ichito

Level 4
Verified
Joined
Dec 12, 2013
Messages
190
#81
The maximum number of security apps you need is 3 (because there is 3 main attack vectors) for single purpose apps and only 1 for suites.

- Browsers = sandbox or AV (with webfilter) .
- Binaries (exe, etc...) = SRP or Anti-exe or HIPS or AV
- Exploits = anti-exploits

On Win10, you have already an AV and an anti-exploit, so unless you are picky you just need a binary monitor.

When it comes to suites, find one that covers all 3 vectors.

I don't count apps that just automatize manual tweaks like SysHardener or ConfigDefender, they don't have permanent processes.
I like rule "less is more" and your idea of 3 layers...that's enough to compose wise and effective security combo. But for me 3 layers would be rather:
* network = firewall
* binaries = signatureless - sandbox/SRP/HIPS/BB/Anti-exe or based on signatures - AV
* file/system reverting = backup/snapshots/synch apps/LV.
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
19,003
Operating System
Windows 10
#82
@ichito it is all a matter of strategy and mostly what softs are available to the user.
I select those layers because they are the most compromising entry points.

For example, using apps for network and files/systems aren't necessary for me because i use the OS built-in ones (for now).

Also, i may buy Spyshelter FW, so network and binaries would be covered by one app.
 

ichito

Level 4
Verified
Joined
Dec 12, 2013
Messages
190
#83
Yes...you are right...I think the matter is in which apps we feel better and which we know better (that was my point of view so you know that I like firewalls :)) But...synch/backup apps should be even obligatory because nothing and noone could recover our data better than we ourselves.
BTW - SS can be good choice especialy due to new RC version 11.4
SpyShelter 11.4 RC released
 

SearchLight

Level 5
Verified
Joined
Jul 3, 2017
Messages
245
Operating System
Windows 10
Antivirus
Malwarebytes
#84
I do not see much mention in this thread about Ransomware contributing to overkill.

Does anyone feel that it has contributed to it?

Many of the AV vendors tout the protection they provide against it as one of their main selling points , not to forget zero day protection, as well.

Imo, these two issues cause many novices to resort to overkill as they seem to be the topic of many discussions and articles to the point of sometimes scaring people .
 
Last edited:

Andy Ful

Level 34
Content Creator
Verified
Joined
Dec 23, 2014
Messages
2,382
Operating System
Windows 10
Antivirus
Windows Defender
#85
Some things will probably never change:
  1. Inexperienced users tend to use 2 or more AVs, because they feel insecure. That is much more annoying to them as compared to the possible problems due to incompatibilities, broken updates, and unstable system.
  2. After some learning, people can realize that there does not exist both usable and bulletproof security on Windows. If the user wants to use the computer, then he/she must accept some risk of it. It is like accepting the risk that you can be injured by a car, when crossing the road on green light.
  3. Some people can also realize that their fear of the computer infection is much greater than the fear of being robbed of it, or get a flu, or fall down the stairs. There are many other dangerous things as probable as the computer infection, which are not so fearful for most of us. Why?
Some people like to find out something close to bulletproof protection, and they are doing it for fun (as a hobby). But in the home environment, most of people should not fear about such things like:
  • the malware escaping the web browser sandbox (Edge, Chrome);
  • the sophisticated malware that attacks organizations;
  • the highly targeted attacks;
  • the Meltdown and Spectre (hardware) exploits;
  • the kernel exploits, and general Windows exploits.
Furthermore, trying to protect the computer against those vulnerabilities by adopting additional protection, would be as reasonable as living in the nuclear bunker.
For the home user, being infected via those vulnerabilities, would be as probable as being hit by a lightning. Those vulnerabilities are real and dangerous only in organizations. For example, the most dangerous WannaCry attacks were based on the exploit, which was already patched by Microsoft, so the people with Windows on default settings, were automatically protected.

I would rather recommend to rethink the short story about two friends and an angry bear. You do not have to run faster than a bear. It is sufficient to run faster than your friend.
So, you do not have to apply a bulletproof protection. It is sufficient to apply a better protection (including safe habits) than average users do.
 
Last edited:

Andy Ful

Level 34
Content Creator
Verified
Joined
Dec 23, 2014
Messages
2,382
Operating System
Windows 10
Antivirus
Windows Defender
#86
I forgot about people who want or have to run unsafe files on their system (intentionally) and seek the protection that could kill or mitigate the dangerous actions. They are in the position of a man who provokes a bear. In this case they must run faster than bear (hardly possible) or the bear has to be in a cage (recommended). Building the effective protection which would not spoil the system is not easy, but should be based on sandboxing or system virtualization (VM, ShadowDefender). Some vulnerable applications like MS Office can be also restricted to block the active content in the weaponized files.
 
Last edited:
Joined
Apr 16, 2014
Messages
36
#89
The truth is if you re sticking to legal sites and legal software, is smart enough not to answer email requests for your data and is not a target for attack for professional reasons the only way you'll see any malware on your computer is by downloading it on purpose.

I haven't seem anything more serious than a PUP in any of my machines for more than 10 years. And a few years ago I had a PDF a client sent me cleaned the moment the attachment was saved on my work laptop.
I agree with what you say. As a self-employed person I do receive many PDF attachments laden with with Trojans etc. Very often they are very fresh and there might be just 1, or even none, vendors on Virustotal that can detect it yet. I can spot most these attachments a mile off anyway.

If I am expecting a real courier delivery and I get an email notification pretending to be from UPS, or an invoice from a supplier I already use, I can see how the average PC user would just go straight to open it, and then they are at the mercy of how good their security software performs. I almost opened one attachment late one evening when I was very tired and rushing to finish my work before getting up early for a flight. Norton at the time picked it up and removed it.

Now I don't use Norton, just WD + MWB Premium, but I feel confident enough that it can deal with just about everything, but that's also because I am aware of most risks and vectors. I've used all the packages out there over the years, all manner of combos, they nearly always slowed things down, BSOD, horrendous registry issues, etc, etc. Simple really is better. At the end of the day, if someone is really too paranoid or anxious about security, they should be steered to using Mac or Linux instead of Windows, but there are risks there too.
 
Likes: mlnevese