Aces High Bulletin Board
General Forums => The O' Club => Topic started by: Morpheus on December 24, 2017, 10:41:23 AM
-
OK dudes My question to you is simple. Which anti virus program is the best of the best. I have been using Bitdefender but its limited on usability because it is so tight that its just not useable of what you can or can't do cuts me down to limits that I do not accept the second to non high protection... So I am out for a search of the best anti-virus program out there. PS I consider that both anorton and AVG to be for the babies who don't give a SHI- about their machines. So please don't offer your know poor advice in recommending those to POS programs. They just don't offer enough protection across the threat board. IE. viruses and does it have a firewall ect.
-
You might take a look at this site:
https://www.av-comparatives.org/
-
I like Avast best.
It rates well and is low hassle (less hassle than many others I've used over the years, including Bitdefender, AVG, and Trend).
-
I use Avast and run Malwarebytes at least every other day.
-
Or, as an alternative, keeps windows security updated, pay attention to the sites you visit as well as the typical file sizes of file types before you download them. And installing anti-malware is the same as installing malware. Save yourself some money and use good SA when computing.
Sent from my iPhone using Tapatalk
-
PREVENTION is always the best way.
-
The ones I do not care for as they have (it will depend on the version of the game) interfered with the game (sometimes really badly), and in no particular order.
Kaspersky, Avast/AVG (same anti-xxxx engine since Avast bought AVG), McAfee, and Norton.
The ones I see being promoted, on many WEB sites, also happen to have paid advertising by those same companies. So, take that for what it is worth.
I have no recommendations as I find they all interfere with normal computer operations in one way or another.
-
You might take a look at this site:
https://www.av-comparatives.org/
I use Avira. Its free and according to this site rates very well. I have only had it hit once or twice over the years but it did catch the little nasty. Good browsing habits is the best preventor, but I like Avira for a back-up.
-
Using add-ons like "no script" to your browser works just as fine, especially if you dont click on all the funny links you gets from random friends on messenger..
-
Common sense :)
-
Add block works wonders as well
Sent from my iPhone using Tapatalk
-
You really need next gen AV - something like Sentinel One or Cylance. I believe Web Root and Trend offer this in their consumer versions. Anything not next gen is going to offer little protection.
So why do you need NGAV?
Traditionally AV for consumer is signature based. To derive a signature we need to know about the virus first. So there is time gap between when a virus is released to when we know about it to when a signature is finally deployed. During that time gap you are exposed.
I used to work for a security vendor who has a firewall based AV solution that works as follows:
- a file comes
- if that file is of interest (eg .exe / pdf / java / word doc and so on) it is scanned by a traditional signature based AV engine. If a virus is detected the file is blocked.
- if no virus is matched the file is then checked against a global cache to see if it has recently been detected as malicious by the steps that follow (on other firewalls that day)
- the file is then passed through an aggregation engine with ~ 60 antivirus scanners (signature based, similar to virustotal.com ). If it is malicious it is blocked
- if no virus is matched the file is then passed onto 3 sandbox engines. These each run the file up in sort of virtual environments (one of them is the Lastline engine). If the file is deemed malicious then it can be blocked. These sandbox engines give you full reports on what the file does, some even give you screenshots and packet captures.
The stats from the system are:
- 0.14% of submitted files are malicious
- on average 16000 unique malicious files are detected by the sandbox engines per month.
So... those 16000 files made it past the ~60 antivirus scanners, in one month. That is the bit that should scare you.
What is NGAV? Instead of relying on signatures it uses AI/Cloud intelligence/behavioral analysis. It can usually run in conjunction with a traditional signature based AV engine - like Microsofts - to give you best cover (signature based is great for clearing out the older riff raff).
-
Windows Defender is enough for me.
I do not need additional intrusive bloatware bogging down my system.
I do run Malwarebytes once a month (the free version).
Coogan
-
Common sense :)
I don't go to any sketchy sites on my main PC....common sense is the key.
-
Windows Defender is enough for me.
I do not need additional intrusive bloatware bogging down my system.
I do run Malwarebytes once a month (the free version).
Coogan
In my experience the NGAV has less CPU load - Windows Defender is absolutely crap for detecting new stuff - it can be months behind and has been used as an attack vector.
-
I don't go to any sketchy sites on my main PC....common sense is the key.
that doesn't work.
-
In my experience the NGAV has less CPU load - Windows Defender is absolutely crap for detecting new stuff - it can be months behind and has been used as an attack vector.
Months? My Windows Defender is updated daily.
Coogan
-
Months? My Windows Defender is updated daily.
Coogan
It takes MONTHS for it to get signatures that recognize the latest malware.
-
I fully agree with Vulcan, it's a wild world out there. Similar statistics are used for marketing anti-virus programs.
However, there's some points I consider as scaling issues. I'm not an expert, though, so take my comments with a grain of salt. Or a spoonful.
---
- a file comes
- if that file is of interest (eg .exe / pdf / java / word doc and so on) it is scanned by a traditional signature based AV engine. ---
---16000 files made it past the ~60 antivirus scanners, in one month. That is the bit that should scare you.---
So, if the computer user never gets any files from suspicious sources? Downloading any .exe from some warez site or opening e-mail attachments from unknown senders already counts as deliberately searching for trouble. People who use the computer for banking and reading leading newspapers. Who get a handful of e-mails a month from close friends and relatives only... Downloading AcesHighIII.exe from HitechCreations.com should also be safe. What is the likelihood to hit one of the 16000 monthly scary files?
I run a one man business and my official e-mail address can be read on my website. The authorities also legally sell addresses to almost anyone asking for them. Still I don't see too many files "coming". Some spam, yes. Marketing messages for office furniture and services, yes. Occasional phishing messages, yes. Occasional Nigerian scams, yes. Attachments from unknown senders, no.
So I'm asking, where would the harmful files "come" from if the user uses common sense in downloading anything and verifies the e-mails at least before executing any attachments?
-
That's not the way it works. Plenty of sites and applications get compromised, as do your friends and clients. All it takes is one of them to send you a word document with a new attack and you're away.
Those 16000 scary files are the ones the bad guys are pushing around. So the chances someone will see them is surprisingly high. I get engaged with a lot of clients AFTER they have been hit.
The bad guys are making a lot of $$$$ - and don't write these statistics off as marketing. They are raw data from a live engine from live customer sites around the world. There is no massaging.
We also see other nefarious things happening that are quite left field. For example there was a builder here in NZ whose PC got infected, the bad guys hijacked his email and changed the back account number on his invoices he was sending out for milestone payments. They got away with $150k before he figured out what was going on.
If you were seeking my professional advise, I would rate your chances of coming across such malware 50/50. You need to decide is there anything on your PC/gmail account/etc that could cause you financial grief if you lose control of it, then you need to decide if your data is sufficiently backed you could survive wiping your PC. From that you make your decision based on risk vs $$$$.
If you then said OK do something I would say:
- invest in good AV (I'm not affiliated with any AV company btw :) )
- invest in good backup
- make sure you use two factor authentication on any banking / financial systems
-
Thanks, Vulcan. It appears my wording wasn't quite as accurate as I'd wish.
By using the word "marketing" I was just referring to the anti-virus advertising. They use statistics or numbers looking like that. I fully agree that the bad guys are after big money and since they continue doing their dirty deeds they must be successful.
Although there really is a lot and more malware out there, 50/50 sounds quite a lot. In my understanding that means that every second website and every second e-mail would be compromised. Or, as my brother-in-law answered in a math test, the odds of winning the jackpot are 50/50: You either win it or you don't. We both know you don't mean that.
The risk analysis idea is good and everyone using a computer should pay attention to it. In my case there's nothing critical inside. Yet a backup will save from lots of work.
Here in Finland banking has always been two-factor authenticated, mostly with a list of changing passcodes along with the traditional combination of an ID and a passcode. In the era of smart phones the list can be an app in the phone. In any case, the bad guy has to get access to the random codes before being able to do banking with a stolen identity.
-
I use Webroot - recommended here by others. I have tried them all and everyone of them have failed me at least once or twice. Avast, AVwhatever Defender Kasperghost etc. all have failed when a good virus/Trojan kit invaded my computer. I have Webroot for a couple months now. Time will tell.
-
Although there really is a lot and more malware out there, 50/50 sounds quite a lot. In my understanding that means that every second website and every second e-mail would be compromised. Or, as my brother-in-law answered in a math test, the odds of winning the jackpot are 50/50: You either win it or you don't. We both know you don't mean that.
No I mean't on a per month basis the chances of you being exposed to a single new malware variant are 50/50.
-
It’s pretty darn simple to protect your machine from malicious attacks. You just to be vigilant, monitor your system and networks. Spend some time learning about the tech you own.
Once I completed my IT certs (A+, Net+, Sec+, MS Windows server admin and a few more) I stopped paying for antivirus, malware and anti spyware programs. They really are not needed if you pay attention to your network and devices. It takes just a few minute to monitor your environment and to make adjustments if needed.
Sent from my iPhone using Tapatalk
-
It’s pretty darn simple to protect your machine from malicious attacks. You just to be vigilant, monitor your system and networks. Spend some time learning about the tech you own.
Once I completed my IT certs (A+, Net+, Sec+, MS Windows server admin and a few more) I stopped paying for antivirus, malware and anti spyware programs. They really are not needed if you pay attention to your network and devices. It takes just a few minute to monitor your environment and to make adjustments if needed.
Sent from my iPhone using Tapatalk
Agreed. :cheers:
Coogan
-
It’s pretty darn simple to protect your machine from malicious attacks. You just to be vigilant, monitor your system and networks. Spend some time learning about the tech you own.
Once I completed my IT certs (A+, Net+, Sec+, MS Windows server admin and a few more) I stopped paying for antivirus, malware and anti spyware programs. They really are not needed if you pay attention to your network and devices. It takes just a few minute to monitor your environment and to make adjustments if needed.
Sent from my iPhone using Tapatalk
You just gave the worst advice ever. Tell me how would you deal with a malicious PNG?
-
Scary files :rofl
The bloke who wrote that needs to get out for a bit.
If you do internet banking and Mr John Mubala III from Nigeria steals your coin and buys another wife it’s Darwin’s theory of evolution in practice.
Its a age scene, anyone under 50 is caught in the culture of living their lives on the Internet, if I get IT problems the only outcome is the AH community have game play for a couple of weeks without me writing gibberish on here and on the text buffer in game.
Scary files, you should have seen my bathroom over the festive period, that was scarey :rofl
-
You just gave the worst advice ever. Tell me how would you deal with a malicious PNG?
Well common sense kicks in with all file types as they, for the most part, have there own typical file size depending on the size original file and if you were expecting a file from a friend than it should be no issue at all. Also anyone that has auto read turned on in any email program that they may use deserves what they get as that is the most insecure method of checking your email. So it boils down knowing what is going on in your IT environment. I get it dude, got to get those sale numbers up but in reality simply paying attention to what you are doing is the best proactive method out there and being able to react to a threat is just as valuable.
Working IT contracting for the government has taught me a lot about personal accountability with safe, responsible and productive computing.
Sent from my iPhone using Tapatalk
-
You just gave the worst advice ever. Tell me how would you deal with a malicious PNG?
It depends on how the code is embedded. If it is the old double extension trick, then just enabling the ability to see the extensions in Windows will reveal that. If it using steganography, then you are not going to just stop that download, but that also requires an external program (malware/virus) to extract and build the final code from the image.
Stopping that malware/virus from ever getting there is pretty straight forward, but it also means giving up a lot of the default features of Windows. Example: Remove Java, Flash, and disable javascript, and activeX controls as a start. Disable all auto-downloads of everything.
Not to make it sound so trivial, as it is not. There are applications, such as Intuit's software, which require you to open your security up and expose your computer to every bad thing there is. Solution: Avoid those programs.
Then there are bank sites which also require you to drop all your security before they will work. I do not do business with those banks. They are all set to be hacked.
It takes more than just common sense to protect your computer from the bad stuff out there.
One last thing to consider. The more a system tries to do things for you, the more likely it will be hacked/infected. Most people need anti-xxxx software because most people are not willing to give up the flashy/sparkly stuff. Here is a test.
If you go to Youtube and the videos play without you having to do anything, then your computer is open to all manner of bad things. Get an anti-xxxx program,....quick.
-
Same rules apply to auto update features that come packed with most software, disable it and check the vendors website before downloading it and if at all possible give the update a few days before downloading and installing to allow time for the bugs and/or malicious code (if any exist) to be rooted out and corrected/removed.
Sent from my iPhone using Tapatalk
-
Well common sense kicks in with all file types as they, for the most part, have there own typical file size depending on the size original file and if you were expecting a file from a friend than it should be no issue at all. Also anyone that has auto read turned on in any email program that they may use deserves what they get as that is the most insecure method of checking your email. So it boils down knowing what is going on in your IT environment. I get it dude, got to get those sale numbers up but in reality simply paying attention to what you are doing is the best proactive method out there and being able to react to a threat is just as valuable.
Working IT contracting for the government has taught me a lot about personal accountability with safe, responsible and productive computing.
Sent from my iPhone using Tapatalk
You simply don't get it. A PNG crafted in a particular way can download a dropper which then starts to bring more stuff in. And yes this sort of stuff exists. This is what the bad guys do, they find a crack and they slip in that way. Sometimes that crack is not closed for months. And I really don't get the file size relevance or expecting a file from a friend?
And what do you mean auto-read? And how the heck would it be an insecure way of checking your email?
Sales numbers? I don't need sales numbers - you may think you know what you are talking about here but you are very far from the truth. I've done contract work for the government as well...
-
We will just have to agree to disagree on this subject.
Sent from my iPhone using Tapatalk
-
It depends on how the code is embedded. If it is the old double extension trick, then just enabling the ability to see the extensions in Windows will reveal that. If it using steganography, then you are not going to just stop that download, but that also requires an external program (malware/virus) to extract and build the final code from the image.
The PNG used an exploit against the rendering library which then allowed it to pull in and execute dropper file.
-
It depends on how the code is embedded. If it is the old double extension trick, then just enabling the ability to see the extensions in Windows will reveal that. If it using steganography, then you are not going to just stop that download, but that also requires an external program (malware/virus) to extract and build the final code from the image.
I have mine set to 'show extensions for known file types'. Haven't had a problem.
Coogan
-
And what do you mean auto-read? And how the heck would it be an insecure way of checking your email?
That one is something I somewhat do understand. Preview is the right term, I suppose. In the days of Outlook Express all content was shown in the preview which could trigger a virus.
Current e-mail clients as well as webmails tend to block showing html content or images without asking so security has improved at that point. Attachments have always had to be executed by the reader so they've been relatively safe - although a great deal of readers aren't alert or savvy enough not to click before checking. Also the ISP's and other mailbox providers have their own filters which protect at least private users quite well. At least that's how it's here, can't tell about other countries apart from Gmail or Outlook/Live/Hotmail/whatevertheynowcallit.
Again, these are just my thoughts based on what I see. Malware cleaning has become more and more rare in my business during these 13 years in the business. Then again, the cases have become tougher.
-
That one is something I somewhat do understand. Preview is the right term, I suppose. In the days of Outlook Express all content was shown in the preview which could trigger a virus.
Current e-mail clients as well as webmails tend to block showing html content or images without asking so security has improved at that point. Attachments have always had to be executed by the reader so they've been relatively safe - although a great deal of readers aren't alert or savvy enough not to click before checking. Also the ISP's and other mailbox providers have their own filters which protect at least private users quite well. At least that's how it's here, can't tell about other countries apart from Gmail or Outlook/Live/Hotmail/whatevertheynowcallit.
Again, these are just my thoughts based on what I see. Malware cleaning has become more and more rare in my business during these 13 years in the business. Then again, the cases have become tougher.
I knew what term he mean't I was highlighting a point ;)
That said even though you turn off preview most email clients will pre-render the email or pre-load the images (even if you have this turned off). I witnessed this first hand when I was testing Cylance (last year). An email came into my inbox, I wasn't actually doing anything on that PC and was working on another PC when Cylance started going nuts. Outlook had all the usual security settings (turned off rendering of images etc). Turned out it was a corrupt PNG and deep down outlook/windows image libraries were being exploited without even opening or previewing the email.
The first problem people just don't get is the gap in time it takes for a traditional AV program to get signatures which recognize new threats. When I was doing testing AV apps like Windows Defender and even McAfee took weeks to months before they recognized the malware samples I had.
The next problem people do not understand is the attack surface. This "oh I run noscript or turn off stuff in my browser" horse**** - bad guys don't care - your browser is the target. For example look at Chromes CVEs for 2017 : https://www.cvedetails.com/product/15031/Google-Chrome.html?vendor_id=1224 <- in 2017 there are 153 vulnerabilities for Chrome alone. Safari had a 172, and MS Edge had 201 - those Firefox looks pretty clean with just 1 that year.
If you then run plugins within your browser such as flash you are further exposed.
So my experiences in 2016 where a "holy crap" moment when the penny dropped that old school AV didn't cut it any more AND the bad guys had figured out some very silent ways of infecting PCs. We saw more of that with the likes of Wannacry and it's use of EternalBlue.
At the end of 2017 we're seeing a new interesting trend in cryptomining-malware that doesn't do anything like encrypt your files, it just sucks up CPU cycles mining for bitcoin.
I often see sites where people have no 3rd party security as compromised and often enabling the bad guys (ie servers are compromised). These people often wonder why they get blacklisted.
-
The link you provided some good information about browser vulnerability. However there's one thing missing, or I just couldn't find it: How fast the issues get fixed.
In 2009 when IE was the mainstream browser and Firefox the rising challenger the numbers were 32 for IE vs 129 for Firefox. Those numbers look familiar compared to a memory I have about reading a small article on the subject back then. The time to fix said vulnerabilities was hours to days by Mozilla compared to months by Microsoft. So the amount doesn't tell the whole truth. It would be nice to know the recent history of rapidity.
The issue you had with the corrupted PNG using Outlook is scary. It also raises a question: If your e-mail is restricted to friends and family only and their e-mailing is equally restricted, wouldn't the risk of such an attack be next to nothing? That's the situation for a great deal of my customers, aged 50+. I wouldn't like to be the boy shouting "Wolf, wolf" just because they exist, neither do I want to make them trust into false security. Complicated, isn't it? What's the Internet security level of your parents/grandparents?
-
I have been telling people, for years, never use Outlook. It is one of several programs I have blacklisted.
Any program not using the standard C library functions for any file I/O is suspect. Anything using .NET or written in VB (Visual Basic) and using file I/O is a potential problem.
-
I would hope that in a business setting, one that has IT sec personnel, Outlook and other like programs are set to display plain text only. The individuals that use these robust programs need to educate themselves on how to configure their environment to prevent the types of attacks you describe, also, for any action to be taken on an unopened email points me to a process that is open in the background accessing the unopened email or was waiting perhaps for that specific email as a trigger. A file such as a PNG requires an action/trigger to initiate so it is completely plausible that something was already lurking in the system prior to the email showing up. I am interested in the complete story (start to finish process).
Sent from my iPhone using Tapatalk
-
I would hope that in a business setting, one that has IT sec personnel, Outlook and other like programs are set to display plain text only. The individuals that use these robust programs need to educate themselves on how to configure their environment to prevent the types of attacks you describe, also, for any action to be taken on an unopened email points me to a process that is open in the background accessing the unopened email or was waiting perhaps for that specific email as a trigger. A file such as a PNG requires an action/trigger to initiate so it is completely plausible that something was already lurking in the system prior to the email showing up. I am interested in the complete story (start to finish process).
Outlook pre-renders images when it arrives in your inbox without opening the email or having the reading pane on. The file was not lurking in the system.
I work in IT Security with a specialisation in firewalls and network security, I've worked in IT for over 30 years.
-
Outlook pre-renders images when it arrives in your inbox without opening the email or having the reading pane on. The file was not lurking in the system.
I work in IT Security with a specialization in firewalls and network security, I've worked in IT for over 30 years.
Coogan :police:
-
Outlook, has been set up to not render images. So, why would they render when you receive a new message? All Outlook is doing is scanning for file type and acting based on that. Again why would Outlook pre-render the potentially dangerous item but not allow it to be shown in an email body after it already accessed the file? And depending on the protocol they are using, if anything, that file would have to get through their web-servers protocols. Explain the process, it’s ok, I don’t mind being wrong but everything you have stated thus far is contrary to Outlooks design.
Sent from my iPhone using Tapatalk
-
Outlook, has been set up to not render images.
Says who?
-
Why on earth would a program render something it is trying block?
Sent from my iPhone using Tapatalk
-
Why on earth would a program render something it is trying block?
Sent from my iPhone using Tapatalk
You're not making any sense?
-
As of Outlook 2007, MS ditched IE as its rendering engine to prevent the pre-loading of images, files and code that could be harmful to the end-users system. So, why would Outlook pre-load attachments in word that posed the same security risks as IE. That's kind of counter productive.
I may be misunderstanding you but what I gather is this:
New email delivered to inbox, Outlook pre-loaded the corrupt PNG, havoc ensued and you fixed it. Is that the basic flow of the situation? If that is the basic flow, depending on the version of Outlook you were using, it logically can't happen, unless you were using an older version of Outlook with IE as its render Engine.
There is a chance that we are also in the same book but on different pages, which quite possible with these topics.
Cheers,
Dave
-
New email delivered to inbox, Outlook pre-loaded the corrupt PNG, havoc ensued and you fixed it. Is that the basic flow of the situation? If that is the basic flow, depending on the version of Outlook you were using, it logically can't happen, unless you were using an older version of Outlook with IE as its render Engine.
There is a chance that we are also in the same book but on different pages, which quite possible with these topics.
Cheers,
Dave
Havoc didn't ensue as the PC I was running it on was for testing Cylance, which shut down the malware. You are confusing displaying an image versus opening the image and rendering it ready for display. This was on Outlook 2016.
I don't really need any advice, I know what happened. If you don't believe it and think you can get by without such security protections that's fine by me. I'm just saying telling other people to do so is not good.
-
That image only gets copied with original email to the inbox and is never pre-loaded as that goes against basic security protocols. Sorry but that’s just the way it is.
Sent from my iPhone using Tapatalk
-
That image only gets copied with original email to the inbox and is never pre-loaded as that goes against basic security protocols. Sorry but that’s just the way it is.
Sent from my iPhone using Tapatalk
Sorry but you are wrong. Maybe your are getting confused with embedded attachments versus links.
I've seen it in action, and submitted it to our research team who then released signatures for said malformed PNG (if you google around you will see there have been a few PNG based attacks over the years).
-
No, not confused, we will just have to agree to disagree on this.
Sent from my iPhone using Tapatalk
-
You really need next gen AV - something like Sentinel One or Cylance. I believe Web Root and Trend offer this in their consumer versions. Anything not next gen is going to offer little protection.
I tried Trend once and didn't like it.
Web Root looks interesting, but they aren't listed in AV Comparatives. I'd like to see them tested by some org folks are familiar with, though -- I can't go just on what their web page says (which is very little).
-
I tried Trend once and didn't like it.
Web Root looks interesting, but they aren't listed in AV Comparatives. I'd like to see them tested by some org folks are familiar with, though -- I can't go just on what their web page says (which is very little).
None of the Next Gen AV platforms are, AVC seem to be avoiding them (eg Cyclance, Sentinel One, Carbon Black etc).
-
Some of them they probably can't do -- some are not usable at all by home users (or even any small business without an IT department to administer it).
They do cover Trend Micro.
Web Root has a home version. I wish that would be on there.
-
I think Webroot has a free trial. I might give it a spin soon, my malwarebytes freebies have expired :devil
-
I'm running AVAST and paid for the full version. Now the system seems to be slowed down and I get reboot messages on start up every one in a while.
-
The full Avast as well as many other paid flagship anti-virus programs are bloatware, IMO.
-
I don't know what the paid Avast is like these days, but I like the free Avast just fine.
-
I don't know what the paid Avast is like these days, but I like the free Avast just fine.
It does its job within the limitations of being signature based. However, there's some things I'd recommend everyone using it to do. First, do a custom install. This can be done afterwards, too, through Windows Programs and Features or whatever they now call it. So: In the Modify screen, start by choosing "Minimum protection". File, Behaviour and Web Shields are the ones you need, Mail shield too if you use an e-mail client program instead of webmail. Browser security extension sounds like a good idea, too, and the Browser Cleanup tool can help to get rid of unwanted add-ons. Wi-Fi inspector if you use Wi-Fi, maybe. Game Mode for not getting intrusive pop-ups during AH. Doing that prevents Avast from informing that you have this and that wrong with your computer, suggesting you buy another feature. Adding to that putting your favourite games into the Exclusion lists can help. Notice that you'll have to check these after every major version update!