Computer protection

[Makinchips208]

Computer antivirus, block hackers, etc. not even sure what or how to ask this.

We have a couple computers with windows 10 pro, not going to 11 as long as we can, they are connected to inter-webs, all work related stuff and email.
We want to protect against computer virus. What’s the standard program or brand or method to protect against computer virus? Is this built into windows 10 already?

Also, is there a way to safeguard against hackers? Domestic or foreign.
Without unplugging everything that is.

 

[Blue Sky Country]

All Windows packages come with their own Windows Defender program which you can customize to partially or fully scan your PC or laptop for potential threats. That program has mixed reviews and from all accounts, it is roughly 70% efficient in detecting and stopping malware from intruding on your system. Defender updates automatically but sometimes it might skip an update and you would have to click on "SEARCH FOR UPDATES" so the program can download the latest drivers and reboots needed to keep up with the nonstop torrent of new viruses and malware that appear every day.

I primarily relied on Windows Defender for my laptop since 2013 and a free app called AVG Antivirus for my Android phone since 2016 and they have been working fine.

There are not really any programs that offer a full 100% protection as viruses and malware are extremely insidious and some can automatically morph and change their coding to try to breach even the best antivirus software. The BEST primary defense is to trust your instincts and be wary of suspicious websites and links. If an unknown link is composed of jumbled numbers and symbols, it is best to avoid them. Most sites like legitimate vendor sites, sites that show up in the first 2 pages of all major search engines, forums like the Hide and ARF, already have safeguards built in that powerwash out any links that may be suspicious. If you see an email from anyone you don't recognize that contains a link, avoid them, do NOT click on them. If an email that looks like an innocent ad or subscription based notifications from a bank, e-market, or newsletter appears in your inbox but their origin address is anything but from what you recognize as their home domains, do NOT click anything that may be contained in the email body. They are most likely scammers from India, Nigeria etc., and clicking on any of their links will immediately cause malicious code to transfer onto your computer.

Also be wary of nondescript and vague links posted with no context on unmoderated open boards like 4chan.

 

[kenny1773]

Nothing is 100%

First setup a decent firewall on your internet connection

Pick one of the more consistently higher rated AV programs (google more, most reviews are tainted by money)

Test antivirus software for Windows 10 - August 2023

The current tests of antivirus software for Windows 10 from August 2023 of AV-TEST, the leading international and independent service provider for antivirus software and malware.

www.av-test.org

AND
Use a DNS that offers some protection

The 5 Best DNS Servers for Improved Online Safety

Changing your DNS provider can help protect your PC against online threats. These DNS servers are among the safest and most secure.

www.makeuseof.com

AND
Use ad blockers on your browsers, something like uBlock Origin works well

AND
Major browsers now offer native support for an HTTPS only mode, use it

AND
Periodically run separate anti-virus / anti malware manual scans with a different tool than your primary
example, if you have Bitdefnder installed as your primary AV, run a one time manual scan with Malwarbytes antimalware or ESET online scanner or something that has an on demand run capability (does not actively run all the time, you already have that) but is a different brand

AND
BACKUP YOUR SHIT REGULARLY!!!! to local drives or to online cloud backup systems, just back it the fuck up

AND
If you must download files to your hard drive, test them with an online scanner before you open (most do not need this)
Example

VirusTotal

VirusTotal

www.virustotal.com

AND
Don't be fucking stupid with links you click or emails you choose to open. I can't help you here, you either can spot the bullshit or you can't.


I am sure I missed something, had a long day...

 

[Zolar]

The best protection is the user, Don't click on anything you are not sure where its from.

 

[6.5SH]

The best protection is the user, Don't click on anything you are not sure where its from.

Coupled with keep your shit up to date. Plenty of exploits that required nothing more than viewing a particular font or image type.

 

[n2ishun]

Years ago (back in the BBS days) me and a few buddies used to trade files by hiding them inside an image.
Yes an image is all zeros and 1's.....just like any file.
Granted the image was blurry and had too big of a file size, but if you didn't know the exact how to extract the file it would be useless.....and that useless would extend to any *authority* type person.
I have zero doubts that you can now contract a rootkit or damaging viral just by viewing a well prepped image.
I should know, me and my bros probably created the method of delivery.

Another wonderful trick is to use the simple period at the end of a sentence, like this one.........
You don't use a text period, but you use a .jpg, .gif, or .bmp image instead, and tag the image with tracking code.
Yup, you can infect yourself just by reading what appears to be text.

If you want even a tiny modicum of safety, unplug the sommabitch, from power AND interwebz.

 

[Zolar]

Years ago (back in the BBS days) me and a few buddies used to trade files by hiding them inside an image.
Yes an image is all zeros and 1's.....just like any file.
Granted the image was blurry and had too big of a file size, but if you didn't know the exact how to extract the file it would be useless.....and that useless would extend to any *authority* type person.
I have zero doubts that you can now contract a rootkit or damaging viral just by viewing a well prepped image.
I should know, me and my bros probably created the method of delivery.

I believe it is called steganography

 

[Franko]

Lets keep it simple to start:

1. How many users do you have
2. Whats your budget
3. What do you do that requires internet access

 

[Redmanss]

This thread is going to bait in so many spammers.

 

[Makinchips208]

This thread is going to bait in so many spammers.

Probably true…

 

[Makinchips208]

Lets keep it simple to start:

1. How many users do you have
2. Whats your budget
3. What do you do that requires internet access

1. We have two primary users, and two others that occasionally might use it.
2. $79.95 actually probably whatever is needed to satisfy concern. Couple thousand if needed I guess.
3. Primarily we need it for Fusion 360 for both cad and cam (this is daily), email (daily), and periodically on the machines we have to update Numroto (this remains unplugged unless it is needed, so like a couple times a year in this one)

 

[6.5SH]

1. We have two primary users, and two others that occasionally might use it.
2. $79.95 actually probably whatever is needed to satisfy concern. Couple thousand if needed I guess.
3. Primarily we need it for Fusion 360 for both cad and cam (this is daily), email (daily), and periodically on the machines we have to update Numroto (this remains unplugged unless it is needed, so like a couple times a year in this one)

If you can isolate the machines you do your CAD/CAM work on from the internet and just sneakernet stuff to them on USB when needed you just reduced a lot of risk. No idea if that is feasible for your workflow though.

 

[Makinchips208]

If you can isolate the machines you do your CAD/CAM work on from the internet and just sneakernet stuff to them on USB when needed you just reduced a lot of risk. No idea if that is feasible for your workflow though.

Yes. We have a fancy pants computer for the cad/cam, we use usb stick to transfer to the machines.
The once or twice a year we have to update a machine it is Ethernet cable and follow a link we received from the manufacturer. So zero browsing there.
The work on the computer is backed up in cloud, and any critical files are stored locally on memory devices, which are disconnected.

 

[n2ishun]

I believe it is called steganography

Figures some knob had to put a pathetic name to it.


BTW OP ?
Can you handle Linux, Irix, Solaris, Unix....etc ?
Much safer operating system and just about any program you'd want is free (open source and all that shit yanno?)
Yes you can get CAD/CAM and all that shit like office and anything else you can imagine.
Of course you won't be getting Purple Palace and crap of the Microsoft skinny jean wearing fluff....sorry there.

 

[Makinchips208]

Figures some knob had to put a pathetic name to it.


BTW OP ?
Can you handle Linux, Irix, Solaris, Unix....etc ?
Much safer operating system and just about any program you'd want is free (open source and all that shit yanno?)
Yes you can get CAD/CAM and all that shit like office and anything else you can imagine.
Of course you won't be getting Purple Palace and crap of the Microsoft skinny jean wearing fluff....sorry there.

I’m sure i could use any of those systems just fine with a little time and effort. Fusion will work on several operating systems, However, Numroto is only available for windows, as well as the software for the laser machine we have is only available for windows.
So I don’t see us changing from windows based system at this point in time.

 

[LeftyJason]

If you can isolate the machines you do your CAD/CAM work on from the internet and just sneakernet stuff to them on USB when needed you just reduced a lot of risk. No idea if that is feasible for your workflow though.

Hard to isolate the machine running fusion 360 from the internet since it is cloud based.

 

[padom]

As a commercial IT company owner, we have 1000's of endpoints out there running Bitdefender Gravity Zone Enterprise with EDR coupled with a enterprise security appliance at the edge running Threat Prevention, Intrusion Prevention, Web Filter, Firewall, Application Control, WAN Balancer, WAN Failover, Wireguard VPN, OpenVPN, IPSec, etc. Including at some of the commercial supporters and smiths on this site.

Email spam/malware is one of the biggest issues for corporations today. Using something like M365 along Advanced Email Protection and Email Backup has saved a LOT of businesses from receiving most spam/malware before its delivered to the inbox and provides instant mailbox recovery in the event of a major email issue. Well worth the couple $$ extra a month.

A good router/firewall/security appliance properly setup at the edge vs using your ISP's POS all in one router thats not good at doing any one thing well along with good endpoint protection on each PC is all you need to keep your protected along with good business practices.

There are many ways of going about getting a solid security appliance/router/firewall and the price varies on the way you choose. If your tech savy, a great way is to download a copy of PFSENSE, OPSENSE, Untangle/Arista NGFW and install it on a X86 machine (whether thats on a repurposed, new, or router specific 1U device is up to you). Orrrr, you can buy a ready to go device like a Netgate or Arista ETM NGFW. These devices are ready to go, just plug in and configure.

Linux is excellent and I use it daily for a LOT of stuff but its just not feasible for most businesses to run as a primary machines today with so many levels of IT knowledge with employees and software compatibility.

 

[padom]

Backup is also a very important component of any businesses IT infrastructure these days that a LOT of businesses overlook or use as an area to skimp on costs.

Having all your machines running daily incremental image backups that tank incrementals every hour or so to a NAS/Server or shit even an External HD plugged into each machine is a HUGE cost/time/lost income saver in the event you do run into a situation. Whether thats an infection, hardware failure, or deleted file... It literally takes minutes to recover a file OR in the event of a major infection or hardware failure, you simply swap in a new machine and restore your image in less than 20min to the new hardware and your back up and running like nothing happened. The beauty of using tried and proven backup solutions, especially being able to restore to dissimilar hardware..

This can be the difference of a CAD machine/server/accountant pc, etc. down for minutes or hours or days and depending how important that machine is to your business.....could be the difference between losing nothing, hundreds vs losing thousands or tens of thousands of dollars....Cheap insurance in the long run

 

[Franko]

1. We have two primary users, and two others that occasionally might use it.
2. $79.95 actually probably whatever is needed to satisfy concern. Couple thousand if needed I guess.
3. Primarily we need it for Fusion 360 for both cad and cam (this is daily), email (daily), and periodically on the machines we have to update Numroto (this remains unplugged unless it is needed, so like a couple times a year in this one)

Ok, here is the no-frills option

1. Run two separate wired only networks (no wifi).
2. Setup network 1 for your production machines. Do not connect this network to the internet. Do all updates via USB stick or if that isn't feasible, periodically unplug everything else from the router, plug the production network into your router, run all your updates, and then disconnect the production network and reconnect your regular machines to the network.
3. Buy a removable hard drive and use it to back up your production machines peridocally. After backing up your machines unplug the drive and take it home with you. Make sure to encrypt your backups just in case the drive is lost or stolen.
4. Setup network 2 for your email/work machines. Install basic antivirus/antimalware software on each machine. Windows Defender is good and it's free but other options exist if you want to look around.
5. Use Microsoft O365 for your email provider.
6. Set up and use Multi-Factor Authentication for your O365 email accounts. This will save your ass if an account does get compromised because if you start getting MFA prompts when you aren't using O365 or at non-work hours it means somebody got your passwords and it's time to review your systems and passwords.
7. Buy a second removable hard drive and use it to back up your email machines. If this becomes a hassle subscribe to a internet based backup service.
8. Protect your machines with full disk encryption (Bitlocker) to ensure if they are stolen you don't have to worry about somebody using your data to do bad things. Print out and store those decryption keys in a very safe place.

Here is the hard part:

1. Use your email machines only for email and work. No web surfing during lunch time, no christmas shopping, no personal email, no porn.
2. Treat incoming email with care. Do not open the email that promises your hot single women in your area are looking for love, no pills gauranteed to make your dick bigger, no special coupons for discounts on Amazon, only open email related to work.
3. The vast majority of compromises are via Phishing which is accomplished by tricking you into clicking on strange hyperlinks or opening attachments. Do not open emails that arent' work related or click on strange attachments.
4. If you get an email from a client that is weird or unexpected don't click on it. Call the client at a known good number (not a phone number in the suspicous email, some attackers actually run their own call centers to catch people who call the included number) to confirm that they really sent it to you and why you need to open that file.
5. If your clients only send you CAD files don't open a PDF or Excel sheet.
6. Nothing unapproved gets plugged into your network, nobody else gets to use it. Nobody's kids who just need a computer for a project, your uncle who is visiting and needs to just check his email fast or kill some time while he waits for you to finish for the day so you can go fishing, nobody else and no other devices...

Good luck.

 

[padom]

Ok, here is the no-frills option

1. Run two separate wired only networks (no wifi).
2. Setup network 1 for your production machines. Do not connect this network to the internet. Do all updates via USB stick or if that isn't feasible, periodically unplug everything else from the router, plug the production network into your router, run all your updates, and then disconnect the production network and reconnect your regular machines to the network.

Yawn

Doesnt sound like this guy is protecting the keys to potato heads hidden millions....

Refer back to my previous post about a proper Security appliance/router/firewall.

There is no unplugging and plugging in bullshit. Its called VLAN's and Policy's. If you are that worried (doesnt sound like OP needs this type of setup) but setup your VLAN's (VLAN ID 20 for Production, VLAN 21 for Mgmt Network, VLAN 23 Guest) and then use a managed switch and program those VLAN's into it. Then setup your policies for each VLAN. Or, you can use different switches and assign your VLAN to actual physical NIC on your security appliance and plug your respective switches into those NIC's... Then ensure in your firewall that say for example Production has no access to WAN if thats what you want. Done, easy, simple. Setup policies for your each VLAN if you want.

Go a step further, use commercial WiFi AP's like Aruba, CISCO, HPE, etc.... and set them up with different SSID's tied to these VLAN's. When someone connects to say VLAN 20 Production WiFi network they can access the hardware, devices on that VLAN but cannot access the internet due to rules you set previously. Guest SSID allows 100% internet only access on the Guest VLAN and nothing else. Cant see other devices on that VLAN, cant access anything internally...its path directly to the internet only... and other parameters can be set like connection timeframes (9am-5pm only) bandwidth limiting, content categories or specific URLS or domains blocked or allowed. Block all social media, block all porn, block all streaming sites, etc....

These are pretty standard setups in a corporate environment. Unplugging shit and all that is amauter hour. Also, Offsite encrypted image backup replication as little or as often as you like is also pretty standard. You can backup to say a server/box at your house, branch office, etc. or Vultr, AWS, etc... This is also pretty standard and stupid easy.

 

[Makinchips208]

Wow thanks everyone! @padom i think I need to pm you for more info.
@Franko why do you say no wifi? Is that because it is so easy to hack into?

And yeah we aren’t doing anything classified or secret. Sometimes have NDAs. But just building tools and machines parts to customers specs. When we start building rocket ships I’ll have to get better protected.

 

[padom]

Something like these are all you need for a powerful edge device for a SOHO you can configure and lock down to your hearts desire

Netgate 4100 BASE pfSense+ Security Gateway

The Netgate® 4100 with pfSense® Plus software is one of the most versatile security gateways in its class. It combines the power of a Dual-Core Intel® Atom® C3558 Core CPU with integrated QuickAssist & AES-NI, and 4 GB of memory for a snappy user experience, delivering over 8.15 Gbps of L3...

shop.netgate.com

Q4 Appliance | Edge Threat Management - Arista

The Q4 is ideal for smaller networks, branch offices or retail locations that need a cost-effective network security solution that just works, right out of the box. This appliance performs well under heavy workloads like content filtering, intrusion prevention and VPN encryption, ensuring these...

edge.arista.com

 

[padom]

Wow thanks everyone! @padom i think I need to pm you for more info.
@Franko why do you say no wifi? Is that because it is so easy to hack into?

And yeah we aren’t doing anything classified or secret. Sometimes have NDAs. But just building tools and machines parts to customers specs. When we start building rocket ships I’ll have to get better protected.

We do lots of manufacturing companies including one that does aerospace manufacturing, lockhead, boeing, Lufthansa, Amtrack, Rubbermaid, etc. They do tooling and thermoforming plastics. They have an entire engineering dept we custom build all their engineering workstations and they cannot to large CNC's and other machines on the floor to drop files onto just like you. They run Solidworks and Surfcam. Only the very old machines they still walk to it to plug in a USB or a few use RS485...

WiFi is perfectly fine, as long as its setup properly.

 

[Franko]

Wow thanks everyone! @padom i think I need to pm you for more info.
@Franko why do you say no wifi? Is that because it is so easy to hack into?

And yeah we aren’t doing anything classified or secret. Sometimes have NDAs. But just building tools and machines parts to customers specs. When we start building rocket ships I’ll have to get better protected.

You are a two man shop without meaningful IT resources. Keep everything so simple a normal non-IT person can do it. Less gear in your environment is less stuff that has to be supported by those non-IT folk that have other jobs to do. If your business grows enough to justify more IT spend then you can move up to more sophisticated security.

 

[padom]

You are a two man shop without meaningful IT resources. Keep everything so simple a normal non-IT person can do it. Less gear in your environment is less stuff that has to be supported by those non-IT folk that have other jobs to do. If your business grows enough to justify more IT spend then you can move up to more sophisticated security.

While this comment is not entirely off base.. The difference between 5 years ago and today is much smaller businesses can afford much better IT hardware and security that is much more user friendly and is GUI based. No CLI programming required. A lot of companies have realized this and have attacked that middle market. before this, it was crap netgear, linksys, etc hardware or expensive HPE/CISCO hardware that was out of reach to small/medium businesses... Your Aruba Instant On, Meraki and yes Ill say UNIFI even though I stopped selling them a few years ago due to continued firmware updates breaking shit has filled this middle market nicely.

Here is a rock solid, secure, full of features SOHO setup that any small business can easily setup the basics and it just plain works. I dont think just under $1100 is breaking anyones bank unless its some Etsy sensation knitting winter hats in moms basement.

This setup has the ability to setup VLAN's, isolate hardware and networks all on that single Aruba 24 port switch and setup multiple WiFi networks with different policies. Throw Bitdefender GravityZone Enterprise EDR on each of your windows PC's and you will be good to go. As you grow, you can easily add Security cameras into this network as well as VOIP phones, access control, etc. Just setup more VLAN's and tag those ports on the switch and plug in your cameras, NVR, VOIP phones, etc. Super easy to manage while isolating your different hardware to different VLAN's (Virtual networks) all managed and monitored on a single device (Netgate firewall)...

Lets just say a Netgate 2100 Max - $392
Aruba AIO 24 Port POE+ Gigabit managed switch - $474.99
Aruba AP22 WiFi 6 Dual-Band AP - $169.99
Total Hardware Cost - $1036.98

 

[Franko]

While this comment is not entirely off base.. The difference between 5 years ago and today is much smaller businesses can afford much better IT hardware and security.

Here is a rock solid, secure, full of features SOHO setup that any small business can easily setup the basics and it just plain works. I dont think just under $1100 is breaking anyones bank unless its some Etsy sensation knitting winter hats in moms basement.

This setup has the ability to setup VLAN's, isolate hardware and networks all on that single Aruba 24 port switch and setup multiple WiFi networks with different policies. Throw Bitdefender GravityZone Enterprise EDR on each of your windows PC's and you will be good to go.

Lets just say a Netgate 2100 Max - $392
Aruba AIO 24 Port POE+ Gigabit managed switch - $474.99
Aruba AP22 WiFi 6 Dual-Band AP - $169.99

Ongoing infrastructure maintenance and support are going to be the issue. He needs a solution so easy it can be done without meaningful technical skills or budget. Ideally something so simple an 80 year old grandma can do it, and yes this is asking a lot but we have to work with what we have and not what we want.

 

[padom]

Ongoing infrastructure maintenance and support are going to be the issue. He needs a solution so easy it can be done without meaningful technical skills or budget. Ideally something so simple an 80 year old grandma can do it, and yes this is asking a lot but we have to work with what we have and not what we want.

What ongoing infrastructure maintenance does he need to do to maintain the above spec setup? Ask Patriot Valley Arms how much ongoing IT infrastructure maintenance they perform to keep their identically outlined setup I just posted running or their VOIP phone system or their AI CCTV camera system? They will tell you zero. Now, they did hire my company to install and setup those systems. That is true.

 

[Franko]

What ongoing infrastructure maintenance does he need to do to maintain the above spec setup? Ask Patriot Valley Arms how much ongoing IT infrastructure maintenance they perform to keep their identically outlined setup I just posted running or their VOIP phone system or their AI CCTV camera system? They will tell you zero. Now, they did hire my company to install and setup those systems. That is true.

I don't think he has the spend to afford you.

If he could afford your initial consult and on-site installation then patching has to be addressed. It is going to have to be fully automated. And if something goes wrong then his network could be down until somebody can come out and visit the site.

I believe in this situation simpler is going to be more appropriate given his budget and technical skills.

 

[padom]

I don't think he has the spend to afford you.

If he could afford your initial consult and on-site installation then patching has to be addressed. It is going to have to be fully automated. And if something goes wrong then his network could be down until somebody can come out and visit the site.

I believe in this situation simpler is going to be more appropriate given his budget and technical skills.

I think your confused, I'm not advocating my business or asking him to hire us.

I'm trying to educate people and point them in the right direction. The information is out there and easy to find and follow if someone wants to set this up on their own. For all the hardware I posted.....

 

[padom]

I don't think he has the spend to afford you.

If he could afford your initial consult and on-site installation then patching has to be addressed. It is going to have to be fully automated. And if something goes wrong then his network could be down until somebody can come out and visit the site.

I believe in this situation simpler is going to be more appropriate given his budget and technical skills.

The hardware I posted is fully.automated by design. He isn't patching anything. Do you have experience with this hardware? Aruba AIO is updating is fully automated, it is a set it and forget it platform with enterprise reliability. .

I can't tell you to date, the 1000s of pieces of the suggested hardware we have sold, none have died and clients networks gone down.... thats why you spend the money on quality hardware. We aren't in the business of selling hardware that we have to constantly roll trucks to support or repair...I don't think anybody is

 

[Makinchips208]

Just cause a company has a dedicated IT guy doesn’t mean a whole lot, half the time they know next to nothing. Learned that from experience.

Currently, we are building a new company, as we grow and expand we may hire a quality IT service if needed. Maybe that will be involved if we get a website or connected to that somehow, more stuff I know nothing about.
Probably never have a dedicated IT guy in-house, unless one of our kids goes into that line of work maybe. But for now you all have helped a lot, and given me a lot of homework to do.
I really appreciate it all so far!

 

[padom]

Pretty darn detailed and informative video here for anyone wanting to learn the basics and more advanced setup of PFsense firewall (negate appliance).






Aruba AP setup

 

[padom]

If you can follow directions you can set this stuff up on your own

 

[Makinchips208]

Sweet! Thanks for the info and video links.

 

[Franko]

I think your confused, I'm not advocating my business or asking him to hire us.

I'm trying to educate people and point them in the right direction. The information is out there and easy to find and follow if someone wants to set this up on their own. For all the hardware I posted.....

The original poster doesn't have the skills to set up a network like you are suggesting. That's why I gave the advice I did.

Sure he can learn how to set up his network like you are suggesting, but does he want to invest the time and effort to do so? I have no idea.

 

[Makinchips208]

The original poster doesn't have the skills to set up a network like you are suggesting. That's why I gave the advice I did.

Sure he can learn how to set up his network like you are suggesting, but does he want to invest the time and effort to do so? I have no idea.

Seriously? I don’t have the skills? Now yer getting awfully close to hurting my last feeling…
Lol.

 

[Franko]

Seriously? I don’t have the skills? Now yer getting awfully close to hurting my last feeling…
Lol.

I'm sure you can learn how to but do you want to?

 

[Makinchips208]

No I don’t, I would rather make some chips.
I PM’d @padom and he was a tremendous help, as many in this thread have been!
It sounds like for our size, needs, and situation, we will be well covered with Bitdefender gravity zone enterprise EDR, to start off with anyways. Maybe adding more or stepping up to more components and a different system as we grow.

 

[XikoPlavi]

Im surprised no one has told him to buy a data center raised floor space. He can single handedly buy a 3 frame rack of HPE synergy gen11 blades with F32 100gb switches. Then he can buy some VMware licenses and prop up a VSAN infra that also does HCX migrations and SRM Failover into the VMC/AWS cloud. He can beef up his NSXT firewall by adding edge clustering and VPN along with normal distributed firewall rules.

Can you afford connect direct licensing?

Then he can use ToR extreme switches and enable 100gb LAGs and jumbo frames for the overlay VLAN that need to route.

He can then choose salt stack to help automate stuff. Maybe some SCCM to do auto patching.

Ohh shoot dont forget about adding a data domain and SBN network for backups.

Also buy some enterprise level SQL licenses!!

Word to the wise: DONT go hyperconverged VCF. Stay away from VMware VCF!

Can you afford a vCenter license??

I forgot your gonna need Active Directory and Infoblox also (breakout the checkbook)

Haha. I m just being a smart ass! This thread is epic!

 

[fpgt72]

Computer antivirus, block hackers, etc. not even sure what or how to ask this.

We have a couple computers with windows 10 pro, not going to 11 as long as we can, they are connected to inter-webs, all work related stuff and email.
We want to protect against computer virus. What’s the standard program or brand or method to protect against computer virus? Is this built into windows 10 already?

Also, is there a way to safeguard against hackers? Domestic or foreign.
Without unplugging everything that is.

First off I would really look to going to 11. End of life for 10 is in 2025, so there is time before they stop updates for it, but it is not at the top of their list. It is different, and if you are an old dog like me that has done this for decades it sucks not finding copy and paste, but eh, is what it is.

For a home machine, personally I think all the "commercial" anti virus programs are basically a virus themselves. Here at work we use a Motorola program, was kind of a no brainer, radios, recorders, car cams are all owned by Motorola so why not. For a home user it is really not applicable to go with enterprise level solutions.

My suggestion would be to just do the update if your hardware will support it, and that is a bit of a trick if it does not. You can run 11 on "unsupported" hardware, but again I would not suggest going down that route unless you have a little "geek" in you.

The microsoft stuff is as good as any, generally updated frequently, and is not a resource hog.

Then be smart, don't click on stuff you don't know about. If you did not ask for it don't open it. Just be smart.

my two bits.

 

[fpgt72]

Im surprised no one has told him to buy a data center raised floor space. He can single handedly buy a 3 frame rack of HPE synergy gen11 blades with F32 100gb switches. Then he can buy some VMware licenses and prop up a VSAN infra that also does HCX migrations and SRM Failover into the VMC/AWS cloud. He can beef up his NSXT firewall by adding edge clustering and VPN along with normal distributed firewall rules.

Can you afford connect direct licensing?

Then he can use ToR extreme switches and enable 100gb LAGs and jumbo frames for the overlay VLAN that need to route.

He can then choose salt stack to help automate stuff. Maybe some SCCM to do auto patching.

Ohh shoot dont forget about adding a data domain and SBN network for backups.

Also buy some enterprise level SQL licenses!!

Word to the wise: DONT go hyperconverged VCF. Stay away from VMware VCF!

Can you afford a vCenter license??

I forgot your gonna need Active Directory and Infoblox also (breakout the checkbook)

Haha. I m just being a smart ass! This thread is epic!

I found it funny as well, enterprise stuff in a home user thread.....ahh really?

 

[UKDslayer]

You are a two man shop without meaningful IT resources. Keep everything so simple a normal non-IT person can do it. Less gear in your environment is less stuff that has to be supported by those non-IT folk that have other jobs to do. If your business grows enough to justify more IT spend then you can move up to more sophisticated security.

And don't rely on one person. I had a great, young IT guy since I was, and still am, very IT illiterate. He got killed riding his bike early on a Sunday morning.

 

[padom]

I found it funny as well, enterprise stuff in a home user thread.....ahh really?

Lmfao. Home user thread? This is for a business. You obviously didn't read the thread...


Your contribution is what to this thread??? Or are you just thread shitting and need a vacation to get your mind right??? Let me know

 

[padom]

And don't rely on one person. I had a great, young IT guy since I was, and still am, very IT illiterate. He got killed riding his bike early on a Sunday morning.

Great advice. Learn it yourself or rely on a reliable company.

 

[Makinchips208]

Im surprised no one has told him to buy a data center raised floor space. He can single handedly buy a 3 frame rack of HPE synergy gen11 blades with F32 100gb switches. Then he can buy some VMware licenses and prop up a VSAN infra that also does HCX migrations and SRM Failover into the VMC/AWS cloud. He can beef up his NSXT firewall by adding edge clustering and VPN along with normal distributed firewall rules.

Can you afford connect direct licensing?

Then he can use ToR extreme switches and enable 100gb LAGs and jumbo frames for the overlay VLAN that need to route.

He can then choose salt stack to help automate stuff. Maybe some SCCM to do auto patching.

Ohh shoot dont forget about adding a data domain and SBN network for backups.

Also buy some enterprise level SQL licenses!!

Word to the wise: DONT go hyperconverged VCF. Stay away from VMware VCF!

Can you afford a vCenter license??

I forgot your gonna need Active Directory and Infoblox also (breakout the checkbook)

Haha. I m just being a smart ass! This thread is epic!

Ahhh…. The onion router. That’s what we need.

 

[kenny1773]

Computer antivirus, block hackers, etc. not even sure what or how to ask this.

We have a couple computers with windows 10 pro, not going to 11 as long as we can, they are connected to inter-webs, all work related stuff and email.
We want to protect against computer virus. What’s the standard program or brand or method to protect against computer virus? Is this built into windows 10 already?

Also, is there a way to safeguard against hackers? Domestic or foreign.
Without unplugging everything that is.

The OP can be taken a couple of different ways

I took it as, we are a 2 person business trying to stay safe on the cheap and easy, what should we do 'best practice' to prevent getting infected with a virus or malware. What are the commonly accepted things people do?

That is what I replied too any way

Others seem to have read, I want a full business solution I don't care about costs or level of effort.

I know small businesses that operate on something as simple as a Netgear Orbi for a router and then BitDefender running on their systems (and they use a better DNS than what their ISP provides and the other items I pointed out)

Then there are the small businesses looking to spend $$$ to get the best, and even hire an IT guy to do it

OP has to decide, there are a 1000 ways to skin a cat, all have pluses and minuses.

Tons of good info in this thread (between all the shit posts)

If you are protecting anyone's data that could possibly sue you, I would assume you have insurance for that.

Seems to be industry standard these days.to just buy a credit monitoring service for whatever customer had their data breached for 24 months

 

[Makinchips208]

Small business, not too far removed from personal use. However, we have many hundreds of thousands of dollars invested in machinery so far. Just hired 3rd full time person.

We will have to eventually go to 11, but not until the manufacturer of the machine and software gives me the green light.
Updated prematurely with United Grinding enough times to learn my lesson.

 

[LeftyJason]

Small business, not too far removed from personal use. However, we have many hundreds of thousands of dollars invested in machinery so far. Just hired 3rd full time person.

We will have to eventually go to 11, but not until the manufacturer of the machine and software gives me the green light.
Updated prematurely with United Grinding enough times to learn my lesson.

What machine? Running studer s41 under oil.

 

[Makinchips208]

That’s a large OD grinder right?
We had 4 Walter helitronic Power Production 5 axis tool grinders, and one had diamond erosion as well. That company got bought out in 2013, started going belly up, so in 2020 went to work for a scope manufacturer, did that for nearly 3 years.
At present, a few of us from the original company are starting from scratch, picking up many of the old lost customers from our days of tool making.
Our main machine is a Vollmer VGrind 360. Currently don’t have any United grinding products. They do have an impress nice lineup though.

 

[fpgt72]

Lmfao. Home user thread? This is for a business. You obviously didn't read the thread...


Your contribution is what to this thread??? Or are you just thread shitting and need a vacation to get your mind right??? Let me know

"Work stuff" and a couple computers? I would have figured if it was a business it would have been stated more clearly.

Computer antivirus, block hackers, etc. not even sure what or how to ask this.

We have a couple computers with windows 10 pro, not going to 11 as long as we can, they are connected to inter-webs, all work related stuff and email.
We want to protect against computer virus. What’s the standard program or brand or method to protect against computer virus? Is this built into windows 10 already?

Also, is there a way to safeguard against hackers? Domestic or foreign.
Without unplugging everything that is.

And Win10 still in a business, IMHO that is a bit short sighted. If there is anything "unique" they should have started testing a long time ago.

Sorry I inferred that "a couple computers with windows 10 pro" are not an enterprise setup.

And even if it is a business suggesting an enterprise solution will send the OP into sticker shock. Here, granted slightly larger it comes in at $150k per year.