The Steel Guitar Forum Store 

Post new topic Security programs vs. Microsoft
Reply to topic
Author Topic:  Security programs vs. Microsoft
Brint Hannay

 

From:
Maryland, USA
Post  Posted 3 Mar 2017 3:27 pm    
Reply with quote

For years now I have used MBAM in my computers. It seemed widely regarded as one of the good ones--a valuable program to make use of.

Last year I had issues with a computer and subscribed for a year of Microsoft's technical support. Just now I called Microsoft because MBAM in repeated scans said it found 4 "threats", 0 successfully removed. The technician I spoke to said "What version of Windows are you using?" In the computer in question it's Windows 10. The technician said "None of the anti-virus programs will work with Windows 10. They are not 'supported' by Microsoft. Windows 10 is the safest Windows ever. The only thing you need is Windows Defender."

Naturally, there are still lots of security programs out there. And previous Microsoft technicians have routinely run MBAM scans as part of their service, and one even also installed a program called SUPERAntispyware. In years past Windows Defender had the reputation of being inadequate at best. I am naturally skeptical about the party line I received.

Just wondered what some of you who know a ton more about computers than I do think about this?
View user's profile Send private message Send e-mail

Dave Potter

 

From:
Texas
Post  Posted 3 Mar 2017 3:56 pm    
Reply with quote

Wiz will chime in with an authoritative answer.

I'm just another user like you, and I've tried a lot of the 3rd party products out there over the years, including MBAM and SuperAntispyware, and others, thinking paid software by definition must be more effective than anything that's provided at no added cost.

That being said, on my Win10 PC, I've been using the built-in Windows firewall and Defender since the OS was released, with no issues. Of course, I exercise as much good judgement about re-directs and clicking unknown links as I can, and my stuff is behind a NAT router for added protection from nasties, but it seems to be working.

I don't know if the tech you contacted was knowledgeable or not - I do know service reps and techs don't always know what they're talking about. YMMV. Sorry this isn't definitive.
View user's profile Send private message

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 3 Mar 2017 5:32 pm    
Reply with quote

Dave Potter wrote:
Wiz will chime in with an authoritative answer.


Who seeks the Mighty and Powerful Wiz? L0L

Here's my authoritative answer, which in the end is just my opinion. Doing these things will allow you to safely use a Windows 10 PC without installing a paid anti-virus program. Some have links to programs I am affiliated with.

  1. Operate your daily account as a Standard User Account, NOT as an Administrator. You can create a separate account for those few times that an Administrator account must be logged into to perform some operations. Then demote your existing account to Standard Windows User.
  2. Assign a strong password to your Administrator account. If an exploit requiring Admin credentials launches, you would have to actually be fooled into typing your admin password to allow the exploit code to run.
  3. Always set the UAC setting to the default notification mode: Notify me only when apps try to make changes to my computer (default). If you always have to type in the Administrator password to install, or update a program or hardware driver, or alter some system-wide setting, it adds another layer of protection.
  4. Run the paid realtime protection Malwarebytes version 3 which now combines Anti-Malware, Anti-Exploit and Anti-Ransomware. It also blocks dangerous web pages. MBAM is not an anti-virus program. I use it in addition to my anti-virus program, Trend Micro Internet Security. You can also use it in combination with the built in Microsoft/Windows Defender.
  5. Do NOT use Internet Explorer to browse the web.
  6. If you use Firefox, disable Adobe Flash in the Add-Ons section and install the NoScript Add-on to disable JavaScript unless you specifically approve it on a site by site basis.
  7. Make sure you set Firefox to automatically update itself and any Add-Ons and Plug-ins you've installed.
  8. If you browse with Google Chrome, Flash is only enabled on a right click basis on a Flash applet or video frame. Make sure you allow Chrome to auto update, as Flash is a built in component of this browser.
  9. If you use Microsoft Edge, you cannot disable Flash nor can you install an ad blocker, or script blocker. Edge does contain a "Smart Screen" component that is supposed to block or sandbox dangerous content.
  10. Check your installed programs to see if the Java Virtual Machine (JVM) or Runtime Environment(JRE) is installed. If it is, uninstall it!
  11. Beware of filesharing programs and "cracked" commercial software that might be rigged with Trojans.
  12. Make sure you set your Windows computer to automatically install Windows updates for both the operating system and auxiliary Microsoft programs you may have installed, as they are frequent targets of exploit kits.
  13. Use an email spam filter to remove messages containing spam, scams, malware links and viruses before you open them in your desktop email client (Windows Live Mail, Thunderbird, Microsoft Mail, etc). If you only use browser based email, it should be Gmail. If you have other email accounts that are not run through spam filters, forward them to Gmail.
  14. Subscribe to email lists from security professionals. I get daily email from Graham Cluley, Brian Krebs, Sophos Naked Security, Malwarebytes and Trend Micro newsletters.

Of all these things, the first is the most important. It costs nothing to implement. Changing your daily browsing Windows account to a Standard User account can block 92% of malware threats which are written under the assumption that the victim probably operates as an Administrator. Bleeping Computer currently has this number at 94%.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website

Charlie McDonald


From:
out of the blue
Post  Posted 8 Mar 2017 6:11 am    
Reply with quote

(Pay no attention to the man behind the curtain.)

Are there any uses for an administrator account (besides the obvious one of a business network)? I'm feeling safer without one now.
View user's profile Send private message Send e-mail

Brint Hannay

 

From:
Maryland, USA
Post  Posted 8 Mar 2017 12:42 pm    
Reply with quote

As to disabling Javascript, I use the NoScript add-on, but allowing script on a site-by-site basis is not so easy, because so many sites have multiple sites connected to them (whatever that means).

For example, I just went to the Trend Micro website to look into their products, and it took four or five clicks on "Temporarily allow all this page" to get to an "S" with no red "block" symbol. There were at least fifty items to allow or block on the lists all told, probably more. How am I supposed to know which ones are necessary to use the webpage content, and which are not? I just end up *temporarily* allowing all each time, so that's kind of like not having NoScript in the first place!
View user's profile Send private message Send e-mail

Dave Potter

 

From:
Texas
Post  Posted 9 Mar 2017 5:46 am    
Reply with quote

Brint Hannay wrote:
As to disabling Javascript, I use the NoScript add-on, but allowing script on a site-by-site basis is not so easy, because so many sites have multiple sites connected to them (whatever that means)....For example, I just went to the Trend Micro website to look into their products, and it took four or five clicks on "Temporarily allow all this page" to get to an "S" with no red "block" symbol. There were at least fifty items to allow or block on the lists all told, probably more. How am I supposed to know which ones are necessary to use the webpage content, and which are not? I just end up *temporarily* allowing all each time, so that's kind of like not having NoScript in the first place!


I ran into similar frustrations with NoScript, and ended up dumping it. Given that preventing all scripts from running breaks a LOT of legitimate web sites, I'm using YesScript, which the author describes as:

"Unlike NoScript, YesScript does absolutely nothing to improve your security. I believe that Firefox is secure enough by default and that blocking all scripts by default is paranoia. YesScript strives to remove hassles from your browsing experience, rather than add them."

Makes sense to me. It places an icon at the top of the Firefox page where the others are, and if I want to stop a page from running script, like Drudge, which annoys me with its auto-refreshes when I'm trying to read something, I just click the YesScript icon and, Voila! - no more auto-refreshes. Makes life a lot simpler.

On the Administrator account question, I frequently want to do things like registry edits, moving/renaming/deleting files, etc, that with a Standard user account, would trigger the dreaded Windows prompt "You need administrator privileges to do that" or whatever it is. Drives me nuts, and I don't have the patience to always be switching back and forth between Standard and Administrative. So I risk it. There, I said it.
View user's profile Send private message

Charlie McDonald


From:
out of the blue
Post  Posted 9 Mar 2017 6:06 am    
Reply with quote

Thank you, Dave.
View user's profile Send private message Send e-mail

Dave Potter

 

From:
Texas
Post  Posted 9 Mar 2017 7:35 am    
Reply with quote

Charlie McDonald wrote:
Thank you, Dave.

Welcome, Charlie. Smile

'Course, as always, Wiz is the heavy hitter here - his advice is the gold standard, and always appreciated. I was just commenting on what works for me; I accept the risks of my "wild and crazy ways". Rolling Eyes
View user's profile Send private message

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 9 Mar 2017 8:36 am    
Reply with quote

Dave Potter wrote:
Charlie McDonald wrote:
Thank you, Dave.

Welcome, Charlie. :)

'Course, as always, Wiz is the heavy hitter here - his advice is the gold standard, and always appreciated. I was just commenting on what works for me; I accept the risks of my "wild and crazy ways". :roll:


Aw shucks Dave, thanks.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website

Brint Hannay

 

From:
Maryland, USA
Post  Posted 14 Mar 2017 3:33 pm    
Reply with quote

Wiz, I have purchased the Trend Micro Maximum Security package. I presume it has additional features beyond what's in the Internet Security package. Is it still compatible with Malwarebytes 3?

And it seems TM automatically disables Windows Defender. I don't mind this as I spent more than a week dealing with Microsoft about a WD detection of a Trojan that would not be removed by WD. Even after a total clean re-install of the Windows 10 OS, same detection. Only WD had this detection--not MBAM, not HitmanPro. Eventually both a better Microsoft tech and the computer manufacturer's technical support told me it was a false positive, with a known history of WD and only WD finding it in the manufacturer's Recovery partition! Mad (TM Full scan came up clean.)

FWIW, the virus detection was Trojan:Win32/dynamer!ac, found in a game file.
View user's profile Send private message Send e-mail

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 19 Mar 2017 7:05 pm    
Reply with quote

Brint;
I'm sorry for the delay getting back to you.

It's been my experience over several years of owning both Trend Micro Internet Security and Malwarebytes Anti-malware that TMIS always forces the deinstallation of MBAM before it will complete its installation of a new version. After allowing this and rebooting to finish installing TMIS, I then reinstall MBAM. All of its settings are still there, including the registration code.

If you use any security program from Trend Micro it turns off Windows Defender and won't allow it to turn back on unless Trend is uninstalled.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website


All times are GMT - 8 Hours
Jump to:  

Our Online Catalog
Strings, CDs, instruction,
steel guitars & accessories

www.SteelGuitarShopper.com

Please review our Forum Rules and Policies

Steel Guitar Forum LLC
PO Box 237
Mount Horeb, WI 53572 USA


Click Here to Send a Donation

Email admin@steelguitarforum.com for technical support.


BIAB Styles
Ray Price Shuffles for
Band-in-a-Box

by Jim Baron
HTTP