@Fido,

Once your licenses expire, you should just use the builtin suite that MS provide, Defender and Firewall. It puzzles me why people, like yourself, choose to install a different suite when Windows comes pre-installed with an adequate suite. This is a bit like having a car with a suitable engine to get from point A to point B but deciding to use a different engine just because it "might" be better. What's the point???? Someone answer me that one!?! I can understand installing something if you were using a flavour of Linux but Windows (not sure about Mac OS...never used it as I can't really afford it), as already mentioned, has it's own in-built suite that does a pretty good job of protecting a PC.

Sorry about the rant but this is something that I do feel passionate about. There is not much good about Windows but at least they supply a FREE suite that does an adequate job. So why pay money unless there is a REAL need to protect something. Just implent a good backup plan and you shouldn't really need to spend any money beyond buying a large hard disk (> 2TB IMHO) and keeping important files off the internal storage. This is what I do and it's worked for a couple of decades now. If something happens to my device I just need to re-install the OS and apps and I haven't lost anything important. I do know that if something happens to the HDD then I might be gutted but the REALLY important files I do have cloud backup and a 2nd HDD (and several USB sticks) as a real fail-safe.

HTH,

In reply to a post by mking90031:

not sure about Mac OS...never used it

MacOS doesn't include a scanner or suchlike that you can run at will, but it does include built-in protections that are probably enough for most users.

Recent article from MacWorld here- https://www.macworld.com/article/670537/do-macs-need...

the biggest problem with Kaspersky was KSN, which could if it fell into the wrong hands turn into a bot.net. The whole thing about Kaspersky breaking usa state level viruses (which upset the usa) is the job its meant to do. Also an American security contractor was using a dodgy product serial generator for ms office and kaspersky found that. Of course thats its job but gov made out that kaspersky was going after security people.

But Eugine Kaspersky became more and more closer to the kermlin regime - especially after '22. So by nature Kaspersky software became a potential high grade risk.

As for microsofts AV, whilst is good and for most people thats fine, if you want better control, look else where.

The infection points for pcs, unknown storeage devices that are plugged in, downloaded files(programs, images, zips etc), infected emails and websites.

So for instance you don't really need realtime scanning on everything. Whilst ssds have reduces system sluggishness from scans its still present and you are wasting cpu cycles.


Voip is not a lan security risk but the security risk is in the encryption side. Say your calls have no encryption and somebody has snaffled your voip creditals.

What is considered to be the best alternative to Kaspersky Premium 10 Device, (even though we only use 4) ?

In reply to a post by Taras:

Voip is not a lan security risk but the security risk is in the encryption side. Say your calls have no encryption and somebody has snaffled your voip creditals.

The theory is that certain items have poor access security, eg. smart watches camera systems, printers, etc. and if these devices are located on the main Home LAN that these devices are security risks in the Home LAN.

To mitigate against the perceived risks an "Internet of Things LAN", (an IoT LAN), is created in order to separate the devices that are considered more risky to the Home LAN security can be separated onto their own Separate LAN.

Are you saying that there is no risk in having these devices on the Home LAN ?

Additional devices that I am concerned about are;

(1). The Hive Heating Control System.

(2). The Smart TVs.

(3). The BSkyB Sky Q Boxes.

(4). The Xbox/s.

(5). Smart Watches.

(6). Printer/Scanner.

(7). Security Cameras.

Could any of the above devices be potential security risks on the home LAN ?

Alternatively is there zero risk in just having one LAN ?

There's no such thing as Zero risk but if you are genuinly concerned about all that stuff then you want to enable client isolation on your WiFi and buy a switch which can do private VLANs - in other words that will ensure that everything on your "LAN" cannot talk to eachother. I would say however this is overkill and just not neccessary.

@Fido,

If you're that worried about security, then my advice would be to not have an internet connection at all. Airgap all your devices and, maybe, have just 1 device that has internet connectivity and all it has on it is a browser. No Office suite, no FTP software, etc. If someone needs to work on a document then they would need to transfer it to USB stick (or external hard disk) then work on it on an airgapped device. If you really need to have a network and worried about security then you could connect all your devices to a router but do not configure that router with access to the internet.

HTH,

In reply to a post by Pipexer:

There's no such thing as Zero risk but if you are genuinly concerned about all that stuff then you want to enable client isolation on your WiFi and buy a switch which can do private VLANs - in other words that will ensure that everything on your "LAN" cannot talk to eachother. I would say however this is overkill and just not neccessary.

Yes, I know how it can be done; in fact I pointed out earlier in the thread that I know how to do it via a managed switch and I can set up VLANs on the ports the router that I use, (ie. an Asus RT-AX88U Pro), and I have already set up a VLAN on one of its ports. - Since the whole house is already wired in CAT6A Ethernet I can easily put anything that could be suspect onto its own separate IOT VLAN so I know how. - I also already use Guest Networks to separate some of the devices on WIFI.

However, the queries are not about the "HOW" the queries are about the "WHY".

There is a lot of discussion on the internet about the vulnerability of certain devices, (with weak passwords), being on a Home LAN in which devices can then potentially communicate with each other and since my personal knowledge of internet security is not expert, (it is certainly a lot better than average and like you I can put forward a gut feeling but certainly not expert), I was hoping that someone who does fully understand internet security would be able to advise as to the best practice regarding these devices and why separate LANs would/could be recommended or would definitely not be necessary.

Is there anyone else seeing the irony here that is jumping out at me. The OP wants to go right into the depths to ensure that the domestic network is safe from bad actors while continuing to use as the main defence an anti-virus program which has generated a considerable amount of internet traffic in regard to its integrity and which has a number of governments and their security agencies advising against its use.

In reply to a post by GonePostal:

Is there anyone else seeing the irony here that is jumping out at me. The OP wants to go right into the depths to ensure that the domestic network is safe from bad actors while continuing to use as the main defence an anti-virus program which has generated a considerable amount of internet traffic in regard to its integrity and which has a number of governments and their security agencies advising against its use.

Actually I see the main defense as being the router setup and the Hardware Firewall in the Router followed by our taking care as to which websites are visited and what apps are used and from where. - Kaspersky is near to the last line of defense..

If someone has a good, reasonably priced, alternative to Kaspersky then I would like to know which one but I mostly accept the argument that Windows Defender provides already reasonable alternative for windows and for the IPAD and IPhones Antivirus is considered to be unnecessary. - I use a Google Pixel Pro but a free anti-virus would probably do for that..

However, this tread is not about Kaspersky.

This thread is mainly about the potential vulnerabilities or not of having certain types of devices, (with poor passwords), on the Home LAN.

In reply to a post by Fido:

Actually I see the main defense as being the router setup and the Hardware Firewall in the Router

This thinking is probably a decade out of date. The network edge isn't the security perimeter, your router is not doing anything for your security because it cannot see encrypted traffic. At best it is preventing outbound botnet C&C connections but even then probably not, and by the time you have clients talking out to C&C things have already gone badly wrong.