it doesn't protect you more.
Here's why:
We tend to believe, more security means less infection. Although this may be true, it shall be explained. When we say more security is better, reading between the lines is needed. More security means covering all weak points on a system: files execution, removable medias infections, browser attacks, exploits, information stealing, etc. You need to be sure all possible attacks against your system are covered. Good news, many programs on the market do this with one single product, called "SUITES", and generally under the names of Internet Security, Total Security. Suites like, for example, Kaspersky Total Security offer a great variety of modules, such as virtual keyboard for transactions, disk encryption, real time protection, parental control, signatures, anti-executable (variation from), and lots of extra modules. In most of the cases, novices (specially) and even experts, a well configured suite is all you need. Go add VoodooShield and OSArmor to Kaspersky Total Security. You'll find a super charged system, with two programs that literally do nothing, since their job is already done by the aforementioned suite.
When you wonder: I want the best protection for my needs, think not in "how many software should I have", but rather "which software can offer me all I need". Sometimes you will need to combine, that's true. But there's an unnecessary action on combining software with the same functions.
"Two antivirus is better since, if one misses something, the other one will catch it." - this type of thought will get you infected. You 100% rely on human-coded software. You're done.
Plus, as well, and the most important disadvantage on overkill: your system performance drop to the ground, for no real extra security.
"I prefer security over performance:" - you prefer a false sense of security, with an extra dose of unnecessary SSD writes.
When searching for your perfect security setup, stop thinking on how much you need to spend or how many softwares will you combine. Start thinking on your weak points. The easiest malware entrances.
Browser: isolate your browser. Use an ad-blocker. Phishing and malware protection when you surf. Block scripts and Java/Flash. Use a browser container like Sandboxie.
Removable media and autoruns: disable autoruns from all media.
Scripts and macros: disable Windows Script Host. Disable unneeded interpreters. Use an anti-executable.
Files and general downloads: use basic signatures, or maybe it's already cover by your browser isolation!
You're done.
See what we have done there? That's a minimum system impact and most weak points are covered.
We navigate through an insecure/hacked site? The browser is isolated, we're covered. We download an unsafe file? Covered by our security browser extension. We recieved a suspicious mail file? WSH is disabled. Oh, we even have an anti-executable that detected a file execution on AppData. We're safe. No need for a mountain of RAM eaters.
Do not miss the point. Don't kill your SSD and performance for a false sense of security. All barriers can be penetrated when you don't care about learning online security. Read. Learn. Teach. Basic three rules for a safe enviroment. There's always a last alternative if you don't want to learn. Use Umbra Total Security and just forget about any malware issue on your PC and all the PC 50KM around (even if they don't have it installed since it cleans systems over-the-air).
Comment and discuss!
Amazing post @RoboMan and spot on
More is not always better. I agree, it's a simple fact that the amount of fear and paranoia that is present on security forums is insane and needs to stop IMO. Aside from playing around with programs we need to educate proper computing habits. It's always forgotten and is just as important, if not more important than secuitry programs. I remember reading an article that was posted here awhile back asking actual security experts what they would recommend to be secure. Guess what, not a single person questioned recommended adding a bunch of security programs. All they preached was good basic security 101.And that's why MT should rethink factors and rating of users security config
Spot on!
Personally I feel like we should be ensuring at minium the basics are covered and go from there. I also think that when there are setups with overkill, they should actually be marked lower (caution/at risk) just due to the fact that they may actually be decreasing there over all security.
Furthermore, I think as a community we really need to start focusing on educating people on basic security habits, as it's a very important part of your overall security. In doing so it would hopefully help people become less reliant on security programs (letting the programs doing the thinking for them) and hopefully realize the bigger picture.
Personally, I would also like to see some changes to the comparison section as well. I'm not saying people cannot ask for the opinion of others, but I would like to see polls removed from this section. It would reduce fanboyism and force people to comment rather than just voting on the poll with no comment. I also think we need to make people realize that they need to try the programs for themselves, as they have to be the ones to make the final say. It is their system and money after all and what may work and/or seem simple to us, may not work or be simple to them.
Very good point! The more you have the higher chance of exposing your system to vulnerabilities, thus the more programs you have to maintain and keep up to date.
I feel the same. I think we've all been there at some point, it's only natural, but I too have setup my system to be as simple as it can be and decided to learn, rather than focus on programs all the time. Guess what I'm secure, I don't stress over it and if something were to happen, I have all my personal data backed up, reinstall Windows and I'm up and running again enjoying my system.
Last edited by a moderator:
- Apr 2, 2018
- 1,782
We need to do something about company security practices because year 2018 is just a new beginning. Equifax hacked puts 145 millions consumers into identity theft and this famous hotel puts 500 millions consumer info into identity theft as well.
Its a big problem. I don't have any inside knowledge, but my feeling is that these issues are due to multiple factors.
Some of it is laziness on the IT department side. Not configuring security programs and so forth properly.
I would say the biggest issue has to do with money. IT departments are always the first to be cut because the bean counters think they really aren't needed. Companies refuse to listen to their IT department when it comes to upgrades and implementing proper security measures, again bean counters think these things are pointless. Also companies refuse to upgrade citing budget reasons, hence you get issues like the NHS running xp and being hit hard by Wanacry.
IMO in the digital era, these companies need to get with the times and start taking secuitry seriously. They need to properly invest in it and do their absolute best to keep their systems secure. Even if it means a CEO doesn't get a pay raise on their already 7-8 figure salary.
Last edited by a moderator:
- May 16, 2018
- 1,363
Good points.
I hesitate to respond, as it's somewhat off-topic from the intent of the thread... so I'll keep it brief.
There is an answer to this issue. Red-Teaming. That is.... professional hackers going at it with a government or business entity.
I work in an organization with a Red Team.... and, they have never failed to penetrate. Not once. Ever. That is for those government and business entities who have voluntarily subjected themselves to this.
In the US, a Red-Teaming approach won't happen any time soon, as business effectively owns government (right now), and CEOs don't want this type of scrutiny or expense.
So.... all our data lies at risk..... willfully.
- Mar 29, 2018
- 7,597
And that's why MT should rethink factors and rating of users security config
+1 to this!
- Nov 17, 2016
- 1,242
If you don't overkill, how are you supposed to tell your computer you love him?
- Feb 13, 2017
- 737
I agree and disagree. MT ratings are made this way so that inexperienced users might go ahead and copy secure configs and be reasonably secure.And that's why MT should rethink factors and rating of users security config
However, it should be noted that some 'secure: complete' configs are not good at all for regular users. Overkill most of the times (which mean a lot less convenient), or simply too advanced (regular users won't be able to understand why executables are blocked by default, or why a firewall is blocking the connections to their newly installed browser, etc).
I suggest that overkill configs are tagged with caution, and that 'complete' and 'basic' restrictions are removed.
Let's make the community safe instead of making them paranoid like us
- Mar 29, 2018
- 7,597
I see your points. So we can agree that configuration tags need to be re-considered, with the average user as the 1st targeted audience?
I did in the past, my tag's criterias were considered too strict...if i was still mod of the config section, many many would be tagged as "risky". (I dont blame @harlan4096, it does a good job)
- Mar 29, 2018
- 7,597
No one is assigning blame here. It's simply a suggestion for the powers that be.
Anybody end up looking sideways at their configs after this? I raise my hand in confession.
- Feb 13, 2017
- 737
Surely! That should be our main priority
- May 16, 2018
- 1,363
I neglected to do so earlier... but I compliment @RoboMan for his perfectly written and designed original post.
Many here where English is a second or third language won't pick up on it... but the grammar, punctuation, word choice, design (sections, paragraphs, bullets, images, underlining, lines, layout...), everything... --- it's all professional caliber.
It would not surprise me to learn that Robo was an English or journalism major and/or works in a field where writing skills are important.
Bravo Robo.
Many here where English is a second or third language won't pick up on it... but the grammar, punctuation, word choice, design (sections, paragraphs, bullets, images, underlining, lines, layout...), everything... --- it's all professional caliber.
It would not surprise me to learn that Robo was an English or journalism major and/or works in a field where writing skills are important.
Bravo Robo.
- Nov 17, 2016
- 1,242
Some advanced technology he is.
- Mar 29, 2018
- 7,597
Anybody end up looking sideways at their configs after this? I raise my hand in confession.
Not for one second. Mine is simple as it gets. But your point is well taken as @RoboMan has started a great thread.
Please do not lock!Similar threads
