"Overkill": excessive protection and the false sense of security

[ichito]

The maximum number of security apps you need is 3 (because there is 3 main attack vectors) for single purpose apps and only 1 for suites.

- Browsers = sandbox or AV (with webfilter) .
- Binaries (exe, etc...) = SRP or Anti-exe or HIPS or AV
- Exploits = anti-exploits

On Win10, you have already an AV and an anti-exploit, so unless you are picky you just need a binary monitor.

When it comes to suites, find one that covers all 3 vectors.

I don't count apps that just automatize manual tweaks like SysHardener or ConfigDefender, they don't have permanent processes.

I like rule "less is more" and your idea of 3 layers...that's enough to compose wise and effective security combo. But for me 3 layers would be rather:
* network = firewall
* binaries = signatureless - sandbox/SRP/HIPS/BB/Anti-exe or based on signatures - AV
* file/system reverting = backup/snapshots/synch apps/LV.

 

[Deleted member 178]

@ichito it is all a matter of strategy and mostly what softs are available to the user.
I select those layers because they are the most compromising entry points.

For example, using apps for network and files/systems aren't necessary for me because i use the OS built-in ones (for now).

Also, i may buy Spyshelter FW, so network and binaries would be covered by one app.

 

[ichito]

Yes...you are right...I think the matter is in which apps we feel better and which we know better (that was my point of view so you know that I like firewalls ) But...synch/backup apps should be even obligatory because nothing and noone could recover our data better than we ourselves.
BTW - SS can be good choice especialy due to new RC version 11.4
SpyShelter 11.4 RC released

 

[SearchLight]

I do not see much mention in this thread about Ransomware contributing to overkill.

Does anyone feel that it has contributed to it?

Many of the AV vendors tout the protection they provide against it as one of their main selling points , not to forget zero day protection, as well.

Imo, these two issues cause many novices to resort to overkill as they seem to be the topic of many discussions and articles to the point of sometimes scaring people .

 

[Andy Ful]

Some things will probably never change:

1. Inexperienced users tend to use 2 or more AVs, because they feel insecure. That is much more annoying to them as compared to the possible problems due to incompatibilities, broken updates, and unstable system.
2. After some learning, people can realize that there does not exist both usable and bulletproof security on Windows. If the user wants to use the computer, then he/she must accept some risk of it. It is like accepting the risk that you can be injured by a car, when crossing the road on green light.
3. Some people can also realize that their fear of the computer infection is much greater than the fear of being robbed of it, or get a flu, or fall down the stairs. There are many other dangerous things as probable as the computer infection, which are not so fearful for most of us. Why?

Some people like to find out something close to bulletproof protection, and they are doing it for fun (as a hobby). But in the home environment, most of people should not fear about such things like:

• the malware escaping the web browser sandbox (Edge, Chrome);
• the sophisticated malware that attacks organizations;
• the highly targeted attacks;
• the Meltdown and Spectre (hardware) exploits;
• the kernel exploits, and general Windows exploits.

Furthermore, trying to protect the computer against those vulnerabilities by adopting additional protection, would be as reasonable as living in the nuclear bunker.
For the home user, being infected via those vulnerabilities, would be as probable as being hit by a lightning. Those vulnerabilities are real and dangerous only in organizations. For example, the most dangerous WannaCry attacks were based on the exploit, which was already patched by Microsoft, so the people with Windows on default settings, were automatically protected.

I would rather recommend to rethink the short story about two friends and an angry bear. You do not have to run faster than a bear. It is sufficient to run faster than your friend.
So, you do not have to apply a bulletproof protection. It is sufficient to apply a better protection (including safe habits) than average users do.

 

[Andy Ful]

I forgot about people who want or have to run unsafe files on their system (intentionally) and seek the protection that could kill or mitigate the dangerous actions. They are in the position of a man who provokes a bear. In this case they must run faster than bear (hardly possible) or the bear has to be in a cage (recommended). Building the effective protection which would not spoil the system is not easy, but should be based on sandboxing or system virtualization (VM, ShadowDefender). Some vulnerable applications like MS Office can be also restricted to block the active content in the weaponized files.

 

[ichito]

Great posts Andy...thanks

 

[oldschool]

@Andy Ful could write a book of his creative analogies! He would need someone else to create the graphics though!

 

[Cavehomme]

The truth is if you re sticking to legal sites and legal software, is smart enough not to answer email requests for your data and is not a target for attack for professional reasons the only way you'll see any malware on your computer is by downloading it on purpose.

I haven't seem anything more serious than a PUP in any of my machines for more than 10 years. And a few years ago I had a PDF a client sent me cleaned the moment the attachment was saved on my work laptop.

I agree with what you say. As a self-employed person I do receive many PDF attachments laden with with Trojans etc. Very often they are very fresh and there might be just 1, or even none, vendors on Virustotal that can detect it yet. I can spot most these attachments a mile off anyway.

If I am expecting a real courier delivery and I get an email notification pretending to be from UPS, or an invoice from a supplier I already use, I can see how the average PC user would just go straight to open it, and then they are at the mercy of how good their security software performs. I almost opened one attachment late one evening when I was very tired and rushing to finish my work before getting up early for a flight. Norton at the time picked it up and removed it.

Now I don't use Norton, just WD + MWB Premium, but I feel confident enough that it can deal with just about everything, but that's also because I am aware of most risks and vectors. I've used all the packages out there over the years, all manner of combos, they nearly always slowed things down, BSOD, horrendous registry issues, etc, etc. Simple really is better. At the end of the day, if someone is really too paranoid or anxious about security, they should be steered to using Mac or Linux instead of Windows, but there are risks there too.

 

[Svoll]

@RoboMan

This is a great post man! Gotta bum it, After serious thoughts, I really couldn't comment as I wish to. But I do want to say that, as I gain more knowledge in how malware and virus work, the easier it is for me to prevent such. Others might not have that class or time to read up on malwares. to which I am glad they have this post to guide and inform them of overkill or excessive protection.

Darkside Story : the more i learn, the more I find malware such a tiny tiny factor to fear.

 

[LDogg]

I'm glad I looked over at this thread. I completely agree with all the talking points that the OP made verbally. I believe less should more. The concept of a 3 layered security is great.

Most common attack vectors nowadays happen via our Web browser and email. For home users the Web browser should be the first point of call, such as an Adblocker and if your AV has Web protection, this should be the basic things covered. Then a firewall/Syshardener (not advised for basic users) , then backup.

Approaching a setup this way will have most attack vectors covered.

~LDogg

 

[Cortex]

I have a leaning toward being tooled up but I have found it's unnecessary - Thought recently what I really need & decided I'm sticking with the same system on all 3 PC's. I need to rig some sort of electric shock system lest I stray.

 

[mlnevese]

I have a leaning toward being tooled up but I have found it's unnecessary - Thought recently what I really need & decided I'm sticking with the same system on all 3 PC's. I need to rig some sort of electric shock system lest I stray.

It's hard to break the habit and the impulse of changing protection software because you're not feeling protected... but it's possible and there are many members of this forum that prove it

 

[notabot]

I use Avast pro . Have sandbox + OSArmor. Very light combo

Can’t avast do the behavior blocks OSArmor offers ?

 

[SearchLight]

I think what contributes to overkill also is also marketing hype, the words "compatible with all av softwares", and slanted test results to suit a vendor.

By the time you finish reading that you will have an impenetrable fortress of a pc, the noobs including myself before I educated myself per the tech gurus on here, had three or more smart security programs installed.

I guess the secret is being well informed.

 

[ForgottenSeer 77591]

I settled on Avast Free in Hardened Mode.I do malware scans with whatever free scanner I feel like using at the moment.