Current Anti Malware/Virus Best Practices?

Hey guys, quick question: What's the current best practice for proactive anti-malware protection?

I use CC Cleaner, HitmanPro and Malwarebytes on my machine, and (knock on wood) with a bit of common sense and occasional manual scans I haven't seem to have had any problems.

My wife's machine on the other hand... I just finished removing the search.myway hijacker from her machine, and found several others while doing so. I can and did use all three tools above to clean the machine after the fact. All of the programs offer some form of proactive always-on screening in their premium versions. Which if any of them, or others, should I be purchasing and setting up for auto-scans and real time protection?

Thanks in advance.

I use Trend Micro Maximum Security. It's like $60 for the year for 10 devices or $90 for 2 years. I use it to protect all my PC's and laptops as well as my wife's. Haven't had any issues with catching anything yet and it does a decent job once you enable the various browser extensions in monitoring links before you click on them.

You can also with some minor tweaking sign up for the free version of Cisco Umbrella (OpenDNS) at the router level and gain some protection that way as well.

https://signup.opendns.com/homefree/

Unfortunately, malware authors have gotten too good, and they're frequently deploying tiny installs of just a few hundred of any given viral loadout. They do literally hundreds of different builds of their software, so that it all looks different to the detection routines. They lose some of them by infecting honeypot systems, so the antivirus companies issue signatures for a small subset of their binaries, but many will persist for a long time, because the malware companies have never seen most instances of a given virus.

At this point, antivirus is more wishful thinking that anything. Adblocking and disabling scripting except for specifc sites that you whitelist can do a great deal to help keep you clean; these are the largest vectors for infection, and blocking them will improve your safety a great deal.

From there, you can also choose and run an antivirus, if you wish. It won't really hurt, at least if you run a basic one that's not installing an engine to sniff all your Web traffic. As soon as you get into the ones that intercept HTTP and HTTPS, then all bets are off. There have been bugs in antiviral programs that have, themselves, been exploits for infection.

I suggest avoiding Kaspersky, because they install a new root CA in your system, and then spoof all your HTTPS traffic. This means you're not really secure, and you don't actually know what encryption is being used when talking to a remote site. You're actually talking to Kaspersky, and then it's initiating another SSL connection in the background to talk to your target. This means the security of that connection is dependent on what SSL protocols they support, and it will almost certainly be far, far behind your actual browser.

Further, this means they can grab interesting bits out of your traffic if the Russian government requires them to.

Thanks guys. I'm already using OpenDNS, which as far as I can tell now includes the free version of Umbrella automatically. I've tweaked my settings there a bit which may help.

I'll also check out Trend Micro, thanks.

I'd like to Necro this thread, if you don't mind.
I've been using Kaspersky and it's been a real pain in the ass on a couple of our machines.

GG You say you use Trend, do you still? Are you happy with the ease of use and performance? I find Kaspersky is so over the top and convoluted with its settings. Trying to find something may be buried down in 3 levels of menus or in a different section altogether.

I just renewed so I'm hoping they will refund the remainder.

I'm starting to see articles about crypto coin miners "borrowing" your processor when you visit web sites. The following article is about Salon.com who give the users a choice between whitelisting their site to adblockers or allowing crypto coin miners.

https://thenextweb.com/hardfork/2018...

This lead me to discover there are explicit crypto coin blockers now as well. In the meantime, I am trying out No Coin for Chrome until I can learn more.

https://chrome.google.com/webstore/d...