Antivirus windows

[MJKT2014]

20 minutes ago, starfish said:

But i´m contemplating getting the Malwarebytes premium version (with real-time protection) anyway. But is it possible to run that with Defenders real-time in parallel ?

I wouldn't both paying for Malwarebytes. Just manually run it once a week. Keep Windows Security on full time, it finds most stuff these days. Less impact on CPU performance that way. Of course it all depends on your computer lifestyle and risks you are taking with dodgy software and sites. Use a virtual machine or sandbox for that.

[Pib]

23 minutes ago, MJKT2014 said:

I wouldn't both paying for Malwarebytes. Just manually run it once a week. Keep Windows Security on full time, it finds most stuff these days. Less impact on CPU performance that way. Of course it all depends on your computer lifestyle and risks you are taking with dodgy software and sites. Use a virtual machine or sandbox for that.

Why run Malwarebytes also?  Actually, Malwarebytes was below average in detecting virus/malware in Feb 2020 tests run by AVTest....see below weblink in how it compared to the competition to include Windows Defender (Security).   Malwarebytes is not as good as what it use to be.

 

https://www.av-test.org/en/antivirus/home-windows/

 

 

Edited May 23, 2020 by Pib

[BigStar]

3 hours ago, Pib said:

Why run Malwarebytes also?  Actually, Malwarebytes was below average in detecting virus/malware in Feb 2020 tests run by AVTest....see below weblink in how it compared to the competition to include Windows Defender (Security).   Malwarebytes is not as good as what it use to be.

 

https://www.av-test.org/en/antivirus/home-windows/

 

 

Free, unintrusive, isn't nagware like others, uses a different db and different detection algorithms. Isn't painful to schedule it to come up once a week. It's never found anything major on my machine but it sometimes comes up with PUPs that Windows Defender hasn't. And I quarantine those suckers, too.

 

So that's good 'nuff.

 

I hope that answers your question.

[starfish]

9 hours ago, BigStar said:

Free, unintrusive, isn't nagware like others, uses a different db and different detection algorithms. Isn't painful to schedule it to come up once a week. It's never found anything major on my machine but it sometimes comes up with PUPs that Windows Defender hasn't. And I quarantine those suckers, too.

 

So that's good 'nuff.

 

I hope that answers your question.

All good reasons, why i´m looking into it.

And i read in many articles that Malwarebytes (premium) has an extra setting in its options, which makes it "not registering" in W10 as the main AV in Windows, so as to be able to run real-time in parallel to Defender. And because of its very different algorithms should not conflict (and in both you can specify file-exceptions for them to not fight each other)

 

Guys, i think this "once a week" thing makes only sense to a certain degree, because if i´m very unlucky, it means, that i´m probably exploited for 6 days 23 hours 59 minutes already.

It´s like sending the police to a bank-heist location one week after the robbery ????

And i think, that Defenders real-time protection alone is not enough, but could be a good team with MB. One for the viruses and the other one expert in spyware-detection.

I guess, my newer high spec computer could handle them easily, considering they are both not known to bug down the system. I´ll see.

 

Btw, MB now also offers a complete VPN in its bundle. Did some of you try it ? Speed ?

 

 

Edited May 24, 2020 by starfish

[Pib]

Just keep in mind the "most important" quality for anti-virus/malware software is how well it provides protection.   Right now tests of antivirus/malware rates Malwarebytes near the bottom of all it competitors.    See below....sorted by less to most protection.....see weblink for full list.

 

https://www.av-test.org/en/antivirus/home-windows/

[BigStar]

3 hours ago, Pib said:

Just keep in mind the "most important" quality for anti-virus/malware software is how well it provides protection.

Perhaps, but one among several nonetheless. For example, you couldn't pay me to install McAfee on my system. NEVER AGAIN. I also don't want a bunch processes running in the background constantly and the scheduler stuffed with tasks. Antivir is supposed to help stop spying, but then it spies on you itself. Windows Defender's doing enough of all that already.

 

Personally I'm not too worried as I'm cautious about what I download and what links I click on. I'll run any suspicious executable in a virtual machine first and check it out.  But I rarely have any. Adblock, privacy, anti-tracking, and anti-redirect addons keep my browsing safe--and fast, without an antivir proxy standing in the way.

 

I hate fooling around with antivir programs and trying to uninstall the d**n things after they start nagging or after they've taken over the entire system and slowing down everything.

 

So, high on my list of priorities is the convenience of a known entity I can easily live with, if I'm going use anything more than Defender. I've been known to run Super once in a blue moon. 

[Stocky]

5 hours ago, Pib said:

Just keep in mind the "most important" quality for anti-virus/malware software is how well it provides protection.   Right now tests of antivirus/malware rates Malwarebytes near the bottom of all it competitors. 

Malwarebytes is poor with the antivirus side of things but good against malware, for Defender its weakness is malware. Which is why I have dropped paid for AV for Defender but added Malwarebytes as a boost against Defender's malware weakness.

But it's whatever you're happy with, maybe after all these years I just can't quite trust Microsoft entirely.

[MJKT2014]

19 hours ago, Pib said:

Why run Malwarebytes also?

Agree it is superfluous with Windows Security, but perhaps out of old habits I find it better to have a second opinion. In the past I found stuff with free Malwarebytes that MS did not. Not much in the past year or so tho.

[Pib]

Lot of different terminology used when talking malware, virus, Trojan, spyware, etc....etc....etc.  But Malware means "any malicious software" and consists of viruses, spyware, worms, bots, Trojans, ransomware, etc.   A virus is just a subcategory of malware.  And when talking spyware it's really more of a Potentially Unwanted Program/Application (PUP/PUA) possibly sending info back to a doggy mothership without your knowledge.   Different than products like Google doing it since Google tells you they collect  anonymous  data on your interneting in the terms of agreement.

 

In the early days of computers/internet viruses were the primary type of malware wrecking people's computers and "Anti-Virus software" pretty much became what their software was called but really the anti-virus software job was to protect from many kinds of malware, with viruses being one type.   And now days the malware subcategory of viruses represents only approx 12% of the malware running around on the internet.

 

The AntiVirus/Malware industry does a good job of keeping people confused & scared regarding malware as it helps them sell more products.  Ditto for the VPN industry in trying to keep everyone scared of using an internet connection unless using a VPN.

 

So, just because a product says it's Anti-Virus software (since most people understand that since they've heard it forever) that does not mean it only protects you from viruses as it really protects you (or attempts to) from all kinds of malware.

 

http://www.linuxandubuntu.com/home/difference-between-malware-viruses-worms-spyware-trojans-and-ransomware

 

Quote

 

What is a malware

Let’s start with Malware. The word malware is the term resulting from the union of the words ‘malicious software’ or malicious software. Malware is a type of software that aims to infiltrate or damage a computer or information system without the consent of its owner.

Therefore, malware is the main term used to talk about all computer threats. Within this category, we already have different classifications more specific for threats, such as Trojans, worms, computer viruses, adware, spyware or ransomware among others.

However, all the programs that can expose your data are not malware. We have to distinguish it from the defective software, which are those programs that are not designed with bad intentions, but that have certain errors within their code because of which your information may be exposed or your system becomes vulnerable to certain dangers.

 

 

 

 

 

 

 

 

 

 

 

 

 

Edited May 24, 2020 by Pib

[JimmyJ]

Antivirus is unnecessary and all of them are dodgy re: collecting/selling your info/invading your privacy.

[teacherclaire]

Using Kaspersky Internet security from e-bay for a few baht is the best and cheapest solution.

 

      I'm not the only one who's satisfied with this product.

 

   Please be aware that the free AVG and Malwarebytes isn't what you want to be on the safe side.

 

https://uk.pcmag.com/suites-2/34300/kaspersky-internet-security

   

 

    

[teacherclaire]

10 minutes ago, JimmyJ said:

Antivirus is unnecessary and all of them are dodgy re: collecting/selling your info/invading your privacy.

Not true, especially when you do online banking. Kaspersky gets you automatically on a secure mode that nobody can spy out your data. Trusting the free stuff that comes with Malware is dodgy. 

 

   

[Pib]

42 minutes ago, teacherclaire said:

Not true, especially when you do online banking. Kaspersky gets you automatically on a secure mode that nobody can spy out your data. Trusting the free stuff that comes with Malware is dodgy. 

 

   

With online banking you are making an "https" (secure & encrypted) connection end-to-end....all the way from you to your bank.  That's why banks use such a connection for their ibanking/mbanking.  Many other/most other websites use https connections now days also. 

 

Kaspersky's Secure Connection is just a VPN connection which means you are placing that https connection within a VPN tunnel which is encapsulated & encrypted....basically throwing on another layer of armor.   However, that VPN tunnel is only between you and the VPN server....from the VPN server on to your bank it's back to the original https connection.  If you are in Bangkok connecting to a Los Angeles VPN server which then connects to your bank in New York City, then your VPN connection is only between Bangkok and LA.....the LA to NYC part is not a VPN connection.  VPN helps to add security for "part" of the internet trek but https connection will provide protection for the entire trek.   

 

The only time a VPN connection would add security for the entire trek is if the VPN server/node you are connecting is located in the same facility you are connecting to....like the VPN server being located right in the bank building...that would be end-to-end VPN which is primarily used by businesses where they have VPN servers within their business that you connect to instead of using some intermediary VPN service/node. 

 

So, for that connection to your bank located somewhere in the world, the https connection is more important to a secure connection than the VPN connection.

 

 

Quote

 

What is HTTPS?

Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary protocol used to send data between a web browser and a website. HTTPS is encrypted in order to increase security of data transfer. This is particularly important when users transmit sensitive data, such as by logging into a bank account, email service, or health insurance provider.

 

 

 

Quote

HTTPS provides end-to-end encryption, while a VPN provides encryption from your device to the VPN server. ... HTTPS is vulnerable to certain attacks (like root certificate attacks) that a VPN can sometimes help protect it from. HTTPS encryption is also generally weaker than the encryption a VPN provides

 

 

 

 

 

 

[Stocky]

Another article on 'Is Windows Defender enough'.

 

https://www.safetydetectives.com/blog/windows-defender-vs-antiviruses-is-defender-enough-for-you/

 

They have a similar solution to the one I made at the start of the year, Defender + Malwarebytes.

 

1 hour ago, Pib said:

A virus is just a subcategory of malware.

I take your point, but the two software programs started from different ends of the 'virus spectrum', consequently they have strengths that compliment each others weaknesses.

Edited May 24, 2020 by Stocky

[Pib]

 

As mentioned earlier about six months ago I switched from Symantec Norton 360 that I had been using on my computers for many years to Windows Defender/Security. 

 

Switched for two reasons:  (1) I got tired of buying a Norton 360 subscription every year although I always got them pretty cheap off Ebay....no way would I pay the full subscription price by buying direct from Symantec even after XX percent discount first year.  (2) many reviews/evaluations in how well Win 10 Defender protected...how MS had really upped their game/support of Defender since its earlier days.

 

So, far I've been totally satisfied with Win 10 Defender on my three Lenovo laptops.  

 

A few minutes ago I downloaded/installed Malwarebytes Premium on my primary laptop and did a scan....below are the results....zero malware found after using Win Defender on the laptop for six months.  

 

 

 

[Pib]

Another way a person can add malware protection to their home network is to use a router that has some kind of capability built-in to help prevent/block malware, blocking malicious websites, improve network security, etc. 

 

I'm not talking the router firewall which all routers have, but additional capability like how most ASUS routers have Trend Micro AIProtection built-in. 

 

First snapshot below summarizes what Asus AIProtection does for a living....see the weblink for full details.

 

I use an ASUS router and keep Trend Micro AIProtection activated on the router.  It provides Network Protection, Malicious Website Blocking, Two Way IPS, Infected Device Protection & Blocking, and Parental Controls. 

 

Where I occasionally see AIProtection protecting my network from possible malware attacks is when I "unknowingly" attempt to visit some website that considered malicious according to Trend Micro's database.  And no, I'm not intentionally going to doggy sites. What happens is a person may click an advertisement or some perfectly safe looking sublink on a webpage....like on ThaiVisa, CNN, Washington Post, Bangkok Post, etc., and that advertisement or sublink tries to direct you to or communicate with some doggy website....some doggy website that may try to place malware on your computer.

 

Snapshot 1: What AIProtection Does for a Living

https://www.asus.com/support/FAQ/1012070/

 

 

Snapshot 2 from my Asus AX88U router....notice AIProtection blocked 7 attempts since 3 Feb 2020 where I unknowingly tried to visit some website considered malicious per Trend Micro AIProtection...but AIProtection blocked that attempt..protected me.   And all these attempts was me using my primary laptop...the one I just run the Malwarebytes scan on.....a scan that came back perfectly clean.

 

Edited May 24, 2020 by Pib

[starfish]

On a side note:

Whenever i have a suspicious .exe, i upload it quickly to "Virus Total" (from context menu), which gives me the results of around 70 different antivirus programs (main players), all at once.

Doesn´t get better than that !

 

 

[toast1]

Thanks for your suggestions, I have always found Defender to be good and have never heard a bad story, but people persist in telling me its not good enough.

[WorriedNoodle]

21 hours ago, toast1 said:

Thanks for your suggestions, I have always found Defender to be good and have never heard a bad story, but people persist in telling me its not good enough.

Essentially Windows Defender is the Anti-virus program and other components like Controlled folder access, cloud protection together with Windows Defender is called Windows Security.

[toast1]

OK Thanks

[ubonjoe]

A off topic post and a reply to it have been removed.

[pmarlin]

I was for renewal on my norton account and ran accross this topic and got some good insightful information and did some reseach and canceled norton and went totaly with windows security. Been using it as my only security along with a good router and had no problems. One thing that I noticed is improved performance with my computers plus faster internet. I use to get internet disconnects with norton which sometimes made on line streaming a problem. Removing norton over a week ago seens to have solved that problem. Perfect internet streaming now.

[KhunHeineken]

On 5/24/2020 at 12:58 PM, Pib said:

Another way a person can add malware protection to their home network is to use a router that has some kind of capability built-in to help prevent/block malware, blocking malicious websites, improve network security, etc. 

 

I'm not talking the router firewall which all routers have, but additional capability like how most ASUS routers have Trend Micro AIProtection built-in. 

 

First snapshot below summarizes what Asus AIProtection does for a living....see the weblink for full details.

 

I use an ASUS router and keep Trend Micro AIProtection activated on the router.  It provides Network Protection, Malicious Website Blocking, Two Way IPS, Infected Device Protection & Blocking, and Parental Controls. 

 

Where I occasionally see AIProtection protecting my network from possible malware attacks is when I "unknowingly" attempt to visit some website that considered malicious according to Trend Micro's database.  And no, I'm not intentionally going to doggy sites. What happens is a person may click an advertisement or some perfectly safe looking sublink on a webpage....like on ThaiVisa, CNN, Washington Post, Bangkok Post, etc., and that advertisement or sublink tries to direct you to or communicate with some doggy website....some doggy website that may try to place malware on your computer.

 

Snapshot 1: What AIProtection Does for a Living

https://www.asus.com/support/FAQ/1012070/

 

 

Snapshot 2 from my Asus AX88U router....notice AIProtection blocked 7 attempts since 3 Feb 2020 where I unknowingly tried to visit some website considered malicious per Trend Micro AIProtection...but AIProtection blocked that attempt..protected me.   And all these attempts was me using my primary laptop...the one I just run the Malwarebytes scan on.....a scan that came back perfectly clean.

 

Maybe something like this.

 

https://shop.trendmicro.com.au/homenetworksecurity/default.asp?utm_source=www-AU&utm_medium=linkdropdown&utm_campaign=hns&_ga=2.253590985.1198239724.1502722036-34842817.1501618810

[Encid]

On 5/24/2020 at 3:14 PM, Stocky said:

Malwarebytes is poor with the antivirus side of things but good against malware, for Defender its weakness is malware.

I think Defender (or Windows Security as it's called now) is not good enough by itself.

I started up my laptop for the first time in about a month today, updated all the MS products including the Security Intelligence Updates, rebooted as requested, updated my Macrium Reflect backup software, then promptly got hit by the Horsedeal ransomware virus, which has encrypted all my files and rendered my laptop useless.

I am now trying to find some way of removing it, but from what I have read so far... my files are toast.

[toast1]

Good luck with that!

[RichCor]

1 hour ago, Encid said:

updated my Macrium Reflect backup software, then promptly got hit by the Horsedeal ransomware virus, which has encrypted all my files and rendered my laptop useless.

...so no recent Macrium Reflect backup images, or the backup volume was connected and also affected?

[Encid]

Correct... that backup volume (external SSD) was connected at the time so all contents have also been encrypted. Lesson learned (the hard way)... NEVER leave your backup data drive connected to your computer!

And all executables (MS Office products, Macrium Reflect program, Web Browsers, Kodi etc.) on the boot drive have also been encrypted.

I am using my desktop PC to write this.

I tried downloading Malwarebytes to my PC, transferred the install program onto a USB stick, started up the laptop in Safe Mode, inserted the stick and it was promptly encrypted and rendered useless.

I cannot even do a System Restore from Safe Mode because the virus has removed all Shadow Volume Copies of the files. If I could have performed a System Restore to a point prior to infection, I could have then downloaded Malwarebytes to remove the virus, and re-installed Macrium Reflect and restored all my programs and data (if of course I hadn't had my backup drive connected!).

 

A real nasty virus.

 

Any suggestions from anyone would be gratefully received.

[RichCor]

19 hours ago, Encid said:

then promptly got hit by the Horsedeal ransomware virus

Interesting article on how this exploit is being deployed and functions.

 

HorseDeal Riding on The Curveball!
blogs.quickheal.com | Jayesh Kulkarni | FEBRUARY 5, 2020

 

It may be you downloaded an AV scanner, that was fake, and infected yourself...

 

Quote

 

As almost all users and many security vendors rely on the Digital Certificates of executable files to validate the genuineness and authenticity of files, this vulnerability poses a big threat to the basic trust mechanism itself. This vulnerability is being referred as “Curveball” and “Chain of Fools”.

While we were just pondering around this vulnerability, we came across ransomware – HorseDeal leveraging this vulnerability and making use of a spoofed ECC certificate to evade detections.
 

While HorseDeal pretends to be signed by Microsoft ECC TS Root Certificate Authority 2018, it has the publisher name of a genuine AV-vendor. The certificate is valid for 1 year starting from 16 Jan 2020. Filename used here is that of the AV vendor’s process name i.e. avgdiagex.exe. Even though in this scenario, the spoofed certificate is used for fake AV process, malware authors can spoof certificate of any other genuine software, including software published by Microsoft itself.
 

Using bcdedit, the payload disables the automatic repair feature and sets bootstatus policy to ignore errors if there is any failure in the boot process. Along with that, it turns off the firewall using netsh advfirewall. These steps confirm that the victim won’t be able to recover the system state using any internal windows tools.

 

 

[xylophone]

1 hour ago, Encid said:

Correct... that backup volume (external SSD) was connected at the time so all contents have also been encrypted. Lesson learned (the hard way)... NEVER leave your backup data drive connected to your computer!

Ah, now that is something I didn't know, so I suppose ideally it would be good to not run my backup continuously, but perhaps refresh it once a month for example???

 

On the subject of antivirus products, for a few years now I have had Avira antivirus and it was good for a while but then they started adding other bits and pieces to it, which in the main were free, so it didn't really worry me, however my windows became increasingly slower to start up and no matter what I did with regards to cleaning this and cleaning that, it was still the same so I took a gamble on uninstalling it and trying something else.

 

I came across something called Total AV, and decided to look it up and although it had a few bad reviews because of the pricing of it (first year is very low, but upon renewal it jumps up quite markedly) however I installed it and let it do its stuff, and it did find a few problems which it cleaned, but the surprising thing was how quickly my Windows loaded, just a few seconds to well over a minute sometimes with Avira!

 

It does say that it is not a resource hogger, and that seems to be the case.

 

I have got it on trial for 30 days, but decided to buy it at an extremely low introduction price and I will see how it goes, if at the end of the year subscription I'm not happy with it, then I will cancel it.

 

I've never thought that Windows Defender/Security was adequate enough, hence the Avira AV, and now instead, Total AV.

[bendejo]

52 minutes ago, xylophone said:

On the subject of antivirus products, for a few years now I have had Avira antivirus and it was good for a while but then they started adding other bits and pieces to it, which in the main were free, so it didn't really worry me, however my windows became increasingly slower to start up and no matter what I did with regards to cleaning this and cleaning that, it was still the same so I took a gamble on uninstalling it and trying something else.

It is possible to install Avira just for the AV, just takes a little patience to keep from having it add on the other <deleted>.  Every so often I'll get a pop-up for a crucial addition I should make -- be careful with those, I once clicked one mindlessly and ended up having to uninstall then reinstall.  Here's my current dashboard trying to get me to add other junk.