win10 basic security setup

Discussion in 'other anti-malware software' started by topo, Jun 25, 2016.

  1. topo

    topo Registered Member

    Joined:
    Nov 11, 2013
    Posts:
    159
    i'm the designated IT guy for my group of retirees. bob just bought and dropped off to me, a new hp win10 laptop he wants me to setup for him.i've never used win10 so i'm asking for help.i need a set and forget security if that is possibile. i will install mbam free, unchecky, ccleaner & speccy, chrome - adblockplus, and probably go with windows defender and smart screen filter. should i use voodooshield also(i've never used it but have been reading about it)? also need to remove the mcafee trial(do i still need to run their removal tool after control panel uninstall? any advice is welcomed. thanks
     
  2. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    284
    Location:
    Philippines
    I know kees/Windows Security has a native Windows 10 security set up that could prevent a lot of nasties. Feel free to ping him.

    A standard user account for everyday use should help a lot. An anti-exploit tool like EMET or MBAE is also good for protection.
     
  3. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,870
    Replace Windows Defender with Microsoft Security Essentials, install Comodo Firewall and MBARW as well MBAE and you have pretty solid low resource protection.
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,193
    Location:
    Among the gum trees
    Yes you should use their uninstall tool.
     
  5. topo

    topo Registered Member

    Joined:
    Nov 11, 2013
    Posts:
    159
    he is not a downloader, but he does visit the dark side from time to time (he is the youngest in our group). years ago, windows defender only updated once in 24hr period-is it still that way?
     
  6. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    In Windows 10, Windows Defender replaces MSE and Windows 10 won't allow MSE to be installed. Windows Defender is enough of an AV for most peoples needs. It is supposed to be much more effective than MSE ever was. Windows Defender was a different beast entirely in earlier versions of Windows and MSE was an improvement but not in Windows 10.

    I don't know how often the definitions are updated but 24 hours seems fine to me. It wouldn't be that difficult to change the task scheduler to update definitions every few hours.

    That is actually a pretty good list, I would use uBlock origin instead of adblock plus. Voodoo shield is a good program but might be a bit much for some users. That is a reaction I got from a friend that I recommended it to. The other thing I would do is set up the default rules in SRP--Software Restriction Policy. Windows Defender, SRP and smart screen are all part of the OS and are quite effective, especially if you are using a standard user account.
     
  7. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    862
    My recommendations are to use lightweight programs that don't get in the way of the user, and the less real-time protection the better. Just consider the commonly exploited programs (browser plugins, office, pdf reader) and minimise the risk.

    MBAE for the browser (disable the system tray notifications)
    EMET for everything else, e.g. Office
    Unchecky is a great idea, agreed.
    PatchMyPC or some other automated updater
    Stick with Defender as the only realtime AM.

    Instead of Voodoo shield I would just use Cryptoprevent on the default "set and forget" settings. The policies aren't 100% bulletproof but well thought out and hassle free.
    Agreed with MisterB for uBlock Origin for the browser.
    For PDF reader I would suggest SumatraPDF. It's ultra light and fast, with no scripting so it's not easily exploitable. Won't let you fill forms though, but for that I use PDFXchange (2.5, build 312.1, Feb 2015 - one of the last versions that allows typing). If that's too complicated for your friend, then I'd suggest anything but Adobe :)

    Personally I don't think a standard user account is a friendly thing to force on someone else's PC, and malware can encrypt documents and steal data just fine from LUA. As for on-demand scanners, agreed with MBAM and perhaps could use HitManPro as well.

    Overall that'll be a light system and difficult to infect outside of downloading and running something silly. You can always educate him on checking his downloads. Most exploits won't work, and trojan droppers will struggle with the policies.
     
  8. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    @topo :
    With no personal experience on WIN10, You should ask yourself twice, if You are the right guy for this job.
    Expect to be Bob's 24/7 helpline..., and install a remote software, like Teamviewer, or AnyDesk on his laptop.
    While Bob and the rest of the gang is sleeping, make some experience with WIN10 on your own machine...:D

    If You are willing to take the job, start with a clean install of WIN10.
    First prepare a USB-setup-stick, than wipe the disk, to get rid of the preinstalled crap.
    It's important to wipe the disk, not only reformat, so You won't have trouble, if a data recovery is necessary in the future.
    You can use diskpart: clean all. This will take some time...
    In the meanwhile you should research about WIN10 privacy risks...

    I'm doing setup of machines for retirees daily.
    Let me tell You, that the most important thing is to avoid any unnecessary software, especially if you are not familiar with.
    No cleaners, no tweaking tools, no uncommon software should be installed.

    Go with Chrome and uBlock-orgin; make sure uBlock is active in incognito-mode also.
    Go with build in Defender and do the PUP's patch
    Go with unchecky
    Install Zemana Antimalware Premium (payed for 3 years)
    Make a full backup, that you can restore easily, if something goes wrong.
    If Bob misses something, do it later.

    Good luck!
     
    Last edited: Jun 27, 2016
  9. topo

    topo Registered Member

    Joined:
    Nov 11, 2013
    Posts:
    159
    thanks to everyone for your replies. i apologize for taking so long to reply but i have been taking care of a very sick, good friend whose days are now short..my online time has been limited. this is how i set up bob's computer....windows defender and smart screen, mbam free, unchecky, ccleaner/speccy, chrome w/ ublockorgin, cryptoprevent 7.4.21. he is picking up machine friday night and i will keep everyone up to date on how this setup works for him. thanks
     
  10. topo

    topo Registered Member

    Joined:
    Nov 11, 2013
    Posts:
    159
    30 day update--so far bob has no issues with this setup. since he does not use this machine everyday, i pinned windows defender icon to the taskbar and told him to click on wd icon and run wd updates first thing before doing anything else on the computer. so far, so good.
     
  11. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,500
    Location:
    .
    Why does someone need to do this? :eek:
     
  12. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,858
    there is no need for MSE under win10 - i have doubt you can install MSE on win 10 because MSE is part of Defender since windows 8. MSE up to win7 but not further.

    https://support.microsoft.com/en-us/help/14210/security-essentials-download

    in fact windows defender + adware + windows firewall tweak is close to any other suite. and working like charm because it dont insert rootkit like drivers. in fact all current 3rd-party vendors have trouble with windows 10, either before 10240, before&after 1511 and now with 1607 - forget this crap.

    MBAM free is nice to have, adwcleaner maybe, a sandbox (sandboxie) for testing purpose. and ofc backup, backup and backup.
     
  13. robboman

    robboman Registered Member

    Joined:
    May 6, 2013
    Posts:
    62
    Location:
    holland
    I agree with your last statement. Honestly A few years back I used to get calls from friends all the time asking me to come clean up there computer/laptop.
    I would come and they where often infected pretty badly. These days I (almost) never get calls about infections or stuff like that again (and yes I still got friends lol)

    Running a modern OS like win-10 gives you a great amount of security. Using the build in AV + FW and maybe some add-blocker and 90% of the people are good to go honestly. I know we all love it here on these forums to create a setup with enough layers to go to cyber-security war but for the average joe, there is simply no need for it anymore.

    My sister runs avast free on her laptop for the last few years and that's it. Nothing more and never a infection. Same for all my friends and family.

    So for your friend Bob get a free av, or just stick with the build-in av. Maybe run a mbam free scan like 2/3 times a year and that's it. Just my opinion..
     
  14. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    849
    Location:
    Melbourne, Australia
    I have just changed to WD and chrome extensions from Avast and BD. I'm an average Joe who is a lover not a fighter so don't need an arsenal of weapons.

    How long will it last before I again succumb to the phoney war and re-install a layer, or two? I should bookmark your post!
     
  15. guest

    guest Guest

    soon...very soon...succumb to the Dark Side... :D
     
  16. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,500
    Location:
    .
    If you are referring to THIS video https://www.youtube.com/watch?v=lK5H-WCeOls, then I need to ask about the following:

    1. Is cruelsister1 a recognized AV-Tester or just a hobbyist/amateur?

    2. Who can assure me about the validity of the respective Test-Conditions & Results?
     
  17. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    With Win 10 and Chrome, it's really simple.

    Just keep the OS and browser up-to-date (of which is automatic nowadays). Do NOT disable the built-in security features. Filter the web to reduce exposure to the harmful. Done.

    Things can be improved by hardening the native security features but I would avoid that for machines that do not belong to oneself.
     
  18. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    849
    Location:
    Melbourne, Australia
    I've tried a few things recently. New BD free stuffed my download speed; finally got an Avira version that updated without unchecking protection but, wow, did it take longggg to boot-up; Panda free didn't turn off WD and right click should have have given the option to close but gave option to start (Panda was working); VS I like but a few false pop-ups + still beta; WAR pop-ups but only when I install (like it but not sure I need it with my loving approach to everybody, also they position as only anti-ransom). How good is it against other malware; best product for installing and working is 360TSE (light for what you get), but I worry about their ethics so install for a day and then remove; CFW is powerful with CS's config but can be a pain when installing new stuff.

    I looked in the mirror and saw a safe surfer who wanted speed of system and internet. Only solution: WD. If I install anything else it will be WAR - just need to see a test of it against other malware. Dan's VS looks good (when out of beta in the near future, but I'm no good with nags) as an alternative to WAR. I appreciate somebody giving me something free and don't need a nag to keep me feeling guilty. I was hoping he would do a cheap lifetime for 5 licences like Brett@WP. A 48-hour sale after VS is released?
     
  19. @Iangh

    Have a look at Kapersky Anti-ransomeware tool for Business. It is free, runs nicely with WD

    Chrome startup with AppTimer when running both (on dual core Pentium with SSD)
    0.7348 (cold)
    0.3449 (cached)

    I have Windows 10 Pro with Software Restriction Policies (SRP), so you could download Cryptoprevent Portable, which only has SRP based protection. When installing choose ADVANCED (tab), choose MORE ADVANCED OPTIONS (drop down menu), next deselect everything except "Guard against fake file extensions & RLO", choose APPLY protection (button).
     
    Last edited by a moderator: Aug 15, 2016
  20. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    I don't think I ever met with a security solution that got in my way, but then again I've never used Norton back in the 2000's :p Do you have any examples?

    I'd say the opposite. MBAM Premium + Avira Free + COMODO Internet Security (handling it's Firewall, Sandbox, Antivirus, and HIPS) + EMET = didn't see a single drop in FPS in heavy-load games or in render times in Blender. Never had any issues.

    Blerrgghh :gack: hehehehehehehe
    https://www.av-test.org/en/antiviru...l-2016/microsoft-windows-defender-4.8-161447/

    Whenever going for a real-time scanner, I always go Avira. Lightweight, fast, and has the best detection out there.

    Just my 2 cents.
     
    Last edited: Aug 15, 2016
  21. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,500
    Location:
    .
    I've seen many self-proclaimed malware-"experts" who are just amateurs & hobbyists...
    Anything away from AMTSO is highly questionable...
    Sorry, but I cannot take these "tests" seriously into consideration...
     
    Last edited: Aug 16, 2016
  22. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    862
    They want a basic setup, and Windows 10 doesn't make it easy to have no antivirus at all. The performance overhead from Windows Defender is typically low, and is the least problematic solution.

    Anyone whose habits require 100% detection from their antivirus will get infected sooner or later.

    The OP asked for a basic setup, not the typical overkill we see in the "what's your security setup" thread :p

    I don't think it's a great idea to have two antiviruses running at the same time, and I don't think COMODO anything meets the requirement for a basic setup. Are you saying that COMODO's AV component would be disabled?

    Unfortunately I've seen both Avira and MBAM Premium combination fail in the real world too often, in most cases for the only time malware had been dropped on those PCs. Also while I still use MBAM as one of the first scans on an infected machine, it's been missing too much in the last year or so for me to have as much faith in it as I used to.

    Back when I still used MBAM Premium on my own setups, I had to manually whitelist HUNDREDS of files and registry items that were falsely detected. This was a very tedious process since the interface only let you do them one item at a time.

    Security solutions getting in the way? Every solution has its pros and cons. There's a balance of performance, convenience, and security - and we have to make that choice based on our own assessment of risk.

    - Countless examples of real-time AV/AM solutions giving false positives for legitimate programs, causing issues up to and including bricking machines;
    - Real-time scanners will always have some kind of performance overhead;
    - Anything with a form of "Lock-Down" mode offers a high level of non-specific security, but with the inconvenience of needing user intervention to do anything outside of the defined parameters (such as update or install a program).
    - Sandboxie, similar to the above needs some user knowledge and intervention in order to update protected programs;
    - Standard user accounts, requiring switching accounts or typing in admin password.

    Another simple example: I use SumatraPDF. The advantage is that it's extremely fast to load and relatively secure with no scripting, but the trade-off is that to fill in PDFs with forms I need to right click and open them in PDFxchange. I'm fine with the extra step, but not everyone will be.
     
    Last edited: Aug 16, 2016
  23. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    But any 3rd-party AV disables Defender easily, and so do tools like ShutUp10.

    So is it's detection ;)

    And looking at websites like av-test.org and av-comparatives.org, Avira doesn't have much impact at all.

    True, which doesn't invalidate the proposal to have the best detection anyway.

    :argh: True. However, notice that I didn't recommend my setup at all, I just pointed out that I use many real-time products and I didn't have any issues, performance or otherwise.

    I did some tests a few years ago where I installed numerous AV's at the same time: Avira, Avast, Kaspersky, Bitdefender, COMODO, all running at the same time. Not a single BSOD was presented that day :D Sure enough a day isn't much of a test ground, but I tested all my software and everything worked fine besides the massive slowdown hehehehe. Surely I recommend that, if people want to use two AV's, at least put them into each other's white-list.

    I don't disable COMODO's AV. It may not be the best one in detection (much like Microsoft's), but I've had instances where it would detect malware that others didn't. And since it doesn't impact my performance, I decided to let it run.

    Honestly, I only use them for things that I don't have full control on what I download. For example, if joining a server on a game and this server pushes malware through model download, it's very likely that one of them will catch it and stop it, and if they don't then COMODO's Auto-Sandbox will just sandbox the thing. So it's more of a "better be safe" scenario than just plain paranoia. In addition, I only install and run trustworthy software that has been out there for a while, but if a new software arises that I need to use and I'm not sure whether using it or not, then I just upload it to VirusTotal and see the results, and if nothing comes than I run it as "Limited" via COMODO's Sandbox and see if it's behavior changes at all so I can put it out of the Sandbox.

    Umm. I don't think I ever saw hundreds of false positives on MBAM. Maybe one or two, but then again, if you need to whitelist hundreds of software then maybe you have other things to worry about :p Maybe a compromise is hijacking tons of system files? hehehehe (just kidding).

    But then I'd have to point out that I've been using Avira for several years and I just let it sit there, I really don't have to move a finger to configure it. In addition, I don't think a one-to-5-second-delay of opening a file is a viable excuse not to use an AV, specially considering the built-in solution of Windows 10 can be very slow at times (Slower installation of frequently-used applications).

    Again, I don't think this is a good example of WHY one would not want to use an AV. It's like saying "Doctors make mistakes so I don't want to use Medicine and Science to help me" but not counting in patient mistakes, which are far worse.

    See above.

    This I agree. I think most people don't want locked-down versions of COMODO, which can ask for permissions for every little thing the OS does. However, it's still possible to take advantage of some of it's technologies while not requiring it to ask for everything.

    Yeah, I kinda don't want to lock my house door anymore because I need to use the key. It's a total PITA! :argh::argh:

    Agreed.
     
  24. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    862
    This is going well beyond the purpose of the thread, and the single quoting of every sentence makes it difficult to want to read.

    I advised the OP on a simple setup that doesn't get in the way of the user. You quoted my post, so I explained my reasoning further. You asked for examples of security getting in the way, so I gave broad examples to give you an idea.

    OP asked for a basic setup and everyone gave him one with a touch of their own philosophies. I think less is more, while others like to install as many scanners as possible. There are many reasons not to run two antivirus programs on the same computer and performance issues/BSODs aren't the only reason. It's possible for the scanners to render each other ineffective, ultimately leaving the computer less secure than one alone. FWIW I used Avira for more than ten years, and all it ever did was show false positives from time to time and slow performance to some degree.

    Use Revo Uninstaller or the like to get a sense of how many files and registry entries a typical program can have. Multiply this number by 4 or so computers, all running MBAM Pro with a bad definitions update that marks a legitimate application as entirely malicious.

    Yes, literally hundreds of false positives to deal with.
     
  25. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    Yeah, I get carried away sometimes :p Sorry OP.
    Feel free to send me a PM, I love talking about this kind of stuff.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.