• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Windows 8 spyware/antivirus?

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
gevorg said:
Sandboxie, PrivateFirewall, VMWare Player
Click to expand...

Amen to that. I would say a good 70-80% of my time on the Internet is on a Virtual Machine. I have tried Sandboxie, but just can't get used to it. One of these days I suppose.
 
Bitdefender free and an older version of Comodo firewall. Router with SPI and IPtables. Usesing OpenDNS and Comodo's sandbox.
 
I thought I'd try out Bitdefender's 30 day trial version. The only thing I find annoying about it is, even though I have created a new account, the Activate Bitdefender Services/Login to MyBitdefender screen periodically pops up. If I login it stops but if I reboot it pops up again.
I don't see anywhere in the software to disable this. Googling this has also not come up with a solution.
From Bitdefender's forum: "The "OFFICIAL" response: There is no way to turn off the pop-ups. The only method of stopping the pop-ups is to contact "Custom Service" about Bitdefender 2013 http://www.bitdefender.com/support/consumer-phone.html and ask them to place the E-mail address associated with your account onto their list.
Within 48 hours, according to Bitdefender, you will no longer receive the pop-ups".
Is this inherent to the trial version or does someone know a way of stopping the popup?
 
MadScientist said:
I thought I'd try out Bitdefender's 30 day trial version. The only thing I find annoying about it is, even though I have created a new account, the Activate Bitdefender Services/Login to MyBitdefender screen periodically pops up. If I login it stops but if I reboot it pops up again.
I don't see anywhere in the software to disable this. Googling this has also not come up with a solution.
From Bitdefender's forum: "The "OFFICIAL" response: There is no way to turn off the pop-ups. The only method of stopping the pop-ups is to contact "Custom Service" about Bitdefender 2013 http://www.bitdefender.com/support/consumer-phone.html and ask them to place the E-mail address associated with your account onto their list.
Within 48 hours, according to Bitdefender, you will no longer receive the pop-ups".
Is this inherent to the trial version or does someone know a way of stopping the popup?
Click to expand...

I never got those with the paid version after the first time I logged into my account.
 
MadScientist said:
I thought I'd try out Bitdefender's 30 day trial version. The only thing I find annoying about it is, even though I have created a new account, the Activate Bitdefender Services/Login to MyBitdefender screen periodically pops up. If I login it stops but if I reboot it pops up again.
I don't see anywhere in the software to disable this. Googling this has also not come up with a solution.
From Bitdefender's forum: "The "OFFICIAL" response: There is no way to turn off the pop-ups. The only method of stopping the pop-ups is to contact "Custom Service" about Bitdefender 2013 http://www.bitdefender.com/support/consumer-phone.html and ask them to place the E-mail address associated with your account onto their list.
Within 48 hours, according to Bitdefender, you will no longer receive the pop-ups".
Is this inherent to the trial version or does someone know a way of stopping the popup?
Click to expand...

I just use the free version.
 
Now running Win 8.1. It has Defender which includes MSE and Firewall, and to that I add Malwarebytes Pro. They work well together.
 
I use AVG 2014 IS and Malwarebytes free version on main 8.1 PC ,on my other 8.1 laptop I use Avast 2014 Free and Malwarebytes free version.

Both are behind my hardware firewall via router as well.
 
for a free solution, I find avast! Free Antivirus to be good and light on the system

for a paid one, I use NOD32
 
I used to run various AV prog's, but have given up on them now and just use MSE on Vista, and whatever it's now called in Win 8.1.

I have the paid for MBAM, which I run on both OS's (separate HDD's) and I have not had a virus since my Win98SE days, and that was my fault for downloading a 'free' animated screen saver I think it was.

I also just use the inbuilt Firewall now, but used to use Windows Firewall Control.

So perhaps I am not attractive enough to invite a virus no matter where I wander about the internet doing a bit of 'research' although now and again I get a red warning box to say the site I am visiting is bad, and very naughty.

The only reason I used to use a FW was so that I could check to see who was phoning home, and if I didn't want them to I would block them.

So basically these days I just use what Windows supplies and MBAM if I remember to install it, and have not suffered any problems for years.
 
trillock said:
I used to run various AV prog's, but have given up on them now and just use MSE on Vista, and whatever it's now called in Win 8.1.

I have the paid for MBAM, which I run on both OS's (separate HDD's) and I have not had a virus since my Win98SE days, and that was my fault for downloading a 'free' animated screen saver I think it was.

I also just use the inbuilt Firewall now, but used to use Windows Firewall Control.

So perhaps I am not attractive enough to invite a virus no matter where I wander about the internet doing a bit of 'research' although now and again I get a red warning box to say the site I am visiting is bad, and very naughty.

The only reason I used to use a FW was so that I could check to see who was phoning home, and if I didn't want them to I would block them.

So basically these days I just use what Windows supplies and MBAM if I remember to install it, and have not suffered any problems for years.
Click to expand...

I take it a step further and disable Windows Defender / MSE / Windows Firewall. I keep up with updates and I rarely use Internet Explorer. I'm careful about what browser extensions and other software I install. I just don't get viruses and malware...ever.

Obviously, I don't recommend this for most people. Even most so-called "power users."

I think the main difference is that my first OS was Windows 95A and I always set my systems to show filename extensions, so I've always been wary of executable software. For the average user, we're lucky if they can tell the difference between a real update and a picture telling them to install a fake "update."
 
Why do you disable the firewall? do you use another one or a router firewall?

Ichinisan said:
I take it a step further and disable Windows Defender / MSE / Windows Firewall. I keep up with updates and I rarely use Internet Explorer. I'm careful about what browser extensions and other software I install. I just don't get viruses and malware...ever.

Obviously, I don't recommend this for most people. Even most so-called "power users."

I think the main difference is that my first OS was Windows 95A and I always set my systems to show filename extensions, so I've always been wary of executable software. For the average user, we're lucky if they can tell the difference between a real update and a picture telling them to install a fake "update."
Click to expand...
 
Even with a router using SPI you should have a software firewall that offers lots of other protection like blocking the ARP cache, etc. And controlling outbounds.
 
John Connor said:
Even with a router using SPI you should have a software firewall that offers lots of other protection like blocking the ARP cache, etc. And controlling outbounds.
Click to expand...

...and malfunctioning at the the most inconvenient time possible, botching the connection completely.
 
Chiefcrowe said:
Why do you disable the firewall? do you use another one or a router firewall?
Click to expand...

Practically everyone is behind a router or some kind of NAT device so incoming connections stop at the router.

I used to configure my wide-open computer as the DMZ host in the router for many years and didn't have any virus trouble because I kept my vulnerabilities patched and I was careful about what software I allowed to execute.

Yeah, there's always the possibility that we'll have another worm like Blaster (which got wide-spread before the update was available to patch the vulnerability), but that is a rare exception and wouldn't be nearly as effective now since most people have some kind of router/NAT device. It seems that most viruses (that actually exploit a vulnerability to install themselves) these days use well-known vulnerabilities that should have been fixed already with the latest updates. Most virus authors today are fairly lazy and they simply wait for update patches to reveal vulnerabilities they can exploit on un-patched systems.
 
I think that people that catch a virus are the ones that happily click on something in an email they receive. Like a supposed email from a Bank asking you to log on because there is a security problem.

Or perhaps a site that says that 'You need Flash Player' to watch this video.

Or perhaps download a video file that has '.exe' on the end of it.

etc....etc....
 
Dr. Canny said:
I would suggest AVG Anti-Virus Free Edition in terms of free virus protection. In a test done by PCWorld of 7 free antivirus programs, it was the only one to disable 100 percent of detected malware.

http://www.pcworld.com/article/259876/antivirus_on_windows_8_looking_at_your_options.html
Click to expand...
Not sure when the tests were administered but it's not what is reflected in the real-world. I usually use signs of AVG and AVG "safe" search as an indicator that the system is infected on a problem PC. I would recommend sticking with Defender/Avast/BitDefender free (keep it updated whichever you choose!) and a scheduled full scan of MBAM. If you or your clientele are not savvy enough to keep Java/Flash updated I would also run CryptoGuard because CryptoLocker is some scary stuff.
 
lxskllr said:
I'd be interested in hearing if anyone here has had MSE protect them from a virus. I don't think I've ever heard anyone say that. Most people with a clue don't get viruses anyway, so running the best A/V, or nothing at all doesn't make a bit of difference.
Click to expand...

When my SOHO-type fleet was on Win7, we used MSE and I recall one email whose attachment was marked malicious by MSE. I uploaded it to VirusTotal and Microsoft's engine was the only one detecting it, out of about 40. But on any given day, those stats could go any direction. My take: use antivirus software, but keep your expectations realistic. Look at how many years malware like Flame evaded every antivirus vendor in the world simultaneously. Including anyone's favorite brand.

The best question is "What A/V best protects people that don't have a clue?".
Click to expand...

I think this is part of Microsoft's rationale. The best A/V (for them) is the one that does not 1) get turned off because it's in the user's face, or 2) expire and become worthlessly out-of-date.


On the original topic of "what antivirus/antispyware do you use on Win8", this is what I use:

1. a CPU that features SMEP, which currently means Ivy Bridge and later. SMEP is like a specialized version of DEP, and Win8 is the first desktop Windows to make use of it.

2. a motherboard that supports, and is configured to use, SecureBoot. SecureBoot will not allow the system to boot if the boot record has been tampered with, a very dangerous and increasingly prevalent tactic of bootkits. Win8 is the first desktop Windows with this capability.

3. Software Restriction Policy. Indiana Jones gives a fairly succinct demonstration of how SRP works in this clip: http://www.youtube.com/watch?v=4DzcOCyHDqc Your antivirus software wishes it were anywhere near as effective against new malware and exploit payloads as SRP is. If you're ready for big-boy protection, here's how to set up SRP: http://www.mechbgon.com/srp

4. Microsoft EMET with the EnableUnsafeSettings=1 tweak and all settings maxed *ASTERISK!*. Nobody expects the Spanish Inquisition, and nobody expects your copy of Popular Software X to be a genetic freak that their precious exploit won't work on, either.

5. NO JAVA. And for that matter, no Adobe Reader; the built-in Microsoft Reader suffices for my needs, runs in an AppContainer, has little attack surface, and updates automatically FOR REAL.

6. IE Enhanced Protected Mode, particularly effective on 64-bit Windows where it can also use High-Entropy ASLR. Puts each tab process in its own super-restricted AppContainer sandbox. I also have my launch shortcut set up with the -P command-line switch, which launches IE in InPrivate mode, and use ActiveX Filtering to opt in ActiveX only on sites where I want it to work.

7. Windows Defender antivirus/antispyware, with a repeating update task that ensures it updates when I log on and every several hours thereafter, and a nightly full scan. Because hey, the CPU would be bored otherwise 😀

8. I use the CWDIllegalInDllSearch tweak to block DLL shenanigans that try to ride a legit app's coattails. This is defense-in-depth since SRP would blow away that approach regardless. It is capable of freaking out certain software like my antique image-editing program, but exceptions can be made: http://support.microsoft.com/kb/2264107

9. I have AutoRun/AutoPlay disabled system-wide. If *I* want it launched, by golly, I will launch it myself.


So that's my Win8.x security gameplan. Obviously, the bulk of the protection is simply to use the hardware's and OS's capabilities to their full extent. Fretting about whether antivirus X is __% better on average than antivirus Y is like worrying about what type of paint you're going to use on your BattleMech 😉 Before worrying about the paint, make sure you've actually put all 12.5 tons of armor on it 😀


*ASTERISK* I have discovered at least one popular program that cannot launch if system-wide ASLR is set to Always On: EA's Origin. If I want to get my Crysis 3 fix, I have to back EMET down to the "safe" setting: Application Opt-In.
 
Last edited:
mechBgon said:
When my SOHO-type fleet was on Win7, we used MSE and I recall one email whose attachment was marked malicious by MSE. I uploaded it to VirusTotal and Microsoft's engine was the only one detecting it, out of about 40. But on any given day, those stats could go any direction. My take: use antivirus software, but keep your expectations realistic. Look at how many years malware like Flame evaded every antivirus vendor in the world simultaneously. Including anyone's favorite brand.



I think this is part of Microsoft's rationale. The best A/V (for them) is the one that does not 1) get turned off because it's in the user's face, or 2) expire and become worthlessly out-of-date.


On the original topic of "what antivirus/antispyware do you use on Win8", this is what I use:

1. a CPU that features SMEP, which currently means Ivy Bridge and later. SMEP is like a specialized version of DEP, and Win8 is the first desktop Windows to make use of it.

2. a motherboard that supports, and is configured to use, SecureBoot. SecureBoot will not allow the system to boot if the boot record has been tampered with, a very dangerous and increasingly prevalent tactic of bootkits. Win8 is the first desktop Windows with this capability.

3. Software Restriction Policy. Indiana Jones gives a fairly succinct demonstration of how SRP works in this clip: http://www.youtube.com/watch?v=4DzcOCyHDqc Your antivirus software wishes it were anywhere near as effective against new malware and exploit payloads as SRP is. If you're ready for big-boy protection, here's how to set up SRP: http://www.mechbgon.com/srp

4. Microsoft EMET with the EnableUnsafeSettings=1 tweak and all settings maxed *ASTERISK!*. Nobody expects the Spanish Inquisition, and nobody expects your copy of Popular Software X to be a genetic freak that their precious exploit won't work on, either.

5. NO JAVA. And for that matter, no Adobe Reader; the built-in Microsoft Reader suffices for my needs, runs in an AppContainer, has little attack surface, and updates automatically FOR REAL.

6. IE Enhanced Protected Mode, particularly effective on 64-bit Windows where it can also use High-Entropy ASLR. Puts each tab process in its own super-restricted AppContainer sandbox. I also have my launch shortcut set up with the -P command-line switch, which launches IE in InPrivate mode, and use ActiveX Filtering to opt in ActiveX only on sites where I want it to work.

7. Windows Defender antivirus/antispyware, with a repeating update task that ensures it updates when I log on and every several hours thereafter, and a nightly full scan. Because hey, the CPU would be bored otherwise 😀

8. I use the CWDIllegalInDllSearch tweak to block DLL shenanigans that try to ride a legit app's coattails. This is defense-in-depth since SRP would blow away that approach regardless. It is capable of freaking out certain software like my antique image-editing program, but exceptions can be made: http://support.microsoft.com/kb/2264107

9. I have AutoRun/AutoPlay disabled system-wide. If *I* want it launched, by golly, I will launch it myself.


So that's my Win8.x security gameplan. Obviously, the bulk of the protection is simply to use the hardware's and OS's capabilities to their full extent. Fretting about whether antivirus X is __% better on average than antivirus Y is like worrying about what type of paint you're going to use on your BattleMech 😉 Before worrying about the paint, make sure you've actually put all 12.5 tons of armor on it 😀


*ASTERISK* I have discovered at least one popular program that cannot launch if system-wide ASLR is set to Always On: EA's Origin. If I want to get my Crysis 3 fix, I have to back EMET down to the "safe" setting: Application Opt-In.
Click to expand...

Great guide thank you for sharing! :thumbsup:
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top