Advice Request Simple Stupid Security vs. free AV

[rehuszisteN1]

It has been a year I'm not using any AV, even the prebuilt Windows Defender. People said that its light and the best option for Windows 10, but turning it on affects gaming and smoothness while using, i simply never attach suspicious external storage plus using security extension in Chrome which is pretty safe. I would prefer SSS instead of using AV app aslong I don't need to use suspicious app or device attached into my laptop.

Btw I use Avast Free and Comodo Firewall while I'm using Windows 7, it simply because it doesnt consume too much resources and the performance was so smooth and without any noticeable spikes or drops.

 

[ForgottenSeer 72227]

Microsoft could have disabled scripts, Powershell and Office Macros out of the box until users want to enable them, but they didn't. They could force only signed executables to be elevated but they didn't. They could prompt users to set a password for admin and have the main account run as a standard user BUT they didn't. They promised a new kernel with Windows 8 and of course they didn't! Because even with Windows 10 Home, they are still designing with an Enterprise mindset which makes ZERO sense. ZERO. Microsoft is incompetent. Stop blaming the user. It's getting old.

I agree.

The sad part is, and I am sure Microsoft knows this, but due to "compatibility reasons" (I'm using quotes to over emphasize this) they don't want to change. IMHO when they were working on Vista and introducing 64 bit, this was their time to make this change (if they were every going to), but chose not to. IMHO they should have only 2 sku's (not the what, 3,4,5 versions), home and business. Business can keep all the scripts what not that IT pros like, but home can remove all that crap, DLL's, registry, scripts, etc... It's funny because I think Microsoft is coming around to this when they released Windows 10S, but no one really likes it because its not "Windows" and quite frankly it's too late.

As I've said IMO they should have released a "Windows 10S" way back when Vista came out as it was a new architecture and was a prime moment to make this change. Sure 3rd parties would have grumbled a little having to rewrite their programs, but if Microsoft would have just did it and stuck with it, saying to bad so sad, by now all 3rd parties would have rewritten their programs to work on the new version and by now it would be a moot point.

 

[Local Host]

I will install a free AV simply because I don't want my CPU to run at 100% all day. Anything that can turn Windows Defender off and do faster scans is welcome.

Also starting to get tired of reading Lockdown blaming users once again instead of the swiss cheese that is Windows. Microsoft could have disabled scripts, Powershell and Office Macros out of the box until users want to enable them, but they didn't. They could force only signed executables to be elevated but they didn't. They could prompt users to set a password for admin and have the main account run as a standard user BUT they didn't. They promised a new kernel with Windows 8 and of course they didn't! Because even with Windows 10 Home, they are still designing with an Enterprise mindset which makes ZERO sense. ZERO. Microsoft is incompetent. Stop blaming the user. It's getting old.

Powershell scripts and Office Macros are disabled by default.

 

[TairikuOkami]

Powershell scripts and Office Macros are disabled by default.

Powershell in Windows 10 is enabled by default and users can not even get rid of it, they can only uninstall GUI. It should not be installed. Users, who know to work with it, can surely install it themselves. Then again, MS plans to completely replace CMD with PS, so it is unavoidable.

 

[Deleted Member 3a5v73x]

What am I reading.. :X3:

 

[Andy Ful]

I will install a free AV simply because I don't want my CPU to run at 100% all day. Anything that can turn Windows Defender off and do faster scans is welcome.

I would do certainly the same If I saw more than 5%. :emoji_pray:
But, that is not what I am seeing now (most of the day):

WD behaves very strange on some computers and very normal on others. That is why 3rd party AVs are welcome, especially when they are better than WD.

Also starting to get tired of reading Lockdown blaming users once again instead of the swiss cheese that is Windows.
...
Stop blaming the user. It's getting old.

Do not be angry on me, but did we read the same post?
"This all goes the massive stupidity on Microsoft's part...",
"Interpreters should not be enabled by default. That they are is just the absolute face of stupidity and negligence."
"Microsoft hides file type extensions by default in Explorer. Another absolutely moronic thing to do. So to cope with all this stupidity, Microsoft adds even more to its stupidity..."
"It is hard to fathom how so many people defend Microsoft when it is the one who is wholly to blame for the pathetic state of affairs. It created Windows, therefore it is responsible."

The only part that is related to the users is known fact + Microsoft fault (again):
"... in the enterprise, the employee is responsible for 60+ % of all infections. Same vectors and methods... email, zip files, scripts, malicious macros, etc. And Microsoft makes it all possible."

So, I think that in fact both you and @Lockdown can share very similar thoughts.:emoji_popcorn:

@Lockdown, you, me, and most people on MT knows the Microsoft sins. But, let's do not continue that path because Microsoft do not listen at all, and such discussion would not be especially practical. :emoji_pray:

 

[Andy Ful]

In some way, the PowerShell scripts and macros are blocked by default (for the users). But, that is not the same as saying that they are disabled by default in the system.

If the user wants to open the .ps1 script by the mouse-click, then the script will not be executed, but opened in the notepad. So, it is true - in some way it will be disabled for the user.
In the default settings, If the user will choose to open the .ps1 script by the option "Run with PowerShell", then in Windows 10 Home (ver. 1809), the PowerShell console will be opened with some options (Y option will allow running the scripts until reboot).
If the exploit wants to run the .ps1 script, then it will use -bypass switch in the command line to bypass PowerShell execution policy. But, usually it will use the scripts from the remote locations or will not use scripts but PowerShell commandlines, which easily can bypass the execution policy.
So, the PowerShell scripts are restricted by default for the users, but not for the exploits, or the other Windows scripts (VBScript, JScript, etc. can run PowerShell scripts and command lines).

In MS Office (versions supported by Microsoft), macros in documents downloaded from the Internet will be blocked, because documents will be opened in the "Protected view". Yet, the user still has the option to open the documents normally. Most average users usually choose to open documents normally, especially when they can see the instruction that it is necessary (known phishing trick).

 

[509322]

Stop blaming the user. It's getting old.

My statements aren't some made up make-believe opinion. They're based upon field observations and the data gathered there. The bottom line is that the vast majority of users are ill-equipped to handle the digital age. Plus, the digital world is not autonomous; it requires human to operate the devices. So the user is naturally one of the fundamental problems. And what I state is confirmed by multiple studies that don't focus solely upon the Eurozone and North American regions. Ok, if your basis of judging user IT knowledge is white college kids in the U.S or Europe., then your data is going to be highly skewed. Move your focus to middle aged users who don't want to be bothered with anything IT other than how to get the device on and running and you get a whole different perspective. The data and analysis results are highly dependent upon the demographic.

Any solution that does not first start with the user is a highly flawed solution... and the current state of IT security is proof.

In some way, the PowerShell scripts and macros are blocked by default (for the users). But, that is not the same as saying that they are disabled by default in the system.

Bypassing PoSh Execution Policy is trivial. Besides, the real threat is not scripts run from disk but LOL vectors.

And, yes, macros are disabled but the uninformed user will enable them by social engineering.

Both are terrible security by design.

 

[Local Host]

Powershell in Windows 10 is enabled by default and users can not even get rid of it, they can only uninstall GUI. It should not be installed. Users, who know to work with it, can surely install it themselves. Then again, MS plans to completely replace CMD with PS, so it is unavoidable.

I clearly said powershell scripts, not powershell itself. You need elevated privilleges to enable powershell scripts, and office macros also need to be toggled.

Only an happy clicker would fall into such malware.

 

[509322]

Only an happy clicker would fall into such malware.

Obviously you haven't worked much with typical users. Even typical enterprise users routinely get their employers' systems infected. Studies show that the infection rate caused by enterprise employees is greater than 55 % of presented simple email and similar attacks - and why is that ? - because they don't know, they don't follow instructions, and\or the protection doesn't work.

So there's a better than 1 in 2 probability that an employee presented with a simple attack will infect the system.

 

[ForgottenSeer 72227]

The bottom line is that the vast majority of users are ill-equipped to handle the digital age. Plus, the digital world is not autonomous; it requires human to operate the devices. So the user is naturally one of the fundamental problems.

One thing I've been think about lately is that aside from Microsoft, all technology in general is flawed and way more complicated than it needs to be. I look at my family for example, aside from the routine help with Windows we all provide to our friends and family, I still help them out with their iPhones, ipads, tv's, android phones, etc...

IMO all companies (Apple, Google, Microsoft, etc...) are to blame for the state of technology today. Some do certain things better than others, but they all still introduce their own issues/levels of complexity. Apple for example has their own stupid connector, they cannot adopt USB 3.0/3.1 like everyone else. You have to use iTunes to upload anything, atleast with android you can treat it like a USB stick, the android ecosystem is so diluted with all hardware vendors doing their UI's and it goes on and on. I look at my family and I know full well that no matter what they are using, there will always be something. Like you said the user is seldom thought of when these things are made and let's not get started on IoT devices.

 

[509322]

One thing I've been think about lately is that aside from Microsoft, all technology in general is flawed and way more complicated than it needs to be. I look at my family for example, aside from the routine help with Windows we all provide to our friends and family, I still help them out with their iPhones, ipads, tv's, android phones, etc...

IMO all companies (Apple, Google, Microsoft, etc...) are to blame for the state of technology today. Some do certain things better than others, but they all still introduce their own issues/levels of complexity. Apple for example has their own stupid connector, they cannot adopt USB 3.0/3.1 like everyone else. You have to use iTunes to upload anything, atleast with android you can treat it like a USB stick, the android ecosystem is so diluted with all hardware vendors doing their UI's and it goes on and on. I look at my family and I know full well that no matter what they are using, there will always be something. Like you said the user is seldom thought of when these things are made and let's not get started on IoT devices.

The vast majority of people use a PC for:

1) Web browsing
2) Movies
3) Music
4) Text editing

Chromebook satisfies those needs quite well.

It's the people that want to game, collect programs and apps, collect large amounts of files, and get into advanced use topics - while representing only a fraction of all users - Windows is more suitable.

Windows is overly complex.

Windows is quite unsecure.

Typical users (across the world as a group, and not just limited to white, middle-class North American and Eurozone users) cannot handle Windows security.

Most typical users are better off with Chromebook.

The best thing for users would be OEM systems that lock them out of everything. In short, unmodifiable systems off the best security if they are developed with security as a primary goal in the first place. Devices should be dedicated to their purpose for best possible security.

A general OS is always going to be R-E-K-T.

 

[TairikuOkami]

I clearly said powershell scripts, not powershell itself. You need elevated privilleges to enable powershell scripts

You can run powershell from CMD, bypassing elevation is what powershell is used for, especially by ransomware.
Once you run powershell, you can easily run ps scripts from it. Besides, there are also self-elevating ps scripts.

 

[Sunshine-boy]

Over 90% of malware files were delivered by email.

So can we say an Email provider with decent spam protection is more important than antivirus?

 

[ForgottenSeer 72227]

The vast majority of people use a PC for:

1) Web browsing
2) Movies
3) Music
4) Text editing

Chromebook satisfies those needs quite well.

It's the people that want to game, collect programs and apps, collect large amounts of files, and get into advanced use topics - while representing only a fraction of all users - Windows is more suitable.

Windows is overly complex.

Windows is quite unsecure.

Typical users (across the world as a group, and not just limited to white, middle-class North American and Eurozone users) cannot handle Windows security.

Most typical users are better off with Chromebook.

The best thing for users would be OEM systems that lock them out of everything. In short, unmodifiable systems off the best security if they are developed with security as a primary goal in the first place. Devices should be dedicated to their purpose for best possible security.

A general OS is always going to be R-E-K-T.

I dont disagree, I agree wholeheartedly, especially from a security stand point. My post was just to emphasize that technology in general tends to be more complex than it needs to be at times.

 

[509322]

So can we say an Email provider with decent spam protection is more important than antivirus?

Email filtering is notoriously ineffective because users bypass it as well as the malicious actors know how to circumvent it.

 

[Andy Ful]

I clearly said powershell scripts, not powershell itself. You need elevated privilleges to enable powershell scripts, and office macros also need to be toggled.

Only an happy clicker would fall into such malware.

PowerShell ExecutionPolicy can be bypassed without elevated privileges and without the user interaction.

1. The .vbs script can first change the MS Office settings to allow macros without the prompt, and next download/open the weaponized MS Office document from the remote location.
2. The .vbs script can download the malicious PowerShell script to disk and run it by the command: PowerShell -ExecutionPolicy Bypass -File path2file.ps1
3. The .vbs script can download the malicious PowerShell script to memory and run it from memory, bypassing execution policy.

No interaction from the user is required, except running the .vbs script.
The same can be done by running PowerShell scripts directly via shortcuts.
The average user can be easily fooled, because both .vbs scripts and shortcuts, can be prepared with icons from the photos, media files, etc.

 

[Andy Ful]

So can we say an Email provider with decent spam protection is more important than antivirus?

If the spam protection includes also the list of blocked file extensions for attachments, then it can be useful. Outlook Web Access, Gmail, and some others have such predefined lists. But, many free e-mail service providers, do not have.

 

[Evjl's Rain]

Email filtering is notoriously ineffective because users bypass it as well as the malicious actors know how to circumvent it.

I don't know but for years of using gmail, I haven't got any email in my inbox with attachment so it means I'm totally safe from this vector
almost never check the spam mails unless there is a FP

maybe a few mails with phishing but I ignore them

my email account was created 13 years ago

 

[509322]

I don't know but for years of using gmail, I haven't got any email in my inbox with attachment so it means I'm totally safe from this vector
almost never check the spam mails unless there is a FP

maybe a few mails with phishing but I ignore them

my email account was created 13 years ago

I have an email account with a bunch of symbol characters. I get virtually no email whatsoever because I never give it out and also due to the unusual address, the spambots never send any mail to the address.

However, it doesn't work that way for users that have a publicly available email address. They routinely get targeted by spam email campaigns.