What do I *really* need for computer protection?
February 20, 2022 2:55 PM Subscribe
I have Avast paid subscriptions for Avast Premium Security (multi-device) and Clean Up as well as Malwarebytes. I feel like this is overkill but I am a complete luddite when it comes to computer security. What do I need?
Not surprisingly, Avast keeps trying to upsell me on encrypted VPNs and other options. I don't do any sketchy browsing and honestly I can't imagine that anyone would be interested in my internet usage such that a VPN would be necessary. I feel like I'm getting fleeced by Avast but I don't know what I really need.
Not surprisingly, Avast keeps trying to upsell me on encrypted VPNs and other options. I don't do any sketchy browsing and honestly I can't imagine that anyone would be interested in my internet usage such that a VPN would be necessary. I feel like I'm getting fleeced by Avast but I don't know what I really need.
if you can share which machines & operating systems you wish to protect, you may get more specific advice.
If your machines are running recent versions of windows, then that comes with microsoft's built-in windows defender functionality for anti virus and anti malware. if i were running windows, i'd uninstall all 3rd party antivirus tools such as avast, malwarebytes, etc, and solely rely on built-in defender.
make sure you have enabled security updates on your machines so that you can quickly install security patches whenever they become available for newly discovered vulnerabilities.
posted by are-coral-made at 3:06 PM on February 20, 2022 [6 favorites]
If your machines are running recent versions of windows, then that comes with microsoft's built-in windows defender functionality for anti virus and anti malware. if i were running windows, i'd uninstall all 3rd party antivirus tools such as avast, malwarebytes, etc, and solely rely on built-in defender.
make sure you have enabled security updates on your machines so that you can quickly install security patches whenever they become available for newly discovered vulnerabilities.
posted by are-coral-made at 3:06 PM on February 20, 2022 [6 favorites]
Ditto for macOS.
with a fully-updated OS, the main problems seem to be:
* sketchy software installations - install software only from the App store (and then, exercise caution)
* sketchy browser plugins - ditto
* falling for social engineering scams "Hello, Taffeta, this is Windows calling, you have a hack, could you give me your password and credit card number?"
posted by soylent00FF00 at 3:07 PM on February 20, 2022 [1 favorite]
with a fully-updated OS, the main problems seem to be:
* sketchy software installations - install software only from the App store (and then, exercise caution)
* sketchy browser plugins - ditto
* falling for social engineering scams "Hello, Taffeta, this is Windows calling, you have a hack, could you give me your password and credit card number?"
posted by soylent00FF00 at 3:07 PM on February 20, 2022 [1 favorite]
Forgot to add: it seems these days that running a browser Ad-blocker is really important too (since often, malware comes delivered through website advertisements).
The problem is that it's not clear always which AdBlocker plugin to trust.
posted by soylent00FF00 at 3:09 PM on February 20, 2022
The problem is that it's not clear always which AdBlocker plugin to trust.
posted by soylent00FF00 at 3:09 PM on February 20, 2022
Best answer: Personally you don't need anything more, especially if you're not doing international streaming or whatever.
I use Windows 10 and just use Windows Defender. I have Malwarebytes as a post-infection scan/clean backup. But I honestly can't remember the last time I've had any issue... 2014?
Frankly I wouldn't even sub to Avast... I know I used them when AVG started to turn shady.
But I feel like there was something they were doing (maybe the pushiness?) but I decided to not use it after Windows Defender. I far more trust MS than these antivirus companies.
Others may have a different opinion, and I'd love to hear other things, but yeah Malwarebytes (for post infection cleanup - again haven't really needed it for my personal use since maybe 2014). And Defender.
Frankly, the more important thing is to learn safe browsing habits.
Obviously don't click on strange links, learn how to read URLs (especially in email). Realize that your "friends" can send a link (if their account is hacked) and you might click on a message that was sent out of the blue by your friends hacked account. I've known 3 people who have this done to them.
Things like that there might be some good "online hygiene"/practices site you can use to learn tips on what to avoid clicking, etc...
Also?
GET UBLOCK ORIGIN RIGHT NOW. PUT IT ON YOUR BROWSER.
(or any safe/solid ad blocker, ublock has been good for me)
It's an adblocker, probably one of the most effective tools you can have to prevent things getting in. Plus you can prevent being clobbered with ads all the time.
posted by symbioid at 3:12 PM on February 20, 2022 [2 favorites]
I use Windows 10 and just use Windows Defender. I have Malwarebytes as a post-infection scan/clean backup. But I honestly can't remember the last time I've had any issue... 2014?
Frankly I wouldn't even sub to Avast... I know I used them when AVG started to turn shady.
But I feel like there was something they were doing (maybe the pushiness?) but I decided to not use it after Windows Defender. I far more trust MS than these antivirus companies.
Others may have a different opinion, and I'd love to hear other things, but yeah Malwarebytes (for post infection cleanup - again haven't really needed it for my personal use since maybe 2014). And Defender.
Frankly, the more important thing is to learn safe browsing habits.
Obviously don't click on strange links, learn how to read URLs (especially in email). Realize that your "friends" can send a link (if their account is hacked) and you might click on a message that was sent out of the blue by your friends hacked account. I've known 3 people who have this done to them.
Things like that there might be some good "online hygiene"/practices site you can use to learn tips on what to avoid clicking, etc...
Also?
GET UBLOCK ORIGIN RIGHT NOW. PUT IT ON YOUR BROWSER.
(or any safe/solid ad blocker, ublock has been good for me)
It's an adblocker, probably one of the most effective tools you can have to prevent things getting in. Plus you can prevent being clobbered with ads all the time.
posted by symbioid at 3:12 PM on February 20, 2022 [2 favorites]
a bit more evidence to evaluate the trustworthiness of ublock origin:
mozilla like it:
https://addons.mozilla.org/blog/ublock-origin-everything-you-need-to-know-about-the-ad-blocker/
at least 9 random people on hackernews like it:
https://news.ycombinator.com/item?id=28411616
here's what ublock origin's author has to say:
https://github.com/gorhill/uBlock/wiki/Can-you-trust-uBlock-Origin%3F
posted by are-coral-made at 3:18 PM on February 20, 2022 [3 favorites]
mozilla like it:
https://addons.mozilla.org/blog/ublock-origin-everything-you-need-to-know-about-the-ad-blocker/
at least 9 random people on hackernews like it:
https://news.ycombinator.com/item?id=28411616
here's what ublock origin's author has to say:
https://github.com/gorhill/uBlock/wiki/Can-you-trust-uBlock-Origin%3F
posted by are-coral-made at 3:18 PM on February 20, 2022 [3 favorites]
I personally believe Norton have turned to the dark side when they decided to use your CPU power while idle to mine their own crypto. No, I am NOT kidding. And Norton had been talking to acquire Avast since late 2021, and just haven't completed the paperwork yet. Norton already turned another free AV company, Avira, into a crypto-miner.
I don't run antivirus other than what Win10 comes with, but I am also very conscious in not clicking on random links.
I do not run VPN, but then I don't run anything that would necessitate me to take such a measure. I can see some security scenarios that would need it to be so, but most of you and I are not in that category.
posted by kschang at 4:10 PM on February 20, 2022 [6 favorites]
I don't run antivirus other than what Win10 comes with, but I am also very conscious in not clicking on random links.
I do not run VPN, but then I don't run anything that would necessitate me to take such a measure. I can see some security scenarios that would need it to be so, but most of you and I are not in that category.
posted by kschang at 4:10 PM on February 20, 2022 [6 favorites]
Another vote for just using using Defender if at all possible with automatic updates. I don't know if it is just the nature of the beast, malfeasance on Microsoft's part or incompetence on the virus scanning companies (or on preview out right maliciousness by the companies) but it seems like all the major virus scanners are incredibly resource heavy. Defender updates can be incorporated without a restart.
posted by Mitheral at 5:56 PM on February 20, 2022
posted by Mitheral at 5:56 PM on February 20, 2022
The problem is that it's not clear always which AdBlocker plugin to trust.
It's perfectly clear. Trust uBlock Origin, and don't trust any browser that won't run it.
On Windows, uBlock Origin is as good a main line of defence as any you'll get, and Windows Defender along with the updates it collects automatically by default from Windows Update is as good a backstop, and the free version of Malwarebytes is as good a cleanup engine as you're ever likely to need. There is no need at all to pay money for anti-malware software in 2022, and anybody who is already paying money for anti-malware software in 2022 should immediately cancel any outstanding subscription and then uninstall that software (doing it the other way around is usually fiddlier).
All you're doing with your paid anti-malware software is slowing your Windows box down and increasing its attack surface. uBlock Origin, by way of stark contrast, will both speed up your browsing because it avoids the wasted bandwidth that would otherwise be consumed by reams of useless advertising, and make your installation safer because compromised advertising servers are still the single most common vector for malware and simply never loading anything from an advertising server will avoid inviting in the other malware as well.
posted by flabdablet at 8:10 PM on February 20, 2022 [8 favorites]
It's perfectly clear. Trust uBlock Origin, and don't trust any browser that won't run it.
On Windows, uBlock Origin is as good a main line of defence as any you'll get, and Windows Defender along with the updates it collects automatically by default from Windows Update is as good a backstop, and the free version of Malwarebytes is as good a cleanup engine as you're ever likely to need. There is no need at all to pay money for anti-malware software in 2022, and anybody who is already paying money for anti-malware software in 2022 should immediately cancel any outstanding subscription and then uninstall that software (doing it the other way around is usually fiddlier).
All you're doing with your paid anti-malware software is slowing your Windows box down and increasing its attack surface. uBlock Origin, by way of stark contrast, will both speed up your browsing because it avoids the wasted bandwidth that would otherwise be consumed by reams of useless advertising, and make your installation safer because compromised advertising servers are still the single most common vector for malware and simply never loading anything from an advertising server will avoid inviting in the other malware as well.
posted by flabdablet at 8:10 PM on February 20, 2022 [8 favorites]
Best answer: I want to second the crowd here: antiviruses that aren't Defender are basically always more trouble than they're worth and less useful than they claim.
My advice is, cancel the Avast/Malwarebytes stuff, get a browser (I like Firefox, myself) that supports uBlock Origin and install uBO.
Use a password manager - again, Firefox has one built-in, works great - and whenever possible let the machine pick strong, unique-per-site passwords for you and don't bother remembering them yourself. Let the machine do that work. One nice part of not knowing or caring what any of your passwords are is that it's super-difficult to get phished by accident: if your browser doesn't know the password to some site that it should, it's probably not the site you think it is, and you can close the tab directly. I haven't typed out a password in a long, long time.
Set up two factor authentication for your email and any other places that will support it, but _definitely_ for the personal accounts that are the skeleton keys to your whole life. Pick a longish and complicated pass _phrase_, not pass_word_, for this account. Let your password manager remember it, but also write it down and put that paper in a drawer somewhere.
Finally, whenever your browser or operating system says there's an automatic update pending, update that day.
posted by mhoye at 6:21 AM on February 21, 2022 [4 favorites]
My advice is, cancel the Avast/Malwarebytes stuff, get a browser (I like Firefox, myself) that supports uBlock Origin and install uBO.
Use a password manager - again, Firefox has one built-in, works great - and whenever possible let the machine pick strong, unique-per-site passwords for you and don't bother remembering them yourself. Let the machine do that work. One nice part of not knowing or caring what any of your passwords are is that it's super-difficult to get phished by accident: if your browser doesn't know the password to some site that it should, it's probably not the site you think it is, and you can close the tab directly. I haven't typed out a password in a long, long time.
Set up two factor authentication for your email and any other places that will support it, but _definitely_ for the personal accounts that are the skeleton keys to your whole life. Pick a longish and complicated pass _phrase_, not pass_word_, for this account. Let your password manager remember it, but also write it down and put that paper in a drawer somewhere.
Finally, whenever your browser or operating system says there's an automatic update pending, update that day.
posted by mhoye at 6:21 AM on February 21, 2022 [4 favorites]
Use a password manager - again, Firefox has one built-in, works great
Strongly seconding using a good password manager. It takes a bit of discipline to get all your accounts stored in one, but not sharing passwords across different services is the single best security improvement that most people will ever make, and if every password you ever use is long and machine-generated at random then none of them will ever be guessed, not even if the black hat doing the guessing has got hold of an exfiltrated database full of credential hashes to check the guesses against at billions of guesses per second.
If you'd rather not tie your password management to one specific browser, KeePassXC is an excellent stand-alone password manager that keeps your passwords in an encrypted file that you can safely store wherever you like; I keep mine in a Dropbox folder so that it backs itself up across all my devices and becomes accessible from any of them.
As well as being able to get passwords into anything (not just browsers) via copy/paste, drag/drop or auto-type, KeePassXC can also integrate directly with browsers via companion browser extensions.
Using Firefox's inbuilt Lockwise password manager is certainly the easiest way to get started with password management tools, and if you add a master password to it, it achieves security close enough to KeePassXC's as to be not worth switching for security alone. But if at a later stage you want to switch browsers and take all your saved credentials with you, Lockwise will let you export all the passwords it's saved as a simple CSV file (not protected in any way!) that you can subsequently import into KeePassXC, then overwrite and delete.
posted by flabdablet at 10:41 AM on February 21, 2022 [1 favorite]
Strongly seconding using a good password manager. It takes a bit of discipline to get all your accounts stored in one, but not sharing passwords across different services is the single best security improvement that most people will ever make, and if every password you ever use is long and machine-generated at random then none of them will ever be guessed, not even if the black hat doing the guessing has got hold of an exfiltrated database full of credential hashes to check the guesses against at billions of guesses per second.
If you'd rather not tie your password management to one specific browser, KeePassXC is an excellent stand-alone password manager that keeps your passwords in an encrypted file that you can safely store wherever you like; I keep mine in a Dropbox folder so that it backs itself up across all my devices and becomes accessible from any of them.
As well as being able to get passwords into anything (not just browsers) via copy/paste, drag/drop or auto-type, KeePassXC can also integrate directly with browsers via companion browser extensions.
Using Firefox's inbuilt Lockwise password manager is certainly the easiest way to get started with password management tools, and if you add a master password to it, it achieves security close enough to KeePassXC's as to be not worth switching for security alone. But if at a later stage you want to switch browsers and take all your saved credentials with you, Lockwise will let you export all the passwords it's saved as a simple CSV file (not protected in any way!) that you can subsequently import into KeePassXC, then overwrite and delete.
posted by flabdablet at 10:41 AM on February 21, 2022 [1 favorite]
Best answer: Security remains a layered inconvenience. The goal is to spend a little effort to make it so much more effort for someone to attack you. We have homes and workplaces we secure in a variety of ways and stack safeguard on top of safeguard, so think like that about securing your online and computer-enabled life. Plus also factor in some time to do the equivalent of checking smoke alarm batteries and making sure you've got candles and heating for a power outage
I'm torn about saying: Pay for products that help. Many scanners became scammers, and ultimately the best defence comes from the infrastructure you're using: in Windows, Defender is native and by Microsoft; the walled garden approach of the App Store/Play Store in Apple and Android platforms make it difficult for arbitrary code to run and put it on you to not download and install things that look too good to be true. If good software doesn't need to track user data or mine cryptocurrencies because it's on a subscription, that's clearly a better state to be in.
Nothing you don't want should get into your computers and home network
* Have WiFi passwords and look to update your devices to use the latest WPA3 radio-level encryption
* Check your firewall: routers are typically configured to firewall external connections, as are most contemporary operating systems
* Use an ad-blocker -- either install a plugin in your web browser or put a device, such as a PiHole, on your network that swallows all the requests for ad-related content
* Lock your home screens when away from computers
* Don't plug random devices from unknown or unexpected sources into your computers
* Don't open attachments you weren't expecting
* Don't click through from email messages to log in to things, you have to find the right entrypoint yourself
Stay updated
* Apply updates soon after they come out -- attackers are looking at 'what's changed' to find vulnerabilities they didn't know about
* Be prepared to say goodbye to hardware that's no longer supported or getting security updates -- budget to replace it
Scan for things
* Windows Defender is reliable and embedded in the Windows OS
* macOS is gaining more malware attackers, and MalwareBytes has a solid cross-platform reputation
* ClamAV also exists for scanning files for signatures of known malware
Use 'a thing you have' as well as 'a password you know' for as many online accounts as you can
* Use a password vault and the long-ish random passwords it generates with a decent 'master password' for the vault
* Use a device that can provide codes alongside the password you know
* Or run an app that contains secrets matching the online service's secrets
* Or, if you're not in the USA or another place where it's easy to clone access to a cellphone SIM, get codes sent to your phone number
* When you set these up, there will be emergency codes to allow access when password or device is unavailable, and you will need to store these securely, say printed or written down, in a filing cabinet
Have some redundancy
* Backup copies of your data
* Redundant slices by age to recover 'before event X'
* Redundant slices at home available immediately
* Redundant slices at home disconnected and powered down
* Redundant slices in another site, either web or family/friends
* Installers to recreate the apps and operating systems you're using
* Verify your backups -- go through the steps to be sure you can recover the data you're storing in the backup
* An array of inexpensive disks arranged with redundancy (RAID) can tolerate faults in the disks but is not a backup
What to do when you think I've caught some kind of online infection
* Don't panic
* You won't lose data if your secure approach includes having offline (powered down and not networked) backups as well as offsite backups (i.e. those in another location) plus also an extreme plan to 'redo from start'
* Have a playbook that you drill and update for this:
+ Update the malware scanner's definitions
+ Disconnect the machine from the network
+ Run the scanner to see the extent of the problem, and follow its instructions to resolve
+ If it can't be resolved, you escalate to resintalling the OS and restoring data from backups
+ If it's still a problem and the malware persists, replace the hardware and restore data from backups
+ If it's still a problem and the backups you were using also contain malware, find the youngest edition of the backups that don't
+ If still an issue, recreate what data you can from scanned and cleaned backups
Bonus:
"The Advert-Funded Web is Bad"
Use an Ad-Blocker, because...
* Companies bid to put adverts on web pages
* Malicious companies bid while lying about the content they supply
* Clear your caches of Cookies and Local Storage: there's tech to run web pages (and advert-supplied parts of web pages) really fast in a security sandbox within your web browser, but little control over long-term storage and network traffic, which means that from time to time these need to be cleared out
posted by k3ninho at 1:25 PM on February 21, 2022 [4 favorites]
I'm torn about saying: Pay for products that help. Many scanners became scammers, and ultimately the best defence comes from the infrastructure you're using: in Windows, Defender is native and by Microsoft; the walled garden approach of the App Store/Play Store in Apple and Android platforms make it difficult for arbitrary code to run and put it on you to not download and install things that look too good to be true. If good software doesn't need to track user data or mine cryptocurrencies because it's on a subscription, that's clearly a better state to be in.
Nothing you don't want should get into your computers and home network
* Have WiFi passwords and look to update your devices to use the latest WPA3 radio-level encryption
* Check your firewall: routers are typically configured to firewall external connections, as are most contemporary operating systems
* Use an ad-blocker -- either install a plugin in your web browser or put a device, such as a PiHole, on your network that swallows all the requests for ad-related content
* Lock your home screens when away from computers
* Don't plug random devices from unknown or unexpected sources into your computers
* Don't open attachments you weren't expecting
* Don't click through from email messages to log in to things, you have to find the right entrypoint yourself
Stay updated
* Apply updates soon after they come out -- attackers are looking at 'what's changed' to find vulnerabilities they didn't know about
* Be prepared to say goodbye to hardware that's no longer supported or getting security updates -- budget to replace it
Scan for things
* Windows Defender is reliable and embedded in the Windows OS
* macOS is gaining more malware attackers, and MalwareBytes has a solid cross-platform reputation
* ClamAV also exists for scanning files for signatures of known malware
Use 'a thing you have' as well as 'a password you know' for as many online accounts as you can
* Use a password vault and the long-ish random passwords it generates with a decent 'master password' for the vault
* Use a device that can provide codes alongside the password you know
* Or run an app that contains secrets matching the online service's secrets
* Or, if you're not in the USA or another place where it's easy to clone access to a cellphone SIM, get codes sent to your phone number
* When you set these up, there will be emergency codes to allow access when password or device is unavailable, and you will need to store these securely, say printed or written down, in a filing cabinet
Have some redundancy
* Backup copies of your data
* Redundant slices by age to recover 'before event X'
* Redundant slices at home available immediately
* Redundant slices at home disconnected and powered down
* Redundant slices in another site, either web or family/friends
* Installers to recreate the apps and operating systems you're using
* Verify your backups -- go through the steps to be sure you can recover the data you're storing in the backup
* An array of inexpensive disks arranged with redundancy (RAID) can tolerate faults in the disks but is not a backup
What to do when you think I've caught some kind of online infection
* Don't panic
* You won't lose data if your secure approach includes having offline (powered down and not networked) backups as well as offsite backups (i.e. those in another location) plus also an extreme plan to 'redo from start'
* Have a playbook that you drill and update for this:
+ Update the malware scanner's definitions
+ Disconnect the machine from the network
+ Run the scanner to see the extent of the problem, and follow its instructions to resolve
+ If it can't be resolved, you escalate to resintalling the OS and restoring data from backups
+ If it's still a problem and the malware persists, replace the hardware and restore data from backups
+ If it's still a problem and the backups you were using also contain malware, find the youngest edition of the backups that don't
+ If still an issue, recreate what data you can from scanned and cleaned backups
Bonus:
"The Advert-Funded Web is Bad"
Use an Ad-Blocker, because...
* Companies bid to put adverts on web pages
* Malicious companies bid while lying about the content they supply
* Clear your caches of Cookies and Local Storage: there's tech to run web pages (and advert-supplied parts of web pages) really fast in a security sandbox within your web browser, but little control over long-term storage and network traffic, which means that from time to time these need to be cleared out
posted by k3ninho at 1:25 PM on February 21, 2022 [4 favorites]
Response by poster: Many thanks to all! I have Windows Defender humming away, have unsubscribed from Avast, and already had uBlock (most likely because I read about it here). I use Last Pass for my password manager and will probably keep Malwarebytes because it is a low price point and is good for that rogue virus that could pop in. I get lots of internet hygiene training through work so I am wary of links and Gmail does a good job of letting me know if they are suspicious.
posted by tafetta, darling! at 1:55 PM on February 21, 2022 [2 favorites]
posted by tafetta, darling! at 1:55 PM on February 21, 2022 [2 favorites]
This thread is closed to new comments.
posted by jozxyqk at 3:03 PM on February 20, 2022 [15 favorites]