"Overkill": excessive protection and the false sense of security

SearchLight

Level 13
Verified
Top Poster
Well-known
Jul 3, 2017
626
Great thread on overkill. I myself am guilty of doing combos but after rereading the advice of some of the gurus here, I realize that one exposes oneself to compatibility issues, and imo a sense of complacency, meaning that if one security software catches the malware, one technically should be safe as the other software did not react.

Maybe the focus, like mentioned earlier in the thread, should be on utilization of "security suites" for novice users in terms of efficiency, simplicity, and reliability.

Most importantly, what concerns me is the decision factor for novices, including myself, depending upon the security software in use. When one should click yes, and when one should click no to a security popup especially if you have two or more different types. Some times, it can be user error that results in an infection.

I myself, just decided to just use, and learn KIS 2019, and nothing else. One suite, one decision to be made, if necessary. It is also highly rated. Now to focus on the fun of using my PC, and isn't this really the goal..........enjoyment?

Too many locks require carrying too many keys, and god forbid you lose one.
 
Last edited:

Cavehomme

Level 1
Verified
Apr 16, 2014
36
Personally for me, I use Windows Defender plus Malwarebytes Premium. I also add uBlock Origin on my browsers and the new Malwarebytes addon. It's more than enough to protect 99.99% of normal users and it does not get in the way, you forget it's all there protecting you, until it kicks in. No config, no slow downs, no annoyances.

However, If you visit dodgy warez and pron sites, then you need to be visiting them on a Linux PC to avoid the risk of infection.
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Personally for me, I use Windows Defender plus Malwarebytes Premium. I also add uBlock Origin on my browsers and the new Malwarebytes addon. It's more than enough to protect 99.99% of normal users and it does not get in the way, you forget it's all there protecting you, until it kicks in. No config, no slow downs, no annoyances.

However, If you visit dodgy warez and pron sites, then you need to be visiting them on a Linux PC to avoid the risk of infection.

Well said, the second part is very important and is largely overlooked.
 
F

ForgottenSeer 72227

Well said, the second part is very important and is largely overlooked.

Agreed!(y)

Whatever makes one feel safe?

This is a very big part of it. Alot of the overkill is derived from people "not feeling safe enough". Why else do you have setups with various overlapping protections? I could be wrong, but I think there's a few things a play here:

1. Tests:
I think a large part of these overkill setups has to do with the various tests out there to "rank" the overall protection of the various security programs. The problem with tests in general, whether it's from the likes of AV-Comparatives, YouTube, or even here in the HUB, is that people are looking for a product that will protect them 100% of the time, or very close to it. Fact is, there's no such product. I get it, people want to be able to do anything and everything they want, without any regard for what might happen, so they put their faith into a product that "ranks" as 100%, assuming that they will "always be protected, which is not true.

Furthermore, people don't understand how to interpret tests, so they see things like AV-Comparatives results and all they look at is the green bar to see which ones got 100%. They buy a program that got that 100%, don't change any of their computing habits and act surprised when all of a sudden they've been infected.

Just to be clear, I am in no way against tests, or people wanting to test products, but at the end of the day the vast majority of products out there do a very good job as it is. If a product fails a test, or misses samples, it just reinforces the point that no product is perfect. A serious question I have for people who see products that don't get "100%" on tests or miss samples here on the HUB, has anyone actually been impacted in anyway by those missed samples? I mean in all honesty, has anyone actually been infected by those missed samples? I would hazard to guess that it's going to be a no. Which again, the chances of people really running into malware these days is pretty small, unless you practice unsafe habits and go looking for it.

2. Marketing:
Let's be honest here, these companies make money of "protecting" people. I am by no means saying they don't do a good job, but to be fair their marketing doesn't help either. Many of these companies make things sound like everything is all doom and gloom and that if you don't use their product your life will be ruined somehow, which is far from the truth.

3:Education/experience level:
I say this because there are so many security programs out there, as well as various ways to harden Windows that it can be overwhelming for people. Sometimes I get the feeling that because they see other people use/recommend a product that they automatically go out and get it, not realizing what it does and or how it can impact their system. Furthermore, people see things like SRP, they go ahead and start making changes without any regard to what those changes do and how it can impact their system.

There's ton's of great security programs out there, pick the one that meets your needs. Always remember, there are many other reasons to pick a product (system performance, privacy, customer support, etc...), it's not always about the detection rate of a test that doesn't represent the real world.;)

It's not all doom and gloom as it's made out to be, pick a program or 2, practice safe habits and remember enjoy your computer/technology, afterall that's why many of us are here, our love for technology.:)
 

mlnevese

Level 28
Verified
Top Poster
Well-known
May 3, 2015
1,739
The truth is if you re sticking to legal sites and legal software, is smart enough not to answer email requests for your data and is not a target for attack for professional reasons the only way you'll see any malware on your computer is by downloading it on purpose.

I haven't seem anything more serious than a PUP in any of my machines for more than 10 years. And a few years ago I had a PDF a client sent me cleaned the moment the attachment was saved on my work laptop.
 
Last edited:

SearchLight

Level 13
Verified
Top Poster
Well-known
Jul 3, 2017
626
I think what exacerbates the overkill issue is all the hype about ransomware. Goes to my analogy of more locks one has , the safer one feels. Lot has changed since all people used to worry about were viruses .

Maybe Ransomware is what is really driving "overkill"?
 
Last edited:

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
"Overkill" to me is when you have a security setup that limits what you want to do on your computer. At no point should your freedom be compromised and by that I mean any AV solution that uses too much CPU, disk IO or RAM should be avoided and I throw any justification straight into the trash. Anything that gives you errors, network and boot issues and you try to work around it is overkill, too. I refuse to work around an AV or turn important Windows, browser or gaming features off because my AV is not compatible.
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
What many people tend to forget is that when they have a suspicious file that prompts for administrator privileges, we tend not to allow it in case it's malware. But when it's a security app, we always grant them administrator rights because that's how it works.

Now imagine a piece of malware that has the ability to inject a security app's process and use it for cybercriminal activities. How many legit software with huge administrator rights do you have installed right now that could potentially help the hacker to develop his attack?

Another issue to do with this scenario is having several security programs running together it's often required that the programs require excluding from each other to prevent conflicts. Once you have made exclusions any security program that is compromised can walk all over your system because yourself have allowed that to happen.
 
F

ForgottenSeer 72227

I guess now that we seem to have come full circle in the overkill issue, pros and cons, begs the question with all the potential problems, why isn't Windows Defender then good enough ?

That's a very good question!

WD has come along ways from when it was first available. Despite how some may still feel, it's a very competent program now. While it's been a slow and painful process (still kinda is, hehe), MS has put a lot of effort into it. With every major release of W10, it gets better and better. Personally, I think WD is sufficient for the vast majority of people, it's built in, never expires and probably the least likely to cause conflicts.

That being said, I think there are a few points (IMO) as to why WD isn't still wildly adopted, but it's slowly trending in that direction.

1. Performance:
This seems to be the biggest deterrent. While for the most part you don't even notice it, it can take a hit on disk intensive tasks, transferring files, installing/uninstalling programs, etc...

This issue alone is what is driving some people away from using WD. If MS were ever to fix this issue, I feel like a lot more people would adopt WD.

2. Perception:
This is also another big issue. It's hard to change the perception of WD. In the past it wasn't the greatest and even the 3rd party AV companies have been (still kinda do) marketing against using WD. It's been like that for years, so when you have the previous reputation, it's hard to change people's mind about it and it doesn't matter how much MS has invested into it. I do think that it's slowly coming around though.

3. Comfort level:
This ties into point 2, but some people just don't feel comfortable just yet. Simply, with the previous reputation and the marketing of 3rd party vendors, people have a hard time feeling comfortable using it. After all, they were told not to use it for so many years.

All in all WD has come along ways. I think it's at a point now that it's pretty sufficient. If you still feel like you need more, you can always add the likes of VS, OSA, Hard configuator, NVTERP, etc..., to fill in some of the gaps.

I think alot of people gravitate to 3rd parties because the UI is better, it's easier to access settings, easier to use for some and better performance. Keep in mind that this thread isn't saying you can't use 3rd party AV/suites/3rd party companion apps, it's just about being mindful of what your adding to your setup, ensuring that it doesn't overlap one another and make things worse. A lot of people use full suites and it's hard to add companion apps to suites, because many of these suites already have that, or a similar function built in.

Personally I feel with the improvements to WD (and it's continued improvements), the many great 3rd party companion apps and great tools like hard configurator/configure defender, suites are dying a slow death. I really think that suites will be a thing of the past in the coming future.
 
Last edited by a moderator:
L

Local Host

I guess now that we seem to have come full circle in the overkill issue, pros and cons, begs the question with all the potential problems, why isn't Windows Defender then good enough ?
Huge amount of false positives (due to low rep files), as well as huge performance hit.

All around WD gets in the way of my work (mostly when I'm developing software in VS), I won't even mention the lack of ease of use (lots of hidden settings behind powershell, regedit), using third-party software to configure WD is not an excuse.

In comparison when I used KIS last year, it didn't bother me once nor affected my desktop performance in anyway.

Right now I'm not using any security suite (WD turned OFF), as I don't need. What people need is a brain and safe habits (Windows is perfectly safe without any security suite).
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
That's a very good question!

WD has come along ways from when it was first available. Despite how some may still feel, it's a very competent program now. While it's been a slow and painful process (still kinda is, hehe), MS has put a lot of effort into it and with every major release of W10, it's getting better and better. Personally I think WD is sufficient for the vast majority of people, it's built in, never expires and probably the least likely to cause conflicts.

That being said, I think there are a few points IMO, as to why WD isn't still wildly adopted, but it's slowly trending in that direction.

1. Performance:
This seems to be the biggest deterrent. While for the most part you don't even notice it, it can take a hit on disk intensive tasks, transferring files, installing/uninstalling programs, etc...

This issue alone is what is driving some people away from using WD. If MS were ever to fix this issue, I feel like a lot more people would adopt WD.

2. Perception:
This is also another big issue. It's hard to change the perception of WD. In the past it wasn't the greatest and even the 3rd party AV companies have been (still kinda do) market against using WD. It's been like that for years, so when you have the previous rap, it's hard to change people's mind about it, it doesn't matter how much MS has invested into it. I do think that it's slowly coming around though.

3. Comfort level:
This ties into point 2, but some people just don't feel comfortable just yet. Simply with the previous perception and the marketing of 3rd party vendors, people have a hard time feeling comfortable using it, after all for so many years they were told not to use it.

All in all WD has come along ways. I think it's at a point now that it's pretty sufficient. If you still feel like you need more, you can always add the likes of VS, OSA, Hard configuator, NVTERP, etc..., to fill in some of the gaps.

I think alot of people gravitate to 3rd parties because UI is better, easier to access settings, easier to use for some and better performance. Keep in mind that this thread isn't trying to say you can't use 3rd party AV/suites and 3rd party companion apps, it's just about being mindful of what your adding to your setup, ensuring that it doesn't overlap one another and make things worse. A lot of people use full suites and it's hard to add companion apps to suites, because many 9f these suites already have that, a similar function built in. Personally I feel with the improvements to WD (and continued improvements), the many great 3rd party companion apps and great tools like hard configurator/configure defender, suites are dying a slow death. I really think that suites will be a thing of the past in the coming future.

Good points.

Additionally, there is the 'security through obscurity' thing. This is.... strangely (to me) -- rarely referenced here at MT.

Malware developers always have an inherent advantage. They can test the defenses, and alter the attack until it works. So they write malware, and then they try it out on AVs. And they keep tweaking it, until it works on its targeted AVs. This is why 'newcomers' like Cylance offer an initial advantage. The malware writers don't test against 'the little guys.'

There is an advantage to using a more 'obscure' AV. And... there is a disadvantage to using the biggest AVs.

Yes, the biggest AVs do though have an opportunity to collect a greater amount of data, telemetry..

Over 50% of all Windows 10 computers use Windows Defender.

Here's how the rest of the market share looks --

1546875189602.png
 
L

Local Host

What WD is doing? Deleting files as you create them or what softs exactly you are creating in Visual Studio? Thanks.
WD slows VS to a crawl (as if the debug times on VS weren't long enough), and regardless of the Software you create, it tends to get quarantined by WD due to having no rep (which forces me to send Software I'm still testing and developing to Microsoft, to get white-listed constantly).

None of those situations is ideal, and will keep me away from WD for many years to come.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top