Antivirus box?

[AT0MAC]

Maybe I just got a good idea....

 

Its that time of the year when my antivirus subscription is running out and I need to see what to do for the next year.

Im not satisfied with the solution I have, there are popups and there are unused features, and its quite difficult installing new antivirus, as I have a fleet of multiple systems running here at home.

 

One of my systems is very much under utilized, because it pretty much lacks power.

But I wonder.... Could I turn it into a antivirus/hardware firewall box?

 

I just found this: https://www.clearcenter.com/products/z-clearos-7-community

 

And I wonder if the parts from this build can run it smoothly: https://pcpartpicker.com/b/JmGG3C

 

 

I have a 300/300 internet connection and don't want to limit my bandwidth, just want to secure my ever growing number of devices, computers, IoT and other online enabled stuff.

[AT0MAC]

No one here done this before?

[dalekphalm]

On 11/28/2018 at 6:39 AM, AT0MAC said:

Maybe I just got a good idea....

 

Its that time of the year when my antivirus subscription is running out and I need to see what to do for the next year.

Im not satisfied with the solution I have, there are popups and there are unused features, and its quite difficult installing new antivirus, as I have a fleet of multiple systems running here at home.

 

One of my systems is very much under utilized, because it pretty much lacks power.

But I wonder.... Could I turn it into a antivirus/hardware firewall box?

 

I just found this: https://www.clearcenter.com/products/z-clearos-7-community

 

And I wonder if the parts from this build can run it smoothly: https://pcpartpicker.com/b/JmGG3C

 

 

I have a 300/300 internet connection and don't want to limit my bandwidth, just want to secure my ever growing number of devices, computers, IoT and other online enabled stuff.

The short answer is "yes and no".

 

You can definitely create a centralized Firewall appliance that has malware detection capabilities. But without a host-level client, it's going to be significantly limited. It can do stuff like block incoming/outgoing connections, but it won't be able to stop internal infections, or even remove/clean the virus.

 

Even Enterprise grade $50,000 Firewalls rely on a client-side application to perform those advanced features.

 

What are you currently using for AV? I recommend BitDefender, personally.

[AT0MAC]

On 11/30/2018 at 10:15 PM, dalekphalm said:

The short answer is "yes and no".

 

You can definitely create a centralized Firewall appliance that has malware detection capabilities. But without a host-level client, it's going to be significantly limited. It can do stuff like block incoming/outgoing connections, but it won't be able to stop internal infections, or even remove/clean the virus.

 

Even Enterprise grade $50,000 Firewalls rely on a client-side application to perform those advanced features.

 

What are you currently using for AV? I recommend BitDefender, personally.

I am using BitDefender and I dont really like it. I used to use Webroot and loved it, it will just get quite expensive on all my machines very quickly.

Not sure what to do honestly...

[dalekphalm]

1 hour ago, AT0MAC said:

I am using BitDefender and I dont really like it. I used to use Webroot and loved it, it will just get quite expensive on all my machines very quickly.

Not sure what to do honestly...

What about BitDefender don't you like?

 

Also, why would using Webroot become expensive? How many devices are you trying to protect?

 

Alternatives exist - many people like NOD32 and Avira as well.

 

Here's one of the independent testing board's list of ranked AV:

https://www.av-test.org/en/antivirus/home-windows/

 

They all score pretty good, so it usually comes down to preference on interface.

[corrado33]

Question: Do you have a reason for running antivirus? Kids? Etc? IMHO it's quite difficult to get a virus now-a-day unless you're purposely downloading shady pirated stuff or clicking on the "hot singles in your area" ads. 

 

Personally, I don't keep an antivirus installed. I just run a scan from portable apps on a usb drive every month or so. 

[dalekphalm]

2 minutes ago, corrado33 said:

Question: Do you have a reason for running antivirus? Kids? Etc? IMHO it's quite difficult to get a virus now-a-day unless you're purposely downloading shady pirated stuff or clicking on the "hot singles in your area" ads. 

 

Personally, I don't keep an antivirus installed. I just run a scan from portable apps on a usb drive every month or so. 

Assuming you're running Windows 10, and haven't disabled it, you are running Windows Defender (which despite many criticisms, does run pretty well in most tests).

 

Though I disagree with your premise. In fact, I feel it's the complete opposite. In the past, using "common sense" internet browsing could indeed keep you clean from infection.

 

These days, however, the malware threats are significantly more advanced. In particular, otherwise perfectly legitimate sites getting compromised and serving out malware to visitors.

 

Though running a monthly scan is definitely a good idea.

 

So for an advanced user, if they feel they can run without an AV, that's fine. But I think it's irresponsible to recommend that solution to others, who may not know to take specific precautions, or don't have the proper extensions installed (noscript, etc).

[corrado33]

7 minutes ago, dalekphalm said:

Assuming you're running Windows 10, and haven't disabled it, you are running Windows Defender (which despite many criticisms, does run pretty well in most tests).

 

Though I disagree with your premise. In fact, I feel it's the complete opposite. In the past, using "common sense" internet browsing could indeed keep you clean from infection.

 

These days, however, the malware threats are significantly more advanced. In particular, otherwise perfectly legitimate sites getting compromised and serving out malware to visitors.

 

Though running a monthly scan is definitely a good idea.

 

So for an advanced user, if they feel they can run without an AV, that's fine. But I think it's irresponsible to recommend that solution to others, who may not know to take specific precautions, or don't have the proper extensions installed (noscript, etc).

Oh I disabled windows defender a long time ago. It doesn't like all my shady pirated content.

 

EDIT: But in reality, it does a pretty good job itself. 

[AT0MAC]

1 hour ago, dalekphalm said:

What about BitDefender don't you like?

 

Also, why would using Webroot become expensive? How many devices are you trying to protect?

 

Alternatives exist - many people like NOD32 and Avira as well.

 

Here's one of the independent testing board's list of ranked AV:

https://www.av-test.org/en/antivirus/home-windows/

 

They all score pretty good, so it usually comes down to preference on interface.

I have at least 6 PCs If I only count my desktops, but we also have multiple laptops in the house where antivirus is probably more needed.

 

1 hour ago, dalekphalm said:

Assuming you're running Windows 10, and haven't disabled it, you are running Windows Defender (which despite many criticisms, does run pretty well in most tests).

 

Though I disagree with your premise. In fact, I feel it's the complete opposite. In the past, using "common sense" internet browsing could indeed keep you clean from infection.

 

These days, however, the malware threats are significantly more advanced. In particular, otherwise perfectly legitimate sites getting compromised and serving out malware to visitors.

 

Though running a monthly scan is definitely a good idea.

 

So for an advanced user, if they feel they can run without an AV, that's fine. But I think it's irresponsible to recommend that solution to others, who may not know to take specific precautions, or don't have the proper extensions installed (noscript, etc).

I do actually disable Windows Defender, I try to disable as much of MS snooping software as I can, I just don't like the thought of them collecting information about how I use my PCs, even that I don't use them for anything shady, its just a general concern.

 

1 hour ago, corrado33 said:

Question: Do you have a reason for running antivirus? Kids? Etc? IMHO it's quite difficult to get a virus now-a-day unless you're purposely downloading shady pirated stuff or clicking on the "hot singles in your area" ads. 

 

Personally, I don't keep an antivirus installed. I just run a scan from portable apps on a usb drive every month or so. 

I have seen sometimes when I download a driver from some obscure site or just the news in the sidebar of some places can trigger my AV programs, so the thread is there once in a while, don't want to take the chance.

 

A centralized box would just be the easiest choice, just not sure its a good idea in the real word.

[corrado33]

3 minutes ago, AT0MAC said:

I have seen sometimes when I download a driver from some obscure site or just the news in the sidebar of some places can trigger my AV programs, so the thread is there once in a while, don't want to take the chance.

 

A centralized box would just be the easiest choice, just not sure its a good idea in the real word.

OH yeah driver websites are MOSTLY viruses. Only download drivers from the manufacturer. 

[mynameisjuan]

1 hour ago, dalekphalm said:

These days, however, the malware threats are significantly more advanced. In particular, otherwise perfectly legitimate sites getting compromised and serving out malware to visitors.

This 1000x. 

 

People still think safe browsing habits will protect them but most attacks are dealt through ads which companies dont tend to keep on top of and how does one know what is really a legit website? You dont and with well known sites being compromised no site is safe. 

 

Ad blocker and Bitdefender are really the most bullet proof you can get. Sure throw a Fortigate firewall which will help mitigate some but local AV is the only way to surely protect a system.

[mynameisjuan]

16 hours ago, AT0MAC said:

I do actually disable Windows Defender, I try to disable as much of MS snooping software as I can, I just don't like the thought of them collecting information about how I use my PCs, even that I don't use them for anything shady, its just a general concern.

If you concern is security, disabling builtin security is not the smartest thing to do. Microsoft is going to track certain aspect no matter what you disable so its best to just leave it enabled.

 

17 hours ago, corrado33 said:

Personally, I don't keep an antivirus installed. I just run a scan from portable apps on a usb drive every month or so. 

Thats also a bad idea. So if you get malware, say a keylogger, right after you run a scan, imagine going a month with your keystrokes, logins, password, CC numbers being transferred.  

[corrado33]

31 minutes ago, mynameisjuan said:

If you concern is security, disabling builtin security is not the smartest thing to do. Microsoft is going to track certain aspect no matter what you disable so its best to just leave it enabled.

 

Thats also a bad idea. So if you get malware, say a keylogger, right after you run a scan, imaging going a month with your keystrokes, logins, password, CC numbers being transferred.  

10+ years and counting with no detentions. I think I'm fine. 

[dalekphalm]

9 hours ago, AT0MAC said:

I have at least 6 PCs If I only count my desktops, but we also have multiple laptops in the house where antivirus is probably more needed.

Why would you only count Desktops? Laptops are PC's too.

9 hours ago, AT0MAC said:

I do actually disable Windows Defender, I try to disable as much of MS snooping software as I can, I just don't like the thought of them collecting information about how I use my PCs, even that I don't use them for anything shady, its just a general concern.

As mentioned by @mynameisjuan, going out of your way to disabling Windows Defender is not a great idea. You can disable a lot of the snoopy stuff Microsoft does without affecting security.

 

If you're not familiar with it already, go check out Windows Decrapifier - it's a powershell script that disables a bunch of the tracking stuff (as much as is possible without affecting major systems of the OS), but also gets rid of some of the bloatware that now comes with Windows 10. It's customizable as well for other features (such as removing Store apps, etc):

https://community.spiceworks.com/scripts/show/4378-windows-10-decrapifier-1803-1809

9 hours ago, AT0MAC said:

I have seen sometimes when I download a driver from some obscure site or just the news in the sidebar of some places can trigger my AV programs, so the thread is there once in a while, don't want to take the chance.

 

A centralized box would just be the easiest choice, just not sure its a good idea in the real word.

A centralized box simply cannot do what you want it to do. As I mentioned in my above post, a centralized box (which is essentially a Next Generation Firewall), can only affect things at the Edge of your network. That means it can block incoming and outgoing connections it deems a threat - but it won't stop malware spreading locally on the LAN (since that doesn't cross the edge), nor will it protect any of your systems from actual infection, if by some means malware gets past the firewall onto any of your PC's (eg: via a USB drive, or perhaps it's simply a Zero Day malware that the firewall doesn't know to stop).

 

Any system that will do what you want will inevitably have a client-side component.

 

Also you didn't explain why you dislike BitDefender. If cost is the primary concern, you should re-enable Windows Defender, or seek out one of the free AV out there (though most of the free ones like AVG or Avast are not great, and will bug you to upgrade to the premium version far too frequently).

8 hours ago, corrado33 said:

10+ years and counting with no detentions. I think I'm fine. 

I mean, definitely, if you feel confident, but consider that you're basically using the "I haven't been in a car accident yet" reasoning. Sure, maybe you haven't. But I bet you still wear a seat belt.

 

It only takes one.

[corrado33]

16 hours ago, dalekphalm said:

I mean, definitely, if you feel confident, but consider that you're basically using the "I haven't been in a car accident yet" reasoning. Sure, maybe you haven't. But I bet you still wear a seat belt.

 

It only takes one.

I mean, viruses are not nearly as serious as a car accident. I get a virus I lose at most... what... some data? That I have backed up? A few hours reinstalling windows if it's a particularity bad one? All of my accounts online (that matter) have 2FA so it's not like anyone could get into those even IF they had my passwords. Even so, I log on to my bank accounts one a month to pay bills, so if someone has a keylogger installed they're going to have to go through 29 days of gaming.... forum posts... research... etc, only to get blocked by the 2FA in the end. 

 

If you live safe and know what's dangerous and what isn't.... there is no need for an antivirus. The most common places to get viruses are from porn sites, bad torrents, and shitty download sites (software.com... download.com). Avoid those places and you're fine. 

 

I DO, however, run a firewall that notifies me anytime something new tries to connect to the internet.