People who actually think windows defender is good is astounding on this forum. Lets take a look at all those microsoft edge exploits. Whats to stop defender from having the same people poke and prod at it?
Sophos home IS behaviour based. Also has a web based control panel where you can see all the computers you have running it and manage them.
I used to be in the no AV group. I used to not run anything for years. I would also pirate and all of that. IMO You can still run that way. I stopped because I started accumulating computers and started building a network. I acquired a NAS and that has stuff (~3tb) on it I want to keep. It stopped being reasonable to run completely naked all the time. The time it would take for me to recover from the ground up is no longer a non issue.
Did you have to run a baseline scan for a few days/week to get a profile created to avoid false positives? If not, it's not behavior based. I'm doubtful since behavior based stuff its pretty expensive.
It does not say if it is doing one. I didnt bother to check myself. What I can tell you is that it did produce a few false positives on my system (five finger discount activators). I'm basing this on what they are claiming themselves here.
I have a theory on why they give it away for home use for free. Home is the beta test. Home is the front line. Its the same endpoint protection as what they use in corporate land but tweaked to phone home with weird shit they might find so they can then better protect their real money makers...the buisness clients.
You're absolutely right that its pretty expensive. At my work we switched from AVG business to CylancePROTECT (We almost went Sophos) which was about 2.5x more per endpoint. Havent had to fix anyones machine since though.
Yeah we purchased our license for Sentinel One this week @ ~40 dollar per license (when you add up and divide the amount of licenses for servers and workstations combined). That's well off normal price since we bought a large bulk of licenses for a 3 year period. The base price per license for 1 year is 146 bucks or 1 endpoint. It's pretty insane. We're moving from a solution that was ~35 dollar per license (just licenses, not server costs which are ~15k per software type) but it did FDE, signature based malware/virus, USB encryption, forensics logging, and a couple of other things. That software was hell though.
OK, so rather than get into it with each other here and have the thread devolve into senseless name calling, I'm going to apologize for being an ass previously. I didnt have my coffee yet and I am now less grouchy.
In what way do you think the testing is incomplete? Do you think that all independent testing labs are doing incomplete tests?
In the above example, like all testing labs, they publish their methodology here. Perhaps you can elaborate on what specifically is incomplete about it?
I personally use Avira, Malwarebytes and Spybot S&D.
Other good free anti virus solutions.
Bitdefender free.
Panda free.
AVG and Avast have been decent in the past. But now days they are a bit shady imo. Especially AVG, who has admitted collecting and selling personal user data for marketing purpose.
I leave windows defender on mainly as it doesn't really do much anyway so I see no need to remove it.
I mostly use my own wits to avoid shady places, and if I do go, I have both adblock and ghostery, those kill most malicious ads that might infect my PC.
And finally I scan my PC with Malwarebytes about once a week, and I find it works super well. It is what I used to protect my old company I was the IT Manager of, of course that was an enterprise version.
There have been a few discussions about Avast on the forum in the past. Some people seem to have issues with it. Seems like Avast has add a feuture in 2015 that remotely scans people´s modems / router from a remote server. But i´m not sure if they are still doing this today or not.
Not sure if this is still a relevent issue with avast @Zumps ? Or that something else was causing your particular problem back then.
I don't have a real-time AV. I do have Comodo Firewall. I have no idea if it does its job, but I have heard it's far from perfect.
As for on-demand scanners (not to be confused with real-time antivirus protection) I have tried Malwarebytes but it bugged out on me for some reason, now I have ClamAV installed (just for testing) and Emsisoft Emergency Kit which I run every now and then just to ease my mind.
Hi @MisteryAngel and thread. To my knowledge it was entirely Avast that scanned and attempted a mild brute force on our router a couple of times per day. This is a feature carried out by the client machine, and not a remote server, at least not to my knowledge. Maybe @Th3Z0ne knows for sure? It is supposedly there to let people know if they have "bad passwords" i.e easy or default passwords. This is a feature that you can disable if you so wish. To us it brought a lot of confusion and worry before members of this forum were able to pinpoint the source. Some folks in the original thread(s) actually thought of it as a security risk, as Avast would then do the "dirty work", and a nefarious program would be able to just snoop on the activity between Avast -a purportedly legitimate actor, and the network. I am not technically inclined to have a stance on this. We disabled the functionality on the clients that used Avast, as one could say it is redundant when it has already run a long time, and we conscientiously have made an effort to make good and strong passwords on our networked devices. I do not know if it tests anything but the router, it did not seem like it, as we had a linux server that did not report any login attempts by the client.
Tried bitdefender, but it would not play nice with my surface pro. Also removed bitdefender on my desktop because they suddenly made account creation mandatory and I didn't want one. As a result I got a popup every minute which could not be disabled.
Tried one of the free programs once (avast I believe) but that one gave shitloads of false positives.
The firewall function is the main reason for me to go with a 3rd party suite, as it can also block windows features. I remember putting bitdefender in paranoid mode and getting lots of notifications while not doing a thing on the computer, all windows "telemetry"
From the information I got about the network traffic - and the information about avast and its functions - I am quite certain to conclude it was Avast that kept probing the default gateway for know and easily exploited (e.g. through javascript in a users browser session) default credentials in a variety of wide spread (shit?) SoHo consumer router devices. It wasn't even brute force as from what I read they only were trying the most rudimentary passwords that manufacturers deliver their s(hit)tuff.
I can understand Avast for actually doing that, as a while ago a whole lot of SoHo routers were enlisted in a botnet doing both ddos, spam and DNS hijacking operations to gain their masters money.
The biggest and most scaring fact is how many awfull and often long time unpatched CVEs there are in AV software - AV software by itself is acting like a virus to enable it to stay on the system - driver hooks, rootkits, highjacking of dlls and executables - all stuff that both AV and V do the same to stay ^^
Most recent malware often enough does not write files anymore but stays in memory completely after infection (thus making the file based detection even harder)
From many analyses of AV software - many reputable - researchers conclude that A) AV is snake oil and B) M$ actually by now knows how to security and that its own AV actually is good enough for finding known threats and no one can realy safeguard against the unknown.
Patch - patch - patch is probably the best AV - oh and burn IE and Edge in the flames of hell XD
(as to resources about my claims - I do not have them at hand, and most of them are German language; but googling should bring up a view in English as well)
I have to concede that signature based is awful at it but I dont think behavior based is as bad as you might think.
I have to disagree. I did google around a bit but couldnt find anything recent. Could you link your findings? Even if they are in Deutsch.
In the past I was of the belief that because you still had a chance to get infected anyway there was no point in slowing your computer down with the overhead of a piece of software to do what I was pretty good at doing myself...and that was not getting infected in the first place. I also came to the conclusion that if I did get infected it was faster to just reinstall windows than it was to try to clean the system.
When you look at some of the defcon presentations it becomes clear that attack surfaces have changed from the simple email attachment that were from questionable senders you've never seen before. Now theres malware that knows its being run in a VM and able to elevate privileges on the host. Theres people leveraging embedded devices like TVs to gain persistence.
I agree that just by running an AV you could potentially open yourself up to exploitation. Anyone who has played around with metasploit at all knows this so I cant argue with that. I dont agree that every company is leaving unpatched CVEs on the table. It's in their best interest to not do that as it could end up hurting their reputation and costing everyone their job.