I think you're missing the cost/benefit calculation. Using any software makes you vulnerable to your software being compromised. But we take that risk because we get something out of using software. If you want to run Windows apps, you need Windows. AV software is different because they open up vulnerabilities, but don't give you any benefits. You can't run Excel without Windows; you can run it without AV software. So adding AV software requires some careful thought as to whether or not the cost/benefit is worth it. What the above comments are saying is that in a world where Windows Defender exists, installing third-party AV software is not worth it. The cost outweighs the benefit.

Defender doesn't get updated as fast as other AV that is why it is free and if you actually get a MS enterprise AV is a ton of money compared to other enterprise AVs. I have had Defender not find viruses other AV will caught as long as a week. Also defender also opens up vulnerabilities. I didn't miss the cost/benefit calculation. https://www.cvedetails.com/vulnerability-list/vendor_id-26/p...

It's pretty simple that they are looking to protect the user from the everyday threats (hint hint: Bare Minimum in the title). Also while I'm sure your superman with a "security degree" that looks down on all the mere mortals. You would stand no chance against an government agency with all the time in the world and a blank check.

That is the reason I run a pfsense router/firewall. You never worry they are going to stop supporting your device cause your device is x86 with FreeBSD base.

Actually, that is not strictly so [1]. Starting in 2.5, they are requiring AES-NI instructions. I am a bit irritated with that as I bought one of their "official" routers to support them (The one based on the PC Engine APU2) and I use it as a home router, so I really don't need that support.

[1]https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html

You can always swap to OPNSense.

I'm annoyed they discontinued support for x86-32. My Soekris could run with a VPN board and saturate its 100 mbit ports.

Good news there as well is that OPNSense supports x86-32 just fine though.

Said it below, but the APU2 does support AES-NI.

I wanted to make sure you saw this.

Thank you for that, I made a mistake. I was thinking of the APU1.

And how much money are you bleeding running that machine 24/7?

Not OP but I run a PC Engines APU2[1] as my pfsense box. It's 6-10 watts.

Updates are easy to manage, I use Pfblocker which is similar functionality to PiHole, and have cloudflares DNS (1.1.1.1) set up.

As for wireless I attach a Ubiquiti AP through a switch.

I've done this at a couple different sites for relatives and it's comforting to know there's some semblence of security and privacy for them.

[1] http://www.pcengines.ch/apu2.htm

I have one of those as well. As a word of caution, they are dropping support for that in 2.5 [1]. Starting in 2.5, they are requiring AES-NI instructions (like I said in my other post, I am a bit irritated they did that, especially when that is a requirement for something I do not need).

[1]https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html

The APU2 does have AES-NI so no need to worry.

Mine is active and working (I use it with OpenVPN right now).

You're right, my mistake, I had the APU1.

For 100 MBit/s firewall all you need is Raspberry PI. Most people’s WAN connection is probably less than that. And if you need gigabit then there’s still plenty of options, anything from ODROID-C to 10W Goldmont, the latter a little expensive but it can double as HTPC etc. Idk how any of those work with BSDs but they work fine on Linux.

Also the nic.cz people have a neat new product[1]. It’s really cool, but I think still too pricey.

[1] https://www.indiegogo.com/projects/turris-mox-modular-open-s...

RPi systems die too frequently unless you get the right kind of sd cards and power adapters.

Last I checked pfsense wasn't running on ARM. And there were worries that it wouldn't even be able to keep up unless you were very careful with your filters, although that might be less of a problem with the more recent hardware.

I suppose at gigabit the pi might have some issues. Unfortunately, I don’t have this problem. I doubt Goldmont would break any sweat though. If you don’t want to jump all the way to Intel there’s always this: http://espressobin.net/

the SG-1000 that pfsense sells is listed as ARM: https://www.netgate.com/solutions/pfsense/sg-1000.html

Not much. Have not noticed a real increase in my electric bill. However, it is a mini desktop and designed to be low power. Probably far less then my Plex Server easily.

There are options for much lower power hardware. I may do an experiment to see. Be kinda interesting but also hard to duplicate traffic effect and CPU loads.

However the reliable updates, advanced firewall, physical multi LAN, and durable VPN can't be understated for my use.

Shouldn't be too much. You can buy one [SG-1000] linked from pfsense that is only 2.5W (idle) draw.

Really? I though the least realistic thing on TV were the people given the perfect hair, make up and just genetic beauty.

Its pretty obvious that Microsoft made a deal with the studio and Broadcasting companies. Just like the popularity of auto bots to pick Chevys and the Decepticons some how fine de-badged fords or the fact that Marvel is full of Audi's. If you open your eyes you will find brand placement everywhere.

Now to the Surfaces, Currently I have switched over three departments to Surface Pros last year (2017). Each employee has a docking station hooked up to duel monitors, keyboard and mouse. So far I have been surprised how well they worked out, mostly that no one has dropped them. I have had few complaints. They run good, they can be used off site and are easily portable. I have also used in with the kick stand on my lap with no issue. Maybe we have different body types. Overall was not a big fan when they decided to do the first department upgrade but I would deploy them with no problem now.

I will say color makes a bigger impact on people that are not paying attention. I built a batch script to automate a lengthy process we had to do to a few dozen offline computers. I had field techs telling me it ran but didn't work. Found out that they were not reading the output of the command line. It would ask them to run it as Administrator. Quick fix, I made the box background go red and the text yellow when it hit this issue and never had a problem since.

I think kemitche was saying was they would have two groups. One would be "Test Alerts" and the other would be "Real Alerts" not that we needed to have a philosophical break down of alerts by severity. severity may have not been the best word but He did explain his definition in the next few words.

>Do you know how many oranges you need to make a glass of juice?

Nope but one orange has 12-17g of sugar and one cup of OJ has 21g. So maybe about two. I could easily eat that in one sitting.

Since you brought up Seattle, Washington. I think its crazy that there is a city tax on a substance that also receives a taxpayer-funded government subsidy. It like how much does the tax payer need to bleed itself to the government, all in the name of his\her health I'm sure.

Also I'm sure they will see less soda being bought inside the city, that is a win right? Except people are just shopping outside city limits. Kinda like dry counties were you just pick up your booze on the way home.

Well can't really. Actually my job.

Not sharing your information is a good step and when you do compartmentalize it. Different emails and phone numbers for different things. I have a few google numbers I give out besides my actual number. Lots of my information on online fourms is completely made up but documented. I use keepass to keep strong passwords and notes on accounts. If it doesn't need my real name, it doesn't get it. Limiting information on the web about you is good over all.

Shopping in store doesn't give you security unless you use cash. The Target Breach was all in store and they actually said that "There are no indications at this time that the breach affected customers who shopped at Target’s online stores." Home Depot was malicious software installed on the self-checkout lanes.

As for living life like its 1900, you can as long as your job is not in computers or using one. Grabbing cash from the bank, paying for cash in store. No online bill pay or banking, no hacker news. I have known a lot of guys that do it daily. Even have dumb phones that were super cheap.

I have had a Google Home Mini since they came out and use it daily. Controls lights, multiple outlets, the Chromecasts through out my house, I used it to add stuff daily to my calendar, add items to my grocery list and much more. So I think its pretty practical in an everyday setting.