Each type AntiMalware tool is briefly
described below. In
general, you should only pick one of
each "type" running in "scan" mode at a given time.
If you try to run more than one of the same type of
AntiMalware
program at the same time they could interact poorly. However.
you
may run
more than one AntiMalware if you do it
sequentially. Run program "A" to scan your drive, after it
finishes, run program "B" and so on. There is some benefit to
this
approach since each program has different strengths and different
sources of information on currently active malware.
Hard Drive Image or Backup
You should make periodic, be they daily, weekly or
monthly backups of your PC. Windows and applications may be done less
frequently than your data files. A clean backup of Windows and your
applications may be necessary as a last resort in a serious malware
attack, where you have to start over from scratch. Your data files are
the reason why you have a computer so you should back them up
frequently, more frequently depending on how often and how much they
change and their importance to you. As well as malware
“attacks” your data is at risk of simple hardware
failures that make the data unavailable, oops! By having your data
backed up to a different location/device you minimize the amount of
data you lose.
Router
A router is a small computer you place
“inline” along the wire connecting your computer
and the internet. You connect the wire from your internet provider, the
cable or phone company, to the router and the router provides
internet
connections to (typically) up to four other computers by wired
connections and others
wirelessly. The router is your first line of defence against hackers.
If it is setup properly, the router will not allow attacker to connect
to your computers “inside” the router because
hacker sees
the router as the only computer connected to the internet.
Firewall
The
firewall is a piece of software or dedicated hardware that that
controls inbound and outbound access
“ports” on your computer. As surprising as it may
be, your computer has over 65,000 virtual “ports”.
Fortunately very few of them are ever in use. The firewall can be setup
to control which ports and applications are allowed access into and out
of your computer.
SP2
and Windows Vista come with "software" firewalls that provide the
minimum protection required. The Vista firewall defaults to a weak
monitor incoming only, "user friendly" configuration. The assumption
Windows is making is that your PC is always clean and secure and that
it will not be making illicit outbound connections. However, you will
be surprised at the amount of "hidden" outbound communication from your
PC. Many programs / applications "phone home" without telling you.
Windows applications are at the top of that list. By monitoring out
going traffic you get to decide if you want to tell these vendors what
you are doing. The Windows Vista firewall can be tweaked to provide
more secure two way protection. The Links page has links to
pages that tell you how to do this.
A
stronger alternative to the builtin firewalls is using one of the
stand-alone freeware or purchased software firewalls. The better ones
default to 2 way protection and give you the option of allowing / deny
one-time or always the connection.
Windows Update
The
first Tuesday of every month, and in an
“emergency” in between, Microsoft provides
“patches” to fix known problems. As a
home user, you do not have a computer expert to test them for you so
you have to simply install them and hope that they do not cause a
problem. Normally, for most home users the patches do NOT
cause problems. It is VERY IMPORTANT that you install the
patches immediately when they become available because attackers
actively take advantage the known holes. And actually, they
often are taken advantage of these holes BEFORE they are patched, in
what is known as a “Zero Day Attack.
Application Update
Most
people run applications other than the ones updated by the Microsoft
Windows Update process. These applications should also be up
to date in their patching. That does not necessarily mean
that you have to run the absolute newest version of an application, but
it should be one that is still maintained by the vendor.
Recently, malware attacks have been focusing more on the applications
than the underlying operating system, be it Windows or other.
Attacks on browser applications have always been common, but for
example, lately we have seen attacks on applications that use the PDF
file format too.
Secunia PSI (download PSI from here) is an application that I personally use and like.
It scans the applications (including Windows) on your hard drive and compares
them to a database of "current versions", and provides links to most of
the required updates. See the link page
Anti-“malware” or
virus/spyware/rootkit
Virus,
spyware and rootkits are various forms “malware”
that attack in different ways. You may get the protection from separate
“anti-...” applications or a single combined
“suite” from a single supplier. Many of the
“for pay” vendors also have free versions for home
use.
A popular myth is that
you can identify a malware infected website just by looking at it.
And that you can easily tell when your PC is infected. This
article, The Five Most Dangerous Security Myths: Myth #3 talks about this fallacy
Adware Blocker
Optionally
you may want to include one or more types of adware blockers. Adware
blockers are useful because they remove the temptation to click on
ad’s that lead to websites that infect your PC with various
forms of malware, in a “drive-by attack”. The down
side is that you miss out on legitimate ads you might truly be
interested in and the legitimate vendors miss out on clicks on their
links. Some adware blockers are installed as addons to your browser
application, (ie NoScript for FireFox or Internet Explorer).
Custom HOSTS File
Another
type of Ad Blocking is done by customizing your
“HOSTS” file. The HOSTS file intercepts internet
calls, and if the site has been identified as "bad" and is in the
HOSTS, access is either blocked or redirected to another site.
See the links page
Intrusion Detection System / Intrusion
Protection System
