Advice Request Simple Stupid Security vs. free AV

[Andy Ful]

Simple Stupid Security (SSS)

Imagine that you have an option in Windows Defender on Windows 10, which could turn ON/OFF the below restrictions:

1. Block Windows scripts (JScript, VBScript, PowerShell) and Java files (JAR).
2. Set SmartScreen to 'Block' (the user cannot bypass SmartScreen).

Would you install the free AV instead of Windows Defender?
Do you think that the free AV is a better protection?
Would be the SSS worth trying because of the similar protection and less compatibility issues?

 

[Local Host]

Would never use Windows Defender, as it still affects Visual Studio Performance by a ton.

Not to mention the weak protection that relies on default-deny (better off with VoodooShield or something similar, if I wanna use default-deny).

 

[Andy Ful]

Would never use Windows Defender, as it still affects Visual Studio Performance by a ton.

Not to mention the weak protection that relies on default-deny (better off with VoodooShield or something similar, if I wanna use default-deny).

Do you think that WD with blocked Windows scripts and SmartScreen set to block, could give the similar protection as for example BitDefender Free AV or Kaspersky Free AV?

 

[Local Host]

Do you think that WD with blocked Windows scripts and SmartScreen set to block, could give the similar protection as for example BitDefender Free AV or Kaspersky Free AV?

You can get better protection with third-party Software, so you guys use the compatibility argument to make WD the only option. However I never had compatibility issues, so I have no reason to drop third-party Sofware.

Since I use Scripts for work, I also would rather not have them blocked, especially when Malware is not coming noway near my Desktop, I only use AVs for fun.

That WD config would get in the way of my work, on top of the huge performance hit (compared to third-parties, main concern Visual Studio).

 

[SHvFl]

It would help but it wouldn't solve all problems. Now if it would give similar protection to bd and kav none can be sure and it will depend on what kind of user you have using them.

 

[JM Safe]

Yes I would use a free AV, like Avast or Kaspersky. WD is not bad, but in my opinion a 3rd party security tool is better.

 

[509322]

Simple Stupid Security (SSS)

Imagine that you have an option in Windows Defender on Windows 10, which could turn ON/OFF the below restrictions:

1. Block Windows scripts (JScript, VBScript, PowerShell) and Java files (JAR).
2. Set SmartScreen to 'Block' (the user cannot bypass SmartScreen).

Would you install the free AV instead of Windows Defender?
Do you think that the free AV is a better protection?
Would be the SSS worth trying because of the similar protection and less compatibility issues?

A. The breakages are almost always caused by Microsoft; the 3rd party is not the problem, Microsoft is.

B. VSCode is run in a VM, so I don't have any limitations when I disable half of Windows on the host system.

C. I don't use my personal laptop to manage other PCs\systems. Here, that kind of thing will eventually get you fired. You just don't do it.

D. I only consider protection models in terms of sheer protection as I have had few compatibility issues. It is more common that a security soft has major annoyances due to bugs or poor design.

E. Windows security is just as annoying and buggy as 3rd party security softs - and in some cases even worse. For example, SSS configuration doesn't work correctly on some PCs such as certain Dell systems. I have not found Windows security to provide any real advantage over 3rd party. In fact, with the lack of\unclear\conflicting documentation, the fact that almost everything is hidden, and just as buggy, and settings\configurations get reset to defaults after a Windows upgrade... it is an extremely annoying security solution.

F. You try it. If it works, you keep using it. I am a huge advocate of "less is more," but Windows security has always disappointed me.

G. Your utilities are the best thing going for those that want to max-out default Windows security, but at the same time it shows how messed up in the head Microsoft is... a person needs a security soft geek utility to get the most out of Windows security and to avoid spending 18+ months researching online and trial-and-error.

 

[Andy Ful]

A. The breakages are almost always caused by Microsoft; the 3rd party is not the problem, Microsoft is.

B. VSCode is run in a VM, so I don't have any limitations when I disable half of Windows on the host system.

C. I don't use my personal laptop to manage other PCs\systems. Here, that kind of thing will eventually get you fired. You just don't do it.

D. I only consider protection models in terms of sheer protection as I have had few compatibility issues. It is more common that a security soft has major annoyances due to bugs or poor design.

E. Windows security is just as annoying and buggy as 3rd party security softs - and in some cases even worse. For example, SSS configuration doesn't work correctly on some PCs such as certain Dell systems. I have not found Windows security to provide any real advantage over 3rd party. In fact, with the lack of\unclear\conflicting documentation, the fact that almost everything is hidden, and just as buggy, and settings\configurations get reset to defaults after a Windows upgrade... it is an extremely annoying security solution.

F. You try it. If it works, you keep using it. I am a huge advocate of "less is more," but Windows security has always disappointed me.

G. Your utilities are the best thing going for those that want to max-out default Windows security, but at the same time it shows how messed up in the head Microsoft is... a person needs a security soft geek utility to get the most out of Windows security and to avoid spending 18+ months researching online and trial-and-error.

I have the similar thoughts.
Many people use the computer in a very limited way, for the basic tasks like web browsing, emailing, social media, watching YouTube videos. They do not touch the security software and even if they change some settings, then it is done coincidentally. They use Windows, but probably should use the Chromebook, instead. Such people can be easily infected, when using the very universal, vulnerable and constantly changing Windows system.
Both Windows security and 3rd party security can be buggy, and sometimes there can be conflicts between them, too. So, what can be done for such people until Chromebooks will be more popular?

1. We cannot rely on M$, because they do not care about the average users.
2. Also, the 3rd party security software is not focused on the average users. The known example is the Windows script issue. Many above-average users cannot tweak the advanced options in AVs, so in fact their protection is not very different of Windows Defender. They think that 3rd party AV is far better, so install it on the computers of average users (also in small shops which sells/repairs the computers).
3. The average user is infected anyway, so another computer geek installs another AV, and so on. After some time the user has many compatibility/stability issues and infected computer, too.
4. We can restrict the most vulnerable things in Windows, like remote features, Windows scripts, running unsafe applications downloaded from the Internet - that can be done by adopting SSS or more advanced configurators (SysHardener, HardenTools, H_C).
5. Restricting Windows has its downsides, when the user wants to install the new unpopular application (it can be blocked by SmartScreen). Also, some computers may use (rarely) Windows scripts, so the initial configuration will be required.
6. Default deny solution would be the best for average users, but has even more limitations (as compared to SSS), when the user wants to install the new application. That would require the occasional help from the more advanced user or some learning.

So there are some not bad solutions for some particular fractions of average users, but not the general solution (except Cromebook).

 

[erreale]

So there are some not bad solutions for some particular fractions of average users, but not the general solution (except Cromebook).

Do you really think that the cromebooks (as well as other operating systems) are the solution? Today's happy clicker on Windows will be on other operating systems tomorrow. Android is not immune to the average user. You can install apps from untrusted fonts, in the Play Store you can still find infected apps or run an email attachment.

 

[509322]

Do you really think that the cromebooks (as well as other operating systems) are the solution?

A typical user is less likely to get infected on Chromebook than Windows, but yes, the awful Google Web and Play Stores are both menaces. Quite frankly, Google is negligent in the way that it handles both as they grossly undermine the security benefits that Chromebook offers.

Chromebook is a platform solution versus a services\applications solution. It isn't perfect, but it's better than The Windows Cartel.

The things you mention go right back to the heart of the entire matter of typical users and IT security... and that is for good security the user must have a minimum knowledge base and be capable of and willing to adhere to safe behaviors.

I have observed more and more advanced users migrate to Chromebook because of the relative ease of use, fewer annoyances and problems, much easier manageability.

The Windows Cartel puts out a product that is a management hassle - a hassle that more and more people grow weary of having to contend with when Chromebook does what they need and want with a fraction of the hassles.

 

[Kuttz]

Do you think that WD with blocked Windows scripts and SmartScreen set to block, could give the similar protection as for example BitDefender Free AV or Kaspersky Free AV?

You can get even better protection with lockdown configurations. The problem here is ease of use or simply usability of the system of such a restrictive configuration. The more restrictive a system the more secure it is which is why Linux is generally more secure than Windows.

 

[Andy Ful]

Do you really think that the cromebooks (as well as other operating systems) are the solution? Today's happy clicker on Windows will be on other operating systems tomorrow. Android is not immune to the average user. You can install apps from untrusted fonts, in the Play Store you can still find infected apps or run an email attachment.

It does not matter what I think.
Chromebook OS is protected much better as compared to WIndows - it is a well known fact. Yet, it can suffer from infections inside the Google Chrome browser. The attack vector on the Chromebook OS is very little as compared to Windows. It has many times less code, so also many times less vulnerabilities. The Chromebook OS is much simpler than Windows OS. It is also not bloated by the necessity to be compatible with hardware & software from many years ago, etc.
You can get more information about Chromebook protection, when reading some @ForgottenSeer 58943 posts about Chomebook, and how it can protect the OS even when you will install the malicious application from Google Play Store.
Be safe.

 

[Moonhorse]

I would use sss, and recommend it to family members aswell. IF all you do is browsing + gaming + banking , i dont see reason to go with 3rd party if i can achieve all this by default

It just depends of the user and his habits

 

[ForgottenSeer 58943]

You can get even better protection with lockdown configurations. The problem here is ease of use or simply usability of the system of such a restrictive configuration. The more restrictive a system the more secure it is which is why Linux is generally more secure than Windows.

With Chromebooks it really comes down to the lack of user space access for the core operating system. You simply cannot access the core operation of the system and if in the EXTREMELY unlikely event something did, VB would nix it at startup. This article sums most of it up but I have gone over it extensively here in other threads, as has Lockdown.

Google Chromebooks are a hit with security experts, and it's not by accident

 

[Andy Ful]

You can get even better protection with lockdown configurations. The problem here is ease of use or simply usability of the system of such a restrictive configuration. The more restrictive a system the more secure it is which is why Linux is generally more secure than Windows.

That is right. There is the reason why SSS applies only such restrictions like Windows script blocking, and restricts only the installers downloaded from the Internet. There can be added some other restrictions like disabling remote features (Remote Registry, Remote Shell, Remote Desktop, and Remote Assistance). Those restrictions are not a big issue for most of the users who spent the time on browsing, mailing, using the social media, watching YouTube, or talking via Skype. SmartScreen Application Reputation is a very good reputation service for known software, and those users hardly need less popular applications. Of course it is not the setup for MT users or many other users who like install very special, not popular applications.
The SSS is intended to significantly increase the security without losing much usability. If you will apply those restrictions to any free AV, then the final result will be pretty much the same. But when you do it for Defender, then you have the advantage of better compatibility & stability.

 

[509322]

The user is always the problem... that introduces complications that are impossible for a software to solve on behalf of that user.

Security basics will never become irrelevant nor replaced by technology. Sticking to the security fundamentals is the smartest way of ensuring the best protection. However, when 98 % of the computer-using world doesn't even know the basics (which is a lot more than merely installing an AV), then it ensures that overall IT security will never improve much beyond what it is today.

 

[Andy Ful]

I found some interesting statistics from Verizon 2018 Data Breach Investigations Report (industry and organizations):
2018 Data Breach Investigations Report | Verizon Enterprise Solutions

Over 90% of malware files were delivered by email.
About 60% of malware files were delivered as Windows scripts, near 20% by documents (MS Office, PDF), and 15% by Windows executables.
" JavaScript (.js), Visual Basic Script (.vbs), MS Office and PDF tend to be the file types found in first-stage malware. They’re what sneaks in the door. They then drop the second-stage malware."
"And many of the PDFs were just a vehicle for a macro-enabled Office document, embedded within."

The above statistic shows, why blocking the Windows scripts is so important. Most MS Office documents also use Windows scripts to download the executable payloads. If the scripts are blocked, then most executable payloads cannot infect the system. That is important because, those payloads would be usually ignored by SmartScreen, and some could be also not detected by WD (fresh malware samples).

 

[509322]

I found some interesting statistics from Verizon 2018 Data Breach Investigations Report (industry and organizations):
2018 Data Breach Investigations Report | Verizon Enterprise Solutions

View attachment 202341

Over 90% of malware files were delivered by email.
About 60% of malware files were delivered as Windows scripts, near 20% by documents (MS Office, PDF), and 15% by Windows executables.
" JavaScript (.js), Visual Basic Script (.vbs), MS Office and PDF tend to be the file types found in first-stage malware. They’re what sneaks in the door. They then drop the second-stage malware."
"And many of the PDFs were just a vehicle for a macro-enabled Office document, embedded within."

The above statistic shows, why blocking the Windows scripts is so important. Most MS Office documents also use Windows scripts to download the executable payloads. If the scripts are blocked, then most executable payloads cannot infect the system. That is important because, those payloads would be usually ignored by SmartScreen, and some could be also not detected by WD (fresh malware samples).

This all goes the massive stupidity on Microsoft's part... by configuring all default Windows for the convenience of IT Pros, while negligently placing the largest group of users at the greatest risk - who happen to be the most vulnerable - the typical home user.

Interpreters should not be enabled by default. That they are is just the absolute face of stupidity and negligence. It is like storing explosives in a welding fabrication shop.

Microsoft hides file type extensions by default in Explorer. Another absolutely moronic thing to do.

So to cope with all this stupidity, Microsoft adds even more to its stupidity by developing AMSI and ASR - which are overly complex pattern matching and rule sets, that are wholly dependent upon convoluted reporting by the pen-test community - that more than likely won't stop new attacks.

It is hard to fathom how so many people defend Microsoft when it is the one who is wholly to blame for the pathetic state of affairs. It created Windows, therefore it is responsible.

And just a FYI... in the enterprise, the employee is responsible for 60+ % of all infections. Same vectors and methods... email, zip files, scripts, malicious macros, etc. And Microsoft makes it all possible.

 

[ForgottenSeer 72227]

I found some interesting statistics from Verizon 2018 Data Breach Investigations Report (industry and organizations):
2018 Data Breach Investigations Report | Verizon Enterprise Solutions

View attachment 202341

Over 90% of malware files were delivered by email.
About 60% of malware files were delivered as Windows scripts, near 20% by documents (MS Office, PDF), and 15% by Windows executables.
" JavaScript (.js), Visual Basic Script (.vbs), MS Office and PDF tend to be the file types found in first-stage malware. They’re what sneaks in the door. They then drop the second-stage malware."
"And many of the PDFs were just a vehicle for a macro-enabled Office document, embedded within."

The above statistic shows, why blocking the Windows scripts is so important. Most MS Office documents also use Windows scripts to download the executable payloads. If the scripts are blocked, then most executable payloads cannot infect the system. That is important because, those payloads would be usually ignored by SmartScreen, and some could be also not detected by WD (fresh malware samples).

Very good read!

It's interesting to see that email still seems to be one of the main attack vectors compared to other methods.

I get two points from reading this:

1. Just following basic security habits, like not opening email/attachments from unknown senders can prevent alot of this.

2. Disabling or blocking Windows scripts virtually solves vast majority of these problems.

 

[DeepWeb]

I will install a free AV simply because I don't want my CPU to run at 100% all day. Anything that can turn Windows Defender off and do faster scans is welcome.

Also starting to get tired of reading Lockdown blaming users once again instead of the swiss cheese that is Windows. Microsoft could have disabled scripts, Powershell and Office Macros out of the box until users want to enable them, but they didn't. They could force only signed executables to be elevated but they didn't. They could prompt users to set a password for admin and have the main account run as a standard user BUT they didn't. They promised a new kernel with Windows 8 and of course they didn't! Because even with Windows 10 Home, they are still designing with an Enterprise mindset which makes ZERO sense. ZERO. Microsoft is incompetent. Stop blaming the user. It's getting old.