What is your security setup these days?

Comodo FW, Brave with ublock and plenty of image backups, nothing else...

 

Back to G Data AV(only check on execution enabled) with OS Armor and Netlimiter Blocker as a firewall. After using sophos home premium, me and my pc is "flying". Netlimiter Blocker is a keeper. It uses its own kernelmode firewall driver, so no need to worry if a malwares try to add "windows firewall" firewall rules.
I also like G Data keylogger protection. By default, it protect browsers, but you can add somethin like steam.exe, like i did.

 

Opinions on this setup

Norton Anti-Virus/firewall
OSArmor
Adguard
Macirum Reflect
Hitman Pro (on Demand)
Windows 11 Pro

Anything I'm missing? Suggestions always welcomed.

 

I see nothing wrong with it but there are better second opinion scanners then Hitman Pro, such as Norton Power Eraser, Kaspersky Virus Removal Tool, Eset Online scanner or Malwarebytes.

 

Thanks. I have a lifetime license to Malwarebytes so I can change that. Unfortunately, I still have a year left on the hitmanpro license, that was why I was using that.

 

I tested the machine using NovaBench, and found out that Windows Security is the lightest, and that turning on Core Isolation, etc., didn't affect performance. One video revealed that it only had a very small impact--a decrease of around 4 FPS--on gaming. Others advice leaving it and other features on with or without third-party AVs.

I tested the machine using Avast Premium, and with Core Isolation, etc., on, and system impact was also minimal. Similar happened when I tested with Core Isolation, etc., turned off.

Finally, I found out that you can buy licenses for various AVs for only a few euros a year, which means cost is no longer a problem.

Meanwhile, a recent test revealed that most AVs fail to protect systems (the two that passed were Kaspersky and Avast Premium), including Windows Defender, but the default settings were used. How would I know if Windows Security was tested with almost all settings, like Core Isolation, were on by default?

I ask because if it can be shown that Windows Security with almost all features activated work effectively, then I'll use it. Otherwise, I'll spend a few euros to include a third-party AV.

One more thing: several said that the tests aren't reliable because the AVs are bombarded with malware until most fail. If that's the case, what if we just test those AVs only with the malware type that caused them to fail?

 

It's already been shown to work effectively for billions of Windows users. Those with no interest or ability in maintaining digital hygiene are the exceptions.

All the rest is clickbait. Word!

 

What is my security these days? Boring actually and that's a positive!

On my Windows 11 systems i offset or layer up a few good free apps BUT MicroDefender seems is vastly improved and doesn't hamper a thing like it use to do. So why throw good money after bad when the built in AV of Windows is got matters in hand. If by chance something weird tried to bypass it couldn't climb the other fence i use as a well formed secondary and there's a third that which will never see action.

On my Window 8.1 i don't use any AV at all. Only hardening techniques and a process interceptor for scripts, powershell or anything else.

Been that way a good many years now. Courtesy freelance developer tools. Almost a waste of time but i occasionally scan with NPE for good measure.

 

Weeks ago i found one fresh malware sample, that actually, in the first place, did not do anythin but deletes itself. After 10 minutes or so...my software firewall alerted that control.exe(control panel) wants to connect to the internet.
My GData did not reacted. Avira did not reacted and no Avira firewall prompt, because control.exe is a legit windows program. However, when i tested it against Sophos Home, it detected it as a hollow process/defense evasion Mitre T1055 or somethin like that.
I noticed that this malware actually activates, when your system is idle more than 10 min or so(it assumes that a user is away, lets do some dirty work meanwhile).

 

• Win10 pro
• Standard Account
• Windows Defender
• WHHLight along with ConfigureDefender and Firewall Hardening
  
• Block incoming connections
• Edge with Quad9 DNS and Ublock Lite. Firefox secondary browser.

Easygoing and peace of mind.

 

Please share a test where they used malware that's known to cause Windows Defender set in default mode to fail, and the latter not failing because the settings in Windows Security were turned on.

In another forum, someone shared results for a test involving malware released during the last month, and all AVs (with default settings) were compromised. Only Kaspersky Standard and Avast Premium protected the OS.

Some argued that such tests are not realistic because the AVs are bombarded by multiple malware. I suggested that they retest but use only the malwares that caused the AVs to fail. Will they pass?

I also asked what would happen if almost all Windows Security features are turned on. No one responded.

 

@monkeylove If you're relying on any test to make a decision about AV choice, then the discussion is pointless. Any AV can be bypassed on a given day. Stay safe, not paranoid.

 

Weird. Earlier, you wrote, "It's already been shown to work effectively for billions of Windows users." Now, you're claiming the opposite: "[A]ny AV can be bypassed on a given day." How do you "tay safe" given that?

 

Wow now that was a certain and excellent heads up effort that you took. Nothing ever changes in the Windows O/S operating realm. Sharpies discover ways to HIDE and make invisible their wares in one fashion or another. It's up to our security programs AND ESPECIALLY HUMAN VIGILANCE to always be conscious of the WHAT WAS THAT?

 

No, there is no contradiction in my 2 posts. MS Defender protects roughly one billion users, if not more, safely every day. On any given test, one or another AVs will fail against some malware. Your statement implies you believe there exists a perfect, impenetrable AV, when no such thing exists.

Take my advice, or leave it. Use what you like. Spend as much money as you like doing it. It doesn't matter to me.

 

Windows Security - all features enabled
MS Defender + various ASR rules
Exploit Protection - All system settings enabled. Custom settings for apps.
Smart App Control enabled

 

"Any AV" includes Windows Defender.

I wasn't arguing that "there exists a perfect, impenetrable AV". Rather, I wrote the ff.

"Please share a test where they used malware that's known to cause Windows Defender set in default mode to fail, and the latter not failing because the settings in Windows Security were turned on."

You didn't address that. Instead, I had to learn from others that those settings don't detect and block malware; rather, they only protect the system core.

My reason for asking that:

"In another forum, someone shared results for a test involving malware released during the last month, and all AVs (with default settings) were compromised. Only Kaspersky Standard and Avast Premium protected the OS."

That's because I thought that Windows Defender failed only because those features were not turned on.

Next, others argue that those tests aren't realistic:

"Some argued that such tests are not realistic because the AVs are bombarded by multiple malware. I suggested that they retest but use only the malwares that caused the AVs to fail. Will they pass?"

At least one malware caused the system to be infected. My question: was it because those features were turned off? Or is Defender not effective? That's why I asked,

"I also asked what would happen if almost all Windows Security features are turned on. No one responded."

Finally, if none of these things matter to you, then why did you respond in the first place?

 

That's what I've been talking about, together with Controlled Folder Access, etc.

1. When Defender was being tested against malware, were all of these features turned on? Defender has been know to fail with some malware. Do these features counter those?

2. What's the consequence of turning them on? This is based on point that some of them are turned off by default. Why's that?

 

Improved security. Smart App Control is a simplified version of Windows Application Control. SAC is MS's latest hardening feature and provides advanced protection. Here's the lowdown: https://support.microsoft.com/en-us...uestions-285ea03d-fa88-4d56-882e-6698afdb7003

Because MS doesn't care enough about home users (consumers) to describe them in plain language, or documentation is sketchy, etc., but mainly because MS caters to enterprise customers.

This knowledgeable, former MT member, posts this sound advice. He provides links for a lot of documentation: https://github.com/beerisgood/Windows11_Hardening Explore, read and learn.

 

https://malwaretips.com/threads/mic...irus-windows-11-smart-app-control-sac.132260/

 

The points are contradictory: the AV is the best, and then it turns out that many hardening features aren't turned on by default. And then the reasons why they aren't turned on are contradictory, too: consumers have to turn them on but don't because the company doesn't explain that to them (then why not turn them on by default?), documentation is sketchy (but that's not needed if all it takes is to toggle options), and the company only caters to enterprise customers (which means it's pointless to describe the features to home users, so are those "billions of Windows users" enterprise customers?).

Given that, I think the real reason why they aren't turned on by default is because they cause problems that home users will have difficulty dealing with, like not being able to access documents given Controlled Folder Access, and Core Isolation not running because of incompatible drivers. And even things like Smart App Control can't be toggled unless the system's reinstalled.

Lastly, the need for hardening derails the point that, "It's already been shown to work effectively for billions of Windows users."

 

Thanks, that's what I've been looking for!

According to the same tester in that thread, 0-day malware can pass in Windows Defender, and "[w]e're not at Avira's level yet".