[mzltest]

*Please note it refers to your complete security solution rather than just antivirus.
*These listed below are the aspects of protection in my opinion.Discussions are welcome.

- Antivirus
Antivirus offers live or custom protections based on malware signatures.They are often the first layer of protection.(We won't mention web pre-screening as It is often database-matching).
It could be easily bypassed sometimes.
My product:Windows Defender

- Sandboxes/Virtualization Technology
It refers to automatic/manual sandboxes that provides you a virtualized environment to mess up.An example is Windows Sandbox.
Some antivirus offers this layer of protection like Avast DeepScreen and Comodo.
If you have a VM with OS,that can be one sandbox.
Isn' that easy to bypass,but recently more malwares are bypassing it.
My product:a Windows 7 VM in virtualbox.

- HIPS(Host Intrusion Prevention System) and process restricting tools
Behaviour blocking when a malware runs.Useful when preventing ransomware.For example,you can restrict write access to your important documents.
Some antivirus have HIPS already(usually malicious behaviour blocking).
Note we will include process restricting tools like voodoo shield include this category as it is runtime controlled,too.
My product:Windows defender built-in rules

- Firewall
Controls traffic.Example is TinyWall or Windows Firewall.
My product:Windows Firewall

- Others
other products not mentioned above.For example,ARK(anti-rootkit) tools like TDSS killer,Backup Utilities,or even a previously created Recovery Drive,etc.

[Mashiro]

Main PC
OS: Windows 10 Enterprise 20H2 64 Bit.
Antivirus: Windows Defender Antivirus (builtin) + common sense.
Firewall: Windows Defender Firewall (builtin).
Virt: Windows Hyper-V Hypervisor running whatever OS currently needed to test / play around with.
HIPS: Windows Defender Tamper Protection / Anti Ransomware and TPM hardware protection.
Encryption: Microsoft BitLocker full disk encryption for OS and data SSDs. VeraCrypt for portable data storage.

Notebook
OS: Linux Mint 20 64 Bit.
Antivirus: None + common sense.
Firewall: I reckon it is most likely iptables / ufw (iptables frontend for easier configuration).
Virt: None. Notebook too weak.
HIPS: None and TPM hardware protection.
Encryption: Full disk encryption using LUKS. VeraCrypt for portable data storage.


Before the OS firewall comes the router firewall which covers all devices. For backup I mostly use Acronis True Image. Overall nothing special to see here.

[mzltest]

Main PC
OS: Windows 10 Enterprise 20H2 64 Bit.
Antivirus: Windows Defender Antivirus (builtin) + common sense.
Firewall: Windows Defender Firewall (builtin).
Virt: Windows Hyper-V Hypervisor running whatever OS currently needed to test / play around with.
HIPS: Windows Defender Tamper Protection / Anti Ransomware and TPM hardware protection.
Encryption: Microsoft BitLocker full disk encryption for OS and data SSDs. VeraCrypt for portable data storage.

Notebook
OS: Linux Mint 20 64 Bit.
Antivirus: None + common sense.
Firewall: I reckon it is most likely iptables / ufw (iptables frontend for easier configuration).
Virt: None. Notebook too weak.
HIPS: None and TPM hardware protection.
Encryption: Full disk encryption using LUKS. VeraCrypt for portable data storage.


Before the OS firewall comes the router firewall which covers all devices. For backup I mostly use Acronis True Image. Overall nothing special to see here.

I don't know much on security,but it seems that's a very professional solution.It seems you prefer encrypting your data. That's a good measure as recently ransomware tends to "steal and make public" sensitive data.

As far as I know,according to Hatching Triage's recent analysis,"stealer" is one of the most popular tags.So it seems necessary to secure the data.(Though personally I think thr biggest threats in China is PUA that bundled in software downloads especially in unofficial source...)

[fChk]

@mzltest

As @Mashiro showed, you don't need any third-party solution with Win10 for "security", they are all built-in. You just need to configure them the right way BUT you also need a USER with a bit of common sense. Without it no system will ever be secure.

And here is the kicker, suppose we do have a system set as @Mashiro's Main PC and -to make things harder- we have a user armed with all the common sense in the World, so how secure that machine is if you don't thrust its OWNER (ie M$)?! with all the secrete agreements with their security services and with all the telemetry going on back and forth with its servers..

Conclusion: for someone in China, the Middle East, Russia etc.... Win10 is not secure period!

You can use it to play games (if you enjoy that), anything else then you're breached!..

Another problem is the 0Days vulnerabilities that bypass all those security measures to make the system behave in unexpected ways... This is of course any OS vendor's nightmare and there is a thriving black market for them, even for Linux...

From all the above, we can see that security is always relative and never 100% achieved..

[Mashiro]

@mzltest

I don't really think it's professional. There is much more to be done to make it better.

Actually still that doesn't really protect against ransomware or data being stolen while the computer is running and is in decrypted state.

As @fChk mentioned the security measures can be still bypassed in one or another way.

[mzltest]

@mzltest

I don't really think it's professional. There is much more to be done to make it better.

Actually still that doesn't really protect against ransomware or data being stolen while the computer is running and is in decrypted state.

As @fChk mentioned the security measures can be still bypassed in one or another way.

@fChk

Thanks for the explanation.I particularly agree calling Microsoft as M$ from Windows 10.
In the settings you are forced to send data to Microsoft as there is no choice to stop sending "error" reports.
There is once a time that our goverments are still using Win XP/7 devices when Windows 10 already in market.(And now most of them still uses Windows 7,too).The main reason is the untransparent data collection.

But for personal users,we shall focus more on anti-malware solutions.I might not use encryption as my data isn't that valuable and implementing it might affect data portability.I currently use no 3rd-party products but often backup.But many of us uses have no common security knowledge.They use
so-called "high-speed downloader" to download softwares.They install cracked products without doing security check.They never backup unless it's a default opinion in a software they use.They uses ad-drived 3rd "Defenders"(like 360 Security[China Version]) and so on.They believe they are secure.That's a fun thing.


--The hcaptcha in cloudflare almost drove me crazy.Often in a loop....

[LightDestory]

I am going to use the same response model of @Mashiro because I find it perfect to reply with:

My main PC (Laptop)
OS: Windows 10 Home 20H2 (2009 version)  64 Bit, I could upgrade to Pro using a Edition key but the Pro edition just add GroupPolicy stuff that doesn't concern security and a encryption method that caused me problem in the past!
Antivirus: Windows Defender Antivirus (built-in) with a 10-plus years of experience on surfing the internet and trying stuff.
Firewall: Windows Defender Firewall (built-in) with additional firewall from my house modem.
Virtualization: Using WSL2 and Windows Sandbox (powered by Windows Hyper-V Hypervisor) which creates a fresh image of Windows 10 on demand and destroy is as soon as I close the sandbox. If I need to test something on a specific OS I usually use VirtualBox from Oracle.
HIPS: TPM hardware protection from my PC manufactur.
Encryption: None because Windows 10 Home doesn't have BitLocker and moreover it caused me issue in the past, all the sensible data are stored on an external portable hard-disk. 

My desktop PC (old one just using it when I don't have my laptop)
OS: Windows 10 Home 20H2 (2009 version)  64 Bit ULTRA-LIGHT edition due to performance issue
Antivirus: Windows Defender Antivirus (built-in) with a 10-plus years of experience on surfing the internet and trying stuff (Same as before because I am the same guy D: ).
Firewall: Windows Defender Firewall (built-in) with additional firewall from my house modem.
Virtualization: None due to performance and old hardware issue
HIPS: Nothing, too old to have a TPM.
Encryption: None because I don't use it for critical stuff, it just runs games or play videos or open PDF of lessons.

My "torrent-box" PC
OS: Linux Lite 5.2
Antivirus: None
Firewall: UFW firewall with a 10-plus years of experience on surfing the internet and trying stuff (Same as before because I am the same guy D: ).
Virtualization: None
HIPS: Nothing, too old to have a TPM.
Encryption: None

So this is my configuration

[Sn1F3rt]

Well, we've only one PC, so next time if there's a thread about mobile, I might be able to give a better reply, but yeah for the time being here's what exists. 

My Main PC (Desktop)

OS: Windows 7 Professional 32-bit.
Antivirus: Ivanti (KaperSky).
Firewall: Windows Defender Firewall (builtin).
Virt: None. It's used for mainly by my Dad for work, and the company has put in enough of their software to prevent messing around with it. 
HIPS: Windows defender built-in rules.
Encryption: WinMagic SecureDoc.

[mzltest]

Well, we've only one PC, so next time if there's a thread about mobile, I might be able to give a better reply, but yeah for the time being here's what exists. 

My Main PC (Desktop)

OS: Windows 7 Professional 32-bit.
Antivirus: Ivanti (KaperSky).
Firewall: Windows Defender Firewall (builtin).
Virt: None. It's used for mainly by my Dad for work, and the company has put in enough of their software to prevent messing around with it. 
HIPS: Windows defender built-in rules.
Encryption: WinMagic SecureDoc.

Personally I don't think mobile need to rely on antivirus much as long as you use App Store/Google Play as the only source for app as the antivirus for phone really can't do much due to permissions.

It seems to be an old PC as it still uses Windows 7.Personally I suggest using a user-level account rather than admin account for daily use if your dad don't have the need to install new softwares frequently and the software used for work is also usable in user level.(Of course,if your dad is an experienced user youprobably don't need this)

[Sn1F3rt]

Personally I don't think mobile need to rely on antivirus much as long as you use App Store/Google Play as the only source for app as the antivirus for phone really can't do much due to permissions.

It seems to be an old PC as it still uses Windows 7.Personally I suggest using a user-level account rather than admin account for daily use if your dad don't have the need to install new softwares frequently and the software used for work is also usable in user level.(Of course,if your dad is an experienced user youprobably don't need this)

Yeah it's a really old PC from 2010, it has a Pentium processor which renders it incapable of running Windows 10 hence we are on Win 7. Well the company has main access to the PC, so they've locked the Admin account with a password of their own, and we can have only user accounts. (Though I found a workaround to convert this into an Admin account )