Ask ExeTools: Best Antivirus & AntiMalware 2017

[Z-Rantom]

One thing you should know, all AVs are going in the wrong direction (collecting signatures for malwares)... at least this is the best they have, for now!

From my personal experience in bypassing AVs, ESET and Kaspersky were pain in the a** until you figure out how to do it

[ionioni]

Best AV is ones common sense.

[foosaa]

I use the following on my browsing PC (Win 7).

Firewall: TinyWall with lockdown mode. No incoming connections, all apps are blocked with only a small whitelisted ones. So outbound communication from any apps.

Always run as a normal user with elevation on need basis. Same is applicable for *nix and Windows OSes.

For development, I have another PC which contains Comodo Antivirus (Home / Edition - Freeware)

Won't open any downloaded executable files if found suspicious. Usually scan it with virustotal for safety if I feel fishy! (It's purely a gut feel, but has saved my **s many times!)

For most of the office documents, I've multiple universal viewers which can preview the file in read only mode. No VBScript / JScript executables.

Disabled the autorun on all removable drives.

No thumbnails stores enabled. A bit of lockdown and hardening on the windows side. Disabled most of the services which are not required / not used and manually enable them after enabling it using the Autoruns utility (from https://live.sysinternals.com).

So, mostly the services will be disabled and cannot be even run manually.

A bit of hardened and optimized TCP/IP Stack.

Being a reverser since school days (those who knew IBM DOS 4.0 / MS DOS 5.0 days!! ) also look for certain packed files / unpack them, run a quick analysis for infection / networking stuff, if I'm in a paranoid mode!

Apart from that as l don't run Antivirus!

Most of my mails are pure plain text, won't open html mails that easily.

Extra careful with attachments. Don't open attachments that easily even if it is from a known contact.

And no Java / JRE (though I have it on the dev. PC!), disable / remove all plugins (who uses it these days!! ) from the browsers.

Firefox Quantum with Noscript and Ghostery, Multiple Adblockers like Anti-Anti Adblock, AdGuard, URL Tracker removers like cleanurls) will help cutdown any web based malware infections.

Using Brave browser for some Google sites.

Mostly non-standard and smaller, portable applications (Complete set of apps from https://portableapps.com/) for most of the needs and doesn't trust MS, ADOBE, ORACLE, GOOGLE products that easily. Using alternates for most of their stuff.

Have multiple VirtualBox with a bit of patching with manually configured services and without networking and only read-only folders mapped for ingress file copying.

Regular backups of all documents, Photos to Backup HDDs and important ones to cloud with a container based encryption (I don't want Google, DropBox, Mega or whomsoever to peer at my files!)

For encryption, I mostly use command line OpenSSL toolkit (which is compiled in my system)

Never has a virus or malware attack ever since I stopped writing them (from 1999) and before got fried multiple times! (that's a learning process!! )

All in all, the take away is that a bit of feeling paranoid about security with a little common sense and some lean / less resource hungry firewall, CCleaner, MalwareBytes antimalware, Comodo Antivirus, Less privileged user and some working knowledge will get you a long way!)

If possible switch to Linux for most of the day-to-day activities / development and keep windows only for browsing and some casual stuff and for reversing.

Hope it helps!!! Though the above being lot of off-topic stuff, just wanted to share what I do partially for staying safe!!

Peace and comments welcome!!

[CodeCracker]

As antivirus I prefer Avira, because is free and don't consume that many computer resources.

[Archer]

Antiviruses in their classical meaning are completely useless and by definition fall far back behind offensive side. And quite often they even increase attack surface, basically doing the opposite of what they're supposed to do.

My bet is on sandboxing/isolation. And since it may be tedious to start a full-fledged VM for every downloaded executable and bigger software tend to have more bugs including security ones, light and secure software relying on documented Windows principles like ReHIPS is my choice.

[cybercoder]

Hasn't this topic just been posted to death.. So many what do you use for protection posts...

[JMP-JECXZ]

Quote:

Originally Posted by mr.exodia

All antivirus is a scam

This, the best antivirus is Common Sense 2017, and now it's time to update to version 2018.

[wassim_]

sandoxie is the only "antivirus" you need, run the suspicious exe within and decide for yourself whether it's safe or not. Use restriction for full protection.

[h8er]

Quote:

Originally Posted by wassim_

sandoxie is the only "antivirus" you need, run the suspicious exe within and decide for yourself whether it's safe or not. Use restriction for full protection.

good tip but you also have to take into account that some malware have anti sandboxie tricks and they don't reveal their malware behavior if they detect they are running under sandboxie

[gigaman]

Well if you run them only in the sandbox, it doesn't really matter, right?
If they don't trigger the payload, good for you