Security tools for use with/without an AV
-
Many people prefer to not use an Antivirus, or simply rely on the built-in protections offered by the OS.
You may wish to have access to standalone AV scanning and extra defences for your OS and browsers.Here are a few suggestions that will not clutter your PC or slow it down.
https://www.virustotal.com/en/documentation/browser-extensions/
https://add0n.com/virus-checker.html
https://www.opswat.com/free-tools/secure-online-downloadinghttps://www.novirusthanks.org/products/syshardener/
https://www.novirusthanks.org/products/driver-radar-pro/
https://www.novirusthanks.org/products/osarmor/For experts that use Yara rules
https://www.novirusthanks.org/products/yaguard/HerdProtect scanner has been removed from the home page but the new version may never arrive, so you can still use the old version.
https://www.majorgeeks.com/files/details/herdprotect.html
(HerdProtect uses the VirusTotal site)OPSWAT has a free standalone scanner that uses VirusTotal style multi-engines, and has more advanced features if used with an API key or account
https://www.opswat.com/free-tools/free-malware-analysis-tool
https://chrome.google.com/webstore/detail/opswat-file-security-for/fjampemfhdfmangifafmianhokmpjbcj -
I use the Dr.Web extension, which allows me to scan with all the online AV to suspicious URLs from the context menu and also blocks fraudulent sites
-
Thanks for that information Doc.
While I'm still a firm believer in running a dedicated AV solution, I also believe in having the necessary tools to figure out problems on my own. For things like PUPs, they are not always detected as virus/malware, because they don't necessarily harm your machine, just annoy you with popups. So you need tools to handle these as well.It's important to learn how to clean up your system. The Novirusthanks site looks good, and I like small portable tools for diagnosis. They seem to do a lot of what the Nirsoft tools already do, but nice with alternatives.
http://launcher.nirsoft.net/Also the Sysinternals package is a must-have for anyone interested in understanding how your system works:
https://docs.microsoft.com/en-gb/sysinternals/downloads/sysinternals-suiteI've been using Avast for years now, but recently have been disappointed in it, their practice of constantly nagging me to upgrade to a more expensive version, and the support has gone to the dogs, likely outsourced to somewhere South Asian. So when my current subscription runs out I will find something else.
-
Currently with Linux I do not have the need for an AV, but to block certain crawlers and highjackers, which can also affect.
In Windows I have always had the best experience with the Panda AV, which I consider one of the best and most efficient today, even in its free version -
Bad URL blocking isn't a feature of the extensions I recommended, which can be dealt with in a HOSTS file aimed at malware and malvertising.
I figured I would leave the AV vendor specific extensions for a different post, but perhaps I should have included a few that don't need the AV to be installed.Dr.Web is one I used to use in Opera, but since modern browsers now run another instance for each extension I cut back and rely on the Avira extension plus the 3rd party VT extension from the add0ns site.
Bitdefender Traffic light and Malwarebytes browser extension are also worth a look at.Oh yes, NirSoft suite is installed on all my PCs and a USB stick
I also include most of the other supported suites of tools in the folder, plus add the sysinternals updater to the sysinternals folder http://www.wieldraaijer.nl (more handy nerd tools here).
Actually I use the Nirsoft suite so often it is set as a permanent icon in the top section of my start menu.
Hehe, as many of you will notice, not using a runtime AV means you don't suffer with it trying to kill the NirSoft password tools.The topic of Linux users and AV is a bone of contention with me, possibly worth a wider discussion in its own thread.
In my opinion, if the Linux world had adopted AV scanning years ago, the web servers of the world would not be the infested cesspits they are.
People hosting on Windows are ironically more likely to be free from known malware due to the higher likelihood of having an AV system running on it.Linux and Mac may not be as targeted, but they are unwitting plague carriers.
Whoopdedoo, you may be safe, but what about others that connect to you ? -
@Pathduck said in Security tools for use with/without an AV:
For things like PUPs, they are not always detected
AVG used to do a good job t cleaning them but you delve way deep into its settings to toggle that function.
Not sure now. Have not used it in a over a year. -
@Dr-Flay said in Security tools for use with/without an AV:
Linux and Mac may not be as targeted, but they are unwitting plague carriers.
Whoopdedoo, you may be safe, but what about others that connect to you ?Incredibly lazy specious argument. Thing A is fundamentally security-porous, Thing B is not. Proponents of TA argue that instead of TA being redesigned to eliminate its flaws, somehow TB is responsible for their woes.
Hand, meet forehead.
-
Windows as the most attacked OS of all is also the best prepared to defend itself with the most security tools at your disposal. That's where Linux and Mac fail. It is not the question that one OS is safer than another, but simple statistics. Another cuestiΓ³n is the privacy.
-
@Dr-Flay said in Security tools for use with/without an AV:
Hehe, as many of you will notice, not using a runtime AV means you don't suffer with it trying to kill the NirSoft password tools.
A couple of years back I wanted to use Process Explorer on my PC at work. So I installed the whole suite. 10 minutes later I got a call from the security guys - the AV suite had triggered alarms and they were wondering what the hell I was doing. I explained it and just deleted the ones I didn't really need.
Kind of can understand it though, with names like "smsniff.exe" and "socketsniff.exe" :smiling_face_with_open_mouth_closed_eyes:
Linux vs Windows... been there done that, not going down that rabbit hole
-
@Pathduck said in Security tools for use with/without an AV:
@Dr-Flay said in Security tools for use with/without an AV:
Hehe, as many of you will notice, not using a runtime AV means you don't suffer with it trying to kill the NirSoft password tools.
A couple of years back I wanted to use Process Explorer on my PC at work. So I installed the whole suite. 10 minutes later I got a call from the security guys - the AV suite had triggered alarms and they were wondering what the hell I was doing. I explained it and just deleted the ones I didn't really need.
Kind of can understand it though, with names like "smsniff.exe" and "socketsniff.exe" :smiling_face_with_open_mouth_closed_eyes:
Linux vs Windows... been there done that, not going down that rabbit hole
It is not to make comparisons of OS, each has its pros and cons, its use depends only on the type of use that is wanted to give and that nothing has to do with safety aspects at present. All the OS in Internet connections are subject to be attacked to a greater or lesser extent.
The case of Linux the reason in many cases is the simple question of updating or replacing an OS without having to spend money to do it, not because it is better or worse than Windows, this goes more into the field of personal taste.
Regarding security, Windows, precisely because it is the target OS has a whole army of shielding applications that iOS and Linux lack.
In Linux, apart from a scrawny AV, it has no real defenses to which it can offer measures that provide passwords, its little relative diffusion, and which can be provided by the browser with certain extensions.
The jokes of the past on the sensitivity of Windows against viruses, currently lack validity. -
I wasn't making a Linux vs Windows vs Mac observation.
Exactly the opposite. We live in a shared digital ecosystem where we connect our devices and share data, no matter what the OS.If I downloaded some Mac files for a friend that turned out to be malware that borked their system or stole their details, and I could have detected it, that would not be so clever of me, and just helps to perpetuate the transfer of malware, rather than curb it.
(I explained my point more thoroughly in the other thread). -
@Catweazle said in Security tools for use with/without an AV:
The jokes of the past on the sensitivity of Windows against viruses, currently lack validity.
Most days & nights my web use occurs on my pc/s, but prior to that. most mornings i first read Ars Technica, BleepingComputer, TechRepublic, MakeUseOf, & ZDNet on my Android phone. Not only, but especially those first two, every single day, have at least one article but often more, about the latest corporate or governmental or third-party entity currently in crisis with cryptojacking or ransomware. In numerous other articles i read of the latest worm, virus, cryptominer or ransomware... or zero-day exploit... discovered by various researchers.
Wanna guess to what lousy OS almost all these vulnerabilities pertain?
Clue: Not Mac [most of the time, but sometimes it is]. Not Linux [sometimes but v v rarely is].
The unremitting rhythm of these incessant attack vectors used to alarm me, but nowadays i just laugh. One of the funniest things to me is windozers who assert that windoze is safe. One of the irritating things to me is windozers who pompously opine that other users & OS's "should" take responsibility for their [ie, the opiner's] chosen OS's flaws & vulnerabilities. Until 2014 i was a ~20 year windozer... but i recovered.
-
@Steffie said in Security tools for use with/without an AV:
@Catweazle said in Security tools for use with/without an AV:
The jokes of the past on the sensitivity of Windows against viruses, currently lack validity.
Most days & nights my web use occurs on my pc/s, but prior to that. most mornings i first read Ars Technica, BleepingComputer, TechRepublic, MakeUseOf, & ZDNet on my Android phone. Not only, but especially those first two, every single day, have at least one article but often more, about the latest corporate or governmental or third-party entity currently in crisis with cryptojacking or ransomware. In numerous other articles i read of the latest worm, virus, cryptominer or ransomware... or zero-day exploit... discovered by various researchers.
Wanna guess to what lousy OS almost all these vulnerabilities pertain?
Clue: Not Mac [most of the time, but sometimes it is]. Not Linux [sometimes but v v rarely is].
The unremitting rhythm of these incessant attack vectors used to alarm me, but nowadays i just laugh. One of the funniest things to me is windozers who assert that windoze is safe. One of the irritating things to me is windozers who pompously opine that other users & OS's "should" take responsibility for their [ie, the opiner's] chosen OS's flaws & vulnerabilities. Until 2014 i was a ~20 year windozer... but i recovered.
All this is true, what I mean is that 90% of PCs in the world work with this OS and therefore is also the main target of the attackers with all kinds of malware, although the widespread use of smartphones with Android and iOS, these also start being the target of attackers.
But precisely because of this, Windows is also the OS for which there are infinitely more countermeasures and applications available than for any other OS. Almost all AV that exist are for this OS in exclusive, some also for Android, such as Panda, anti cryptominers, anti malware etc. Apart from the much improved (albeit somewhat hysterical) Win - Defender.
I do not think that an OS is safer than another as such, the question is simply which is the most attacked, for this Windows is the most at risk statistically.
If Mac or Linux were the OS that would hoard the market, it would be those that had the same problems.
In the martphones it was precisely the almost disappeared (I do not know why) WindowsPhone the hardest it was to hack, as they showed in a convention of ethical hacking, iOS and Android fell in a matter of minutes, while in WindowsPhone they had to leave it as impossible , they only managed after almost one hour to access the cookie files.
https://mspoweruser.com/hacker-claims-windows-phone-the-most-secure-smartphone-os/ -
@Catweazle said in Security tools for use with/without an AV:
I do not think that an OS is safer than another as such
I want to make one thing clear before the main part of my reply... i am not trying or wanting to claim that Linux [or Mac, or Unix, or sliderules, or abacus'] are "perfect", or "100% secure", coz it'd be a blatantly false statement. Nothing is either of those things.
However, i believe, & IIRC many people more knowledgeable than me believe, that Linux is structurally more secure than Windows, at least for an average home desktop user... because of a fundamental & far-reaching design-philosophy factor... root permissions.
A typical home-user Linux system will be setup from scratch with a root account, & one or more user accounts. Root account is the master/mistress of the universe. User accounts have severely curtailed read/write/execute permissions. For any & all RWX actions beyond the narrowly-prescribed user-account defaults, no RWX operations can occur until & unless the root password is entered. 2' later & you need another operation with elevated privileges? Too bad, no go, until/unless you re-enter the password.
In Win, out of the box [though i acknowledge specific hardening precautions can be taken... it's just that the vast majority of windozers do not take said precautions], pretty much any code can be executed without elevating current privileges afaik, coz many/most users much/most of the time "live" in their Administrator account where privileges are already elevated [kinda sorta like Linux's root account]. Conversely most of the time Nixers live in their User account [& any noob Nixer posting in a forum wherein they divulge they use their root account as their user account, will routinely get mocked & pilloried (i am not defending rude forum behaviour btw, only illustrating that permanently running as root is NOT standard in Linux)].
One of the many many qualities that influenced me to learn about Linux in late-2013, & migrate to it from Win7 during 2014, was certainly security-related [but there's much much more great stuff than "just" this]. IMO Linux is security-by-design, whereas Win is security-by-accident.
Hence regrettably your statement, which i quoted, is something with which i respectfully disagree.
-
It is true that in Linux I need to put the password for anything, either by modifying the system, to update it or to install a program, which in Windows is not the case, but if in case of making a system change a window comes out warning me of this change that I have to approve. At least in the Win 7 that I had was like that.
In this, it is also not possible that something is changed in the system, without me knowing about it. Although it is true that malware at this point will have fewer problems than Linux because of its architecture, but, as I said before, to shield Windows from these security holes there are tons of applications, which more than balance this problem.
Anyway, nothing is further from wanting to dislike you with my ramblings and without your knowledge of the subject, I can only talk about my experiences and disgust with Windows and not necessarily in the field of security. -
"The user's going to pick dancing pigs over security every time.
-Bruce SchneierRegular users don't care about IT Security, they have other sh*t to worry about. They will run binaries received from email, and download that shady-loooking "eCard maker" to send to their family. This applies regardless of OS. If Linux or Mac was more popular with the unwashed masses, malware-makers would target these as much as Windows, and they'd be infected just as often.
The reason Windows specifically has long been seen as a security nightmare is that since the early days, it has exposed various badly-secured services, programmed by MS drones not exactly having security as the main priority. NetBIOS, SMB, RPC, printer sharing, admin shares, all wide open to anyone with even basic hacking skills.
I remember helping a friend's parents during the Blaster worm attacks (2003). After running the cleaner, and reconnecting to the internet, it took less than 10 seconds, and the machine was infected again. You needed to specifically disable the RPC service to stop it, before even thinking of connecting to the net.
Back in those days before ubiquitous wireless routers, every machine was usually connected directly to the internet and totally open to attack. Now, with nearly everyone using some kind of router, machines are much more protected, by simple NAT tables.
And of course, the default browser on Windows, IE, was always a massive security hole. DirectX, Flash, Java etc. and would run executables with little to no user prompting. "Drive-by infections" were common, by just visiting a malicious web-site.
These days many of these attack vectors are (nearly) gone, and the bad guys are more concerned about using social engineering to do phishing attacks and get people to download and execute malicious binaries.
I would say that with Windows 10 things have gotten a lot better in terms of security out of the box. But still it's nearly impossible to disable most of the ports that Windows by default listens to. Just looking at my local machine, there's a bunch of ports listening I have no idea what do:
Netbios, ssdp, epmap, lsakmp, llmnr, microsoft-ds, ntp, ws-discovery
... I guess these are the "dancing pigs" Schneier was talking about... :face_with_stuck-out_tongue_closed_eyes: -
@Pathduck said in Security tools for use with/without an AV:
Windows 10 ... there's a bunch of ports listening I have no idea what
None of these ports is open by design if you choose to run a fundamentally different OS.
-
@Steffie said in Security tools for use with/without an AV:
None of these ports is open by design if you choose to run a fundamentally different OS.
Well, I didn't really want to go down the "mine OS is more secure than thine" path, I just wanted to point out that things have gotten better in Windows lately, and that security is largely dependent on the user behind the keyboard.
But OK I know for sure Linux has several different ports open by default. Usually there's at least Finger (port 79), SSH (22), and plenty more if you are running some kind of server.
Mind doing a netstat -l for us, see what you find?
Might be different protocols and services, coded by people who actually care about security, but an open port is an open port...
-
@raed said in Security tools for use with/without an AV:
@Steffie
There is a lot of data collection that is passed back to Microsoft by default (as per their user agreement) that they claim is used to improve their user experience, which could easily be turned off using Blackbird V6 or similar.Or this one
-
I've used the ShutUp10 application before, and it works alright, and is user-friendly.
The BlackBird one though, looks firmly over in paranoid tinfoil-hat territory, and from a cursory glance over what it does, it would risk disabling stuff which is actually useful, and even break critical functions. Not for inexperienced users I guess.
I prefer to handle stuff manually so I actually know what I'm doing, and know how to undo them if something breaks.