Technology & Social Media What anti virus software do you use?

Discussion in 'Living Room' started by Eric Wu, 21st Sep, 2016.

Join Australia's most dynamic and respected property investment community
  1. hammer

    hammer Well-Known Member

    Joined:
    28th Aug, 2015
    Posts:
    2,854
    Location:
    Darwin
    If you can do it (Not everyone can) Ubuntu is pretty much bulletproof. At least for now.

    If you're tied to a piece of windows-based software, forget it, but if you're primarily using web-based software - It is now a damn fine option.

    If Viruses and security are driving you mental, it is certainly worth at least trialing Ubuntu on a spare computer.
     
    Eric Wu likes this.
  2. Michael V

    Michael V Well-Known Member

    Joined:
    17th Sep, 2016
    Posts:
    68
    Location:
    Adelaide, SA
    Same can be said for OS X, or now macOS. Both are much more secure BUT there is a growing trend of infections.
     
    Eric Wu likes this.
  3. Simon Hampel

    Simon Hampel Founder Staff Member

    Joined:
    3rd Jun, 2015
    Posts:
    12,394
    Location:
    Sydney
    I use ESET Nod32 AV across 10 machines - I tried BitDefender, but found it to be too heavy - really slowed my machines down so went back to ESET, which is very light, you hardly notice it's there.
     
    Eric Wu and Michael V like this.
  4. Michael V

    Michael V Well-Known Member

    Joined:
    17th Sep, 2016
    Posts:
    68
    Location:
    Adelaide, SA
    I did find that with older versions of BitDefender but it has come a long way since :) it's now much lighter on the system. The new "Autopilot" mode is great.
     
    Eric Wu likes this.
  5. Colin Rice

    Colin Rice Mortgage Broker Business Member

    Joined:
    9th Jul, 2015
    Posts:
    3,183
    Location:
    Perth
    Windows Defender
     
    Eric Wu likes this.
  6. TadhgMor

    TadhgMor Well-Known Member

    Joined:
    5th Sep, 2016
    Posts:
    250
    Location:
    Penrith NSW
    o_O Really ! - no safety there !
    @Michael V pointed at some good ones. Personally I use Avast Pro across my Windows machines and Ubuntu for everything else.
    I also populate my windows hosts file with nasty or annoying domains pointing to the loop-back interface of the PC. That way if you bounce of some web sites that throw a popup to www.nasty.site you just get a blank page.
     
    Eric Wu likes this.
  7. chylld

    chylld Well-Known Member

    Joined:
    24th Jun, 2015
    Posts:
    1,701
    Location:
    Sydney
    Just upgraded from Kaspersky Anti-Virus to Kaspersky Internet Security, and frankly do not recommend it. It's very intrusive even with most of the options turned off.

    Windows Defender is most probably sufficient for a typical home PC scenario.
     
    Eric Wu and Michael V like this.
  8. Michael V

    Michael V Well-Known Member

    Joined:
    17th Sep, 2016
    Posts:
    68
    Location:
    Adelaide, SA
    Kaspersky can be very intrusive but it gets a hell of a job done ;)
     
    Eric Wu likes this.
  9. Simon Hampel

    Simon Hampel Founder Staff Member

    Joined:
    3rd Jun, 2015
    Posts:
    12,394
    Location:
    Sydney
    That's good to know - was probably 3-4 years ago that I last tried it
     
    Eric Wu and Michael V like this.
  10. chylld

    chylld Well-Known Member

    Joined:
    24th Jun, 2015
    Posts:
    1,701
    Location:
    Sydney
    No doubt about that, just wish it was a bit more transparent without the browser alerts and windows notifications all the time. 2 years to go on the family subscription so....
     
    Michael V likes this.
  11. Michael V

    Michael V Well-Known Member

    Joined:
    17th Sep, 2016
    Posts:
    68
    Location:
    Adelaide, SA
    For this reason BitDefender may be better :) I don't even notice it running! Blissful.
     
    Eric Wu likes this.
  12. Ed Barton

    Ed Barton Well-Known Member

    Joined:
    18th Jun, 2015
    Posts:
    2,229
    Location:
    Brisbane
    I just go bareback!
     
  13. CosmicTrevor

    CosmicTrevor Well-Known Member

    Joined:
    18th Jun, 2015
    Posts:
    134
    Location:
    Sydney
    I run ICT for an Enterprise, there is little point in debating one package or another as none will stop everything. Essentially a defense in depth approach that includes user awareness is the prudent approach, so;
    • Relentless education that the default position is to not; click hyperlinks in emails, trust memory cards/sticks or attachments in emails. Encourage a culture of quick disclosure rather than punitive action when people make a mistake, celebrate the wins every time.
    • End point A/V - anything - it doesn't really matter. Basically you need to decide if it is signature based, reputation based, uses heuristics or a combination of these and then choose something that meets your budget and manageability goals. I currently use Sophos, it is a mature signature based product with a heuristics engine as well. I would not bother trying to compare it to other products, as I said there is little point.
    • Multiple secure email gateways intended to reject spam, malicious emails and malicious attachments. In my infrastructure, which is about 3000 end points (roughly 1000 non-domain devices) I use 3 layers here, one of which includes sand boxing - the ability to play through embedded code, attachments and remote code executing on malicious domains in an attempt to detect and thwart zero day threats.
    • Firewall to block normal web based threats and out bound signals to bot nets / command and control computers that instruct end points what to do. Viruses now are clever enough to detect when they are sand boxed and adopt a passive state so they look harmless - thus interrupting outbound signals is also important when they activate themselves. An example of this is to block outbound SMTP traffic unless it originates from a trusted mail relay/gateway/server.
    • Web proxies that establish policy on what certain end points can do - eg, not allow downloading of certain file types, not allowing certain types of sites to be visited, eg proxy & translator sites, VPN sites etc. Part of this is deep inspection of SSL traffic - if you don't do this you might as well not bother with a web proxy.
    • Backups of databases, files and server images. Three copies of items, across two sites one of which is offsite. Tested recovery procedures.
    With the above approach we interrupt a large proportion of infections and are able to recover when we have to. Of the above the first and last layers are the most important. The above may seem a bit OTT, but I have a zero tolerance approach to losing data, ie the loss of one data item is intolerable to me.
    I have to use recovery procedures on average once every 3 months, thankfully not on an entire server yet.
    My favourite story is kicking external IT auditors off our network when we detected they were using infected computers and memory sticks. Lets just say I kept that one up my sleeve for when their final report was delivered ;-)
     
  14. Simon Hampel

    Simon Hampel Founder Staff Member

    Joined:
    3rd Jun, 2015
    Posts:
    12,394
    Location:
    Sydney
    ... I like this approach @CosmicTrevor ... if I may summarise it into two parts:

    1. recognise that people are the weakest part of your infrastructure - put effort into educating them and keeping them onside so they are prepared to put up with some level of inconvenience

    2. assume the worst - something will eventually get through, make sure you can recover all data from some point in the past ... and test your recovery procedures!
     
    Michael V likes this.
  15. Eric Wu

    Eric Wu Well-Known Member Business Member

    Joined:
    8th Oct, 2016
    Posts:
    1,603
    Location:
    Australia
    thanks guys, my humble choice for myself : BitDefender
     
    Michael V likes this.
  16. CosmicTrevor

    CosmicTrevor Well-Known Member

    Joined:
    18th Jun, 2015
    Posts:
    134
    Location:
    Sydney
    That's pretty much it Simon. The weakest link is the people, therefore they will make mistakes and us IT guys need to be ready for it.
    The criminals make a lot more money than the security companies and they don't have to follow any rules. They own all of the security tools and they release test the malware against them.
    I neglected to mention above that it is important to apply patches and security updates to devices and servers regularly. It isn't easy to stay up to date on this if you are trying to minimise business impact.
     
    TadhgMor and Simon Hampel like this.