Advice Request Simple Stupid Security vs. free AV

[shmu26]

Simple Stupid Security sounds to me like the best solution in an imperfect world.

You can go for advanced 3rd party solutions, but the issues just multiply.
You can switch to Linux, which is definitely more fun, but it is missing a lot of features, and the list of compatible software and drivers is kind of limited.
You can use a Chromebook, as long as you don't have anything important to get done.

 

[shmu26]

I found some interesting statistics from Verizon 2018 Data Breach Investigations Report (industry and organizations):
2018 Data Breach Investigations Report | Verizon Enterprise Solutions

View attachment 202341

Over 90% of malware files were delivered by email.
About 60% of malware files were delivered as Windows scripts, near 20% by documents (MS Office, PDF), and 15% by Windows executables.
" JavaScript (.js), Visual Basic Script (.vbs), MS Office and PDF tend to be the file types found in first-stage malware. They’re what sneaks in the door. They then drop the second-stage malware."
"And many of the PDFs were just a vehicle for a macro-enabled Office document, embedded within."

The above statistic shows, why blocking the Windows scripts is so important. Most MS Office documents also use Windows scripts to download the executable payloads. If the scripts are blocked, then most executable payloads cannot infect the system. That is important because, those payloads would be usually ignored by SmartScreen, and some could be also not detected by WD (fresh malware samples).

That's surprising statistics. Correct me if I am wrong, but MalwareHub testing and YouTube testing shows a much higher percentage of PE executables.

 

[Andy Ful]

That's surprising statistics. Correct me if I am wrong, but MalwareHub testing and YouTube testing shows a much higher percentage of PE executables.

That is the main difference as compared to real-world tests. The spectrum of samples used on MalwareHub and YouTube, is closer to the scenario, when the user seeks for cracks and pirated software. Of course, the tests on MalwareHub are more comprehensive than most tests on YouTube.

 

[RoboMan]

Actually, I would use WD. To be honest I am at the moment (yes, after saying I hated it). Since I updated to 1903 (Insider Build) Defender is incredibly good and it keeps adding new features to outplay other free AV's. At the moment I am using one PC with WD + Hard_Configurator and my main PC with Windows Defender + CS' CFW. Both work smoothly. And lighter than using KIS.

 

[shmu26]

That is the main difference as compared to real-world tests. The spectrum of samples used on MalwareHub and YouTube, is closer to the scenario, when the user seeks for cracks and pirated software.

Now I am confused, because antivirus programs typically have weak script protection. So in the real-world tests, where there are more scripts, they should do worse than in private tests, where there are more exe and msi files. But the opposite is true.

Defender is incredibly good and it keeps adding new features

What new and good features do you see in WD?

 

[Andy Ful]

Now I am confused, because antivirus programs typically have weak script protection. So in the real-world tests, where there are more scripts, they should do worse than in private tests, where there are more exe and msi files. But the opposite is true.
...

In the real world tests most phishing links and email attachments are not 'never seen' samples.
In the MalwareHub tests, many samples are 'never seen', so the detection results are often worse as compared to the real-world tests.

 

[ForgottenSeer 72227]

Actually, I would use WD. To be honest I am at the moment (yes, after saying I hated it). Since I updated to 1903 (Insider Build) Defender is incredibly good and it keeps adding new features to outplay other free AV's. At the moment I am using one PC with WD + Hard_Configurator and my main PC with Windows Defender + CS' CFW. Both work smoothly. And lighter than using KIS.

Hehe welcome to the darkside:devil:

It's one of the reasons why I don't rely on 3rd parties anymore. Microsoft has made WD a very capable security solution, especially when you take all the security features within W10 into account. Its protection capabilities are right up there with the big boys and like you, its performance impact keeps improving. I don't even notice it at all to be honest.

With 1903, MS is finally addressing a major weakness with WD, by adding tamper protection. Between this, BAFS, ASR, Exploit protection controlled folder access, etc... it's hard to believe where WD started.

I know some people are still a little hesitant, which is totally understandable, but IMO, it's just as good as the big boys and best of all, it doesn't annoy you.

You can use things like H_C, syshardener, OSA, VS, etc... if you want to fill in some gaps, but you really don't need much more than that IMO. I've stopped worrying along time ago about getting infected and stressing about being attacked by advanced exploits/malware, which really doesn't impact home users TBH. Instead I've focused on enjoying my computer. Sure one can find examples of malware bypassing WD, but to be brutally honest, you can find examples of malware bypassing all AV's, as no product is 100٪ perfect.

 

[shmu26]

I've stopped worrying along time ago about getting infected and stressing about being attacked by advanced exploits/malware, which really doesn't impact home users TBH. Instead I've focused on enjoying my computer.

The voice of reason

 

[Andy Ful]

If the user in the home environment is not a happy clicker, does not intentionally look for cracks and pirated software, does not visit "dark places" on the web, does not open spam attachments or blindly install programs from friend's pen drive, then the chances for malware infection are very little. There are probably some people who do all these things and will not be infected anyway.

 

[ForgottenSeer 72227]

If the user in the home environment is not a happy clicker, does not intentionally look for cracks and pirated software, does not visit "dark places" on the web, does not open spam attachments or blindly install programs from friend's pen drive, then the chances for malware infection are very little. There are probably some people who do all these things and will not be infected anyway.

IMO habits are everything. Its not to say that a legitimate site like Amazon couldn't become infected, but the chances are very minimal. What I find the most amusing is when people are asking for a security solution and you have people go, If you are a safe browser than something like WD is fine, however if you do things like download torrents, click on ads, visit sketchy sites, etc..., then your better off using something like Kaspersky. I'm like so your justifying poor security habits as long as you use a 3rd party like Kaspersky? Sometimes I feel like saying, you do know that as good as program like Kaspersky is, it too can be bypassed and it to can miss malware, thus you can still get infected.:emoji_expressionless:

Your habits are an important part of your overall security, ignore it and unfortunately one day you will lose that battle.

 

[Andy Ful]

IMO habits are everything. Its not to say that a legitimate site like Amazon couldn't become infected, but the chances are very minimal. What I find the most amusing is when people are asking for a security solution and you have people go, If you are a safe browser than something like WD is fine, however if you do thinks like download torrents, click on ads, visit sketchy sites, etc..., then your better off using something like Kaspersky. I'm like so your justifying poor security habits as long as you use a 3rd party like Kaspersky? Sometimes I feel like saying, you do know that as good as program like Kaspersky is, it too can be bypassed and it to can miss malware, thus you can still get infected.:emoji_expressionless:

Your habits are an important part of your overall security, ignore it and unfortunately one day you will lose that battle.

@Raiden,
That was a very funny post (as a reply to my post).
I know that it was not intentional, but still funny.:emoji_innocenty)

 

[Moonhorse]

Today i wanted to try out linux mint, couldnt use my 4g modem on it ( such new one) and wifi is slower so i reverted back to win 10

I have installed windows defender only + configuredefender

I could run syshardener and just block execution of files that are not signed + probably disable powershell

I dont like to go with hard_configurator, doesnt fit for me.

Whats the most usefull thing i could have with WD+ configuredefender without installing drivers/ software? Just learn about SRP and do something manually?

 

[shmu26]

Today i wanted to try out linux mint, couldnt use my 4g modem on it ( such new one) and wifi is slower so i reverted back to Windows 10

I have installed windows defender only + configuredefender

I could run syshardener and just block execution of files that are not signed + probably disable powershell

I dont like to go with hard_configurator, doesnt fit for me.

Whats the most usefull thing i could have with WD+ configuredefender without installing drivers/ software? Just learn about SRP and do something manually?

You could configure Windows Defender Exploit Guard for specific processes and apps. Use a full path (not wildcards) so it won't be overwritten when you get a Windows update.

 

[Andy Ful]

Today i wanted to try out linux mint, couldnt use my 4g modem on it ( such new one) and wifi is slower so i reverted back to Windows 10

I have installed windows defender only + configuredefender

I could run syshardener and just block execution of files that are not signed + probably disable powershell

I dont like to go with hard_configurator, doesnt fit for me.

Whats the most usefull thing i could have with WD+ configuredefender without installing drivers/ software? Just learn about SRP and do something manually?

If H_C does not fit for you then SRP will not fit, either. It is normal. For most non-casual home users the AV + restricting/blocking scripts is the best solution.

 

[ForgottenSeer 72227]

@Raiden,
That was a very funny post (as a reply to my post).
I know that it was not intentional, but still funny.:emoji_innocenty)

Haha, yes you are correct, it wasn't intentional, nor directed to you or what you said. I just happened to reply to your post Haha.

It was more to highlight what I keep reading on various forums and websites like reddit, everytime I see people ask about which security program they should use. I was reading some reddit threads yesterday and I saw a comment from someone who was basically saying that "you shouldn't use WD because that's how people get infected." I really had to bite my tongue on that one, because I felt like saying, actually people get infected by following poor security habits, not because they were using WD.

 

[RoboMan]

What new and good features do you see in WD?

That would be:

• Tamper protection
• Attack surface reduction
• Folder protection
• Notifications and exclusions are working so much better
• Isolated browsing
• Vulnerability protection
• Core isolation
• TPM
• Parental control!
• Ransomware-encrypted files recovery via OneDrive

 

[ForgottenSeer 72227]

That would be:

• Tamper protection
• Attack surface reduction
• Folder protection
• Notifications and exclusions are working so much better
• Isolated browsing
• Vulnerability protection
• Core isolation
• TPM
• Parental control!
• Ransomware-encrypted files recovery via OneDrive

It's been painfully slow at times, but when you look at what they have accomplished, it has come a long ways from where it was in windows 8.

 

[RoboMan]

It's been painfully slow at times, but when you look at what they have accomplished, it has come a long ways from where it was in windows 8.

So true! I used to hate it so much for being buggy, and slow the machine a lot! But lately... it's just great! They keep adding new modules and techniques that most AV, even robust paid alternatives lack of, for "free", and lighter in every build. Of course, I always pair it up with something (CFW, H_C, OSA, anything).

 

[roger_m]

I saw a comment from someone who was basically saying that "you shouldn't use WD because that's how people get infected." I really had to bite my tongue on that one, because I felt like saying, actually people get infected by following poor security habits, not because they were using WD.

Yes, if you take some care, it's usually very hard to get infected, no matter what security software you use.

 

[shmu26]

I was reading some reddit threads yesterday and I saw a comment from someone who was basically saying that "you shouldn't use WD because that's how people get infected."

Some people just get stuck in the past and can't get out of it. For instance, when something doesn't work right on their computer, I know people who will say, "I must have a virus!" It's so 1998.