How much Antivirus Software is enough?

Topic

New Reply

[Kathy Stevens]

We recently ran into several problems while using a Security Suite and a VPN package at the same time.  In sort, the VPN was slowing the transfer of data files during the backup process. And the security suite was slowing internet traffic flows while using the VPN and other stand alone computer problems.

At this point we have uninstalled the problematic security suite and turn off the VPN when we are moving large numbers of data files between drives.  And all is well.

So, as we move to a time when we will have to renew the licenses for the security suite and VPN, the question is what is the optimum configuration for our PCs, etc.

In summary, our options include:

• Microsoft Defender alone;
• Microsoft Defender plus a free Anti-Malware Program such as
  • Avast Free Antivirus,
  • AVG Antivirus FREE, or
  • Avira Free Security Suite;
• Microsoft Defender plus a Security Suite such as:
  • Bitdefender Internet Security,
  • G Data Internet Security,
  • AVG Internet Security,
  • ESET Internet Security,
  • Avira Antivirus Pro, or
  • Norton 360 Deluxe;
• Microsoft Defender plus an Anti-Malware Program/Security Suite, and a VPN such as:
  • Proton VPN,
  • NordVPN,
  • Surfshark VPN,
  • TunnelBear VPN,
  • CyberGhost VPN, or
  • Express VPN.

The reason why VPN applications are included in the list is that, in addition to creating an encrypted connection (a “tunnel”) between our devices and a remote server operated by the VPN service, some providers include:

• Malware Protection,
• Blocking web trackers,
• Ad blocking,
• Dark Web Monitoring,
• Etc.

So, what is the best security configuration?

• This topic was modified 1 year, 6 months ago by Kathy Stevens.

Reply | Quote

Replies

I would not recommend running two anti-virus packages (such as MS Defender and ESET) at the same time. We are told they are liable to get in each other’s way. Choose one or the other, but not both.

There are plenty of supplementary security programs that you can safely install in addition to your AV. Some of these you can find in the first link in my signature below. They include “on-demand” second-opinion scanners that are active only when you specifically launch them, as well as resident programs that provide security features that AV software tends to go light on: examples of the latter are HitmanPro.Alert, BlackFog Privacy, and VoodooShield (recently renamed Cyberlock).

Good luck with whatever you choose.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

Myst, Kathy Stevens

Reply | Quote

Cybertooth

I will try turning off Windows Defender and enabling ESET and see if it makes a difference.

Reply | Quote

We run a paid security suite that includes a VPN. So, any slowdown would be the sole responsibility of the security suite. Running two security suites at the same time is not recommended.

I don’t recommend Windows Defender because of performance and flexibility reasons.

Since the security suite has its own update mechanisms, we can completely keep Windows Update turned off, except for the monthly AskWoody green light. The security suite updates daily on average but we don’t notice unless a rare reboot or logoff is needed.

The security suite includes a reputation database for executables, which I double check for any Windows executables I download.

Also, the security suite has plugin’s for browsers and Outlook. Bad web sites are blocked and bad attachments are automatically quarantined. We have not had a successful infection yet. Infections are detected in real-time. The file system and the network stack are hooked with device drivers.

We never have to run a manual scan. Periodic scans are automated and run when the computer is not busy. We don’t have any performance issues with our security suite.

YMMV.

Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.

1 user thanked author for this post.

Kathy Stevens

Reply | Quote

We have completed reinstalling eset Smart Security.

How do you disable all components of Windows Security (Defender)?

Reply | Quote

Windows Defender takes a back seat if Windows detects that you have installed third-party security software. However, I doubt that it disables itself completely, as you can still use WD to run a periodic automatic scan if you have somebody else’s AV installed.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

windbg, Kathy Stevens

Reply | Quote

So this remote server is only a backup server?

 

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

The best security configuration is software restriction policies, geo fencing, multifactor for all remote access, non administrator use, browser isolation, etc etc.

I would not recommend multiple security software.  Most attacks these days use “living off the land” and use native parts of code on the OS to do their damage.

The CSI provides detailed mitigations to protect against login credential phishing and malware-based phishing, as well as steps for identifying and remediating successful phishing activity. It lists more than a dozen best practices for IT professionals to follow to avoid their organization being compromised, including phishing-resistant multi-factor authentication (MFA), phishing filters for links and attachments, protective DNS, application allow-lists, and remote browser isolation.

How to Protect Against Evolving Phishing Attacks > National Security Agency/Central Security Service > Press Release View (nsa.gov)

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

windbg, Kathy Stevens

Reply | Quote

Coming back to the original question of this thread, what is the best security configuration for our devices?  Perhaps the question was poorly phrased.

The question should have been assuming that we have already implemented policies designed to ensure multiple layers of defense including but not limited to; software restriction policies, geo fencing, multi-factor for all remote access, non-administrator use, and browser isolation, should we also install an Anti-Malware Program/Security Suite software on each of our PCs.  Or is Windows Security sufficient?

Reply | Quote

I think that Microsoft Defender for Endpoint and an A/V like Malwarebytes on-demand for 2ed opinion is enough.

Keep you OS, Routers, browsers.. updated.

2 users thanked author for this post.

Kathy Stevens, Fred

Reply | Quote

[Fred]

Alex5723 wrote:

I think that Microsoft Defender for Endpoint and an A/V like Malwarebytes on-demand for 2ed opinion is enough.

Keep you OS, Routers, browsers.. updated.

To complete, combine this with Tinywall firewall

https://tinywall.pados.hu/

.

* _ ... _ *

• This reply was modified 1 year, 6 months ago by Fred.

2 users thanked author for this post.

Kathy Stevens, Alex5723

Reply | Quote

Alex5723 wrote:

Microsoft Defender for Endpoint

… for $3 – $5 per user per month?

(Just clarifying that you’re recommending a paid, not free, version.)

1 user thanked author for this post.

Kathy Stevens

Reply | Quote

Microsoft defender for endpoint not just Microsoft defender.

And then what are you backing up as VPN may not be the way to go and there are other encrypted ways to move/sync files in a secure manner.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Kathy Stevens

Reply | Quote

We do not use our VPN for backups.

All backups are to local drives using Acronis True Image for Western Digital and Microsoft File Explorer.

What we have found is that while the VPN is open data file transfer rate to an external drive is slowed to a crawl.

Reply | Quote

For our cloud solution, we find the slowdown is with the cloud vendor. Our ISP and clients are faster than the cloud server. We don’t use a VPN with our cloud vendor, as the link is encrypted by the cloud vendor in transit.

We typically don’t run an outgoing VPN from our internal network, as our outgoing web traffic is already encrypted with HTTPS. But when traveling and connected to networks we don’t control, we use a VPN.

You can’t [extra] encrypt all the way to the destination with a commercial VPN service anyway. You want end-to-end encryption. So having your own internal VPN server for employees to tunnel into your firewalled internal network has appeal. Requiring employees to use a private enterprise VPN to tunnel into corporate networks is a great use case.

Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.

Reply | Quote

b wrote:

Alex5723 wrote:

Microsoft Defender for Endpoint

… for $3 – $5 per user per month?

(Just clarifying that you’re recommending a paid, not free, version.)

Good security cost money.

Reply | Quote

Alex5723 wrote:

b wrote:

Alex5723 wrote:

Microsoft Defender for Endpoint

… for $3 – $5 per user per month?

(Just clarifying that you’re recommending a paid, not free, version.)

Good security cost money.

how much of the vulnerabilities is caused by microsoft themselves?

* _ ... _ *

Reply | Quote

In Windows? All of them. Elsewhere, not much.

1 user thanked author for this post.

Alex5723

Reply | Quote

Another nice security product, especially if a business has only one site and most employees are on site, is a smart hardware firewall that covers the primary internet, instead of a more basic router.  This looks like a good overview of some options https://www.trustradius.com/buyer-blog/best-firewall-for-small-business

The reason these products are good is that although an expert IT employee who properly configures a router, sets alerts, and checks logs often can get good security from a standard router, that level of expertise and effort is expensive.  Many businesses have some of their most important data on non Windows servers, NAS, or left behind on internet accessible printers.  A deluxe hardware firewall also can add protection for these devices, so a monthly fee may be worth it.

1 user thanked author for this post.

Kathy Stevens

Reply | Quote

Hello Kathy and company,

Last month I brought a brand new workstation on-line. We’ve been using Bitdefender for several years and we’ve been very happy with it. The single difference I made on this workstation was that I enabled Windows Defender.

Then Bitdefender’s UI on the machine began having *many* problems;  The settings of its antispam, antivirus and ransomware would not hold.

So I completely uninstalled everything Bitdefender, restarted the machine, and then disabled Windows Defender. Then I reinstalled all the Bitdefender modules I wanted, including its VPN.

Now, guess what? Bitdefender is again working just fine. Except for one thing I can live with:  As of this freshened Bitdefender installation, Ask Woody blocks Bitdefender’s VPN. I’m OK with that. I can easily disable and reenable it.

Human, who sports only naturally-occurring DNA ~ oneironaut ~ broadcaster

2 users thanked author for this post.

Kathy Stevens, Fred

Reply | Quote

Yes Mr.Austin. you are right. Bitdefender is just good.
Windows Defender thinks itselves the absolute top, so let’s worship Redmond.

* _ ... _ *

Reply | Quote

Fred wrote:

Windows Defender thinks itselves the absolute top, so let’s worship Redmond.

Where did it brag?

Reply | Quote

Once again, I come back to my original question, should we install an Anti-Malware Program or Security Suite on each of our PCs?  Or is Windows Security sufficient?

In our case all of our computers are standalone machines (not connected to a server) and we have three separate internet accounts each having its own modem and WiFi router:

• A guest service – open to visitors and for employee’s personal use (PCs, Tablets, Phones, etc.).
• Office service – restricted to business related use by employees, and
• A data gathering and analysis internet stream that is restricted to the daily downloading of raw data from more than 5,000 points that is ultimately fed to our high-end HP Z Workstations to support quantitative analysis. Each of the data points is operated by an organization that, at a minimum, must comply with Federally mandate data security mandates.

So again, are our standalone office service and data gathering computers safe with Microsoft Defender alone or do we need to beef up our security by installing a high-end security software?

Reply | Quote

Kathy,

IMHO there is no 1 size fits all. On the machines we maintain we have some clients that visit sketchy sites. On those we run ESET NOD32  with Windows Firewall. Since moving them to ESET we have had no more malware and virus issues (knock on wood). I’m not a fan of security suites as they seem to bog down machines and some give issues with clients unable to connect to legit sites.

Same thing with VPNs. Majority of my customer base wouldn’t understand why they were blocked and what to do to get around it. Plus most use gmail, facebook and other garbage so why overly worry about privacy when you put it all out for the public???? We do advise the use of VPN when connecting from remote wifi like hotels and coffee shops.

Other clients we have that are more supervised and no history of issues we run Windows Defender on 10 and 11.

Personally I run ESET with Windows firewall. Rarely use my VPN. As for remote access we use a tunnel. We do button down most all machines pretty tight so maybe that’s why we’ve done OK.

1 user thanked author for this post.

Kathy Stevens

Reply | Quote

cyberSAR

Is there a reason why you use este vs.

• Bitdefender Internet Security,
• G Data Internet Security,
• AVG Internet Security,
• Avira Antivirus Pro, or
• Norton 360 Deluxe;

Reply | Quote

I have tried most of them over the years and settled on ESET because it didn’t have a large impact on performance and it worked. Haven’t seen a reason to switch after all these years. We used to run MBAM with ESET but MBAM got bloated and goofy and caused issues on some machines a few year back so dumped it. Do use it occasionally in manual mode for 2nd opinion but not very often.

I will say on my machines if I didn’t get ESET on sale and had to pay $40/yr I’d go to Windows Defender.

1 user thanked author for this post.

Kathy Stevens

Reply | Quote

b wrote:

Fred wrote:

Windows Defender thinks itselves the absolute top, so let’s worship Redmond.

Where did it brag?

Since Windows 2, I have been in IT Security & Privacy, for B2B companies, but especially for National and local governments. Not only through continuous training, but also through many (negative) experiences, it has become clear to many that “a butcher should not inspect his own meat”.
A monopoly in Security & Privacy is not good, and absolutely Not advisable.
And after the GDPL legislation the current NIS2 legislation has finally been introduced in the European Union.

* _ ... _ *

2 users thanked author for this post.

windbg, Kathy Stevens

Reply | Quote

Fred wrote:

And after the GDPL legislation the current NIS2 legislation has finally been introduced in the European Union

And that is where Defender bragged about being the best?

cheers, Paul

Reply | Quote

Fred

What do you consider to be the ideal software configurations for standalone workstations and computers connected to a network?

Reply | Quote

mrs.Kathy : Just keep it simple and use one brand of renomated protection fully used. Teach common users to use computers clean, and provide support of a capable administrator.
Eset, Bitdefender or MalwarebytesAntimalware (registered) and many more are doing well lately.
And storing a computerimage (not attached to the network) in a safe place for extreme emergencies.
Do not clicker-the-click everything helps a lot for staying safe. What else?

* _ ... _ *

Reply | Quote

The biggest issue with multiple computer, stand alone or managed, is who monitors and fixes infections because the users certainly won’t.
I work on the basis that someone is going to get a virus / malware and will ignore it until they can’t use their PC anymore.
The only protection is a good backup / NAS with snapshots.

What and how much AV you use is up to you, but training your users to yell when they get a notification is a good start.

cheers, Paul

Reply | Quote

Kathy Stevens wrote:

Fred

What do you consider to be the ideal software configurations for standalone workstations and computers connected to a network?

Kathy, perhaps this text may help you a bit…
”
Blog Malwarebyte

”

* _ ... _ *

Reply | Quote