topic Re: CISSP Advice on windows 10 antivirus in Tech Talk

CISSP Advice on windows 10 antivirus

Marcipicus — Mon, 09 Oct 2023 09:32:58 GMT

Hi there,

I'm trying to find out which is the best antivirus software for windows 10 is but all I can find is bull**** sales pitches and comparison sites.

So I am looking for someone with a CISSP certification(or someone else with experience)to tell me which antivirus programs are the best.

Ideally I don't want to slow my computer down...Just routine virus scans and protection during installation of new programs.

Thank you for your help.

Re: CISSP Advice on windows 10 antivirus

JKWiniger — Thu, 11 Jun 2020 23:37:54 GMT

I can't say which I like on Windows 10 because it's been some time, but I can mention a few things. It would be very common for me to have clients on antivirus X for a while, and then there would be an update and it would start killing the CPU. So I would switch to antivirus Y, and after a while the same thing would happen and I would change to a new one yet again. In the past when I went looking most top ten sites always listed the same handful as all the others. It wasn't so much of marketing as they simply worked, and yes, once in a while you would find a good one that wasn't on the list. My other go too is Malware Bytes. I tell people to install that and run it sight unseen and it normally find a bunch of stuff...

Also, the one I would never go near, was Norton!

John-

Re: CISSP Advice on windows 10 antivirus

Marcipicus — Fri, 12 Jun 2020 00:10:57 GMT

Thank you for your help.

Exactly what I was looking for.

Cheers

Re: CISSP Advice on windows 10 antivirus

Steve-Wilme — Fri, 12 Jun 2020 14:26:12 GMT

There are independent test lab reports you could examine on the products.

See www.av-test.org/en/ for example.

Products tend to leap frog each other in terms of features and performance so if it's not a large corporate roll out best to reconsider the alternatives every couple of years.

Re: CISSP Advice on windows 10 antivirus

rslade — Fri, 12 Jun 2020 15:10:40 GMT

@JKWiniger wrote:
Also, the one I would never go near, was Norton!

Hear, hear!

Re: CISSP Advice on windows 10 antivirus

Beads — Fri, 12 Jun 2020 18:17:41 GMT

Frankly, I am seeing more major clients simply using Windows Defender from Microsoft and calling it a day. We've add way more than we need at the endpoint, needlessly tying up CPU and memory resources.

If you still want a commercial A/V suggest looking at one of the NG or Next Generation lightweight products such as CrowdStrike, Cylance or any other number of good products out there. Personally, I stopped paying for A/V about five years ago when I realized it had been back in the 90s when I detected my last at home virus. Regardless of the product, my other defenses appear to be robust enough to have stopped most everything else.

Safe computing and good luck with your decision.

- b/eads

Re: CISSP Advice on windows 10 antivirus

ericgeater — Fri, 12 Jun 2020 19:30:47 GMT

I'm here to post another thread about this, because you're asking about AV, and I'm asking about EDR. We just swapped over to Carbon Black, and I'm now weighing the possibility of removing Symantec Endpoint Protection entirely, because of the reputation CB Defense has.

It's roughly the same price annually as Symantec, but apparently it's far more robust than signature-based AV defenses. I'll be curious if you've looked at EDR.

Off to write my other post!

Re: CISSP Advice on windows 10 antivirus

alkuin_melvin — Sun, 14 Jun 2020 04:20:18 GMT

I agree, we should look more to EDR products rather than simple signature-based AV as it have more robust performance and capabilities, just curious for CB do you have any experience of slow down performance and how it compared with other EDR products like Symantec/ TM/ others?

Re: CISSP Advice on windows 10 antivirus

ericgeater — Sun, 14 Jun 2020 12:52:41 GMT

I'm writing this from home, so my notes from the meeting aren't available... but I called CB's tech support so they could explain the difference between their product and SEP. CB is a lightweight client because it only scans your PC at installation. Files are hashed on the PC at scan, and the hashes are uploaded to the cloud in the massive CB database. New software installations also go through the same process.

I inferred that it's possible to install malicious software on your PC, but CB stops the execution (or prevents you from running it) if the risk severity demonstrated by the instant hash comparison determines the program is malicious. That being said, it's doing this work with a live internet connection. i can't say what would happen with a PC that's not connected at that moment.

Re: CISSP Advice on windows 10 antivirus

Brijesh13 — Sat, 20 Jun 2020 06:17:03 GMT

Hi,

As per my suggestion, AV is only traditional way of fighting against new threat landscape. It was old way to find virus and malicious apps. But now trend is changing towards technology which can help not only detection and remediation but also can help in prevention method from such attack. I think CrowdStrike, Morphisec etc. are best now industry and they are next gen. way of detection and prevention method.

Re: CISSP Advice on windows 10 antivirus

rslade — Sat, 20 Jun 2020 18:30:40 GMT

> Brijesh13 (Viewer II) posted a new reply in Tech Talk on 06-20-2020 02:17 AM in

> Hi, As per my suggestion, AV is only traditional way of fighting against new
> threat landscape. It was old way to find virus and malicious apps. But now trend
> is changing towards technology which can help not only detection and remediation
> but also can help in prevention method from such attack. I think CrowdStrike,
> Morphisec etc. are best now industry and they are next gen. way of detection and
> prevention method.

As an old (very old) malware researcher, I get really tired of these "AV is dead,"
"AV needs to be replaced by EPP," etc. type arguments. Most of them are based
on the "straw man" that antivirus technology was only ever simple, direct
signature scanning. That's not the case, and never was. There always have been a
wide variety of technologies under the AV banner, even if *you* never bought
any. There is activity monitoring, activity restricting, change detection,
heuristics, and many variations on the themes. (Well before signature scanning
took over as the major market, the two most widely used antivirals were activity
monitoring, one static, and one dynamic.) These "new" technologies are simply
the old standards, with new marketing pitches and buzzphrases.

======================
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

Re: CISSP Advice on windows 10 antivirus

ericgeater — Mon, 22 Jun 2020 14:00:14 GMT

Rob, thanks for adding to the topic. I created the post because limited resources do not permit us to investigate a wide range of solutions, such as testing the conditional usefulness of Webroot versus Trend Micro versus Symantec Endpoint. We are functionally literate with SEP, but other AV vendors may do many more jobs than SEP, as you mentioned. We just happen to have no experience or concentration with those technologies or vendors. Time and money, money and time.

The same thing applies to our EDP/EPP, which was only recently introduced after an incident.

No matter what, our resources will still be finite at the end of the year. I have a scant few months to determine the ongoing value of our EDP/EPP or our SEP antivirus solution, and determine which one "walks the plank" when department spending says we must keep only one.

Re: CISSP Advice on windows 10 antivirus

rslade — Mon, 22 Jun 2020 21:02:40 GMT

> ericgeater (Contributor II) posted a new reply in Tech Talk on 06-22-2020 10:00

> Rob, thanks for adding to the topic. I created the post because limited
> resources do not permit us to investigate a wide range of solutions, such as
> testing the conditional usefulness of Webroot versus Trend Micro versus Symantec
> Endpoint. We are functionally literate with SEP, but other AV vendors may do
> many more jobs than SEP, as you mentioned. We just happen to have no experience
> or concentration with those technologies or vendors. Time and money, money and
> time. The same thing applies to our EDP/EPP, which was only recently
> introduced after an incident. No matter what, our resources will still be
> finite at the end of the year.

Well, as implied by my post (I hope), you can save a lot of money and time by
learning the underlying basics, and knowing the right questions to ask of the
vendor. (The sales guys won't know, of course, but, if you know the foundations,
somebody will say something that will give you a clue.)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
It is by the goodness of God that in our country we have those
three unspeakably precious things: freedom of speech, freedom of
conscience, and the prudence never to practice either of them.
- Mark Twain (1835-1910), Following the Equator (1897)
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

Re: CISSP Advice on windows 10 antivirus

Steve-Wilme — Wed, 24 Jun 2020 08:35:09 GMT

And of course if you've a locked down build with limited use cases you could look at application whitelisting as an additional defence.