Nagisa

Level 1
Verified
I wonder if this is even possible. A light signature based antivirus + anti-exe + OsArmor. What are the risks that we still have while using this combination? Is there any reason why someone should choose a linux distro to make his/her computer more secure?
 
  • Like
Reactions: Andy Ful and shmu26

roger_m

Level 24
Verified
Content Creator
My Windows systems are not as secure as Linux systems, but I don't care. I do absolutely nothing to secure my systems other than installing antivirus software. I know that if I am careful about what files I open and keep my systems updated, that is is very hard to get infected.

The main reason that Windows systems get infected, is due to users opening infected files. I do my best to not do so.
 

shmu26

Level 83
Verified
Trusted
Content Creator
I wonder if this is even possible.
You can get Windows to function more like the Linux security model by using a Standard user account most of the time, and switching to an account with admin privileges only when necessary. Also, set User account control at max.

A light signature based antivirus + anti-exe + OsArmor. What are the risks that we still have while using this combination?
Many anti-exe programs make OSArmor unnecessary. The realistic risks that we still have with your suggested config are very minimal. But you still need to keep your OS and software updated, because of exploits.

Is there any reason why someone should choose a linux distro to make his/her computer more secure?
To avoid all the headache and worry. Windows with good security is like living in a well-protected fortress within driving distance of downtown. Linux is like living on a peaceful deserted island, just you and the penguins. Take your pick. Most people will pick the option close to downtown. You can't get ice cream on deserted islands, unless you compile it yourself. :)
 

dJim

Level 5
Verified
Te linux its not really that secure as many people claim, thats because linux are not mayor target for malware and so...If linuxhas the same % of atacks for sure will lose Vs windows yes you can tweak every SO but its all abouth atacks percentage
 

Threadripper

Level 7
Linux home users will never be targeted because of low market share, true. But those claiming Linux isn't secure and market share creates the illusion that it is couldn't be any more wrong. Your sudo password is everything, nothing bad can happen without it therefore a user can pretty much only intentionally infect themselves on Linux, a bypass is found? Patched the same day, maybe even the same hour with livepatching without requiring a restart. Windows? Yeah, you can wait a month.

Windows comes with apps made by random developers like "Candy Crush Soda Saga" and all that rubbish, they're not even made by Microsoft and somehow Microsoft think it's okay to preinstall random apps from random developers... Absolute madness. Not to mention the attack surface area of a universe. You can lock down Windows, but that lovely Windows 98 code is still Swiss cheese if somebody tries hard enough.
 

AtlBo

Level 27
Verified
Content Creator
Get a time machine, go back to 1988, and start over. Move over Bill Gates, Marty McFly is here to save the day. Seriously, no way possible.

Linux relies on a completely different model for security than we see for Windows. It's inherently a safe as it is. As an example, download Manjaro KDE and try to add a custom wallpaper or even use a graphic you made as a wallpaper. I still haven't determined how yet, because it is intentionally blocked. I mean, there is basically no such thing as a system administrator as we know the term in Windows. The better part of me KNOWS they are doing the right thing to keep their OS that way. And this angle on security seems to me to be throughout the distros I have tried.

The big thing with Linux is the handling of packages (programs and updates). They all come from the Linux community, so there is little chance of there being malicious code there. Is it possible? Yes it's possible, but 1000% less likely than what we see from the wild west web for windows. This said, a Linux user can bork an installation of the OS, no doubt here. Risk of infection will always be far lower than with Windows, however...

I wonder if this is even possible. A light signature based antivirus + anti-exe + OsArmor. What are the risks that we still have while using this combination? Is there any reason why someone should choose a linux distro to make his/her computer more secure?
For me, Linux will still be safer. However, if you want the challenges associatted with the freedoms Windows brings, then yes, you can secure a PC to a high degree. @shmu26 is a good reference for this topic, but I think he might say you need to make sure you protect "the vulnerables" and maybe protect the OS with OS Harderner. OS Armor should have your back with the vulnerables. Looking forward to seeing what the future holds for OSA and if there will be any changes, but it pairs with anything very nicely.
 

AtlBo

Level 27
Verified
Content Creator
Te linux its not really that secure as many people claim, thats because linux are not mayor target for malware and so...If linuxhas the same % of atacks for sure will lose Vs windows yes you can tweak every SO but its all abouth atacks percentage
Kind of complicated, but I don't think Linux distros in general CAN be attacked like we see with Windows. I mean this seems to be to be true at least to a certain degree. The package managers and built-in safeguards in Linux make it imo generally just a safe OS to use, irregardless of market share. The trade off is freedom.

On the other hand, you are probably right to a degree. For example, there is no way to stop weaponized documents from reaching Linux machines. But, we should keep in mind, MS Office doesn't run in Linux in a form that will function with macros. Because of this fact, I believe you are safer in Linux even number of attacks the same and even with little or no a-v in Linux. It's design is for securability far moreso than we see with Windows.

Don't think Linux usage will top 20% ever, so I doubt we will see hackers focus the OS. For a single targeted PC owner, however, there could be hacks in the future and this is certainly a critical consideration for the Linux community. Targeted attacks are devastating, as we have seen in the past in multitudes of cases...
 

shmu26

Level 83
Verified
Trusted
Content Creator
Kind of complicated, but I don't think Linux distros in general CAN be attacked like we see with Windows. I mean this seems to be to be true at least to a certain degree. The package managers and built-in safeguards in Linux make it imo generally just a safe OS to use, irregardless of market share. The trade off is freedom.

On the other hand, you are probably right to a degree. For example, there is no way to stop weaponized documents from reaching Linux machines. But, we should keep in mind, MS Office doesn't run in Linux in a form that will function with macros. Because of this fact, I believe you are safer in Linux even number of attacks the same and even with little or no a-v in Linux. It's design is for securability far moreso than we see with Windows.

Don't think Linux usage will top 20% ever, so I doubt we will see hackers focus the OS. For a single targeted PC owner, however, there could be hacks in the future and this is certainly a critical consideration for the Linux community. Targeted attacks are devastating, as we have seen in the past in multitudes of cases...
You can download an installer file for linux from a shady source (Github has been found to host linux malware), and it can potentially infect your system. Most linux users are not able to restrict themselves totally to the official repository for their distro, so the risk of malware exists.
However, it is pretty rare for home users to be attacked. The targets are almost always servers.
 
signature based antivirus + anti-exe + OsArmor.
The risk that is left un-mitigated are exploits that launch payloads in RAM. An anti-malware can catch known malware Files. An anti-exe will cover the rest of the unknown malware Files. And OSArmor can catch some script based attacks. But hackers know the in's and out's of those also. Remote control tools are deliberately not covered by anti-malware because they have legitimate uses. You could legitimately want to access and control your PC from a coffee shop. Exploits attacks security coding flaws, and nothing can stop those because only hackers know of the flaws, and they are not about to file a CVE. After the exploit works by launching the hacker's inserted code, and then they bring over a remote control tool to RAM, and it runs by just adding a jump instruction to the payload code. Most hackers are nosy, they want to watch what you do, then reconfigure your system to their comfort so they can gain persistence if you reboot. And none of your above tools will be the wiser.

If you leave your system with the default firewall rules as provided by MS, you will get hacked, just a matter of time. If the stupid hacker is foolish enough to use malware, then maybe you will get lucky and your anti-malware will catch it. But then, most experienced hackers tests their 'malware' against common AV's and make sure they are not detectable.

A possible defense is to maintain a snap shot of all the startup points in Windows, and watch for changes. If an entry was made in the registry to launch some program, you want to be the first to know about it.

Event Viewer is your friend - searching for Event ID 1000 and 1001 will reveal which program crashed or hung; a common indication that an exploit was launched against that program. You can specify a custom view for those two.

Other baselines are also possible. For example, driverquery is a command line tool that lists all your drivers. And some hacker tools are drivers, not exe's. So you save yourself a list and compare regularly.

Regular monitoring is something that is not publicized and is an essential 'tool'. It is laborious, not sexy like AI tech, and quite boring to execute. But organizations which are serious about it have SIEM panels, that monitor for abnormal events. A new auto-run program, an after midnight network connection, etc. "Know what is normal, and check out the rest."

Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder.: Don Murdoch GSE: 8601411308048: Books - Amazon.ca

And a tool you omitted is backup. Preferably a disk image which you can restore your system to in just a few minutes. A drive C with just security tools should only occupy around 10 GBs. And you can store a few versions on a USB memory stick. Macrium Reflect Free is the one I use. And when I don't feel like hunting down the intruder, I just restore a drive image. But that leaves the vulnerability un-addressed.
 
Last edited:

crezz

Level 5
Verified
Some questions.....

Is Voodooshield + Kaspersky good enough ?

What are the altenratives to Voodooshield ?

What does OSArmour do that Voodooshield doesn't ?

Thanks for helping my understanding folks !
 
  • Like
Reactions: AtlBo

DeepWeb

Level 24
Verified
Get the latest Intel CPU that has all the security features that Windows 10 can enable. Get Windows 10 Enterprise to have Credential Guard. Get a motherboard with a TPM chip and a resilient BIOS that verifies UEFI code and restores it if it's being tampered such as one with Kaspersky UEFI (KUEFI).
Then once you are safe on the hardware side, disable all backwards compatibility in Windows 10 and only use the latest drivers.
 
  • Like
Reactions: AtlBo
I've been using windows for more than 15 yrs and I haven't got into any type of system issues or software problems. Usually, I don't install any applications from unfamiliar persons or firms. Even if I do, I would go through the installation steps carefully to avoid any installation of weirds applications. If the installed applications turned into being unprotective to me I'll uninstall them immediately. Also, I'll clean my caches and recycle bin constantly.
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
VoodooShield and Kaspersky looks for executables. Scripts are not inspected. And scripts that make use of Windows' internal command line tools are not inspected. That's where OSArmor comes in,
From what I remember, VoodooShield has a kind of script protection. Two or three years ago I found one bypass via WSH scripts, but it was quickly patched by Dan. I did not test VoodooShield against scripts for a long time, so I do not know how strong it is now.
 
Last edited:

shmu26

Level 83
Verified
Trusted
Content Creator
VoodooShield and Kaspersky looks for executables. Scripts are not inspected. And scripts that make use of Windows' internal command line tools are not inspected. That's where OSArmor comes in,
I can verify that Voodooshield looks for scripts pretty vigilantly, as I recently tested the newest version of it.
Furthermore, it is not exactly true that Kaspersky does not inspect scripts. All good AVs inspect scripts to the best of their ability, and Kaspersky is no exception.
However, it is true that the algorithms applied by AVs to inspect scripts are not as strong as the rules typically applied by advanced security products such as OSA.