Reading mode: Light Dark

No win11, will a third party antivirus be enough?

Go to last post
S

skyglider

Veteran Member
Messages
7,280
Solutions
21
Reaction score
2,010
Location
US
My desktop and laptop PCs do not qualify for Win11. When Win10 support ends, won't a third party antivirus be enough?

I was running with Win10 and Windows Defender on my desktop and laptop with both up to date. Then my laptop got infected with a keylogger. Windows defender did nothing to block the keylogger infection. Windows defender is worthless as far as I'm concerned.

Since I got infected with a keylogger using Win10 and Windows Defender on my laptop, I subscribed to the paid for version of Bit Defender Total Security. So I'm running that on my desktop, laptop and smart phone now.

When Win10's support ends, wouldn't a third party antivirus be enough? How are operating system updates different from a third party antivirus in preventing infections?
 
Skyglider, we ran Windows XP for a long time post-support using ESET anti-malware. Never had a problem. This was a long time ago, so take it with a grain of salt.

I feel sorry for all the people who don't have money to upgrade to a PC that runs W11. It isn't fair to them. Hopefully MSFT will offer, or will be forced to offer, some kind of workaround.
Scott_Eaton said:
... Short form: 99.99% of Malware / Ransomware attacks are caused by the monkey behind the keyboard. Zero Day exploits are typically executed by state actors vs Govt agencies. Not retired folks.
Click to expand...
Perhaps true, however I have seen no reliable statistics on this. Even some "state actors vs Govt agencies" (via SolarWinds in one case) started with phishing, if I am not mistaken.
Scott_Eaton said:
Bitdefender is my favorite freemium AV. It's biggest advantage is offering a layer of surfing protection from jacked Web Sites and other nonsense...

I also suggest doing most of your work a non Admin account. This practice has been around since XP days, and while it's less effective vs Ransomware because it only needs edit ACL rights to data shares to encrypt you at least have a fail back to your admin account if things go sideways.
Click to expand...
This is not really practical for W10/11 home users. Windows contains virtually no worthwhile applications except Edge browser. Normal people must install nearly everything, including word processors, spreadsheets, photo/video viewers and editors, and PDF viewers. This can't usually be done without Administrator privileges.

Maybe in a corporate environment where W10/11 Enterprise allows IT to install all the useful applications that employees need, it could work. I've never seen it myself however.
Scott_Eaton said:
Last tip is to use MFA that requires multiple devices.
Click to expand...
Yeah, many applications do this now, 2nd factor being location or MAC address, 3rd cellphone.
 
Last edited:
CAcreeks said:
Skyglider, we ran Windows XP for a long time post-support using ESET anti-malware. Never had a problem. This was a long time ago, so take it with a grain of salt.

I feel sorry for all the people who don't have money to upgrade to a PC that runs W11. It isn't fair to them. Hopefully MSFT will offer, or will be forced to offer, some kind of workaround.
Click to expand...
this is more than a Money issue.

many of us may have 4 or more Windows 10 PC's in the house that will not upgrade to Win 11.

we WANT to upgrade them, but to what?

since these machines are Not Secure, then should we keep using them? many don't want Linux, yet another OS to learn; although a good solution.

no this is an E waste problem. any Windows 10 pc will run Windows 11; there isn't anything special about it.

CAcreeks said:
Scott_Eaton said:
... Short form: 99.99% of Malware / Ransomware attacks are caused by the monkey behind the keyboard. Zero Day exploits are typically executed by state actors vs Govt agencies. Not retired folks.
Click to expand...
Perhaps true, however I have seen no reliable statistics on this. Even some "state actors vs Govt agencies" (via SolarWinds in one case) started with phishing, if I am not mistaken.
CAcreeks said:
Bitdefender is my favorite freemium AV. It's biggest advantage is offering a layer of surfing protection from jacked Web Sites and other nonsense...

I also suggest doing most of your work a non Admin account. This practice has been around since XP days, and while it's less effective vs Ransomware because it only needs edit ACL rights to data shares to encrypt you at least have a fail back to your admin account if things go sideways.
Click to expand...
This is not really practical for W10/11 home users. Windows contains virtually no worthwhile applications except Edge browser.
Click to expand...
i really don't care much what OS number is on there. my OS is to run programs not to run me.

what do we desperately need in Win 11 anyway? guess not much.

CAcreeks said:
Normal people must install nearly everything, including word processors, spreadsheets, photo/video viewers and editors, and PDF viewers. This can't usually be done without Administrator privileges.

Maybe in a corporate environment where W10/11 Enterprise allows IT to install all the useful applications that employees need, it could work. I've never seen it myself however.
CAcreeks said:
Last tip is to use MFA that requires multiple devices.
Click to expand...
Yeah, many applications do this now, 2nd factor being location or MAC address, 3rd cellphone.
Click to expand...
 
I run my windows systems with an administrator account and my general use account. I have done this for years and recommend it to others. In general I install a product, e.g. Capture One using my normal account. Most will require admin rights to install and you will recieve a prompt to enter the admin code or password to install the product. There are products that start the installation after the admin rights have been granted but then fail as they seem to create another process that does not inherit the admin rights. If this is the case run the install under the admin account and the application will normally be available to all other users.
 
There are websites that claim to have ways to upgrade an unsupported PC from 10 to 11.

I have not tried any of them, and don't plan to, but many of our members are justly concerned about this. I strongly advise anyone contemplating doing any of these methods to make full backups of their drives before trying any of them.

For myself, I'd wait until much closer to Windows 10 EOL before doing anything even slightly risky; who knows what might happen to delay W10 end of support? The pressures on Microsoft to do something are IMO likely to grow as the deadline approaches.
 
This logic sort of implies the we should all be running MSDOS. As the generations of hardware evolve so the operating systems and applications evolve.Supporting multiple generations of hardware is expensive and complicated. There has to be a cutoff to make things practical. Things such as no 16 bit support, no 32 bit support. With one chipset exception TPM has been in all intel processors and chipsets since lga1151 which appeared in 2015. People with machines that have the TPM integrated but turned off without the option to turn it on should really be talking to the system builder not complaining about Microsoft.

If you bought a computer 6 or 7 or 8 years ago with a TPM enabled or that can be enables it will probably take you through to EOL of windows 11 and possibly into Windows 12. If you bought a machine say 3 years ago with TPM permanently disabled or no TPM, that's tough but its not Microsoft's fault.

People seem also to be ignoring the applications that run on Windows. Security bugs are continuously being found in applications. Developers will not in general continue to support applications running on obsolete operating systems. On Mac, some applications are only supported on the current, -1 and -2 versions of the Macos. The same sort of thing applies to some Windows applications, the current feature upgrade plus one or two older ones. The feature upgrades have names like 22H2.

Running and/or owning anything has a cost. Maintenance and support for software is expensive. This is why we are seing the move to subscription applications, e.g.Adobe. This also tends to limit the versions of OS that you can run them on.

Linux does not really help. Your subscription application, if it runs on Linux may well require a specific version of an enterprise version of linux. This may have specific hardware requirements and a maintenance contract.

In the end you are going to have to perhaps rationalise and either pay up or give up
 
OK, with more research, I've found that there's a way to make some non eligible PCs, "FULLY" Win11 compatible:

My i7-6700 CPU is NOT on the list of CPUs supported by Win11.
... Here's a link to: Windows 11 supported Intel processors

... Here's a link to: How to check if your PC has TPM for a Windows 11 upgrade

... Here's a youtube link: Installing a TPM 2.0 Module So I Can Install Windows 11

HOWEVER:
Via the youtube video linked to above, I discovered that it's possible to plug a TPM 2.0 module onto motherboards that have a TPM header, that will then make the PC Win11 compatible.

MAKING MY CURRENT DESKTOP PC WIN11 COMPATIBLE:
I found that my MSI z270-A Pro motherboard does have a 14-1 JTPM header on it. So I can make the motherboard Win11 compatible by installing the proper TMP 2.0 module on the mobo. TPM modules cost about $17 - $21. The module for my mobo costs $19.75 on Amazon with free shipping. I'm trying to verify that this specific module will indeed work on my z270-A mobo.

SUMMARY:
Again, I do not believe that getting Win11 to install on a PC that does not have TPM is a fully secure way to run with Win11 on the PC.

So for folks that have PCs that test as not eligible for Win11 because of no TPM hardware, there may be a way to install a TPM module on your motherboard to make it "fully" compatible with Win11. It will require a bit of digging on your part to find out. Hopefully the three links I provided above will give you a start.

Happy Holidays,
Sky
 
Last edited:
CAcreeks said:
CAcreeks said:
I also suggest doing most of your work a non Admin account. This practice has been around since XP days, and while it's less effective vs Ransomware because it only needs edit ACL rights to data shares to encrypt you at least have a fail back to your admin account if things go sideways.
Click to expand...
This is not really practical for W10/11 home users. Windows contains virtually no worthwhile applications except Edge browser. Normal people must install nearly everything, including word processors, spreadsheets, photo/video viewers and editors, and PDF viewers. This can't usually be done without Administrator privileges.

Maybe in a corporate environment where W10/11 Enterprise allows IT to install all the useful applications that employees need, it could work. I've never seen it myself however.
Click to expand...
CAcreels,

I work with non admin privileges on all of my home PCs. When you want to install a program, than Windows will ask you in that moment for a privileged account to perform the installation. It is that easy like this…

The benefit of working with non privileged accounts is obvious: An attack can only impact the system within your user context and not within an overall system context. You should be very scarred, if you are asked by the system to enter a privileged account‘s credential without you haven‘t initiated this (e.g. when installing a new software).
CAcreeks said:
CAcreeks said:
Last tip is to use MFA that requires multiple devices.
Click to expand...
Yeah, many applications do this now, 2nd factor being location or MAC address, 3rd cellphone.
Click to expand...
MFA is just asking for a 2nd factor on a device of your choice. This can be your cellphone using SMS or a Authenticator App from Microsoft or Google. MFA has nothing to do with MAC addresses.
 
skyglider said:
OK, with more research, I've found that there's a way to make some non eligible PCs, "FULLY" Win11 compatible:

My i7-6700 CPU is NOT on the list of CPUs supported by Win11.
... Here's a link to: Windows 11 supported Intel processors

... Here's a link to: How to check if your PC has TPM for a Windows 11 upgrade

... Here's a youtube link: Installing a TPM 2.0 Module So I Can Install Windows 11

HOWEVER:
Via the youtube video linked to above, I discovered that it's possible to plug a TPM 2.0 module onto motherboards that have a TPM header, that will then make the PC Win11 compatible.

MAKING MY CURRENT DESKTOP PC WIN11 COMPATIBLE:
I found that my MSI z270-A Pro motherboard does have a 14-1 JTPM header on it. So I can make the motherboard Win11 compatible by installing the proper TMP 2.0 module on the mobo. TPM modules cost about $17 - $21. The module for my mobo costs $19.75 on Amazon with free shipping. I'm trying to verify that this specific module will indeed work on my z270-A mobo.

SUMMARY:
Again, I do not believe that getting Win11 to install on a PC that does not have TPM is a fully secure way to run with Win11 on the PC.

So for folks that have PCs that test as not eligible for Win11 because of no TPM hardware, there may be a way to install a TPM module on your motherboard to make it "fully" compatible with Win11. It will require a bit of digging on your part to find out. Hopefully the three links I provided above will give you a start.

Happy Holidays,
Sky
Click to expand...
No, adding a TPM will not make your PC Win11 compatible. As you pointed out the 6th gen CPU you have is not on the compatible list. You have to meet both criteria to install Win11. Only intel 8th gen (some 7th) cpus can install Windows 11. These newer CPUs can enable HVCI security features to protect the OS kernel, and Win11 tries to enable that by default.
 
Awkward_Swine said:
No, adding a TPM will not make your PC Win11 compatible. As you pointed out the 6th gen CPU you have is not on the compatible list. You have to meet both criteria to install Win11. Only intel 8th gen (some 7th) cpus can install Windows 11. These newer CPUs can enable HVCI security features to protect the OS kernel, and Win11 tries to enable that by default.
Click to expand...
Hi Akward Swine,

I believe that you are correct. I did more research and came to the conclusion that you point out. I originally thought that the 6th gen CPU did not qualify because it does not come with TPM built-in. But it appears that there's more to it than that. I came back here to post that 6th gen CPUs do not qualify even if a TPM module is installed on the motherboard and I saw your post.

So I'll just buy a new desktop PC with Win11, when Win10 support ends. Meanwhile, I think I'll try installing Linux Ubuntu on a spare drive and see if it will work for me. If it does, then I'll probably convert my laptop to Linux Ubuntu as I normally only use it for internet stuff, and Libre swriter and scalc. Just buying a new desktop PC without also buying a new laptop will be more palatable.

Thanks!
 
Last edited:
I've got a laptop with a non supported CPU and it's been running Windows 11 for a couple years. Don't know if Microsoft will ever break that, but it's been working fine.

I also have an old laptop Dell Inspiron with a 2430M processor, no TPM and 6GB RAM. Normally runs Windows 10. I installed Windows 11 on it without any issues. All hardware properly supported. After boot up 1.4GB RAM is in use, and it's more responsive than with Windows 10.
 
Robert Zanatta said:
I've got a laptop with a non supported CPU and it's been running Windows 11 for a couple years. Don't know if Microsoft will ever break that, but it's been working fine.

I also have an old laptop Dell Inspiron with a 2430M processor, no TPM and 6GB RAM. Normally runs Windows 10. I installed Windows 11 on it without any issues. All hardware properly supported. After boot up 1.4GB RAM is in use, and it's more responsive than with Windows 10.
Click to expand...
Hi Robert,

Although it's possible to get Win11 to run on a non supported CPU and/or without hardware TPM, my feeling is that the computer will not be "fully" protected by Win11.

So I'll just buy (or build) a new Win11 desktop PC to replace my current Win10 one just before the Win10 end of support date. Probably a bit sooner as there may be a surge of PC buying just prior to Win10's end of support.

Thanks.
 
Last edited:
skyglider said:
Robert Zanatta said:
I've got a laptop with a non supported CPU and it's been running Windows 11 for a couple years. Don't know if Microsoft will ever break that, but it's been working fine.

I also have an old laptop Dell Inspiron with a 2430M processor, no TPM and 6GB RAM. Normally runs Windows 10. I installed Windows 11 on it without any issues. All hardware properly supported. After boot up 1.4GB RAM is in use, and it's more responsive than with Windows 10.
Click to expand...
Hi Robert,

Although it's possible to get Win11 to run on a non supported CPU and/or without hardware TPM, my feeling is that the computer will not be "fully" protected by Win11.

So I'll just buy (or build) a new Win11 desktop PC to replace my current one just before the Win10 end of support date. Probably a bit sooner as there may be a surge of PC buying just prior to Win10's end of support.

Thanks.
Click to expand...
or you could go here to get the new coupons every week and get a Great dell refurb for pennies.

just got mine last week and it will go to Eleven.

the problem is the 200,000,000 that will not go to Eleven. still looking for a Fool proooof simple solution for the old ones.

sure a lot of Linux boxes to be created.

but does it matter for non secure work on my network to get infected?

i could just scrub the C drive and keep going.

maybe we need a thread for these 2000000000000000000 bazzilion machines out there.

hey MS or whoever out there !!!!!

oh, yeah go here and grab a coupon for starts....

 
Michael Gebauer said:
I work with non admin privileges on all of my home PCs. When you want to install a program, than Windows will ask you in that moment for a privileged account to perform the installation. It is that easy like this…
Click to expand...
I'm glad it works for you. Macrium Reflect backup requires elevated privilege for saving system files, so non-admin wouldn't work for my wife. I use several corporate applications that require elevated privilege for template operations in restricted areas of the filesystem. They could be better designed, no doubt.
Michael Gebauer said:
The benefit of working with non privileged accounts is obvious: An attack can only impact the system within your user context and not within an overall system context. You should be very scarred, if you are asked by the system to enter a privileged account‘s credential without you haven‘t initiated this (e.g. when installing a new software).
Click to expand...
I agree. Macrium is over-complicated. My wife likes FreeFileSync a lot better. It can be set to synchronize only user data. Maybe in the future she'll be able to use a non-admin account. She will not install Macrium on her next PC.
Michael Gebauer said:
MFA is just asking for a 2nd factor on a device of your choice. This can be your cellphone using SMS or a Authenticator App from Microsoft or Google. MFA has nothing to do with MAC addresses.
Click to expand...
Google reads the system's MAC address from the browser, and sends a security warning if that address hasn't been seen before. Whether this qualifies as MFA is debatable. I say yes.
 
Last edited:
skyglider said:
Awkward_Swine said:
No, adding a TPM will not make your PC Win11 compatible. As you pointed out the 6th gen CPU you have is not on the compatible list. You have to meet both criteria to install Win11. Only intel 8th gen (some 7th) cpus can install Windows 11. These newer CPUs can enable HVCI security features to protect the OS kernel, and Win11 tries to enable that by default.
Click to expand...
Hi Akward Swine,

I believe that you are correct. I did more research and came to the conclusion that you point out. I originally thought that the 6th gen CPU did not qualify because it does not come with TPM built-in. But it appears that there's more to it than that. I came back here to post that 6th gen CPUs do not qualify even if a TPM module is installed on the motherboard and I saw your post.

So I'll just buy a new desktop PC with Win11, when Win10 support ends. Meanwhile, I think I'll try installing Linux Ubuntu on a spare drive and see if it will work for me. If it does, then I'll probably convert my laptop to Linux Ubuntu as I normally only use it for internet stuff, and Libre swriter and scalc. Just buying a new desktop PC without also buying a new laptop will be more palatable.

Thanks!
Click to expand...
In another two years, when 10 expires from regular support, that PC is going to be really, really old. I'll be surprised if you have not gotten rid of it or replaced by that point anyway. The power supply, storage, or fans might pack it in by then for all we know.
 
bridge77 said:
or you could go here to get the new coupons every week and get a Great dell refurb for pennies.

just got mine last week and it will go to Eleven.
Click to expand...
I assume you're referring to an 11th generation Intel CPU. When I buy a new PC, it will have the latest version of Intel CPU. I believe the latest version right now is 14th gen. By Win10's end of support date of Oct 14. 2025, the gen level will be even higher.
bridge77 said:
the problem is the 200,000,000 that will not go to Eleven. still looking for a Fool proooof simple solution for the old ones.

sure a lot of Linux boxes to be created.

but does it matter for non secure work on my network to get infected?
Click to expand...
From what I've read, Linux Ubuntu is more secure than Windows 11.

Thanks.
 
Awkward_Swine said:
In another two years, when 10 expires from regular support, that PC is going to be really, really old. I'll be surprised if you have not gotten rid of it or replaced by that point anyway. The power supply, storage, or fans might pack it in by then for all we know.
Click to expand...
Whether or not a given component be or not be worn out surely has absolutely nothing to do with the age of its design but rather on how much it has been used.

Even the newest of my PCs has only a generation 6 processor. My main machine has been working day in day out for several hours per day for several years. Fairly intensive work - graphics mainly. So far no sign of any problems with the power supply, storage or fans. The only problem looming is Microsoft and its damned Windows 11.
 
David Lal said:
Even the newest of my PCs has only a generation 6 processor. My main machine has been working day in day out for several hours per day for several years. Fairly intensive work - graphics mainly. So far no sign of any problems with the power supply, storage or fans. The only problem looming is Microsoft and its damned Windows 11.
Click to expand...
I don't understand the seeming urgency I've seen in this thread; Windows 10 will reach end of support on October 14, 2025. Plenty can happen before then. I'd relax for a year or so and await developments.
 
David Lal said:
Awkward_Swine said:
In another two years, when 10 expires from regular support, that PC is going to be really, really old. I'll be surprised if you have not gotten rid of it or replaced by that point anyway. The power supply, storage, or fans might pack it in by then for all we know.
Click to expand...
Whether or not a given component be or not be worn out surely has absolutely nothing to do with the age of its design but rather on how much it has been used.

Even the newest of my PCs has only a generation 6 processor. My main machine has been working day in day out for several hours per day for several years. Fairly intensive work - graphics mainly. So far no sign of any problems with the power supply, storage or fans. The only problem looming is Microsoft and its damned Windows 11.
Click to expand...
What's the problem? Microsoft has recently notified the extended, paid, access to Win10 security updates will be available to consumers as well as Enterprise customers. You can happily keep using Win10 for years past the free support period. Enterprise users have done this for decades to preserve their investment in legacy hardware, long after the support window. Now you have the option too!
 
Last edited:
Austinian said:
David Lal said:
Even the newest of my PCs has only a generation 6 processor. My main machine has been working day in day out for several hours per day for several years. Fairly intensive work - graphics mainly. So far no sign of any problems with the power supply, storage or fans. The only problem looming is Microsoft and its damned Windows 11.
Click to expand...
I don't understand the seeming urgency I've seen in this thread; Windows 10 will reach end of support on October 14, 2025. Plenty can happen before then. I'd relax for a year or so and await developments.
Click to expand...
As I said in my original post:

"I was running with Win10 and Windows Defender on my desktop and laptop with both up to date. Then my laptop got infected with a keylogger. Windows defender did nothing to block the keylogger infection. Windows defender is worthless as far as I'm concerned."

This is why I started this thread. To try to learn how OS security updates protect, where third party antivirus cannot. When one gets infected, outlook on security changes a lot!

As far as the "operator" (me) being the cause of getting infected with a keylogger, I just participate in about 5 mainstream forums, watch youtube videos and do normal Googling like everyone else does. Nothing dark.

Anyway, I've learned that my current 6th gen Intel PC can never be "fully" compatible with Win11. I'll have a long time to get up to speed with Linux to decide if I want it on my laptop or not. No need to buy a new PC "now" or to switch to Linux "now". But having a lot of time to learn and experiment with Linux will be interesting for me. It won't be a daily learning process but a "when I have excess time and feel like it" process.

Again, Linux would be for my laptop, as I've decided to buy a new desktop PC with Win11 prior to Win10's end of support in Oct 2025.

Thanks,
Sky
 
Last edited:
You must log in or register to reply here.

Similar threads

DMKAlex
  • Question Question
Is Windows 11 Defender Firewall good enough?
Replies
10
Views
36K
skyglider
S
S
  • Question Question
What are the cons in subscribing to a Microsoft account?
Replies
12
Views
2K
Eric Carlson
Eric Carlson
N
  • Question Question
Trouble installing Canon all-in-one
2
Replies
33
Views
2K
bodeswell
B
JimKasson
Switching from PC to Apple for big file processing
2 3 4
Replies
66
Views
38K
paulraphael
P
R
  • User review User review
From Synology to UGREEN: My Journey to a Smarter, Faster NAS with OMV7
Replies
3
Views
17K
New Wrycuda
N

Keyboard shortcuts

f
Forum
m
My threads
Mobile site
About
Editorial content
Cameras & Lenses
Community
All content, design, and layout are Copyright © 1998–2025 Digital Photography Review All Rights Reserved.
Reproduction in whole or part in any form or medium without specific written permission is prohibited.
When you use DPReview links to buy products, the site may earn a commission.
©GPS Media - Guides, Products, Services.
Back
Top