Software for easy configuration of native protection of Windows exploits?

Discussion in 'other anti-malware software' started by solitarios, Nov 6, 2020.

Thread Status:
Not open for further replies.
  1. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    199
    Hello, I wanted to ask you if there is any program that facilitates the configuration of native protection against Windows exploits, since configuring it program by program is quite tedious. I think that if you can easily create rules the security of the operating system will be much more consistent.
     
  2. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    3,814
    Location:
    Nebraska, USA
    You really need to be much more specific.

    For starters, what version of Windows?

    Note in Windows 10, Microsoft Defender (formally Windows Defender) does not need any configuration. Just leave the defaults alone, keep Windows updated, and avoid being click-happy on unsolicited downloads, links, popups, and attachments and you will be fine.

    Regardless your primary security of choice, everyone should have a secondary scanner on hand just to make sure you, the user, and ALWAYS weakest link in security, or your primary scanner didn't let something slip by. I recommend Malwarebytes for that.
     
  3. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    907
    Location:
    Canada
    Hard Configurator, Simple Windows Hardening or Configure Defender, all by Andy Ful. All are safe and use Windows native protection to boost your protection levels significantly.
     
  4. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,067
    Location:
    Brooklyn, NY
    NoVirusThanks products which use various Windows component block rules::

    1. OSArmor: 30 days' free trial, then a subscription fee thereafter.
    2. SysHardener: currently free to use

    Hard_Configurator (already mentioned) is great, The developer put a lot of effort into building various profiles that require no further input from the user. I find it has a little learning-curve but it's worth it for the protection and configurations it provides. I use the FirewallHardening component right now w/no problems at all.
     
  5. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    907
    Location:
    Canada
    Thanks Plat, I forgot about the NVT tools even though I used OSArmour for about a year.

    For ease of use the two easiest tools would be OSArmour and Configure Defender. They can be used together and provide excellent protection.
     
  6. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    199
    A question the SRP of Andy Ful's application is the same as a configuration in the WIndows Exploit Mitigation Tool?
    As for OSArmor I am using version 1.4.3 it is an anti-exploit among other functions but it is a third party software and not a Windows configuration.

    Well, I guess it will be difficult to implement these configurations in tools like Andy Ful.

    I was reading a little bit and you have to do different configurations with Powershell or different files.

    Well, thank you all.
    Best regards. :)

    Translated with www.DeepL.com/Translator (free version)
     
  7. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    907
    Location:
    Canada
    All of Andys tools use built in Windows configurations.

    Configure Defender is easy, there are 3 settings Default, High and Max, just choose one, High is preferable.

    Simple Windows Hardening is just as easy, just download and open, it sets up everything automatically.

    Windows Hardening is a bit more complicated but that not hard so that an somewhat advanced computer user could figure it out.

    There are other settings but its best not to mess with them unless you absolutely sure you know what you are doing. Andy designed these so that most users would have no issues.
     
  8. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,352
    Location:
    Milan and Seoul
    I agree that Microsoft Defender with default settings, nowadays is more than enough as long as one also relies on a good tested backup/image system. Where I disagree is the recommendation of Malwarebytes as a second opinion scanner. It is not what it used to be in the past, lately it is not scoring well with testing organizations:

    https://selabs.uk/wp-content/uploads/2020/10/jul-sep-2020-home.pdf
    https://www.av-test.org/en/antivirus/home-windows/
    https://www.av-test.org/en/antivirus/home-windows/windows-10/april-2020/
    https://www.av-test.org/en/antivirus/home-windows/windows-10/february-2020/

    I know that tests have their own limitations, but they do give a general impression of the detection capabilities of a security software over a reasonable period of time.
     
    Last edited by a moderator: Nov 7, 2020
  9. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    3,814
    Location:
    Nebraska, USA
    I don't believe it was your intent, but this is misleading. It suggests if we use something other than Microsoft Defender, we don't need to backup our data. Or that because one chooses Microsoft Defender, they need to ensure they keep good backups. Both conclusions are totally inaccurate. It does not matter what security solution we use, everyone should have and use a good, robust backup system, and they should test it to verify it works, and to become familiar with it so they know how to use it.

    It should be noted if we keep our operating systems current and avoid being "click-happy" on unsolicited downloads, links, popups, and attachments, then regardless our primary security solution of choice, it is much more likely we will need to restore from backup due to drive failure or some other reason besides malware.

    As a secondary scanner, Malwarebyte's scores in recent tests are certainly disappointing but I'm still okay with Malwarebytes. I like the Microsoft Defender and Malwarebytes combination because they play very well together. That is, the Malwarebytes Premium version (which includes a real-time component) can run along side Microsoft Defender's real-time component without conflicts or hogging resources that bog down performance. Of course that is not an issue with the free version of Malwarebytes because that is on-demand (not real-time) only.

    But I will not be picky here and again, stick with my original comment, "Regardless your primary security of choice, everyone should have a secondary scanner on hand just to make sure you, the user, and ALWAYS weakest link in security, or your primary scanner didn't let something slip by." If a different secondary scanner is preferred, fine. Just don't put all your eggs in one basket by relying on a single security program. "Get a second opinion" is my point.

    ***

    FTR, I am glad you noted there are limitations to laboratory testing of anti-malware programs. When it comes to their protection scores, I have never put too much faith in them for several reasons. First and foremost, no matter how their marketing weenies... err... marketing departments word it, or how much they insist their testing represents "real-world" scenarios, these tests are synthetic and most of the developers code their programs to score well on synthetic tests to gain marketing fodder. Then the programs' marketing weenies... err - oh nevermind - often use that fodder to entice potential customers to use their products [and hopefully buy their paid versions] and move away from Microsoft Windows, which of course is free and already in Windows.

    It is also important to note that only Microsoft has no financial motive or incentive for users to use their solution. Microsoft Defender is totally free and they don't even have a paid version for normal consumers. So there is never any push to buy or subscribe to their "Pro" or "Premium" versions.

    And Microsoft is the only security program provider that does have a financial incentive to rid the world of malware. If the threat from malware were to go away, Kaspersky, ESET, AVAST, Norton, McAfee and all the others would go out of business. They need malware to thrive in order to them to stay in business. Just something to think about.

    For those reasons, Microsoft does not need the marketing fodder of high test scores to entice users to buy Microsoft Defender - it is already free. So they don't code to achieve the highest test score. Instead, they code to protect Windows. And it appears to work because I don't know of anyone who claims they have stopped getting infected just by using an alternative solution.

    My intent is NOT to promote Microsoft Defender. I just don't want readers to get the false impression that it is not good enough.

    So bottom line, use a good security solution, keep it and your OS current, and avoid risky behavior like being click-happy. And keep regular and current backups (as in more than one backup, preferably with one "off-site") of any data you don't want to lose.
     
  10. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,352
    Location:
    Milan and Seoul
    Bill, basically your thoughts about security are my thoughts. My statement about using MS Defender as long as a good backup/image is also in place was meant to be for any AVs used. I concede that one might have interpreted it as the only possible condition which was not my intention. Unfortunately when the average Joe/Jane decides to pay attention to the security of their own computer, they rely exclusively on the AV in use, failing to realize that none of them is infallible, therefore requiring a reliable image system.

    I also mentioned testing organizations have limitations, but they are the only means to have some data about AVs performances. What should we do, take the word of a company for granted? I like many others here at Wilders have followed the astonishing improvement of MS Defender over the years through tests performed by AV Comparatives, AV-Test and others alike: there was no discrepancy in the results, so much so that about 6 months ago I switched to Defender having still two valid licenses of Kaspersky Internet Security and Avira Pro. No regrets.

    I also like to add that a backup/image system is absolutely essential for Windows updates problems, configuration mistakes, testing important programs, file corruption, our own sometimes irreversible mistakes, OS strange behaviour, etc... Malware? I've never run into a single instance for the last seven years, my daughter (12 years old) clicks on anything and her computer (Win10 with MS Defender) to my surprise still works properly...
     
    Last edited: Nov 7, 2020
  11. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,067
    Location:
    Brooklyn, NY
    OP was asking about some means to configure anti-exploit protection using a small third party software. I agree: it is TEDIOUS and hit or miss to configure anti-exploit protection natively. I used to run EMET while on Windows 8.1--now that was a cool security software. I still kind of miss it as a stand-alone.

    OP, OSArmor has a long list of apps and programs under its anti-exploit tab and they are all enabled by default. Here is a snip of a partial list in the OSA Configurator. This is just one strategy for anti-exploit; there are others but I'm not too familiar with them. I cannot vouch for Malwarebytes Anti Exploit but I do know: a. it's free to use. b. it's perpetual beta

    If you want, there is a long thread on OSArmor right here. You can search for any post/s having to do with the Anti-Exploit feature of OSA. Again, this is a paid-for software, it's free only for 30 days.

    If you want automatic security configuration based on a user profile (high, medium, max) then, I cannot recommend Hard_Configurator/ConfigureDefender highly enough. This will do the hard work for you--it's a front end, a user interface for, among other things, software restrictions. Link is in post #4. The dev won't accept any money for his work, not even donations. And it's effective.

    partial anti-e osa.PNG
     
    Last edited: Nov 7, 2020
  12. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    3,814
    Location:
    Nebraska, USA
    That certainly is part of the problem. If we listened to the "marketing fodder" of most 3rd party applications, not only is their product the only solution that can save us from certain death, if we continue to use any other product, including that included with Windows, then we are clearly destined for that certain death. :( Yet if that were true, forums, tech sites, and shops like mine would be inundated with millions and millions infected systems - but that is not happening.

    Back in XP days, roughly 75% of my business centered around malware removal. But since Windows 7, that has steadily declined. And now with Windows 10, we rarely see infected computers anymore. And when one does come in, invariably we find the user has dinked with the default settings. :( And disabling Windows Update then letting Windows fall behind is probably the most common. :(

    Contrary to what many want us to believe, the folks at Microsoft are pretty sharp when it comes to security. And since they are sick and tired of being blamed for security issues caused by the bad guys, they have expended enormous time and resources to make W10 secure. And it has paid off - "IF" we leave the default settings alone.

    In fact, it is because W10 is much harder for the bad guys to compromise that most now concentrate on hacking business, organizational and corporate networks. In fact, small businesses (less than 1000 employees) are their biggest targets. Especially if they keep databases of 1000s if not millions of customers personal information.

    I am NOT suggesting malware is no longer a threat to the home user. It clearly is - especially when socially engineered methods of distribution are used (tricking the user to click on an innocent and legitimate "looking" link, for example). But I note even most browsers today employ effective defenses against such attacks without any intervention from the anti-malware solution. My point being, it is just much harder for the bad guys to compromise our systems and being the lazy opportunists that they are, they typically move on to easier pickings.
    They are one way but not the only way.

    One of the bigger problems with these testing sites IMO is the false sense of security they promote or instill (not sure of the best word there). This goes back to that "marketing fodder". Much is just exaggerated "hype". Security solutions do not need to block every single one of the 100s of millions new pieces of malware created every year. They just need to block those that currently pose a real threat today. If Program A blocks 10,000 threats that aren't in circulation, or only affect XP and Vista that were not patched, does that really make Program A a better program than Program B which "only" protects W7/8/10 against "current" threats? I say, "no". And so does MS, BTW.

    Again, they don't code to score well on tests. Why? Because they aren't trying to sell us Microsoft Defender. So they code to protect our systems from current threats.

    What many don't realize or refuse to believe (and often that is simply out of a hate for anything Microsoft :() is that we don't need to drive around in an Abrams Tank to remain safe and secure from the bad guys. Not at all! Instead, what we need to do is have a recent model car that is properly maintained and kept current. And most importantly, we must drive defensively. The best, most secure, top performing security solution is easily thwarted if the user opens the door and lets the bad guy in.

    The majority of compromises are through social engineered methods of distribution. For examples, "unsolicited" malicious emails or pop-ups that "look" like they come from our banks or other popular sites reporting a problem or that they need to verify our personal information. These don't contain malware so no anti-malware solution can protect us from them. User discipline is the best defense here. Just delete them. Don't open them. And DO NOT click on any links in them. If you are worried something might be wrong with your account, call your bank on the phone, or contact them through their official website or Contact Us methods. Tell them you just got a scary email saying there was something wrong. NEVER provide any personal information over the Internet unless you initiated the contact.

    To be sure, I am not promoting Microsoft Defender. I personally don't care which program people use. Just use one, keep it and Windows current, and don't be click-happy. And don't believe an alternative solution is needed.
    Right - getting back on topic. But the question remains, are those actions necessary? And the answer is, "no"! At least not for the vast majority of normal home users.

    "IF" you don't keep Windows current, "IF" you habitually click on unsolicited links and popups, "IF" if you regularly connect to unsecured free wifi hotspots, "IF" you let others with no self discipline use your computer and your user account, then you may need to take additional steps to secure your computer and protect your data.
     
  13. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    199
    Thank you very much, I will follow your recommendations. :)
    The topic can be given as finished.
     
  14. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    67,910
    Location:
    U.S.A.
    solitarios, Thank You. Thread Closed!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.