michaelmurfy:

 

On the other hand running Defender + EMET is totally fine for most people. Also, making sure your machine is fully patched.

 

Most of these Cryptolocker-type malware exploit unpatched systems so don't go ignoring Windows when it needs to reboot your system.

 

Edit: Does it show I have not run Windows in a while? Didn't realise EMET is end of life.

 

Disagree - the problem with cryptolocker type viruses is the zero day exploit side of them.  Had a client who just got hammered by one of the latest ones. (A matter of poor timing and poor judgement - was looking for employees and got a job offer word doc which needed a password to open for privacy reasons). He was fully patched and up to date. Lost all connected backups as well as everything on his PC.

Malwarebytes, nod32, Defender, and a couple of others didn't even blink when scanning the infected file.

As I tell my clients - do not send or accept Office documents unless you know the person, are expecting the doc and need to edit it for some reason. PDF it every time.

@nunz The exploits used in the last cryptolocker-type files were not zero day, they affected unpatched systems.

In regards to the word document Macro's would have had to be enabled. Normally by my testing there is a bar that pops up (I test quite a few different strains of Malware). Staff training is required or a policy rolled out to disallow macros.

lNomNoml:

 

I always recommend it but if you can't afford it or don't see a reason to get a dedicated AV then Defender is fine.

 

 

 

http://www.nsaneforums.com/topic/308953-kaspersky-trend-micro-and-microsoft-defender-on-top-in-av-comparatives-real-world-chart-022018/ 

 

In all fairness Defender has come a long way from the piece of rubbish it was a few years ago but there are still a couple of things i don't like about it:

1 - Heavy - Windows 10 seems to love running long heavy processes as part of its updates and security. Turning off defender and using a 3rd party improved my performance substantially. disk usage down a long way.

2 - Not fully integrated to do Web / Mail and other scanning the way many 3rd party AVs are.

3 - False positives - still a little higher than most with those - although no where near Nortons in the last months tests.

As MS moves to integrate it more and more into the operating system you run the same risks and issues as when IE was so tightly integrated - security and performance issues. Better to let an OS be an OS and let an AV be an AV. Keep em separate.

MS's record over time in the security sector has been spectacularly bad. Patching and security failures were the norm although Win 10 seems to be moving in a better direction. 3rd Party AV's are experts in one thing - not multi tasking. better an expert than a generalist.

michaelmurfy:

 

@nunz The exploits used in the last cryptolocker-type files were not zero day, they affected unpatched systems.

 

In regards to the word document Macro's would have had to be enabled. Normally by my testing there is a bar that pops up (I test quite a few different strains of Malware). Staff training is required or a policy rolled out to disallow macros.

 

I have found curiosity and not enough caffiene trumps training (along with stupidity).

The latest defender / malwarebutytes, nod32, bitdefender, all missed sigma.

michaelmurfy:

 

@nunz The exploits used in the last cryptolocker-type files were not zero day, they affected unpatched systems.

 

In regards to the word document Macro's would have had to be enabled. Normally by my testing there is a bar that pops up (I test quite a few different strains of Malware). Staff training is required or a policy rolled out to disallow macros.

 

History tells us that a fully patched system is of little defence to malware .
Ive had to clean up many fully patched, heavily infected PC's .
Patching the actual user would be better :-)   : training , common sense , taking time to think about the emails & links they are about to click on.

As for MS AV , Defender etc .
Again I'd say look at MS's abysmal past record . Just a matter of time before it slides into its usual pattern poor detection rates.
Having high detection & rated highly by some ~Av comparatives~ etc for the month means little unless you look at the past few years performance.

I have been using Norton Internet Security since 2005 and never ever had any issue with it.

I think it's now called Norton Security Premium with an annual subscription fee of about $85.

zhuyan:

 

I have been using Norton Internet Security since 2005 and never ever had any issue with it.

 

 

 

I think it's now called Norton Security Premium with an annual subscription fee of about $85.

 

My issue with nortons is not detection - which has been good normally - but how heavy and how many processes it has and its propensity to kill all network connections when it screws up - and I seen lots of corruptions and failures requiring full reinstalls etc.

I see McAfee getting good detection scores now  - pity it is a resource hog and uses spyware techniques to get installed as a crapware add on to adobe and other products.  Again - not suitable for pcs wanting to run fast

quickymart: Silly question but what is the biggest size hard drive 10 can handle?

Bigger than you can currently get ..

GPT partitions can be 2^64 blocks in size .. which with 512byte blocks is .. umm .. lots .. 10 zetabytes or so (?) with 4096 byte blocks it is even more silly figures :-)

Maximum size the boot partition can be though is somthing different, might be limited to 2TiB I can't remember.

nunz:

 

My issue with nortons is not detection - which has been good normally - but how heavy and how many processes it has and its propensity to kill all network connections when it screws up - and I seen lots of corruptions and failures requiring full reinstalls etc.

 

I run Norton on 3 PCs and find it is pretty light on resources, normally running at well under 1% CPU and low on memory. Sometimes it will run up to 15% CPU, but that is only occasionally. On one PC, the CPU is running at 95% 24/7 doing simulation work, the Norton overhead is never noticed.

Norton of old was pretty gross, but these days seems to be pretty reliable.

Cryptolockers. Some months ago Macrium Reflect (not the free version) brought in protection against file lockers on their backup files, including attached drives. Means that even if the drive has been locked the backup files can still be recovered. Any file operation on backups has to be done through Reflect, so it means e.g. that you can't use Explorer to delete the backup files. Hopefully I never have to find out if it works or not.

MartinGZ:

 

nunz:

 

My issue with nortons is not detection - which has been good normally - but how heavy and how many processes it has and its propensity to kill all network connections when it screws up - and I seen lots of corruptions and failures requiring full reinstalls etc.

 

 

I run Norton on 3 PCs and find it is pretty light on resources, normally running at well under 1% CPU and low on memory. Sometimes it will run up to 15% CPU, but that is only occasionally. On one PC, the CPU is running at 95% 24/7 doing simulation work, the Norton overhead is never noticed.

 

Norton of old was pretty gross, but these days seems to be pretty reliable.

 

 

 

Cryptolockers. Some months ago Macrium Reflect (not the free version) brought in protection against file lockers on their backup files, including attached drives. Means that even if the drive has been locked the backup files can still be recovered. Any file operation on backups has to be done through Reflect, so it means e.g. that you can't use Explorer to delete the backup files. Hopefully I never have to find out if it works or not.

 

Thanks - am reviewing a bunch of online backup systems -especially something that can give me a virtual image to run up for disaster recovery. Part of the check list is how robust against crypto attacks they are. Drop box  (for example) has roll back revision history - but try rolling back 12k of files one by one :(