short of "don't surf porn", is there anything I can use to protect my new build? windows 11
I don't want anything really gumming up the system.
thoughts?

Average Joe said:

---

Defender is plenty good enough if you're practicing safe browsing. Don't go to sketch websites, download sketch files, or open sketch emails.

---

This reminds me….i also use defender. Remember when the anti virus and anti spyware business was a huge thing? Is that still a thing? I haven't heard about mcafee or Norton in a long long time. I used malwarebytes and spybot for a long time and I think I still have the free versions but havnt run them in awhile. What happened to that market?

haven't all the old school antivirus like mcafee or Norton become bloatware?

I think Microsoft finally got wise and built a decent antivirus solution internally.

although my octogenarian mom still insists on downloading/purchasing a dozen different antivirus/spyware applications. Ironally, they end up being the culprit most of the time.

Jason_Roofer said:

---

This reminds me….i also use defender. Remember when the anti virus and anti spyware business was a huge thing? Is that still a thing? I haven't heard about mcafee or Norton in a long long time. I used malwarebytes and spybot for a long time and I think I still have the free versions but havnt run them in awhile. What happened to that market?

---

McAfee still comes pre-installed on every Dell that i buy. It's the first thing i uninstall. Not sure if other manufacturers are still doing the same.

that's one reason I built this computer (with some help from others...), I didn't want all that BS software.
this is a cherry fresh computer with only OS and hardware software (MB, GPU).

HP comes with a crap ton of bloatware.

I can't complain too much, as I don't think I could have bought my kiddo a $150 laptop if it wasn't for these folks subsidizing me.

Jason_Roofer said:

---

This reminds me….i also use defender. Remember when the anti virus and anti spyware business was a huge thing? Is that still a thing? I haven't heard about mcafee or Norton in a long long time. I used malwarebytes and spybot for a long time and I think I still have the free versions but havnt run them in awhile. What happened to that market?

---

For consumers? Defender is really all you need. If things start running slow, maybe download Malwarebytes run a scan.

For businesses, EDR/MDR is very much an important conversation businesses of any size should be having with their IT company. We implement SentinelOne as part of our MDR package and it is incredible. The remediation tools available are simply amazing. We've literally ran SentinelOne on devices that were already infected with ransomware and were able to clean things up.

Jason_Roofer said:

---

This reminds me….i also use defender. Remember when the anti virus and anti spyware business was a huge thing? Is that still a thing? I haven't heard about mcafee or Norton in a long long time. I used malwarebytes and spybot for a long time and I think I still have the free versions but havnt run them in awhile. What happened to that market?

---

I would rather have a virus.

Run a firewall and VPN.

Has anyone tried TotalAV? I've been using it for a while, and it's been pretty solid for keeping things secure without slowing down my system. If you run into any issues, their customer service is surprisingly responsive. They helped me sort through a couple of setup questions quickly.

Definitely Not A Cop said:

---

Jason_Roofer said:

---

This reminds me….i also use defender. Remember when the anti virus and anti spyware business was a huge thing? Is that still a thing? I haven't heard about mcafee or Norton in a long long time. I used malwarebytes and spybot for a long time and I think I still have the free versions but havnt run them in awhile. What happened to that market?

---

I would rather have a virus.

---

Oh, I did on several occasions before Defender was really going because AV was the first thing I wiped off my system. Lol.

Seems like you used to be able to run online based scanners so when I suspected an issue, I just did that. Lol.

For most consumers, and that's probably 95%... Malwarebytes is the best option.

Why?

1. Cheap
2. Strong/Effective
3. Not bloatware.

It's resident agent doesn't slow you down and gum things up like McAfee and Norton, and you can download it for free to try (it will stay unlocked forever just as a manually scanner), and when you license it, it goes into 24/7 resident protection mode blocking all the common stuff + ransomware, etc etc.

Is it perfect? No, but again it's GREAT for 95%+ of the population.

Will it stop you from doing really stupid stuff like falling for scams? No, not always. You still have to practice not being a stupid human...

The biggest defense in today's landscape is don't get phished. It's not just old people and morons that fall for it. As a cybersecurity professional who reviews phishes every day, some of them are tough to detect if you really don't know what you're doing.

Viruses aren't like they are in the old days. Modern enterprise-grade endpoint protection, like CrowdStrike and Sentinel One, are less about definitions and scanning exes these days. It's all about detecting abnormal user/system behavior that indicates compromise (likely because someone got phished).

My advice?

-MFA on everything. If a site doesn't offer it, you should strongly reconsider even using it. Use an authenticator app or hardware key over SMS whenever possible.
-Strong/unique passwords still matter. Definitely ensure your primary email is unique to everything else. Use a good password manager.
-Once your PC is setup, stop using a primary Windows profile that has admin access. Elevate only when you have to.
-Use some sort of firewall/wifi router with threat detection and malicious site filtering.
-Activate/use https-only mode. Probably no reason for you to ever go to an insecure site in your everyday life.

SJEAg said:

---

The biggest defense in today's landscape is don't get phished. It's not just old people and morons that fall for it. As a cybersecurity professional who reviews phishes every day, some of them are tough to detect if you really don't know what you're doing.

Viruses aren't like they are in the old days. Modern enterprise-grade endpoint protection, like CrowdStrike and Sentinel One, are less about definitions and scanning exes these days. It's all about detecting abnormal user/system behavior that indicates compromise (likely because someone got phished).

My advice?

-MFA on everything. If a site doesn't offer it, you should strongly reconsider even using it. Use an authenticator app or hardware key over SMS whenever possible.
-Strong/unique passwords still matter. Definitely ensure your primary email is unique to everything else. Use a good password manager.
-Once your PC is setup, stop using a primary Windows profile that has admin access. Elevate only when you have to.
-Use some sort of firewall/wifi router with threat detection and malicious site filtering.
-Activate/use https-only mode. Probably no reason for you to ever go to an insecure site in your everyday life.

---

Great list. I would also add to that verify everything, don't trust a URL or QR code from anyone in email, instant messaging, sms or another digital or analog communication tool. If you didn't expect it, go directly to the source outside of the message to verify, if you did expect it verify it's coming from the correct source and if you're not sure, go directly to the source to make sure. General phishing schemes are so intricate and complex these days it's frightening and spear phising schemes are don't right terrifying even for the more advanced people in info sec.

Overall biggest thing to protect yourself is to remember in cyberspace risk isn't a constant but instead is a sliding scale for individuals and companies alike based on threat level and your vulnerability. You need to do your best to reduce both as much as you can to reduce your risk.

SJEAg said:

---

The biggest defense in today's landscape is don't get phished. It's not just old people and morons that fall for it. As a cybersecurity professional who reviews phishes every day, some of them are tough to detect if you really don't know what you're doing.

Viruses aren't like they are in the old days. Modern enterprise-grade endpoint protection, like CrowdStrike and Sentinel One, are less about definitions and scanning exes these days. It's all about detecting abnormal user/system behavior that indicates compromise (likely because someone got phished).

My advice?

-MFA on everything. If a site doesn't offer it, you should strongly reconsider even using it. Use an authenticator app or hardware key over SMS whenever possible.
-Strong/unique passwords still matter. Definitely ensure your primary email is unique to everything else. Use a good password manager.
-Once your PC is setup, stop using a primary Windows profile that has admin access. Elevate only when you have to.
-Use some sort of firewall/wifi router with threat detection and malicious site filtering.
-Activate/use https-only mode. Probably no reason for you to ever go to an insecure site in your everyday life.

---

I'm an IT guy who deals with a lot of cybersecurity and this list is spot on.