New PC laptop seeks security
December 30, 2015 1:41 PM   Subscribe

Best security software for my new Windows 10 laptop? Any other advice to ensure my computer's life gets off to a good start?

It's a Lenovo Yoga 900, running Windows 10.

I posted a similar question 4 years ago. Answers there served me quite well. I suspect the landscape has changed, so with a new machine, I'm asking again!

Based on samsara's advice in prior post, I had Secunia PSI, which has seemed helpful -- is Secunia still worth doing on this new machine? My primary user login is set up as a non-Admin account. I have Kaspersky Internet Security with another 1/2 year left, and I'm wondering if that program is still recommended, whether I should switch to something else when that expires (or sooner) or just renew the subscription?

What other guidance does the hive mind offer for a new computer setup?
posted by quinoa to Computers & Internet (7 answers total) 9 users marked this as a favorite
Kaspersky Internet Security is still good. Norton is OK. I'd stick with Kaspersky. I've never heard of Secunia PSI. Microsoft Windows Update is fine, so forget that "patching service" and just put Win Update on automatic. Avoid those free AV's recommended in your old post. Use Kaspersky or Norton. Norton is not as bad as old post claims, in fact it is doing fine on couple of hundred machines I admin. Whatever you use--keep it up to date.
posted by nogero at 2:25 PM on December 30, 2015

The last time I saw this discussion go by, someone suggested Ninite. It seems too good to be true, but apparently, it's true.
posted by The Bellman at 2:35 PM on December 30, 2015

* Absolutely use Secunia PSI. It keeps Flash, PDF and Java patched, which are the most common attack vectors. It also keeps your other software up to date.
* I don't see the need to use anything other than the included Windows anti-virus. Safe browsing (not opening unusual email, staying away from sketchy sites and using Adblock) is going to be your best bet.

Don't go buy some all-in-one security suite. They do more harm than good.
posted by cnc at 3:23 PM on December 30, 2015

Unless you have an actual reason to use it, flat out disable access to Java from all the browsers. Disable Flash too if you can get away with it.

If you can do so without going crazy or whitelisting everything to the point you might as well not be using it, I recommend Firefox with NoScript as the primary browser with no Java, Flash, or external PDF software and Chrome for the limited set of sites that you want to use Flash on.

Back up the entire system as a disk image periodically onto external hard drives so you can more easily recover if you do get infected.

Don't count on network storage as being safe for backing up things onto. The growing trend in malware is to encrypt files like images and demand money to decrypt them. If you are backing up files onto network accessible storage, even if you have RAID on it, that doesn't protect you from malicious mangling of the files. Keep offline backups of everything that you really care about. Preferably at a friend's house in case of fire or whatever - cloud backup as good and all, but it can be glacially slow to recover files.
posted by Candleman at 5:25 PM on December 30, 2015 [2 favorites]

Best answer: The advice in samsara's answer is still quite sound. Windows 10 includes Windows Defender (which is basically what Microsoft Security Essentials got rebranded to when they included it with Windows), and now that Smart Screen (which checks the safety of files downloaded from the internet) is a Windows-level service, it matters less what browser you use, or whether you have some sort of extension that looks at downloaded files. Pretty much any other antivirus or security suite is going to be either subscription-based or filled with nagware, or both, so I wouldn't bother with anything else. Keep in mind that antivirus is not and never will be a panacea.

The advice to use a limited user account is sound, although with the sorts of malware you get today, it may not protect you from as many of the dangerous threats out there. Malware that encrypts files to hold them hostage can encrypt the ones you care about so long as you have access to them, so allow me to second the advice to look at either an offline backup strategy, or if you must do online backups, look for a solution that allows you to revert to previous (hopefully uncorrupted) versions of files.

For defense in depth, do not install Java, unless you have an absolute need for it. This used to be Minecraft for me, but recent versions of Minecraft come with its own Java runtime that only runs Minecraft. If you do install Java, disable it for your browser. If you must have the Java browser plugin for something (say a Line of Business app), use a separate browser just for that thing, and do your normal browsing on a browser that has the plugin disabled. Seriously, there is nothing good that comes from keeping the Java plugin enabled on browsers these days.

If you can get away with disabling flash, definitely do so, although this is a harder sell, since it is much more widely used. You may want to look at using one of the flash blocker extensions for your browser, like FlashBlock for Firefox or Flashcontrol for Chrome, which prevent Flash from running until you click something to allow it.

There is very likely no need to install Adobe Reader unless you have very specific needs for working with PDFs. There is a built-in reader that offers basic functionality that is sufficient for most users, and even if you need something a bit more advanced, it's likely that SumatraPDF or Foxit Reader will be able to handle it.
posted by Aleyn at 7:25 PM on December 30, 2015 [3 favorites]

You may want to look at using one of the flash blocker extensions for your browser, like FlashBlock for Firefox or Flashcontrol for Chrome, which prevent Flash from running until you click something to allow it.

It may have changed since I checked a few years ago, but Flashblock is/was still vulnerable to attack code - it only keeps the user from seeing the flash applet, so malware can still run. Chrome now has the ability to set plugin content, including Flash, to only run when the user clicks on it without needing a plugin for it.
posted by Candleman at 7:49 PM on December 30, 2015

Response by poster: Thanks, all! Appreciate you pointing me in the right direction.
posted by quinoa at 4:18 PM on January 1, 2016

« Older When did GE stop making this crappy dishwasher?   |   What should I do about cockroaches in AirBNB place... Newer »
This thread is closed to new comments.