Since I've switched to MSE from Kaspersky, there is one thing I miss: the "block all network traffic" button.
Have you ever actually used that feature? And if so, what was happening that made you decide to turn your network off?
I've seen that (big) switch in ZoneAlarm ever since it was introduced, years ago, and I never understood what would have to happen, that I should switch the connection off
I've used a network kill switch a few times.
I'll zap my network link anytime something goes down that makes me suspicious. In the world of law enforcement, there's a phrase they use to cover those times when you're suddenly feeling very edgy about something, but for no specific reason you can put your finger on. The term is JDLR (Just Doesn't Look Right). It's pure gut. But it works more often than not.
Any time something just doesn't look right, I'll hit the kill switch.
Usually what will happen is something gets redirected and I suddenly see drive activity go through the roof; or my browser lands on what appears to be a static webpage and finishes loading, yet my network interface continues to show a high level of packet activity.
Most times, my network security systems catch any baddies. But there was one time a while back when I was reading something on a tech website, clicked on a link, and (very obviously) got redirected somewhere else. That's when something hit the PC I was using. And it hit so hard - and destabilized things so badly - that I ended up restoring the OS from an image.
Whatever tried to sleeze its way onto that poor little box walked through a heavy duty 3rd-party firewall and a top shelf antivirus/antimalware package like they didn't exist. And it completely ignored the fact this machine was fully up-to-date with it's security patches and system updates. It put oddball files all over the place and did a number on the Windows directory itself. And it did so in less than 15 seconds.
Subsequent scans on the drive (with every AV package known to mankind) found nothing
other than a half dozen "suspicious" items. I sent these to various AV developers for analysis. The conclusion most drew was that "something" tried to install itself on this PC, but got interrupted before it could finish.
It likely didn't finish because I unplugged the network cable in the wake of all the drive activity I was seeing. Drive activity that included polling the CD and floppy drive! Never
a good sign when that happens.
After that I stopped rolling my eyes at all those "hyped-up" news stories about killer zero-day exploits.
Nowadays, I always make sure there's some sort of kill switch on anything I've got connected to the internet. I haven't had cause to hard kill a network connection for some time now. But I'm glad I easily can if I want to.
Addendum: I think it's important to be able to kill all
activity on your network card. Because if something occurred that justified killing off an Internet connection, it also justifies isolating the affected machine from the rest of the network. At least until you get a chance to make sure everything is ok with the PC itself.
Just my EDIT: fixed some grammar and punctuation. Reads much better now.