Best protection for Windows

[Nardeth]

Hello,

i have a Windows Pc and i use ESET smart security and malwarebytes antimalware. i have a laptop that came with windows 8.1 and i had a virus in my pc preventing me from scanning documents, it infected my Program that lets me scan documents. so i installed Smart security from eset, so therefore i updated it left the pc disconnect from the internet for several hours no scan. virus gone by itself since i have Malwarebytes installed as a premium version, i also have a desktop and i turned on my pc connected my external hard drive then i had connected to the internet, the way i setup the antivirus it stopped attacks to my pc. i use windows Ten Pro insider preview i always update the OS, i remember with one person who had a xp laptop she had a virus on her pc that made her pc act up. i installed Microsoft security essentials the version that was available at that time. i didn't update the virus definitions, the virus ran away with its tail between its legs into in-existence it erased itself. anyway what i am basically saying the viruses in my laptop ran away upon eset set a certain way. i will attach my Settings file for my antivirus. what do the people of this Forum think of Malwarebytes & ESET ??
i also have my router (in for repairs) when i get it back i have it set to Medium Set Firewall.

 

[Tokolotshe]

what do the people of this Forum think of Malwarebytes & ESET ??

Malwarebytes is okay, but loose the ESET.
Kaspersky now has a lightweight free version available. Or you can go the commercial Kaspersky route.

Many AVs are good up to a point, but fatten certain malwares. Being "in IT", seems I end up with friends hassles. Kaspersky is what I use to clean those PCs and it has never failed me.

My 5c for free

 

[Venomous]

Malwarebytes is okay, but loose the ESET.
Kaspersky now has a lightweight free version available. Or you can go the commercial Kaspersky route.

Many AVs are good up to a point, but fatten certain malwares. Being "in IT", seems I end up with friends hassles. Kaspersky is what I use to clean those PCs and it has never failed me.

My 5c for free

And I don't like Kaspersky.
It interferes with many programs and when it expires it becomes a bitch.

All a very personal thing I think.

In the OP's case I would uninstall malwarebytes and then use it once a week/biweekly/monthly.

Running 2 AV type programs on a PC as a regular thing is IMO contradictory. Both programs have sample virus "bits" that enables them to recognise the virusses present or trying to enter the system. Meaning they really aim at each other instead of "keeping the gates closed to gremlins attempting to enter"

 

[Nardeth]

And I don't like Kaspersky.
It interferes with many programs and when it expires it becomes a bitch.

Both programs have sample virus "bits" that enables them to recognise the virusses present or trying to enter the system. Meaning they really aim at each other instead of "keeping the gates closed to gremlins attempting to enter"

is this true Sollie??

 

[Nardeth]

you know, the thing is with ESET it has a very nice firewall that is a AI Robot.

 

[Magnum]

Op you want a Foolproof anti virus?

Format the PC, switch it off. pack it in a box and never unpack it ever again. Problem solved.

 

[Nardeth]

Op you want a Foolproof anti virus?

Format the PC, switch it off. pack it in a box and never unpack it ever again. Problem solved.

LoL

 

[chrisc]

My windows are fitted with "intruder-proof" glass

 

[mr_smithh]

Op you want a Foolproof anti virus?

Format the PC, switch it off. pack it in a box and never unpack it ever again. Problem solved.

+1

 

[mister]

If your viruses ran away and erased themselves without any action from the antivirus then you didn't have viruses to begin with...

 

[syntax]

Give Cylance a look, it is not signature based and is extremely light weight.

 

[sajunky]

If your viruses ran away and erased themselves without any action from the antivirus then you didn't have viruses to begin with...

A targetted attack would do that. Install a back door for future use and vanish.

 

[Rickster]

Avast Free.

 

[Nardeth]

Listen oakies, the nice thing that ESET does is notify you of a untrusted HTTPS Certificate. you can block it if you choose to.

 

[MrGray]

Everyone has their favourite or their worst because of a bad experience, but I'm a big fan of Kaspersky as well. Just get the paid version, it's far better than all the free stuff. If you use the Total Security for Small Office you can actually centrally manage all of your PC's. It's worth a few bucks for some level of peace of mind.

Pro tip: most common mistake with compromised systems I've seen, even though they have an AV - no password protection on the Antivirus itself. If you don't have an AV that you can password protect it's useless. If someone gets onto your desktop, via RDP, brute force, whatever, they can just turn off the AV unless it is protected. With Kaspersky, even the users on our PC's cannot turn it off without the password. This is often the difference between the free and paid versions.

 

[Rickster]

Just dont use mcafee, for the love of god.

 

[OCP]

Run Windows as a vm on a non-Microsoft hypervisor
Backup daily snapshots and have files replicated with versioning to backup device ;-)

 

[mercurial]

Everyone has their favourite or their worst because of a bad experience, but I'm a big fan of Kaspersky as well. Just get the paid version, it's far better than all the free stuff. If you use the Total Security for Small Office you can actually centrally manage all of your PC's. It's worth a few bucks for some level of peace of mind.

Pro tip: most common mistake with compromised systems I've seen, even though they have an AV - no password protection on the Antivirus itself. If you don't have an AV that you can password protect it's useless. If someone gets onto your desktop, via RDP, brute force, whatever, they can just turn off the AV unless it is protected. With Kaspersky, even the users on our PC's cannot turn it off without the password. This is often the difference between the free and paid versions.

I used it recently and loved it. Just had to remove it because it stopped my torrents from working, regardless of the settings I applied but Kaspersky would definitely be my choice now.

 

[TheGuy]

I've only been running the free windows defender for the last 5 years or so and never had a problem. I've run a few once of AV scans using other product and its never picked up anything.

 

[Moosedrool]

Run Windows as a vm on a non-Microsoft hypervisor
Backup daily snapshots and have files replicated with versioning to backup device ;-)

Or just backup daily snapshots and have files replicated. I don't see how a vm is more secure...

Truth is windows still is the most popular OS for malicious code and such so I made some lists.

Home sysadmin Moosedrool security tips.

1. Run a paid for 3rd party antivirus and keep it up to date. Enable all the protection.
2. Keep UAC active. Yes it's annoying get used to it.
3. Keep your OS up to date.
4. Only install common browser add ons. If possible avoid these at all costs. Flash player is a pain but yeah keep it up to date at least.
5. Try not to run software which reached end of life.
6. Be weary about applications requesting firewall ports to be opened. Close the ones you don't use.
7. Know your file extensions for whatever you run.
8. Know the url's you're entering.
9. Don't give unfamiliar sites any control over your operating system or hardware.
10. Don't be a criminal and use cracks, keygens or download pirated stuff.
11. Don't insert random flash discs from people into your pc.
12. Treat all other networks as public networks even your mom's stupid home network.

0. Back the F up. Cause shyte can still hit the fan.

Business sysadmin Moosedrool security tips:
All of the above including:

1. Disable admin rights. (A secure system has nearly non of this and IMO even the people with approved motivation from illiterate IT management can go through a tested alternate method. Most crap legacy apps only require write permissions an a non profile folder or something for it to work but nope... "I need muh Admin rights." Feck off)

2. Don't ever ever ever give IT Admin Accounts Internet access, E-mail accounts and any access these accounts don't need.

3. I've seen techies put the damn firewall address in the alternate DNS field. Don't! DNS have these (or at least should) setup as forwarders.

4. Best practice for proxy is having a pac file script which auto chooses.

5. Only use IT admin accounts when a administrative function is required. Teach you techs this as well. (RSAT can be used perfectly as a non administrator for reports and so forth. Learn how to shift - right click - run as. You don't need to remote log on to a server for 90% of the functions IT admins log onto servers.)

6. Get up to speed with your non RDP server stuff, SCCM, Remote Tools, Powershell and PowerCLI cause in the very near future when businesses realise the potential of core I’m doing this:



So that even the sysops have give proper motivation to have Remote Desktop access. :twisted:
The techs will be given logon rights when they need it.

7. Disable USB and Optical drive (Yes I'm that AD son of a bitch which does this in corporations and the same AD admin who implemented a group policy big enough causing your cr@p cluttered already slow machines to now take even longer to boot up.) (Seriously though, GP for external drive lockdown is just a tiny one but it's important.)

8. Patch all your servers according to Microsoft's monthly schedule. Test and if it fails fix it! (Keep yourself updated daily in case Microsoft rolls out urgent patches.)

9. SCCM is my go to for updates but smaller businesses should simply run WSUS and maybe test these on a local machine.

10. Create a windows 10 image stack on a regular basis for end users with the approved antivirus, configuration and standard software packs already installed. (I still don't know why medium to even large business sometimes don't do this. You are the cause for hours of end user down time when a reload could mean a few minutes.)

11. Disable the provisioning of built in apps the organisation don't use. (single sign on reprovisions the f#ckers so you need to do THIS and preferably have a build stack with these already applied.)

12. Backup SLA should be near 100%. The servers needing to backup go down so full 100% is impossible.

13. Your files should be on the SAN FFS. If your company doesn’t have this it should be on a file server. If your company doesn’t have that complain about how backwards they are.

14: I prefer forcing users to change passwords every 45 days though there is a big debate about this cause of these cr@p passwords: PietNov@2017, PietDec@2017, PietJan@2018

14. There's a lot more but these are my main do's and don'ts.