Confused with AV's/ PW managers and VPN

So far I’ve tried Kaspersky/Bitdefender/Eset/Norton every 30 fully activated trials of these softwares and none could ever do a single thing to any virus at all while microsoft defender just after uninstalling these softwares found them almost instantly. My question is this; are these trials not really “premium” perhaps? Because what I’ve witnessed so far is impossible to explain otherwise, do I need a AV software?

The password manager makes no sense to me at all when there is in every browser an encrypted password generator and autofill option anyway, like even better google chrome has one which generates you a password you don’t even see on the screen and doesn’t ask for a master PW which you must remember anyway and if you’re hacked or keylogger installed you’ll lose all your accounts instead of one anyway, what am I missing here? What’s the point of a master password if I gotta type that and remember a very long and hackable one anyway?

Does VPN really do anything if you are not a criminal or a celebrity/politican? Who wants to look at my boring screen anyway or steal my worthless facebook account? Won’t a very crazy talented hacker find your IP address regardless of what you’re using?

I don’t know IT.

​

If you don’t know IT, and you tried multiple AV trials to find multiple viruses on your PC, how did you know your PC had viruses in the first place?
Password Managers are useful because often they’re portable and more secure than browsers.
VPN imho is more debatable, I’ve never seen much point in them.

However, it is always good to secure your PC with an AV app and firewall and to use complex passwords.
You may think that your Facebook account is worthless, but how would you feel if your Facebook account was used to post child porn?

In terms of password managers, there are a few benefits. For one, you are not locked down to just using that one browser. Basically your passwords are available across browsers and devices.

Also you are looking at password manager problem the wrong way around. Think of it this way: you need a secure way to store passwords and have them all unique. Your browser has no capability to do that at all, it can only store passwords that are easy to access with bare minimum exploits. That’s why you use a password manager. Now that you use a password manager, Chrome and Firefox have upped their game and made their password storage be less crap. Let’s ignore the fact that it’s still less secure than a password manager. Why would you then move everything over to the browser?

If you see it from the perspective that storing them in password managers pre-dates storing in browsers it makes sense why they still exist. Browsers also have to climb across the stigma that their password storage usage was heavily discouraged until extremely recently (within the last few years).

Moving on from there, password managers use zero knowledge encryption. So if someone gets access to your database they can’t do anything without the decryption key. That’s not the case with something like Google, Firefox or Edge. Your decryption key is on your device (not to mention the feature is optional and needs to be additionally enabled) so even without a keylogger, if your device is infected they get access to your passwords. This is not an issue with a password manager because first you can avoid using your master password on a known compromised system and secondly, most managers offer the option of using MFA which is not going to be trusted even if someone lifts your DB and master password off your system. With a browser so long as they can hijack your session all those protections are as good as gone.

VPN is useful for obfuscation to some extent and to be able to access regionally locked content, but that is about it. If someone wants to snoop on you they will snoop on you. Even if a VPN provider claims zero-log policy they will keep as many logs as the ISP does because often it’s required by law.

It’s prime use case is for when you want to use a public internet connection. Someone can setup a man-in-the-middle attack and basically intercept your traffic. A VPN connection on the other hand will encrypt your traffic on the device and obfuscate anything you do from them.

In terms of an anti-virus, Windows Defender is sufficient for basic home use so long as you follow best practices. Windows Defender is known to catch a lot less than the likes of Kaspersky or Sophos. Kaspersky is probably the best at this, so if it doesn’t find anything then it’s more likely that there is nothing there. Windows Defender is also useless without an active internet connection, but that is only a problem in limited scenarios.

The other commenters have a clear grasp of what you wanted, but, for me, storing passwords in any location where they can be automatically entered is some degree of a security risk you’ll balance against some level of convenience. There’s an argument to be had about where the weak point is when a password manager stores a 50-character string of characters so you can log into your bank account as opposed to a phrase with a few odd characters mixed in which you can just remember (and write in a notebook).

As far as antivirus, if you believe your computer is infected, then installing an antivirus may not do anything useful for you since sophisticated viruses will interfere with the installation process so as to protect themselves while leaving you to think you’ve cleaned your computer. The correct method is to install the antivirus on a known-clean computer, then move your hard drive from your normal computer into the second one while treating it as just a storage drive so you can scan it while the currently-active operating system isn’t considering the files on the drive it’s scanning as being protected OS files and while anything loaded into memory won’t be interfering with the scan.

Edit: VPN is just an anonymizing step you can take to protect your privacy in general. If you log into a service while using a VPN, then the purpose is defeated since they’ll know who you are at that time. The function of it is to refuse to tell anybody where you are by way of refusing to answer any queries which would like to discover your actual IP address. I.E., if you didn’t send a request for the data, then it doesn’t get to you and anybody who asks doesn’t get an answer. That said, there are some very real concerns about the potential of TPM to silently and perfectly identify you to anybody who sends an appropriate query from any service you’re currently accessing. TPM is a hardware level identifier which can easily be developed into a perfect fingerprinting tool to force your computer to tell web services exactly who you are no matter what steps you try to take to protect your privacy and there are a number of people in the world who are trying their very best to keep it from heading in that direction.

I bought the Kaspersky just to be safe anyway, as for password manager you’re saying that if they hack my let’s say Nordsafe account the passwords are encrypted anyway so it’s useless on another device?

The thing is I could write my e-mail and my master password on my wifes PC which I’ve never used the app before and could get in and just read whatever there was

I am not aware of anything called Nordsafe in the password manager space, perhaps you meant NordPass from the same company that provides NordVPN?

you’re saying that if they hack my let’s say Nordsafe account the passwords are encrypted anyway so it’s useless on another device?

No, that is not what I am saying, that’s like asking if I crash my car into a wall does that mean that the car remains undamaged? You are conflating end result with vulnerability.

In essence think of the password manager as a safe that contains all your passwords. I don’t need you if I can get to the safe right? The point I made is that if I went to NordPass and got through their security all I have access is the safe, I have no way to get into it. With something like Chrome on the other hand, unless you purposefully go into the settings and enable the optional encryption feature, if I get through Googles security I can just get the passwords right there.

The other problem is with compromising the device. Let’s say in both scenarios I got to your machine. With NordPass I must have a keylogger and that keylogger to collect your master password (more on this point later). If you stored your passwords and used encryption with Chrome I don’t even need you to be present at your computer to be able to just lift the passwords off your device (since the encryption key is stored on your device).

The thing is I could write my e-mail and my master password on my wifes PC which I’ve never used the app before and could get in and just read whatever there was

Finally NordPass and many other password managers offers MFA (also called 2FA, MFA just means it’s at least 2). With that I have an authenticator app on my phone. So even if my master password is somehow compromised you can’t just use it on a different device and get into the password, because you will need a 6 digit code that is generated on my phone every 60 seconds and you do not know what the code is generated without a key that was used to setup the generator.

Note that if you use your browser to login to the web version of the password manager and use “Remember Me” so you do not need to enter the 2FA code every time you login then there is a risk that someone can hijack your browser session to also bypass the 2FA.

There is also other approaches to securing password managers. For example some can be setup with a Yubikey. That means that unless your devices has a dedicated physical USB key pluged in, it will not be able to access the passwords. A similar slightly less secure method can be found on something like KeePass2, where you can generate a file, without which you cannot open the database. Make such a file, store it on a flash drive and now that database cannot be opened without it.

In other words there are many more layers of security when compared to a browser.