I just had Windows Defender rummage through my backups and forcibly remove:
Text from a GitHub page related to PowerSploit
Text out of an IRC log
I will post another thread about configuring some ZFS snapshots and different shares, but does anyone have a recommendation for antivirus? I haven’t had to even think about this for about a decade but I am done wasting my time on a jumpy piece of software that slows my machine down immensely.
Anything detecting plaintext as malicious can go as well: VirusTotal
Jokes aside, I’ve not run antivirus in a while on my windows machine. I just risk it. In the past though, I’ve run malwarebytes and it’s been great. Not sure if they’re still any good htough.
I’ve used Avast specifically for kid computers, it’s kinda shouty as free software will be, but not too bad. I have had it actually catch things, and it’s maybe over-vigilant at flagging websites, but I do not see that as a problem. It’s lightweight for the older systems so it’s a solid choice for that.
I dont use anything else for my Windows machine. I just set the protections as enabled and tighten the security where it could be (SecureBoot on, etc, just tinker the settings on the Security app)
I only use a non-admin account and allow some admin access sparingly and deliberately.
I dont visit shady sites. There is Linux with Tor Browser (safest) for those.
In the distant past, I used to trust and pay for Bitdefender. Maybe these days Sophos seems legit good.
I’ve stopped using Avast or AVG because they’ve gone full adware/spyware/malware these days. Either you die young or live long enough to be the bad guy.
I used to run Comodo (Free) Firewall / AV with Malwarebytes as a secondary defense. Worked well, but did require manual tweaking for some programs / games to function right. I run VirusTotal on all downloads as a sanity check.
Defender seems to do a decent job, but does raise hackles at some programs I use. Seems that as soon as MS get into a certain business, their competitors software in that space are suddenly marked as ‘suspicious’.
Like @SgtAwesomesauce I haven’t ran AV in years on my personal machine. I used to suggest AVG until they were caught sticking their fingies in the cookie jar then started installing Avast or malwarebytes for kids/family.
Personally I have the VT4Browsers addon and virus total automatically scans my downloads. Plus my mom always told me not to talk to strangers so no concerns with email attachments.
I’m currently trying linux … will have to let you know how it works out!!!
Jokes aside I’ve used windows defender / avg in the past but I have found that more importantly to educate the users not to goto shady websites / question the emails - pop ups that they get when going to sites!!!
Typical free VT behavior is that everything that is uploaded is visible and available to researchers. If these are not private things but some publicly available files, then ok.
Private/company confidential things have appeared on VT more than once…
As an on-demand scanner, I use malwarebytes for regular and systematic OS scans.
I use Avast as active protection where there is no budget. ESET where the budget is.
The whole is completed by the “Comodo Firewall”… contrary to appearances, it is not just a firewall, but a quite good HIPS and a sandbox. If properly configured, it can do a lot in terms of active protection and blocking everything that is not approved by the user, but it requires a bit of knowledge and time to set it up.
A typical antivirus in 2023 is mainly used for preventive scanning of web traffic, i.e. it is supposed to catch a dangerous script when the browser loads the page. Dangerous files are a secondary issue, unless someone really downloads strange things from strange places and runs them without thinking. This is where a sandbox comes in handy if we want to run something in isolation without harming the OS. Better yet, use the browser in a sandbox all the time to isolate hostile activity from the OS.
However, no antivirus will help against 0day threats that have not yet been recognized or software bugs for which there is an exploit.
