Security on my PC

You should be doing full image (not incremental) backups of the system at least weekly, using USB drives that are not connected to the system except when in actual use.

This is because of the Day Zero problem.  On Day Zero when new malware "arrives" on the internet, no antivirus will stop it.  It takes at least two days for it to be discovered and a detection found.  During those two days it can spread without restriction.  In the case of ransomware you would be left with all your files encrypted and no way to get them back, because the standard is now "you pay the ransom, then we don't deliver a key and we laugh at you."

So full image backups in a safe place where viruses can't get at them are mandatory.

As far as installing CCleaner and Malwarebytes, ... install Malwarebytes free edition, certainly.  Run it manually from time to time.  That will be sufficient as long as you have full backups.  But CCleaner ... if it's on your system, use Revo and remove it.  I've seen enough systems ruined by it already.

+1 for Dr. Klahn's advice on backups. You should keep a rotation of drives. But also notice the key part in his advice: Use USB drives that won't be connected when not in use. So please don't try to get a NAS drive arguing that it would be simpler.

I would skip over the usage of CCleaner. It can very easily screw up your registry. I've seen too many users trust everything it says and screw up their systems entirely. Save yourself the future issues, and never install CCleaner (and get your money back if you can).

Malwarebytes is fine. However, I've never noticed enough benefit from the paid version to justify paying for it.

Windows Defender is FAR better than it used to be, so you could use it if you had nothing else. Webroot I'm neutral since it's been years since I've used it.

But I would also advise that you don't try to install everything under the sun. Too little protection is bad for you, and too much protection is bad for you. Plus no product is remotely close to perfect. Also see Dr. K's comment of the day zero issue.

I have Windows defender that comes with Windows 10 and Webroots Secure Anywhere through Best Buy.

You need one of these, not both. Choose Windows Defender. It is best.

I also have paid professional versions of CCleaner and Malwarebytes but I am not using them currently.

Use Malwarebytes if you get a virus not quarantined by Windows Defender.  I use Malwarebytes as additional and do not keep it installed real time. Not everyone agrees with this, but I find Defender with EMET (default) to be top notch.

You do not need CCleaner. Delete Windows Temporary files with Disk Cleanup and when you get to Windows 10 V1809 (I am using it), enable Storage Services to automatically delete old files.

Spybot Search and Destroy?  <-- No. Forget that. Use Windows Defender.

Make sure (as noted above) to keep good backups of your files and weekly offline from your computer.

Windows 10, fully update, V1803 or later, with Windows Defender and EMET basics enabled is very secure.

John

What is EMET? How do I go about installing it?

To everyone

I did not mention that I have an annual paid plan with Carbonite back up. Is that good enough?

Carbonite is certainly good enough.

Open Windows Defender and look at the Security. advanced settings and you should see the settings that were at one time EMET.

I am traveling but can give you a screenshot later in the day

Hi John

How do you access advanced settings? so is Windows Defender used to be called EMET?

Thanks John

EMET is Enhanced Mitigation Tool from Microsoft and it has been around for nearly a decade. It is now built into Windows Defender under App and Browser Control Exploit Protection. You can also turn on Smart Screen here.

John

Can you explain to me in simple terms what is DEP and ASLR? Also the smart screen filter settings I have it as WARN. Is that what it needs to be? For Edge it says warn, block, or off and for the MS Store it says warn or off. Lastly, I saw a feature called Bitlocker and it is OFF greyed out. Does it need to be on? How to turn it on?

Thank you John. Can you answer the last question I asked in previous post?
Lastly, I saw a feature called Bitlocker and it is OFF greyed out. Does it need to be on? How to turn it on?

I saw a feature called Bitlocker and it is OFF greyed out.

That is hard drive encruption.  Did you turn this on?

https://blogs.technet.microsoft.com/uspartner_ts2team/2010/03/17/what-is-bitlocker-what-does-it-do-what-does-it-not-do/

John

Bitlocker is OFF. It can't be turned on in Windows 10 Home. That's what I have. Thank you for your help.
Bitlocker.JPG

Bitlocker.JPG

You can if you wish turn it on, but I do not recommend you do so

https://www.easyuefi.com/bitlocker-anywhere/resource/how-to-turn-on-bitlocker-in-windows-10-home.html

Thank you everyone.

You are most welcome. Good luck with Security and keep it simple (and simple can be effective)

Hi Basem,

I note your question has already been answered and for the most part, I agree with the advice that's been given. That said, I *would* recommend that you run Malwarebytes Premium with real-time protection enabled. It has prevented me from visiting Malware infected websites from links sometimes even included in questions at EE, which I've reported to the mods and had the questions deleted. (or links removed)

Malwarebytes operates in Real Time Protection mode with Windows Defender on Windows 10 very well (several of my clients operate daily like this) and there are no performance issues that I've noted. If you've already paid for the product, I think you should definitely take advantage of the additional layer (especially against Ransomware) of security that it provides.

Regards, Andrew

Thank you Andrew. God bless you. What are your thought on Webroot's Secure Anywhere. I have had it for years . Renewed annually with Best Buy. Is there something better you can think of that is easy to use and light on resources?

Webroot is self contained and if you wish to use it, turn WD Off.

Hi Basem,

What are your thought on Webroot's Secure Anywhere

I trialed webroot myself for a few weeks but didn't like it, so have uninstalled it on a couple of VMs I had it installed to. As John mentioned above, if you decide to use Webroot, then you should disable Windows Defender as both of those applications will fight one another and cause issues for you. Use one or the other, not both.

Windows Defender is amongst the best around these days in my opinion, outclassed only by other commercial AV's like Symantec, Vipre, Avast etc in detection rates, but those results change and go up and down on a monthly basis. The main thing Defender still falls down on are false positives, but it still scores fairly highly even in that regard, and it's far better to get a false positive alert than for your AV to let something through.

In my opinion, I would stick to Windows Defender and run Malwarebytes Premium along side it. Defender scores quite highly on Independent AV-Test results these days and is much better than it was back in Windows 7 days. Webroot would also do the job for you though, it's just not "my" personal preference.

Renewed annually with Best Buy

That's actually another plus for using Windows Defender - it's provided free by Microsoft for Windows 10 and doesn't need to be renewed :)

Is there something better you can think of that is easy to use and light on resources?

My personal preference is Avast, however, if anything, it's a little heavier on resources, so if that is your selection criteria, I'd suggest sticking with Defender. (Plus MWBP)

I hope that's helpful.

Regards, Andrew

I have been using WD and Webroot Secureanywhere since I upgraded to Windows 10 I think since 2016. I did not have any problems. Was I just lucky that both did not fight one another?

I have been using WD and Webroot Secureanywhere since I upgraded to Windows 10 I think since 2016. I did not have any problems. Was I just lucky that both did not fight one another?

It's been a while since I trialed Webroot so I can't give a definite answer from personal experience here. That said, I've just now found the following advice on the webroot forums.

Windows Defender is certainly not as effective as Webroot SecureAnywhere which is the smallest, least resource-intensive and fastest security application on the market today. Unlike traditional antivirus programs that rely on the constant download of definition files, SecureAnywhere uses a revolutionary approach to computer security by leveraging our ever-growing cloud database, along with behavioral analysis to protect your PC against even the latest threats. The cloud database allows for us to quickly identify and block threats to all of our uses in near real-time.

The advice that quietman7 posted about the “general rule” of using more than one active antivirus product at the same time is true. Although Webroot SecureAnywhere by itself provides solid protection against Viruses, Spyware, Worms, Rootkits, Keyloggers, Trojans and Adware, the architecture of our new products allows for other security products to work alongside SecureAnywhere without conflict. To back this up, we have performed extensive testing with SecureAnywhere installed other security products.

It's Webroots own forums and the advice is from 2012, so it's not surprising that they're putting Windows Defender down. However, it appears that like Malwarebytes, Webroot Secureanywhere has been designed to run alongside other security products. That being a given, and if you haven't had any problems to date, then I don't see the harm in continuing to run both.

When two security products "fight against each other", it's because they are both trying to scan files at the same time, in real time, causing a massive performance hit to your PC until the file has been successfully scanned by both applications. But, if one (or both) of the products are designed not to do that, then you shouldn't have any issues.

I've never tried running Defender, Webroot, and Malwarebytes and having all 3 enabled though, so you are entering into uncharted waters if you decide to try that. You'll soon know if it's a problem though and can turn MWB off if need be :)

Regards, Andrew

It's Webroot's own forums and the advice is from 2012

That is over a half decade ancient and before Windows 10 came on the scene.  The article is not relevant to today's Windows Defender.

Hi Andrew

You'll soon know if it's a problem though and can turn MWB off if need be :)

Just one last question please. I am not sure I understand what do you mean by turning MWB off? Does it mean I can install it and run it say once a week and then turn it off after that?

Thank you Andrew.

Webroot is self contained and if you wish to use it, turn WD Off.

What does self contained mean as John described WSA?

I am just going to keep both WD and WSA even though John said turn off the WD. That's the way i Have had it all along and it did not cause any problem.

What does self contained mean as John described WSA?

Self contained just means that it is an all in one type solution. It's designed to block Virus, Trojans, Spyware etc. My Avast Internet Security is also a self contained solution, but Malwarebytes still picks up things Avast sometimes skips or misses.

I am just going to keep both WD and WSA even though John said turn off the WD. That's the way i Have had it all along and it did not cause any problem.

That's my recommendation Basem, but as always, as the person with the machine, the final decision is always yours. I just give my recommendations based on my own experiences :)

What does self contained mean as John described   <-- What I meant was that Webroot is a complete product. You can decide to use Webroot or decide to use Windows Defender.

You can use both together, but my opinion is that it is not necessary. My experience over a number of years is that one really good Anti Virus product is sufficient.  We do this and keep Malwarebytes to run when necessary.

There are many ways to handle Anti Virus applications, so I try to help people with my experiences including long term client consulting.

thank you John and Andrew.

Dr. Klahn wrote:

On Day Zero when new malware "arrives" on the internet, no antivirus will stop it.  It takes at least two days for it to be discovered and a detection found.

For the traditional, signature-based antivirus products, that statement it true; however, now some antivirus services offer cloud-based, near real-time updating of malware detection. For example, all of Webroot's "signature" intelligence is in their cloud:

If a Zero Day threat does make it onto a machine, journaling and rollback ensure that no permanent damage is done. And more importantly, as soon as a Zero Day threat is detected on one computer protected by Webroot, every other machine in the world is immediately protected from ever encountering it again by being connected to the Webroot Intelligence Network.

Webroot Answers on Zero Day Threats

Microsoft Windows Defender on your Windows 10 machine is not in the same class as Webroot and other cloud-based services. It can be configured to update every few hours. The Webroot cloud system is updated non-stop, continuously. It takes only seconds after a malware attack for all 30+ million Webroot machines to be protected.  Windows Defender and other traditional antivirus products have nothing like this.

Malware criminal understand that most antivirus products take two hours or more to identify malware and download updated virus signatures. So they release new versions of their malware every hour or more frequently. That's why the new cloud-based services are needed.