"Overkill": excessive protection and the false sense of security

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Spot on @RoboMan, very nice insights.

In all those years visiting security forums I have seen some so bad setups that makes me wonder if they actually use their computer for something besides testing security solutions.

Example:

ScreenShot_KPCD_3.1.1.65_install_21.jpg
ScreenShot_KPCD_My Startup_analysis_02.jpg




This is simple insane and beyond stupid ...
 

mlnevese

Level 26
Verified
Top Poster
Well-known
May 3, 2015
1,531
Spot on @RoboMan, very nice insights.

In all those years visiting security forums I have seen some so bad setups that makes me wonder if they actually use their computer for something besides testing security solutions.

Example:

View attachment 204906View attachment 204907



This is simple insane and beyond stupid ...

This thing probably shoots half a dozen security prompts at the user just to run the calculator...
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Nope.

More is better.

1546522492176.png


If one is good, 5 is better, 10 is more betterer.

Our goal here is to stack as many security solutions as possible on a system.

If you don't achieve security software conflicts, slowdowns, freezes, and BSODs, you are not trying hard enough. Try harder.

More system pain = More system gain

1546522113490.png
 
F

ForgottenSeer 72227

View attachment 204892

How many times have you seen it? Or suffered it? It's the overkill disease and these are the most common forms in which they can be found:
  • What else can I add to my setup? I currently have Kaspersky Total Security + VoodooShield Pro + OSArmor + Comodo Firewall (cruelsister settings!)
  • What's a good antispyware to add to BitDefender Internet Security + MalwareBytes?
  • Which anti phishing extension can I add to Chrome? Already have MalwareBytes Browser Extension, Webroot Security and Norton Extension.
Well I got news for you overkill believers! It doesn't work. It just doesn't.

---------------------------------------------------------
We've been raised with a false sense of security, which is: the more, the better. WRONG.
We even affirm sometimes: if you're a novice user, then yes you need to install lots of programs. WRONG.
---------------------------------------------------------

We shall be clear on this subject, since it's really a delicate matter: doesn't matter who you are or what you do, overkill is bad for your system.

There's no gain on triple antivirus, triple signatures, penta real time analysis software or fourty four anti-executables. Overkill murders the fun of an optimized system. Plus it doesn't protect you more.

Here's why:

We tend to believe, more security means less infection. Although this may be true, it shall be explained. When we say more security is better, reading between the lines is needed. More security means covering all weak points on a system: files execution, removable medias infections, browser attacks, exploits, information stealing, etc. You need to be sure all possible attacks against your system are covered. Good news, many programs on the market do this with one single product, called "SUITES", and generally under the names of Internet Security, Total Security. Suites like, for example, Kaspersky Total Security offer a great variety of modules, such as virtual keyboard for transactions, disk encryption, real time protection, parental control, signatures, anti-executable (variation from), and lots of extra modules. In most of the cases, novices (specially) and even experts, a well configured suite is all you need. Go add VoodooShield and OSArmor to Kaspersky Total Security. You'll find a super charged system, with two programs that literally do nothing, since their job is already done by the aforementioned suite.

When you wonder: I want the best protection for my needs, think not in "how many software should I have", but rather "which software can offer me all I need". Sometimes you will need to combine, that's true. But there's an unnecessary action on combining software with the same functions.

Actualidad_337228104_96704695_1024x576.jpg


"Two antivirus is better since, if one misses something, the other one will catch it." - this type of thought will get you infected. You 100% rely on human-coded software. You're done.

Plus, as well, and the most important disadvantage on overkill: your system performance drop to the ground, for no real extra security.

"I prefer security over performance:" - you prefer a false sense of security, with an extra dose of unnecessary SSD writes.

When searching for your perfect security setup, stop thinking on how much you need to spend or how many softwares will you combine. Start thinking on your weak points. The easiest malware entrances.

Browser: isolate your browser. Use an ad-blocker. Phishing and malware protection when you surf. Block scripts and Java/Flash. Use a browser container like Sandboxie.
Removable media and autoruns: disable autoruns from all media.
Scripts and macros: disable Windows Script Host. Disable unneeded interpreters. Use an anti-executable.
Files and general downloads: use basic signatures, or maybe it's already cover by your browser isolation!

You're done.

See what we have done there? That's a minimum system impact and most weak points are covered.

We navigate through an insecure/hacked site? The browser is isolated, we're covered. We download an unsafe file? Covered by our security browser extension. We recieved a suspicious mail file? WSH is disabled. Oh, we even have an anti-executable that detected a file execution on AppData. We're safe. No need for a mountain of RAM eaters.

Do not miss the point. Don't kill your SSD and performance for a false sense of security. All barriers can be penetrated when you don't care about learning online security. Read. Learn. Teach. Basic three rules for a safe enviroment. There's always a last alternative if you don't want to learn. Use Umbra Total Security and just forget about any malware issue on your PC and all the PC 50KM around (even if they don't have it installed since it cleans systems over-the-air).

Comment and discuss!

Amazing post @RoboMan and spot on(y) More is not always better. I agree, it's a simple fact that the amount of fear and paranoia that is present on security forums is insane and needs to stop IMO. Aside from playing around with programs we need to educate proper computing habits. It's always forgotten and is just as important, if not more important than secuitry programs. I remember reading an article that was posted here awhile back asking actual security experts what they would recommend to be secure. Guess what, not a single person questioned recommended adding a bunch of security programs. All they preached was good basic security 101.


And that's why MT should rethink factors and rating of users security config :whistle:

Spot on! (y)

Personally I feel like we should be ensuring at minium the basics are covered and go from there. I also think that when there are setups with overkill, they should actually be marked lower (caution/at risk) just due to the fact that they may actually be decreasing there over all security.

Furthermore, I think as a community we really need to start focusing on educating people on basic security habits, as it's a very important part of your overall security. In doing so it would hopefully help people become less reliant on security programs (letting the programs doing the thinking for them) and hopefully realize the bigger picture.

Personally, I would also like to see some changes to the comparison section as well. I'm not saying people cannot ask for the opinion of others, but I would like to see polls removed from this section. It would reduce fanboyism and force people to comment rather than just voting on the poll with no comment. I also think we need to make people realize that they need to try the programs for themselves, as they have to be the ones to make the final say. It is their system and money after all and what may work and/or seem simple to us, may not work or be simple to them.


And the most important fact about overkilling your system, the first thing I learnt here when I joined: "The more programs you have, the biggest attack surface"!

Very good point! The more you have the higher chance of exposing your system to vulnerabilities, thus the more programs you have to maintain and keep up to date.

I agree with Umbra and RoboMan. In hindsight we spent too much time worrying about our security and not enough just enjoying using our devices. But I have personally reached the point where I ran out of things to tweak and I can just focus on using my computer.

I feel the same. I think we've all been there at some point, it's only natural, but I too have setup my system to be as simple as it can be and decided to learn, rather than focus on programs all the time. Guess what I'm secure, I don't stress over it and if something were to happen, I have all my personal data backed up, reinstall Windows and I'm up and running again enjoying my system. (y)
 
Last edited by a moderator:

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,706
We need to do something about company security practices because year 2018 is just a new beginning. Equifax hacked puts 145 millions consumers into identity theft and this famous hotel puts 500 millions consumer info into identity theft as well.
 
F

ForgottenSeer 72227

We need to do something about company security practices because year 2018 is just a new beginning. Equifax hacked puts 145 millions consumers into identity theft and this famous hotel puts 500 millions consumer info into identity theft as well.
Its a big problem. I don't have any inside knowledge, but my feeling is that these issues are due to multiple factors.

Some of it is laziness on the IT department side. Not configuring security programs and so forth properly.

I would say the biggest issue has to do with money. IT departments are always the first to be cut because the bean counters think they really aren't needed. Companies refuse to listen to their IT department when it comes to upgrades and implementing proper security measures, again bean counters think these things are pointless. Also companies refuse to upgrade citing budget reasons, hence you get issues like the NHS running xp and being hit hard by Wanacry.

IMO in the digital era, these companies need to get with the times and start taking secuitry seriously. They need to properly invest in it and do their absolute best to keep their systems secure. Even if it means a CEO doesn't get a pay raise on their already 7-8 figure salary.
 
Last edited by a moderator:

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Its a big problem. I don't have any inside knowledge, but my feeling is that these issues are due to multiple factors.

Some of it is laziness on the IT department side. Not configuring security programs and so forth properly.

I would say the biggest issue has to do with money. IT departments are always the first to be cut because the bean counters think they really aren't needed. Companies refuse to listen to their IT department when it comes to upgrades and implementing proper security measures, again bean counters think these things are pointless. Also companies refuse to upgrade citing budget reasons, hence you get issues like the NHS running xp and being hit hard by Wanacry.

IMO in the digital era, these companies need to get with the times and start taking secuitry seriously. They need to properly invest in it and do their absolute best to keep their systems secure. Even if it means a CEO doesn't get a pay raise on their already 7-8 figure salary.

Good points.

I hesitate to respond, as it's somewhat off-topic from the intent of the thread... so I'll keep it brief.

There is an answer to this issue. Red-Teaming. That is.... professional hackers going at it with a government or business entity.

I work in an organization with a Red Team.... and, they have never failed to penetrate. Not once. Ever. That is for those government and business entities who have voluntarily subjected themselves to this.

In the US, a Red-Teaming approach won't happen any time soon, as business effectively owns government (right now), and CEOs don't want this type of scrutiny or expense.

So.... all our data lies at risk..... willfully.
 

brod56

Level 15
Verified
Top Poster
Well-known
Feb 13, 2017
737
And that's why MT should rethink factors and rating of users security config :whistle:
I agree and disagree. MT ratings are made this way so that inexperienced users might go ahead and copy secure configs and be reasonably secure.
However, it should be noted that some 'secure: complete' configs are not good at all for regular users. Overkill most of the times (which mean a lot less convenient), or simply too advanced (regular users won't be able to understand why executables are blocked by default, or why a firewall is blocking the connections to their newly installed browser, etc).
I suggest that overkill configs are tagged with caution, and that 'complete' and 'basic' restrictions are removed.
Let's make the community safe instead of making them paranoid like us
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
I agree and disagree. MT ratings are made this way so that inexperienced users might go ahead and copy secure configs and be reasonably secure.
However, it should be noted that some 'secure: complete' configs are not good at all for regular users. Overkill most of the times (which mean a lot less convenient), or simply too advanced (regular users won't be able to understand why executables are blocked by default, or why a firewall is blocking the connections to their newly installed browser, etc).
I suggest that overkill configs are tagged with caution, and that 'complete' and 'basic' restrictions are removed.
Let's make the community safe instead of making them paranoid like us

I see your points. So we can agree that configuration tags need to be re-considered, with the average user as the 1st targeted audience?
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
I neglected to do so earlier... but I compliment @RoboMan for his perfectly written and designed original post.

Many here where English is a second or third language won't pick up on it... but the grammar, punctuation, word choice, design (sections, paragraphs, bullets, images, underlining, lines, layout...), everything... --- it's all professional caliber.

It would not surprise me to learn that Robo was an English or journalism major and/or works in a field where writing skills are important.

Bravo Robo.
 

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
I neglected to do so earlier... but I compliment @RoboMan for his perfectly written and designed original post.

Many here where English is a second or third language won't pick up on it... but the grammar, punctuation, word choice, design (sections, paragraphs, bullets, images, underlining, lines, layout...), everything... --- it's all professional caliber.

It would not surprise me to learn that Robo was an English or journalism major and/or works in a field where writing skills are important.

Bravo Robo.
Some advanced technology he is.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top