Does Antivirus cause more problems than it's worth?

[Danielx64]

5 hours ago, Mando said:

 Symantecs rootkit remover is free, as is Sophos corp iteration mate. I think all you need to do is register as an individual as you can get access to all their toolkit. if your looking for an allround deal, have a look at Sophos Endponit gateway server for home, its free and can be built on a small desktop as a full XG class firewall. Web filtering the works. You can also use sophos home free now too.

Only thing is that it only for home users, not business or even not for profits  In our case getting a UTM will cost more than having SEP installed on every machine.

[Danielx64]

11 hours ago, Mando said:

nice in theory but when dealing with a lot of legacy resources and the need for authenticated users to have R/W perms in a lot of locations within windows, these are still open to  malware encryption. anywhere where a user has R/W is at risk.

I need to have a play with it more but if needed you could do a full block of files like .vb, .js, .ps and so on and only allow exe files in set folders. 

[ThaCrip]

I just stick with the basic Windows Defender in Windows 10, helps ensure things continue to run smoothly that way since nothing is interfered with, and then use a anti-executable program like Voodooshield (it's free but has a option to pay if you need to configure certain things in the program). keeps resource usage to a minimum that way and offers great protection since it simply stops anything from running that you did not specifically allow to run in Voodooshield when you initially configured it for your system. i even got RansomFree running to but that's sorta only a backup to Voodooshield as far as Ransomware goes. but both are really light on resource usage.

 

even in my web browser (Pale Moon x64) i don't have Flash or Java installed so i can't get nailed through either of those two things. but even if i did, if something tried to nail me there it would be stopped by Voodooshield but i figure there is nothing i use that uses either of those two things so i figure why even risk it by having them installed.

[HighwayGlider]

Depends. There were still crap on my PC when using MSE or NOD32. So in reality, an antivirus protects your PC "most" of the times and makes you feel safe "most" of the times as well.

[Mando]

10 hours ago, Danielx64 said:

I need to have a play with it more but if needed you could do a full block of files like .vb, .js, .ps and so on and only allow exe files in set folders. 

or just have it managed by your malware vendor platforms  cheaper than deploying 50-100 man hours of mine to fine tune, when it can be done in a few clicks.

Thats worth £4k a year in my book at least.

 

Check out Sophos Ws500-1k,2k UTM boxes cracking features for a small budget, I sold the enterprise on it as a complement to the endpoint AV, treat 90% of web based risks at the front door, leaving your users inside the perimeter thinking all is well.

I offset the extra cost against 1 days downtime at a site due to malware reaching endpoint and end user...at £20k a day downtime, it wasnt even a debate with the top brass.

 

Once they realised for that £4k expenditure in a year, could mitigate £20k a day per infection risk for each respective site estate

Edited February 7, 2017 by Mando

[Danielx64]

22 minutes ago, Mando said:

or just have it managed by your malware vendor platforms  cheaper than deploying 50-100 man hours of mine to fine tune, when it can be done in a few clicks.

Thats worth £4k a year in my book at least.

 

Check out Sophos Ws500-1k,2k UTM boxes cracking features for a small budget, I sold the enterprise on it as a complement to the endpoint AV, treat 90% of web based risks at the front door, leaving your users inside the perimeter thinking all is well.

I offset the extra cost against 1 days downtime at a site due to malware reaching endpoint and end user...at £20k a day downtime, it wasnt even a debate with the top brass.

 

Once they realised for that £4k expenditure in a year, could mitigate £20k a day per infection risk.

Only if this place where I would put that UTM in is making money (They are a not for profit and they need to spend wisely). Also don't you need to pay every year to keep getting updates and what not for those Sophos UTM?

 

Anyhow there is the Sophos UTM Home Edition and Sophos XG Firewall Home Edition that is free for home use but I am in contact to see if not for profits can use it as well. Stupid thing is that  Sophos UTM Home Edition will protect 50 IP addresses - how many home users have 50 devices? I don't.

[Mando]

28 minutes ago, Danielx64 said:

Only if this place where I would put that UTM in is making money (They are a not for profit and they need to spend wisely). Also don't you need to pay every year to keep getting updates and what not for those Sophos UTM?

 

Anyhow there is the Sophos UTM Home Edition and Sophos XG Firewall Home Edition that is free for home use but I am in contact to see if not for profits can use it as well. Stupid thing is that  Sophos UTM Home Edition will protect 50 IP addresses - how many home users have 50 devices? I don't.

Yes theres an annual charge, but i get it lumped into with our other contracts, its a drop in the ocean compared to a sites downtime for us.

 

the home edition is their fully fledged corp XG firewall, just with some limitations imposed.

 

might be worth checking out webroot, they may do a deal for not for profit orgs.

 

https://www.webroot.com/gb/en/business/smb/web-security

Edited February 7, 2017 by Mando

[thisdude]

This has been a VERY informative thread for me. Although it did start with the typical replies but that's cool. After considering all the informative and good arguments for and against AV I think I'm still going to keep 3rd party AV on my computers. For the following reasons and they are based on my user needs and experience not some "universal AV truth."

 

1. Probably the most important reason. I make mistakes and do stupid things on my computer sometimes, it's human nature. So having a solid 3rd party AV there to prevent my computers from getting infected is a good enough reason for me. ALL software installed on a computer could have potential vulnerabilities. But I can't let that prevent me from using software either. I just need to go with well respected and proven ones, and NO WAREZ for you warez monkeys lol!

 

2. I have other computer users in my home that aren't computer savvy. So having that extra protection fits in perfectly when they use a computer on my home network. And honestly the child filters work great on Kaspersky, for my personal preferences.

 

So I'm going to give Webroot a trail shot. If I don't like it I can always go back to Kaspersky. Thanks for all the informative posts people!

[Andre S. Veteran]

On 2017-02-06 at 9:08 AM, LoboVerde said:

https://blog.kaspersky.com/is-antivirus-really-dead/13959/

Alexey Malanov makes some great arguments in this article for the need of antivirus. And addresses Windows Defender.

 

Another thing that came to mind is just making stupid mistakes as a user. Us on Neowin know about security threats but we can also make mistakes or just be stupid sometimes on our computers so...yeah having that extra layer of security in an AV suite would mitigate and/or stop that stupid mistake from attacking our computer.

 

What do ya'll think?

I read the article you linked to and it sounds more like an advertisement for Kaspersky than solid reasoning. He didn't really address any of the arguments O'Callahan raised, but there were lots of ad hominems and the article was full of graphs showing Kaspersky beating competing solutions.

 

I have had to take care of many grandma's and grandpa's laptops and computers in terrible shape software-wise, super slow and filled with junk. More often than not the AV was largely responsible for the poor performance (as a quick glance at Task Manager would reveal) and removing it was a huge breath of fresh air. I haven't used AV on any computer I've maintained since 2007 and they've all been the better for it.

 

I distrust AV software for many reasons:

 - It invades the operating system at a low level. Any software that does this fundamentally compromises stability and usability. Examples of this are legion. As a software developer I have never seen an AV not causing various mysterious problems for coders expecting standard behavior from Windows. It's certainly billions of dollars of lost revenue every year; certainly on the same order of magnitude of that caused by viruses themselves.

 - It doesn't have to do anything. If you get infected anyway, it's your fault.

 - You're placing huge trust in this software (by virtue of giving it free reign over everything on your system), but it's produced by a third-party and you basically only have its word for it.

 

This is crazy. Yes Win32 is a highly insecure platform and that's by nature, nothing can change that. I think a much better option for someone who cannot understand what is an .exe and will ignore all security warnings is to use an Android tablet or such.  Anyone with above average computer literacy is better off without AV on Windows.

 

[thisdude]

@Andre S.Oh yeah for sure I mean it's on Kaspersky's site. However, there where some valid arguments regardless.

 

And in my previous post, the point they make about human error and stupidity made a lot of sense to me. And because I have computer users in my home that aren't computer/internet savvy having that extra layer of protection works for me.

 

And as we've been and I, have been stating there's some real security vulnerabilities in AV, it's a piece of software like everything else. However, one can do a lot of real things to mitigate those vulnerabilities as well.

 

There's no "universal AV truth." So I think it really just comes down to use experience and needs and wants.

[Andre S. Veteran]

1 hour ago, LoboVerde said:

There's no "universal AV truth." So I think it really just comes down to use experience and needs and wants.

Sure, but I'm not convinced AV adequatly addresses any particular needs or wants. Among less tech-savvy users around me, the one who most often screws up his computer and ends up asking me for help is the one who insists on having AV installed. Sometimes the problem is caused by him installing multiple different AV software that don't play nice with each other! And seemingly no AV seems to prevent him from getting ill-behaved browser plug-ins without realizing what he's doing, or otherwise screwing up some configuration to the point where a device stops working or he doesn't know how get to his emails anymore.

 

For me the solution here would be to use a much more simple and restrictive OS like Android, but I haven't been able to change his mind.

[thisdude]

Well if someone is installing multiple AVs it's not the fault of the AV software that's the user come on.

 

There's plenty of malware, viruses, and vulnerabilities  for Android, Windows, MAC, and Linux. No one platform is immune or less likely to get infected.

 

Maybe this guy just needs to learn more about computers and being safe on the internet because sounds like that's what's causing the problems not the 3rd party AV software. I mean anyone can screw up the most locked down and basic computer setup. AV doesn't stop you from clicking a link or downloading something that you really want.

 

 

[Andre S. Veteran]

2 minutes ago, LoboVerde said:

Well if someone is installing multiple AVs it's not the fault of the AV software that's the user come on.

 

There's plenty of malware, viruses, and vulnerabilities  for Android, Windows, MAC, and Linux. No one platform is immune or less likely to get infected.

 

Maybe this guy just needs to learn more about computers and being safe on the internet because sounds like that's what's causing the problems not the 3rd party AV software. I mean anyone can screw up the most locked down and basic computer setup. AV doesn't stop you from clicking a link or downloading something that you really want.

But then what's the point of AV if it doesn't help a non tech-savvy user not screw up his Windows machine? If I could educate him on security (and I try my best every time so I don't have to come back), then he wouldn't need AV in the first place either.

 

Android is not immune to viruses but at least you don't install apps by executing .exes from the web that can do anything, and there are many less ways to screw it up - for instance no access to the file system unless you install an app specifically for that. I think it's quite obvious that someone with an Android tablet is less likely to require maintenance than someone with a Windows system.

[thisdude]

It does help non-tech savvy people but it can't prevent someone from making deliberate mistakes or purposely downloading something malicious. You can "click no I do want to download this" know what I mean?  AV warns the user "Hey that's malicious!"

 

For example when ever Kaspersky would throw up a warning or Windows my wife or ninos come ask me what it means and they've learned how to navigate through such warnings and how/why they got those particular warnings.

 

Sure .exes might now work but still can have major vulnerabilities or ones that are greater weaknesses than .exes. Remember that vulnerability for Android phones/tablets going around last year that lasted for months and went in through SMS. And iPhones had a similar one. So hanging your over all argument on .exes really isn't enough to not use Windows or AVs, in my opinion because that's just 1 of many OS (all of them) vulnerabilities. And don't forget social media and password vulnerabilities as well.

 

I just think you're friend there needs some education on what he's doing wrong that's all.

[Danielx64]

On 2/7/2017 at 10:00 PM, Mando said:

Yes theres an annual charge, but i get it lumped into with our other contracts, its a drop in the ocean compared to a sites downtime for us.

 

the home edition is their fully fledged corp XG firewall, just with some limitations imposed.

 

might be worth checking out webroot, they may do a deal for not for profit orgs.

 

https://www.webroot.com/gb/en/business/smb/web-security

Thank you for the link for webroot, i'm going to take a look at then as well.