For those more security-informed than I am - hypothetically, if your antivirus (AVG plus malwarebytes scans) were coming up consistently clean but you were starting to see little oddities in website behavior and computer behavior, what specifically would you do to either heighten security, or take other precautions, or decide you probably had a vulnerability no matter what your software was telling you?

Like, my computer came installed with things like Killer Network that I've never bothered to uninstall so that does launch on its own in the background, but now and then I'm not entirely sure that's the only thing launching.

I'd analyze what I was seeing before taking any measures which'd have a greater chance of lowering my computer's security than of actually fixing the problem.

So: Can you specify the "little oddities in website behavior"? When you see them on a website and reload that site, are they still there? What if you view the same page in a different browser? Which specific browser(s) are we talking about? If the issue is reproduceable, and Firefox is one of them, can you click the "Restart with Add-ons Disabled..." button in the Help menu (also available under "Try Safe Mode" in the top right of the about:support page), and see if it's also reproduceable then?

Thanks for the response! I primarily surf in chrome but have to use explorer/edge for a few work things, and firefox for a few others.

I have javascript turned on in chrome, partly because a number of websites I do use require it, and unlike pop-ups there doesn't seem to be an option to set it to active acceptance per instance/site. But perhaps I should bifurcate my surfing a bit more.

In the past ten days or so, I've had two instances where I was on a safe site, and then suddenly that page reloaded to something else altogether. I didn't screen shot, unfortunately, since I closed everything else out altogether, but one was a page that had a pretend pop-up box on it saying something like "You have a security emergency - click here to resolve!"

The other page looked more innocuous in its design, but definitely wasn't the page I was on. I closed the page out and rebooted.

Coincidence or not I've had the Malwarebytes premium trial running for the past few weeks, and yesterday it gave me a warning that a page I've used for years was trying to link to another site I didn't recognize, but I'm not sure if it was flagging against an embedded ad link, or a full page redirect.

I'd been having similar redirect issues with edge a few months back, but discovered it was tied to their default home page being vulnerable, and since I eliminated that setting, that one's been fine. I haven't had any issues with firefox, but it's probably 2% of my surfing, so I don't know that it's any more or less secure.

I don't use Windows 10 nor Edge, but I will give this a go.

To see what is loading at start-up in Windows - click on the Start button and type into the Search "msconfig" which should find msconfig.exe. Clicking on it will bring up the System Configuration window with multiple tabs. Startup is the 4th tab, which should show you what is loading at startup. From there you might get a better idea of what is occuring at start-up.

The pop-ups you refer to sound more to me like they are being triggered by the websites themselves, not necessarily your own system, but I am not a web expert. I do run CCleaner - a free program which cleans and clears browser cookies and crumbs (history and tracers) which can trigger certain website adware. It also helps to make sure of clean uninstalls (tracking down some of the fragments or remnant files which can be left on your system when using standard or Windows uninstalls.
CCleaner/

This sounds like it's just fishy ads doing annoying JavaScript things. If your browser happens to have a known vulnerability when you visit a site on which such ads get loaded, they might infect your computer with something more serious, but since your scanners don't see anything, and Chrome is pretty good with auto-updating and not letting any vulnerabilities linger (same as Firefox), these were probably just annoying incidents, and not a sign of a systematic issue with the rest of your computer.

There are various extensions that allow you to block loading JavaScript on a per site basis, available for both Firefox and Chrome (and for other browsers as well, partly). NoScript is the big one for Firefox. I don't know what the preferred one for Chrome is. But actually, it sounds like setting it up would be more of a hassle than you're really looking for, so I think I'd recommend installing the Ghostery browser extension for each of your browsers. That'll show you - and block - trackers on all websites, which neatly overlaps with (malicious) ads, and thus give you 95% of the protection without the hassle of manually allowing the JavaScript that you do want to run. The problem with products like that is that they need to be "seen" to do something, otherwise you won't pay for them, and so they throw up scary warnings when there's actually nothing to worry (overly much) about. I don't know Malwarebytes in particular, so I don't know how much that effect is at play here, but on the face of it this wouldn't worry me too much.

None of my analysis here is a certainty - it's playing the odds, and making judgment calls - but my recommendation for now is to install ghostery, enjoy the reduction in advertising, and see if that makes this behaviour disappear.

Note on ghostery, btw: It's definitely not perfect, and also seems to have a premium future ahead. So uncheck the checkbox to share your data, and go through the custom setup, where you can select what types of scripts it should block by default.
Still: From the products in this space that I know about, it's easily the most userfriendly and low-hassle one.

I recommend:

1) Disable automatic updates.
2) Disable auto-play or it's equiv.
3) Use Noscript or turn of scripting altogether on your browsers; If you have Noscript mark Google, Facebook, Twitter and other social media as untrusted (who are always collecting data on you).
4) Have an ad-blocker (having ads that use say flash with known security holes is an issue)
5) Clear cookies/cached/offline files (old files might still be referenced for API stuff)

Definitely use NoScript and I would recommend uBlock Origin instead of Ghostery.

Other suggestions would be to set your browsers to delete the cookies (and cache maybe) on exit and use CCleaner regularly or whenever you think that you visited a potentially unsafe site. Careful what checkboxes you select in CCleaner, if you want to keep sessions, saved passwords, sites preferances, etc.

Whenever you want to login into bank and email accounts, online shops or other sites important to you, it's probably better to do it on a freshly opened browser. Using multiple browsers for different purposes/sites is also useful. For example, I use Pale Moon as my main browser and Opera, Firefox, Firefox ESR for different situations.

If AVG is freeware then I would buy a decent anti-virus for starters.

Thanks all - appreciate the suggestions!

Have a solution in mind from these posts, but will hold off on marking to see if anything else rolls in.

I have to agree with Tauto about AVG but for different reasons.

I work for a webhosting company that caters to soccer moms and we used to suggest AVG to them. Until someone noticed that we all had gone a few months with the automatic updated failing without any notice from the software. When AVG finally responded about the problem, they put it down to "user error". It's one of the reasons why you'll see a "===>>>MANUALLY<<<=== update" anytime we talk about antivirus software around here.

They're also one of the companies that have in their policies that they're free to sell and and all user data to whomever they want. Just to second on that, that's often a sign that whatever website you're viewing is feeding bad adverts. +1 for at least an advert blocker.

Take a look at the Real-World Protection Tests at av-comparatives.net. Looking through the past several monthly tests will give you a pretty good idea of how the various products compare to each other.

As Stefan Molyneux says, data leaking is like toothpaste: once it's out of that squeeze tube, it's out, and you aren't getting it back it.

Or, we can take a gun safety tip from the NRA: Don't point a gun at anything you aren't willing to loose, even if you took the clip out: there might still be a bullet in the chamber (thanks to everyone being so gun-shy, someone near me recently lost their life for this very reason since gun safety is no longer taught in public schools).

There is such a thing as paranoia. However, given how AVs work, it's like going outside with a raincoat on and an umbrella. If you walk near puddles, your pants are going to get splashed. If you stay far away from roadside puddles, you probably would've been fine with the umbrella. Going to websites with illegal goods is like jumping into a puddle. There's only a slim chance you'll stay dry.

As far as I know I don't visit any sites that are illegal, but playing old computer games you end up occasionally frequenting pages that aren't maintained.

The one time I know I had a virus it was from an Everquest tips page. ><

Those are the sidewalks near puddles. So is Yahoo, MLB, etc. MLB is known to have dangerous ads, too. Heard someone got ransomware from Yahoo news.