I have been using the free AVG for about 20 years. It's decent but of late it's gotten very intrusive. It displays popups to sell me stuff and it happens at inopportune moments like a meeting or an interview.

Also, I watch streamed sports and it throws popups in the middle of the screen to say "URL:Blacklist". or "URL:Phishing".

What are some free alternatives?

In reply to powerbelly

powerbelly said:

---

Microsoft defender and common sense.

---

This.

I've never been hit with anything in my entire life.

In reply to DallasTeleAg

DallasTeleAg said:

---

powerbelly said:

---

Microsoft defender and common sense.

---

This.

I've never been hit with anything in my entire life.

---

Me neither, in about 26 years that I have had a PC in my control. There could be a first time so I want to be protected.

In reply to powerbelly

powerbelly said:

---

Microsoft defender and common sense.

---

Looks like MS Defender AV comes with Windows, so I might not need AVG at all. No need to install anything 3rd party.

I had a license to Norton AV back in 1998 or so and when that expired I didn't feel like buying anything. So AVG was free so I've used it for 20+ years. I didn't even realize that Windows added AV in the OS itself. Just uninstalled AVG.

I like ESET Nod32 myself.

In reply to spieg12 Working in the cybersecurity industry, we don't even make antivirus solutions any longer. You could never keep up with the changing threats out there with the typical antivirus programs of the past.

For home use, and even some use case in the enterprise, Microsoft Defender is a fantastic tool. It has a EDR (End Point, Detect, & Respond) element to it that is mandatory today.

I would recommend MS Defender and to also minimize your IOT devices as much as possible. There really isn't a lot of solutions for home use out there. I think Ubiquity makes an decent line of firewalls and AP's that you could get for home use at a reasonable price if you want to ramp up the protection.

In reply to AgCMT

AgCMT said:

---

Working in the cybersecurity industry, we don't even make antivirus solutions any longer. You could never keep up with the changing threats out there with the typical antivirus programs of the past.

For home use, and even some use case in the enterprise, Microsoft Defender is a fantastic tool. It has a EDR (End Point, Detect, & Respond) element to it that is mandatory today.

I would recommend MS Defender and to also minimize your IOT devices as much as possible. There really isn't a lot of solutions for home use out there. I think Ubiquity makes an decent line of firewalls and AP's that you could get for home use at a reasonable price if you want to ramp up the protection.

---

Yep. This is how you know any company is behind the times: When they use the phrase "anti-virus". Everything we do for businesses is now EDR/MDR.

Hell, for most people, the mere fact they have bluetooth enabled on their mobile device is their greatest security risk, lol.

In reply to DallasTeleAg Bluetooth and leaving your hotspot open on your phone as well.

Did you see that ddos attack on the the smart toothbrushes a couple of weeks ago? I have to admit I laughed at that one. Over 500k smart toothbrushes affected.

What about when you are trying to protect computers for those with little common sense? I have to have solutions for all levels, including the mother in law.

In reply to AgCMT Wait, what's make a toothbrush "smart" ?

I just need the damned thing to turn on and off!

In reply to Bobcat-Ag Make sure their user profile does not have admin rights is a big first step.

In reply to DallasTeleAg Thank you for the response, lots of great info. I will probably not hit her on the nose with a magazine, but a training course is a great idea. She has probably never had one.

In reply to DallasTeleAg This. He nailed it.

I completely agree that Sentinel 1 is best in breed. If DallasTeleAg can sell you licenses, I would recommend putting it on all of your devices, your mom's devices, and anyone else that asks you for IT help. It's very easy to use as well.

MFA (Multi Factor Authentication) is a pain in the ass, but it is beyond needed. It took a 10 minute phone call to take down a 30 billion dollar company. Google the MGM hack. It could have been stopped with MFA.

Great stuff DallasTeleAg!

In reply to DallasTeleAg

DallasTeleAg said:

---

Bobcat-Ag said:

---

What about when you are trying to protect computers for those with little common sense? I have to have solutions for all levels, including the mother in law.

---

You will always be limited. It's the same issue you run into with businesses. We use SentinelOne as our EDR for companies, which I would argue is best of breed. We can implement the best firewall in the world, SentinelOne, email security, password management, a great SIEM, etc. At the end of the day, your weakest point in cybersecurity is the individual. That is why several providers of cybersecurity also offer security awareness training and testing. Even still, you will have those specific people who keep failing the tests because they open every freaking email and click links.

It is one of the most aggravating things to get across to some GenX and most Boomers. It's simple... don't open emails. Just don't. Unless you are expecting an email, everything else is a risk.

For your average consumer, you should use/do the following:

• Microsoft Defender
• Windows Updates - It's amazing how bad people are at updating their PC's.
• MFA - Do not use any web-based portal for anything without MFA. And don't choose that option to "Remember My PC"
• NEVER TELL ANYONE YOUR USERNAME OR PASSWORD. No company or organization will ever ask you for your email or password. Beat this into her head. ABC company can get into your records or profile without your credentials, so should never ask for this.
• Do not open emails you don't expect to receive. Just don't do it. Roll up a freaking magazine and bop her on the nose every time she does it and say, "STOP!"
• Don't respond to any text messages or click any links in text messages.
• Keep your bluetooth turned off if at all possible.
• Do not give out your information to anyone unless you call them. This is huge for boomers. I never trust any phone call I receive. If someone calls me from anywhere and simply asks me to confirm who I am, I tell them no. I ask who they are with, and then go onto their website, find their number, and call them. I do this all the time in business because scammers love to reach out to IT companies and submit legitimate looking PO's for hardware. Their emails look real and the PO is an actual copy of the organization's PO, with the correct name on it. All it takes is a simple google search, find the number for that company or organization, and call it. Now you know you are calling the actual organization, and you can ask them if the phone call is legit.

Those are just several things off the top of my head. The important thing to get across to most people is that "Cybersecurity" isn't an app. It is a way of thinking and interacting with technology. Without common sense, you are always a mark and will always be a mark. There's a reason these organized criminal enterprises exist: people are stupid.

---

Thank you for your post. So you believe Microsoft Defender is enough, and other anti-virus is unnecessary at this point? I typically recommend Malwarebytes but - I have noticed lately it never seems to detect anything except tracking cookies, so I've been starting to wonder if it is worth the money or not.

Also I'm not familiar with Sentinel One but looking at their website they seem to be targeting larger companies. Is that something that would be cost effective for a small business with 5-20 employees? Does it compare to something like a Sonicwall with their "Total Security" package or whatever it's called? Supposed to scan for viruses etc. in real time.

I appreciate your insite.

In reply to Tailgate88 You should definitely find an MSP to provide you with an EDR (which is what SentinalOne is). It is a per seat cost, so you would pay per user or device. It's really not that bad. I would actually encourage a small business to go with the full MDR using SentinalOne. This would be 24/7 monitoring of all of your endpoints.

EDR - or end point protection is a different animal than normal virus protection. They all sell it as AI, but its really just machine learning driven. It sits on your device and looks at every packet, executable file, etc. It looks for anomalies and finds never before seen threats. SentinalOne is the best with a CrowdStrike a close second. Everything else is a distant third and beyond. We sell an EDR that is just SentinalOne with our sandboxing added to it.

The SonicWall "Total Secure" is referring to their firewall. Which serves a different purpose. Simply put, firewalls go in front of your network to scan the data coming in from your ISP. You can also put virtual firewalls in as well. I actually work at SW.

It's best to put in a layered protection on a business. So firewalls, EDR, some sort of email security, MFA, etc... all of it works together. There's not a silver bullet.

In reply to Tailgate88 Fair warning: I am not a cybersecurity engineer, and can only speak high level. My job is to have these high level conversations and be able to engage with anyone from business owners to CIOs on determining their business needs, put together solutions to those needs, and to effectively translate what IT/network/security engineers say to the small business owner. However, going any deeper than this high level requires me to pull in my support team of experts from my own company or the manufacturer/provider. I'm pretty certain there are some CISSP level Aggies on this forum who could really go into greater detail.

SentinelOne is definitely an option for small companies. If you look at their site, we generally implement the SentinelOne Complete option, unless there is a specific need we need to meet. The list price is somewhere around $12-$13 per month, per endpoint, but we usually sell it for less than that, to be competitive in the market. For our full managed service, we also bundle in our Security Operations Center (SOC) to the service.

SentinelOne is your Endpoint Detection and Response solution, so the focus is to be proactive in detecting and responding to any threat on your machine. This solution does such a good job at stopping ransomware that every remediation demo I've seen of it when the person demonstrated a ransomware attack, they first had to disable SentinelOne.

As far as how that compares to SonicWall, all I can give you are very generic answers. Your SonicWall firewall focuses on network security, which is what your TotalSecure license provides (which should always be renewed). Now, it looks like SonicWall does offer some form of EDR, based on a quick search, but it has been a long time since I've stayed up to date on the SonicWall product line (not since soon after Dell sold them). This would also be an additional service/license you would have to purchase.

Any business of any size really needs to think about the following:

• Firewall/Web Gateway Security: Though these two things are slightly different, most companies will use their firewall to do both. This is protecting access to your network and watching your internal network traffic. A good security appliance will also catch some malicious risks on their way into your network, but it's not necessarily going to catch ransomware embedded in a word doc being sent to your email address.
• Email Security: What are you doing to prevent phishing and other spam? Most attacks on a business begin via email.
• Passwords: How are you storing your passwords? Are you changing them regularly?
• Multi-Factor Authentication: Have you implemented MFA in your Microsoft environment and all other business related services you use? (ie: Banking, Quickbooks, CRM, ERP, etc)
• Computer Updates: Are you managing all of your updates to keep your devices on the most current versions of software?
• Endpoint Detection Response: This protects your individual endpoints from ransomware, viruses, malware, and other cyber attacks. "Anti-virus" is outdated, as a concept. A modern EDR solution should protect you against a file-less and script-based attacks. But more than that, they should also offer remediation solutions and roll backs for ransomware attacks.
• Mobile Device Security: Keep in mind, so much of what we do is now done on your cell phone. How are you protecting those devices and data on those devices?
• Backups & Disaster Recovery: If you do not currently have a back-up and disaster recovery plan for your business' critical data, then that needs to be a priority. Also, using SharePoint and/or OneDrive is not a back-up/disaster recovery plan. If you are expecting to restore data in the event of a deletion or corruption, then you may be disappointed.
• Cybersecurity Insurance: If you do not have cybersecurity insurance, you need to look into it. Most insurance companies will require you to meet many of the above expectations before they will even cover you.

Again... cybersecurity is not a quick fix. It is an evolving world where you must constantly be vigilant. Also, just because you have an IT guy doesn't mean you are protected. You need to have a conversation with them on how they are meeting standards for your business, like the NIST framework. And if they aren't, then why is that? Your IT person or company should act as though your business is their business. The NIST framework is one of the most common cybersecurity frameworks used by many IT companies. Here's a brief overview of what every company should be thinking about: https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/nist-framework

One of our customers is a spine surgery doctor with a small office, who's had an IT guy for years. He was hit with ransomware and was cutoff from his EMR system until they resolved their issue, which could cost them anywhere from $20-$30K. Fortunately, we were able to come in on the back end with SentinelOne and our back end SOC to remediate the threat.

In reply to DallasTeleAg Does SentinelOne count as SIEM? We use the former.

In reply to YouBet

YouBet said:

---

Does SentinelOne count as SIEM? We use the former.

---

With many different software or solutions out there, there will be bleed over and some solutions will do things others may not. SentinelOne may offer some features that bleed into a SIEM, but it is not one. For an org of the size requiring a SIEM, I would use a solution specific for that need.

A SIEM is interested on the the activity of the threat across your entire LAN/WAN. EDR is focused simply on your individual device. One does not replace the other.

In reply to DallasTeleAg

DallasTeleAg said:

---

YouBet said:

---

Does SentinelOne count as SIEM? We use the former.

---

With many different software or solutions out there, there will be bleed over and some solutions will do things others may not. SentinelOne may offer some features that bleed into a SIEM, but it is not one. For an org of the size requiring a SIEM, I would use a solution specific for that need.

A SIEM is interested on the the activity of the threat across your entire LAN/WAN. EDR is focused simply on your individual device. One does not replace the other.

---

Thank you. I'm actually working through some of this stuff right now. Crash course in cyber. I know enough to be dangerous.

In reply to YouBet

YouBet said:

---

DallasTeleAg said:

---

YouBet said:

---

Does SentinelOne count as SIEM? We use the former.

---

With many different software or solutions out there, there will be bleed over and some solutions will do things others may not. SentinelOne may offer some features that bleed into a SIEM, but it is not one. For an org of the size requiring a SIEM, I would use a solution specific for that need.

A SIEM is interested on the the activity of the threat across your entire LAN/WAN. EDR is focused simply on your individual device. One does not replace the other.

---

Thank you. I'm actually working through some of this stuff right now. Crash course in cyber. I know enough to be dangerous.

---

LOL - I work in cyber security and every day is a crash course! Technology changes so quickly that you have to constantly study what's out there.

Having spent four years in the military I thought I had a good grip on the acronyms...until I got into this world.

In reply to AgCMT

AgCMT said:

---

YouBet said:

---

DallasTeleAg said:

---

YouBet said:

---

Does SentinelOne count as SIEM? We use the former.

---

With many different software or solutions out there, there will be bleed over and some solutions will do things others may not. SentinelOne may offer some features that bleed into a SIEM, but it is not one. For an org of the size requiring a SIEM, I would use a solution specific for that need.

A SIEM is interested on the the activity of the threat across your entire LAN/WAN. EDR is focused simply on your individual device. One does not replace the other.

---

Thank you. I'm actually working through some of this stuff right now. Crash course in cyber. I know enough to be dangerous.

---

LOL - I work in cyber security and every day is a crash course! Technology changes so quickly that you have to constantly study what's out there.

Having spent four years in the military I thought I had a good grip on the acronyms...until I got into this world.

---

Yes, my head is spinning a bit with the multi-layered security standards and trying to figure out where one tech stops and the other begins.