what are people using these days for antivirus?

[Cyber-Mav]

on windows these days iv seen people stick to microsoft defender. is that all one needs these days?
latest tests shows its up there with the best: https://www.av-test.org/en/antivirus/home-windows/
so why would someone shell out monies for something else?

 

[The_Arbiter]

General consensus here is Win Defender is enough, each time i look that is. I dropped everything for just Defender when i moved to Windows 10. But i don't click random links, look at naughties, file share, etc. But do use ad blockers etc.

 

[Cyber-Mav]

if windows defender is enough then what sort of person would pay for something else? and why?

 

[Zefan]

what sort of person would pay for something else? and why?

People who don't know better, because they're susceptible to marketing. Either that, or they have a pretty fringe but genuine use for some of the extra features some offer.

 

[Glanza]

Defender is more than adequate for most people. Generally the only time I see people with third party AV is because they got it for 'free' or they bought a huge subscription i.e 5+ years.

 

[LordBeggar]

I use AV just for piece of mind. I've been using AD on my PC since year 2000 and it became something I want to have it on my system but not need it

 

[mysticsniper]

I use Anomaly based Anti-malware, rather that signature based protection.

Signature based = can only react if it has signature update, which means someone has to be infected before they can protect you. Avoid at all costs

Anomaly based = uses AI driven machine learning threat and user behaviour based detection. So it can analyse the codes to identify malicious files even 0-day malicious objects.

Anomaly based Anti-malware may cost more, however prevention is far easier than cure.

 

[Deleted member 77746]

The one built into windows 10.

 

[Rannoch]

Thoughts?

 

[d_brennen]

When friends/family bring me infected machines, they are always full to the brim of "PC optimizer" and "driver doctor" type programs, weird games, browser extensions and such. And an expired commercial AV!

I think if you're sensible and over 12, Defender is fine, I haven't had a problem with a personal computer since XP tbh... But I use a Pi-Hole DNS filter, advert blockers, no script etc as well, and VMs for questionable stuff that can be rolled back

Use Sophos at work as that is mandated by the LA and that seems to do a good job with numpties

 

[Zefan]

I use Anomaly based Anti-malware, rather that signature based protection.

Signature based = can only react if it has signature update, which means someone has to be infected before they can protect you. Avoid at all costs

Anomaly based = uses AI driven machine learning threat and user behaviour based detection. So it can analyse the codes to identify malicious files even 0-day malicious objects.

Anomaly based Anti-malware may cost more, however prevention is far easier than cure.

Avoid at all costs... What?! Signature based stuff is extremely effective, and is going to be far better at detecting known malware than an anomaly methods. The chances of you being on the receiving end of any kind of malware that's not covered by signatures is slim, unless you're a government or a supervillan with a uranium enrichment programme you don't need to worry about picking some special malware prevention system, just use Defender. I'm pretty sure defender uses behavioural/heuristics (as well as of course, signature based checking) anyway

 

[mysticsniper]

Avoid at all costs... What?! Signature based stuff is extremely effective, and is going to be far better at detecting known malware than an anomaly methods. The chances of you being on the receiving end of any kind of malware that's not covered by signatures is slim, unless you're a government or a supervillan with a uranium enrichment programme you don't need to worry about picking some special malware prevention system, just use Defender. I'm pretty sure defender uses behavioural/heuristics (as well as of course, signature based checking) anyway

Signature updates are out of date 15 mins after updating an endpoint.

We are seeing more and more exploits in the wild, Remote code execution, remote access trojans. Threat actors don't care who gets infected with Ransomware, companies or home users.

Why take a risk on using a product that cannot protect you, mainly from yourselves (human error)

 

[Zefan]

Signature updates are out of date 15 mins after updating an endpoint.

We are seeing more and more exploits in the wild, Remote code execution, remote access trojans. Threat actors don't care who gets infected with Ransomware, companies or home users.

Why take a risk on using a product that cannot protect you, mainly from yourselves (human error)

All obvious stuff to those that understand the nomenclature, yes, but to say signature based detection is to be avoided "at all costs" implies its useless, which is just plain misinformed.

 

[mysticsniper]

All obvious stuff to those that understand the nomenclature, yes, but to say signature based detection is to be avoided "at all costs" implies its useless, which is just plain misinformed.

Compared to AI anomaly based Anti-malware it is useless.

The fact that someone has to be infected before they can create a signature update is ludicrous.

 

[Vince]

All obvious stuff to those that understand the nomenclature, yes, but to say signature based detection is to be avoided "at all costs" implies its useless, which is just plain misinformed.

And trust me we use the very best AI based platform on the market (darktrace) and that's far from infallible. In corporate I use a mix of technologies for security including signature based detection. At home defender is more than enough along with UTM on my firewall.

 

[Vince]

Compared to AI anomaly based Anti-malware it is useless.

The fact that someone has to be infected before they can create a signature update is ludicrous.

Id disagree and I pay 3k a month for Darktrace.

 

[mysticsniper]

And trust me we use the very best AI based platform on the market (darktrace) and that's far from infallible. In corporate I use a mix of technologies for security including signature based detection. At home defender is more than enough along with UTM on my firewall.

So when defender doesn't protect you or the normal home user against 0-day ransomware then what?

Place the device into hibernation and prey the encryption keys are still in memory?

 

[Vince]

So when defender doesn't protect you or the normal home user against 0-day ransomware then what?

Place the device into hibernation and prey the encryption keys are still in memory?

If you have been hit by ransomware and can't recover you have bigger problems than what antivirus solution you are using.

If you love your AI solutions Darktrace Threat analyzer and appliance will be right up your street:



But if you are a normal person not holding super sensitive data, using a home pc... defender is all you need.

 

[mysticsniper]

If you have been hit by randomware and can't recover you have bigger problems than what antivirus solution you are using.

So when hit with 0-day, just restore from backup and carry on? what about the normal home user, just pay up then?

Never been hit with randomware or ransomware alike, which is why I don't use signature based AV.

I said before prevention is far easier than cure for businesses or home users.

 

[Vince]

So when hit with 0-day, just restore from backup and carry on? what about the normal home user, just pay up then?

Never been hit with randomware or ransomware alike, which is why I don't use signature based AV.

I said before prevention is far easier than cure for businesses or home users.

I've never seen a home user on a modern OS hit. And frankly yes, if you don't take any sort of backups of your important data then that is just silly. What Im saying is having access to the very best AI based solutions which ive seen fail doesn't replace fully a traditional signature based solution. AI solutions are great but don't always work. What they do do, when your signature based solution picks it up is give you a way of tracking lateral movement of the threat.