Does Antivirus cause more problems than it's worth?

[+mram Subscriber²]

4 hours ago, Riggers said:

In windows 10 Smartscreen is system wide so it doesn`t matter the browser or source of the file...The inbuilt systems/prevention methods provided by Windows 10 are pretty good. Fair play for getting out of that multi million dollar AV racket!

 

For Windows 10, Microsoft further developed the SmartScreen Filter by integrating its app reputation abilities into the operating system itself, which allows the filter to protect users regardless of the web browser they are using or the path that the app uses to arrive on the device (for example, email, USB flash drive). The first time a user runs an app that originates from the Internet, even if the user copied it from another PC, the SmartScreen Filter checks the reputation of the application by using digital signatures and other factors against a service that Microsoft maintains. If the app lacks a reputation or is known to be malicious, the SmartScreen Filter warns the user or blocks execution entirely, depending on how the administrator has configured Group Policy (see Figure 7).

From here https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-10-security-guide

It doesn't burn it into the application layer of programs... Pretty easy to test:  http://demo.smartscreen.msft.net/

Chrome and Edge behave pretty much exactly like you'd expect... with Chrome blocking zero.

The issue is that the API is built in, but the app dev has to use it.  Chrome does not.  Or I'm missing something?

[Solid Knight]

There isn't much reason to not have some sort of AV. I don't think you need those huge suites and Windows Defender does a good enough job. You don't want your AV picking up a bunch of stuff. It's a reactive measure. Ideally, you'd want to avoid bumping into malware.

[spaceelf]

Not gonna watch the guy in the third link yap, but yeah.  Every time I've tried a third party antivirus in win10 I was either disappointed or extremely irritated.

 

Defender just friggin works, and has since win8.  No false positives, no performance issues, nothing to really worry about unless you're serious about visiting questionable sites.

 

Google really ought to be making an AV for Android but they're too busy pretending Microsoft is doing everything wrong.

[Raa]

I don't use* an Antivirus, and I doesn't afraid of anything.

[+Anarkii Subscriber²]

In todays world I think its needed more than ever. People downloading torrents all over the world, malware, rootkits... Windows not patching critical flaws until a week later on patch tuesdays... 
You need some kind of protection. Anti Viruses may lay dormant for months, but personally, id rather that then be exposed to a virus, trojan or malware by not having a AV software installed.

[PaulATMOS]

The best one I've tried in a while is Webroot SecureAnywhere. 

[trag3dy]

Maybe it's semantics but I run an anti-malware program now, not antivirus.

[Mando]

16 hours ago, Gary7 said:

Neither did I

Webroot secure Anywhere end of....light footprint, full scan in minutes and realtime web filtration, regardless of device or connection. 

 

No system slowdowns at all, with all my devices managed from a central console, regardless of platform, ive inlcuded my parents devices into my pool, works really affectively for remote management too. 

 

 

Edited February 5, 2017 by Mando

[The Evil Overlord]

For some, a third party av solution is purely for piece of mind, I know there are arguments both for and against, but I myself like having my third party av and it to the best of my knowledge hasn't broken anything.

[Mando]

4 hours ago, The Evil Overlord said:

For some, a third party av solution is purely for piece of mind, I know there are arguments both for and against, but I myself like having my third party av and it to the best of my knowledge hasn't broken anything.

Yep working in IT and by default family and friends support, keeps them ringfenced to a degree online meaning less calls to me i use the web filtration more than the av part, but still advise running at least w10s offerings. 

[thisdude]

I remember back in the day (Win2k & WinXP days) Symantec Endpoint was great. Very small footprint on your computer. The scans where fast and top notch for protection.  However, all the AVs out there are filled with tons of extras that you really (at least I don't) don't need.

 

Can anyone recommend anything along the lines of that Symantec Endpoint. Something that's just a definition scanner, paid or free.

[thisdude]

4 hours ago, Mando said:

Webroot secure Anywhere end of....light footprint, full scan in minutes and realtime web filtration, regardless of device or connection. 

 

No system slowdowns at all, with all my devices managed from a central console, regardless of platform, ive inlcuded my parents devices into my pool, works really affectively for remote management too. 

 

 

It seems that the reviews of Webroot Secure Anywhere from users are pretty good. But when I search for reviews on it I typically (not always) get poor reviews. I saw a recent issue where Webroot it self was causing problems with Windows. And on all the AV review/testing lab sites Webroot get's poor ratings or doesn't even show up.

 

So I'm not sure what to make of that. I know many sites get kick backs or get the software free in order to give a positive review. So what do ya'll Webroot users think? Or those that left Webroot.

[The Evil Overlord]

18 minutes ago, LoboVerde said:

It seems that the reviews of Webroot Secure Anywhere from users are pretty good. But when I search for reviews on it I typically (not always) get poor reviews. I saw a recent issue where Webroot it self was causing problems with Windows. And on all the AV review/testing lab sites Webroot get's poor ratings or doesn't even show up.

 

So I'm not sure what to make of that. I know many sites get kick backs or get the software free in order to give a positive review. So what do ya'll Webroot users think? Or those that left Webroot.

Very often, reviews are sponsored,  and 'the public' are just tearing down a rival product either because they were told to, or paid to.

My personal preference is zonealarm, and it is hated by so many, I've never had any issues with their Internet security suites, been using them since 2000 onwards. 

[thisdude]

I used to use ZoneAlarm back in the day. But when it got bought out/or just go really big. Their Firewall/AV suite just really bogged down my system and I stopped using it. But it's been years since I used to use it.

 

It's interesting all the good/bad takes on all the different AV software out there!

 

I really like and trust Kaspersky and have been using for about 3 years now. I just don't like how bloated it's become. And in terms of PC security it really does add another potential security vulnerability because it does get into everything.

[The Evil Overlord]

Just now, LoboVerde said:

I used to use ZoneAlarm back in the day. But when it got bought out/or just go really big. Their Firewall/AV suite just really bogged down my system and I stopped using it. But it's been years since I used to use it.

 

It's interesting all the good/bad takes on all the different AV software out there!

 

I really like and trust Kaspersky and have been using for about 3 years now. I just don't like how bloated it's become. And in terms of PC security it really does add another potential security vulnerability because it does get into everything.

The one thing I like about kaspersky, is their rootkit removal tool is offered for free. 

I tried kaspersky, but that 'scream' it used to make when it detects a problem was a let down for me.

Similar to how avast (I think it was) when it used to tell you it just updated and so on

 

[spaceelf]

1 hour ago, LoboVerde said:

It seems that the reviews of Webroot Secure Anywhere from users are pretty good. But when I search for reviews on it I typically (not always) get poor reviews. I saw a recent issue where Webroot it self was causing problems with Windows. And on all the AV review/testing lab sites Webroot get's poor ratings or doesn't even show up.

 

So I'm not sure what to make of that. I know many sites get kick backs or get the software free in order to give a positive review. So what do ya'll Webroot users think? Or those that left Webroot.

I'd give it props for its general usability, it didn't cause problems on my machines or anything unlike many others (it came with a few months free from my laptop from Best Buy) but I'm really not into their claims of being amazing that aren't backed up by any legit testing outfits.  I'm really not into taking random peoples word for it, so no thanks.

[Thygod]

I think anti-virus is slowly going the way of the dodo.  It has more to do with the fact that the attacks are changing. Now an anti-virus has to look at behavior instead of a signatures.  I still think that it is needed.  Most people in this forum will be able to forgo an AV since they know what they are doing.  I would not recommend to a corporation to uninstall the AV in every machine unless they lockdown the USB ports, CD-ROM and use a content-filtering firewall such as Fortigate.

 

I think AV will slowly move to the gateways, routers and modems with content filtering and advanced ips and av with a subscription based service such as Forti, Barracuda, watchguard etc...  

[+mram Subscriber²]

10 hours ago, The Evil Overlord said:

For some, a third party av solution is purely for piece of mind, I know there are arguments both for and against, but I myself like having my third party av and it to the best of my knowledge hasn't broken anything.

I've had editions of ESET hose my system.  I think the spirit of the original post was:  what risks do you really introduce by introducing 3rd party, vs how much does it really provide in additional benefit?

 

 

10 hours ago, Mando said:

Webroot secure Anywhere end of....light footprint, full scan in minutes and realtime web filtration, regardless of device or connection. 

 

No system slowdowns at all, with all my devices managed from a central console, regardless of platform, ive inlcuded my parents devices into my pool, works really affectively for remote management too. 

"Light footprint" and "Full scan in minutes" is highly subjective based upon number of files, system architecture, speed, etc.

 

The best I can really say is Defender is the same memory footprint as ESET was for me, and perceptibly causes no additional disk issue.  But that's just my personal before-and-after view.

 

I can agree totally that remote management of machines is awesome, but that's almost antiquated thinking isn't it?  I mean really -- if you're basically IT for your family (common scenario) what's so hard to say "call/TXT/IM/Skype/SnapChat/FBChat/email/smokesignal me if you get any popup about security" ?  That'd save money and/or management pain.

 

Even with this debate over 3rd party app, no one has yet to say beyond user ignorance, there's no real tangible benefit to it, or that there is greater risk by just going built in Anti-Malware?  Microsoft's engine and DAT process is as robust as anyone else's, and is updated just as frequently.  There are minor deficiencies for zero-day concerns, but can be overcome easily with a scheduled task, that's ridiculously simple.

 

It's not like Microsoft uses 3rd party AV, and they're amongst the most-hacked and most-abused companies in the world.  They rely on Defender.  Sure it might be managed with InTune, but that's still the same engine that I've managed with a scheduled task, as a home user.  It's not like we as consumers are taking additional risks for going default AV, especially if you're knowledgeable about the gaps yourself.  Microsoft has only the updater process fetch new DATs once a day because on the millions/billions of Windows devices out there, you can't assume connectivity.  That causes it to score low on zero-day vulnerability testing.  But if you download 3rd party AV, those companies update usually more rapidly because it assumes you care about greater security (obviously), but it also assumes you don't care about bandwidth.  Microsoft plays it safe for bandwidth vs security given that most average consumers aren't that at-risk for zero-day problems, in all honesty.  However if you disagree, or bandwidth isn't a problem, it's an easy knob to turn, and I don't fault Microsoft NOR do I give extra credit for 3rd party companies, given the behavior.  Microsoft is a good internet citizen; their DATs are updated multiple times a day for vulnerabilities as they are discovered and exposed, just as every other company is... all you have to do is fetch them.

Edited February 5, 2017 by mram
Should've said "Anti-Malware" instead of "AV" - I'm old, sue me.

[thisdude]

6 hours ago, Thygod said:

I think anti-virus is slowly going the way of the dodo.  It has more to do with the fact that the attacks are changing. Now an anti-virus has to look at behavior instead of a signatures.  I still think that it is needed.  Most people in this forum will be able to forgo an AV since they know what they are doing.  I would not recommend to a corporation to uninstall the AV in every machine unless they lockdown the USB ports, CD-ROM and use a content-filtering firewall such as Fortigate.

 

I think AV will slowly move to the gateways, routers and modems with content filtering and advanced ips and av with a subscription based service such as Forti, Barracuda, watchguard etc...  

Yeah the attacks have evolved into more complex issues and especially in the social engineering front.

 

We don't hear attacks like the melissa virus any more that a basic AV can take care of. It's ransomware, profiles being hacked because of weak password security, IoT devices are the new thing.

That's why I'm really starting to think I should just go with Windows Defender the Windows Firewall and go with Hitman Pro and/or Malwarebytes. And just make sure I have all the necessary browser addons, a proper password security, UPDATE UPDATE & BACK UP BACK UP, stay up on security news, and don't be stupid by downloading files that could be infected or go to nefarious sites.

[thisdude]

5 hours ago, mram said:

I can agree totally that remote management of machines is awesome, but that's almost antiquated thinking isn't it?  I mean really -- if you're basically IT for your family (common scenario) what's so hard to say "call/TXT/IM/Skype/SnapChat/FBChat/email/smokesignal me if you get any popup about security" ?  That'd save money and/or management pain.

I can agree with that. We all have smartphones and can quickly search a pop up or IM that "family IT guy" for a solution. So yeah remote management is probably significantly used more by corporate IT people rather than the consumer level.

[+mram Subscriber²]

1 hour ago, LoboVerde said:

Yeah the attacks have evolved into more complex issues and especially in the social engineering front.

 

That's why I'm really starting to think I should just go with Windows Defender the Windows Firewall and go with Hitman Pro and/or Malwarebytes.

Aren't you defeating your own argument?   Doubling up with a paid solution?

[T3X4S]

On 2/4/2017 at 0:02 PM, LoboVerde said:

Did any of ya'll read the articles? Just curious because no one's comments have mentioned anything from them.

I know what sec people & software creators think.

An AV has to envelope everything, otherwise its useless.

This creates more work for the software engineers.
So - they want to whine.

It might cause more problems for them, but the OS and the software on it is for the end user, not them.

Even suggesting AV isnt needed, or causes too many problems is about as dumb as saying a Defense Dept isnt needed for a country.

You need it for (2) reasons:

(1.) Most people are dumb
(2.) Bad people will take advantage of reason #1

This same topic was on Front Page a week or 2 ago - so this is nothing new

 

 

On 2/4/2017 at 7:52 PM, freqnasty said:

The best one I've tried in a while is Webroot SecureAnywhere. 

EXACTLY

 

 

Edited February 6, 2017 by T3X4S

[Ryoken]

I would say it depends on the user first. What are you doing? Do you download a lot of random programs from random Russian and Chinese sites? If so then yes, more AV the better lol.

 

For someone with even a hint of tech savy, enough to run a Current browser, adblock, etc, then generally no, more AV ontop of Windows Defender isn't needed. That isn't to say you are 100% safe, cause nothing else, there can always be SOMETHING that gets through. But if you have half a shred of common sense then that and Defender will deal with all but the most edge case scenarios.

 

I haven't run AV regularly since the 9x days. Norton and McAfee were worse than what they protected against. By 2k and XP I stopped bothering (except in some cases where I needed AV installed for reasons). Thats not to say I never did scans, cause I did, but normally a webscan or a scan off a disk a few times a year. With MSE and now Windows Defender I let it do all the work. None of it has stopped me from downloading apps and such, I just make sure I know where I'm getting it from. Even from "shady" sources I make sure it has comments, trusted uploader, etc. Along with that I run uBlock Origin, uMatrix, and the MVPS Hosts File. (Technically I don't need the latter as it's an option in both uMatrix and uBlock, but I like a system wide one too). Those 3 will block *most* iffy sites. Disabling Flash (click to run), and keeping Java far away are other good ideas. 

 

Now I will say if you're one of those paranoid people who turns off stuff like Windows Update, then get another AV. If you aren't updating your Defender definitions, or doing so rarely, then you are as good as unprotected. 

 

End of the day don't expect any consensus on this. A third of people think you NEED an AV, a third think Defender is fine, and a third are confused by the question or start ranting about vaxers (ignore them).

 

There have been some articles about the downsides of the AV's themselves. 

https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/ 

(Neowin did its own version of the above article, we'll just assume you already read that  so here's another lol)

 

Me, as I said above, Defender is fine by me. I've got one virus ever, it was on Windows 3.11, and came on a 5.25" Floppy. Defender catches keygens, "real" av likes to catch other legit stuff, along with sucking up CPU, trying to full my browsers with crap toolbars and extensions, wastes my memory, etc. I have no regrets tossing it out the window. But not everyone is me.

[Mando]

16 hours ago, LoboVerde said:

It seems that the reviews of Webroot Secure Anywhere from users are pretty good. But when I search for reviews on it I typically (not always) get poor reviews. I saw a recent issue where Webroot it self was causing problems with Windows. And on all the AV review/testing lab sites Webroot get's poor ratings or doesn't even show up.

 

So I'm not sure what to make of that. I know many sites get kick backs or get the software free in order to give a positive review. So what do ya'll Webroot users think? Or those that left Webroot.

its superb and their enterprise class option is also very good.

 

Put it this way, checkpoint technologies use webroot scan engines in their security platform and firewall edge boxes, thats enough praise for me tbh.

[Mando]

On 2/5/2017 at 1:02 AM, LostCat said:

Not gonna watch the guy in the third link yap, but yeah.  Every time I've tried a third party antivirus in win10 I was either disappointed or extremely irritated.

 

Defender just friggin works, and has since win8.  No false positives, no performance issues, nothing to really worry about unless you're serious about visiting questionable sites.

 

Google really ought to be making an AV for Android but they're too busy pretending Microsoft is doing everything wrong.

Windows av in 10 cannot handle drive by payloads very well, or a lot of cryptor type malware. Apart from that, its a pretty decent offering. 

 

https://www.theregister.co.uk/2017/02/01/cerber_windows_10/