Antivirus, Antimalware, Firewall, Spam Protection
At one time an antivirus program was sufficient to protect your computer from the annoying (and often destructive) "bugs" that attacked your computer.
Today, viruses are blended with multi-faceted and simultaneous threats, making them much more dangerous and resulting in serious implications for your personal privacy as well as for your finances if you aren't fully protected.
Ransomware Encrypts Your Stuff
Ransomware is probably the greatest threat today because it encrypts the entire computer, making your documents (financial data, letters, lists, etc.) photos, multimedia files and everything else inaccessible without paying a ransom.
Always Update Your Software
Your software and operating system can also add to your vulnerability. Upgrade or remove obsolete or unsupported software. Install recommended updates and service packs. The latest service pack is often a prerequisite for security software because it helps them keep you safe.
You Need a Security Suite
Your computer must be protected by a current security suite that includes antivirus, anti-spyware, keylogger / screengrabber protection plus an effective advanced two-way firewall.
- Multi- and blended threats can overwhelm any protection unless the software is designed to deal with
all of them simultaneously.
- This requires a suit of products that work together.
- Symantec's list of the 11 most common computer security threats.
- It is often difficult (or impossible) to repair the damage caused by infections, particularly when you're dealing with a new breed of threats called ransomware.
- Ransomware is a special sort of malware infection that encrypts your entire computer then holds it for ransom.
- The encryption key can be destroyed if you attempt recovery without paying the ransom.
- Paying the ransom is no guarantee of recovery. You're dealing with thieves, not honest businessmen. Microsoft and others recommend NOT paying. Without income, this sort of malware will die off.
- Other than prevention, your only realistic alternative is to wipe your computer, reinstall everything and restore your data from a reliable (and uninfected) current backup.
- PC Magazine's The best ransomware protection of 2017 provides an excellent overview of ransomware as well as assessing various solutions.
- Malware can go unnoticed yet risks your privacy by stealing information and slows down your computer.
- Botnets are big business. Search results can direct you to preselected sites that pay the botnet owner.
- Malware is running constantly and steals your computer's resources away from legitimate programs along with your privacy.
- While recovery is possible, not all security products detect all malware.
- Tale of the two payloads — TrickBot and Nitol.
- Microsoft's tips to protecting your computer.
- The Microsoft Security Intelligence Report July—December 2014 (PDF) provides an insight into how malware and other exploits are developed and used to compromise computer security.
- Fixing the #1 problem in computer security: A data-driven defense discusses appropriately aligning computer security defenses with the threats that pose the greatest risk to a company's environment.
Free Versions Available
Ensure your protection is always current. You have no excuse for not running security software. Many vendors offer FREE versions of their security software for personal use.
Recovery Can Be Expensive
However, remember the time and money you've put into your computer and software (never mind your data). It can be much more expensive to recover from an infection than to simply purchase decent security software in the first place.
Most current antivirus programs provide some protection against ransomware but this is different than other malware and a failure could be catastrophic.
Several provide tools that can help recover files if you send them a copy of an encrypted file with the unencrypted original to help determine the correct recovery tool.
What About the Mac?
The Mac has a reputation for being safe without an antivirus, but it is time to change that opinion. Count the number of Macs in Starbucks these days.
Apple devices have experienced a surge in popularity in recent years. According to IDC, the company now accounts for 13.5 percent of global smartphone shipments and 7.5 percent of global PC shipments. This increase in usage has not gone unnoticed by attackers. A rising number of threat actors have begun developing malware designed to infect devices running Mac OS X or iOS. — Symantec
You need to be running security (antivirus) software on your Mac.
What About Linux?
Like Macs, many Linux users are under the impression that they don't need antivirus protection. Again, it is time to change that opinion.
We are well into the 21st century, but it is astonishing how people can still believe that Linux-based operating systems are completely secure. Indeed, “Linux” and “security” are two words that you rarely see together. — Sophos
You need to be running security (antivirus) software on your Linux computer.
AV-TEST.org doesn't yet test Linux security software for home users (it has a much higher profile in server software) but that time is coming.
You Need to Be Vigilant
Many threats, including ransomware, evolve rapidly and use zero-day vulnerabilities (weaknesses in software that are exploitable even before they are discovered).
Security software using virus signatures can only protect you against known threats. Newer or evolved threats are harder to detect so most security software depends more on detecting unusual or malicious activity (threat emulation) to prevent unknown threats from infecting your computer.
Prepare for Disaster
Be prepared for disaster before it happens. Backup your data regularly so you'll still have a copy of your data if you're infected. You'll lose what isn't backed up, particularly in the case of ransomware, so schedule accordingly.
Unhide “Known” File Extensions
Windows hides “known” file extensions by default. That means they are known to Windows, but many users don't know the risks they pose which can include files that can infect your computer.
Several file types (including
.EXE, .SCR, .COM and .BAT) are not safe to open, especially when received as an email attachment.
If the default Microsoft file extensions are hidden, the file
samplefile.txt.exe would be displayed as
samplefile.txt. You may mistakenly think the file is a text file and safe to open. You'd be wrong (and probably spending money getting your computer repaired).
To unhide these extensions, click on Start ⇒ Control Panel ⇒ Appearance and Personalization ⇒ Folder Options then click on the View tab and de-select “Hide extensions for known file types.”
Disable Macros in MS Word
You should disable macros in MS Word by opening a Word document ⇒ Options ⇒ Trust Center ⇒ Trust Center Settings ⇒ Macro Settings then Disable all macros with notification. Word macros contained in an attached document in a spam email are commonly used to infect your computer.
Watch for Unusual Activity
You need to be vigilant and wary of what you download and install. Watch for unusual file activity. While you may not protect your own data, disconnecting from the Internet can protect other computers on your network, particularly if you share files between them.
Avoid risky behaviour.
Like any other piece of malware, common sense goes a long way. The critical thing is it's not going to install files by itself. You have to initiate some action. — Jason Glassberg
- Be wary when opening email. Malware generally spreads though malicious email attachments (including JPG images, documents and ZIP files) leaving you susceptible to data loss and identity theft. See Trustwave's Tale of the Two Payloads as an example.
- Links can be faked, especially in emails. Fake links (those that go elsewhere than what is indicated by the linked text) can be used in emails, websites or text messages. See how to tell fake links.
- Be wary of recent or short-term domains and shortened links (often used in texts and on Twitter).
- Watch what you post online. Information you post online, particularly in social media, can be use to personalize attempts to contact you.
Using Obsolete Windows Risky
Windows XP is at significantly higher risk for infection than a supported version of Windows. This is exasperated by the continued use of the obsolete Outlook Express and older versions of Internet Explorer.
Vista expired on April 11, 2017 and similar warnings now apply to Vista.
…XP PCs should not be used to constantly surf the Web or serve as an e-mail platform. Most of the malware finds its way into a Windows system via these pathways.
Here's another unanimous recommendation by the security vendors surveyed: Whenever there is an opportunity, the user ought to switch over to more recent Windows versions such as 7 or 8. — AV-TEST
In an October 2014 report, ComputerWorldUK noted:
Fifty-two percent of the [half-million] compromised computers were running Windows XP,a figure that is at once unsurprising -- considering that support for Windows XP, including patches, ended in April 2014,according to the report.
Most of those computers were running Internet Explorer,which is to be expected given both the size of the Internet Explorer install base and the number and variety of exploits available for this browser,the report said.
Antivirus & Security Software
While you can purchase anti-virus & security packages in retail stores, these sites offer software at reduced rates, 24-hour access, instant updates, and on-line technical support.
Save Backups of Installation Software & Licenses
If you do purchase your software on-line, be sure to save a copy of the installation file(s) — preferably on removable media — so you can reinstall it if you need to repair it or suffer a catastrophic loss of your operating system.
Not All Products As Effective
Assessing and comparing security products is difficult. You're essentially taking a snapshot of a series of products at a single point in time. Some products will have just completed an update that places them at the top, yet those results could be different in a week or a month because change is the constant in a product class that deals with the ever changing world of malware and threats.
AV-Comparatives.org tests (see graphic showing consumer products for November 2017) show significant variations in the ability of available security products to prevent infections:
- green were automatically blocked;
- yellow were user dependent; and
- red were compromised.
These results vary by month as vendors update their products and fix issues. I strongly recommend checking the reviews of products suitable for your operating system:
Recommended Security Solutions
ZoneAlarm Extreme Security
I strongly recommend ZoneAlarm Extreme Security for complete security protection while protecting your privacy.
ZoneAlarm also provides a separate Anti-Ransomware service for a monthly fee. This is an additional protection on top of your primary security software, including ZoneAlarm Extreme Security.
Check Point ZoneAlarm Anti-Ransomware is the most effective ransomware-specific security tool we've seen. In testing, it showed complete success against all of our real-world samples. — PC Magazine
- Kaspersky Antivirus is very highly rated, but I prefer the version licensed with ZoneAlarm for more complete protection.
Mac and Linux
The Mac and Linux have traditionally been safer than Windows for security, but this is no longer true.
- Mac users, see Security Software on my Mac resources page.
- Linux users, see Security Software on my Linux resources page.
Free Antivirus Solutions
I strongly recommend sticking with a paid subscription because it will offer more frequent updates, better security and your requests for help will always get priority over similar free products. Some free versions may not perform as well as you expect.
In its recent endurance test, which was carried out over a period of 6 months, AV-TEST tested 18 Internet security suites for their protection, performance and usability. The test shows: more than two-thirds of the protection packages can be recommended, but the best performance does cost some money. Paid software packages are also the most secure. — AV-TEST
The cost of repairs to your computer if a free product fails you will far exceed the cost of most security products. But if you can't afford it, there are basic (and sometimes excellent) free protection for home users.
ZoneAlarm Free Antivirus + Firewall
Free Antivirus + Firewall is an excellent free option for personal use but ZoneAlarm Extreme provides better protection and more coverage.
ZoneAlarm isn't compatible with any other security software except MS Windows Defender.
These solutions are recommended ONLY if combined with the ZoneAlarm Free Firewall (basic firewall only):
- ClamWin Free Antivirus comes with an easy installer and open source code. However, there is no real-time scanner (you need to manually scan files for viruses) and no firewall.
- AVG AntiVirus FREE provides excellent basic protection for home users with light requirements (not suitable for online banking or shopping).
- Panda Free Antivirus has a very minimal footprint (free for home users and non-profit organizations) but is missing most of the features the paid product provides.
I don't recommend the following products.
Microsoft Security Essentials (a beefed-up Windows Defender) is free for individuals and small businesses with up to 10 PCs. Supported on Windows 7 and Vista only. Support could disappear at any time.
One of the most common questions we get asked at Tom's Guide is “Is Windows Defender good enough to protect my PC?”
The short answer is: Nope. The longer answer is: No, but it might be someday. — Tom's Guide
The internal protection solution from Windows, Defender, at 15.5 points finishes among the last products at the bottom of the table. — AV-TEST
Zero-day detection was mediocre, but the popular free antivirus program performed well at spotting malware…the product performs worse when compared with other free or paid offerings. — InfoWorld
- Windows Defender is included with Windows Vista and later but is an anti-spyware/anti-malware product, and does not include antivirus protection.
- Windows Defender provided with Windows 10 is more complete and has a better track record.
Other Antivirus Solutions
These may be excellent anti-virus solutions, but I have not tested them recently. Some require significant system resources (mainly RAM) to run and many have a firewall inferior to ZoneAlarm, my recommended firewall. More about evaluating solutions.
- While Norton Antivirus is often recommended, I've not felt it the best option for quite some time, partly due to the drain on resources.
- McAfee Total Protection does provide protection for all your computers (PCs, Macs, smartphones, and tablets) but hasn't proven to be the most effective at stopping infections.
- Panda Antivirus.
- Sophos Antivirus.
- AntiVir Personal Edition Premium.
Reviews on these products have been excellent, but I haven't reviewed them myself (at least not recently).
Many ISPs (particularly those offering broadband services) now include anti-virus protection either included as a part of their regular services or for a fee.
Some ISPs activate it automatically, but most require some action on your part. This can be an excellent first line of defense, backed up by an installed anti-virus program (since not all viruses are spread by email).
However, many of the packages provided by ISPs to install on your computer (such as Shaw Secure) are very intensive users of system resources and are not necessarily the best products available.
Try my recommended solutions instead, particularly if you're a home user where some excellent free options are available to you.
Beware of Fake Spyware-removers
Watch out for “ads” on websites that appear to "find" spyware on your system. They install a fake program, then offer to remove it if you purchase their product. Don't fall for these tactics. They are rip-offs or fakes.
The best defense is to keep your protection current and to know how your security software displays warnings.
- Do NOT click links on websites running a simulated (but realistic-looking) “infection reports” on your computer. These can also appear on your desktop in a Windows dialogue box.
- Internet Explorer much more vulnerable in allowing malware to install unasked. Don't use IE for browsing the Web.
Most Email “Warnings” Are Illegitimate
You've received a message from a friend that suggests you forward it to everyone in your address book. What do you do? Don't forward it. Delete the message!
It doesn't matter what the content is. Any request to forward information to everyone is highly suspect when it is sent to a group of people. Others don't like junk mail any more than you do.
99.9% of these are hoaxes or some other form of malware. I suggest you stop and take a closer look at the message before taking any action. I'm appalled at how often people repeatedly forward these things without checking them out.
Hoaxes are Social "Viruses"
Hoaxes are social “viruses” that take advantage of our compassionate nature. Features like the following should trigger you to investigate further:
- Any request to forward the message to everyone in your address book is almost certainly a hoax.
- Hoaxes use emotional rather than factual approaches to lure you in (see an example).
- Hoaxes depend on our concern for our computers (such as "virus" warnings) or greed (chain letters that pay big dividends) or compassion for others (such as saving a sick child).
- Many cite "authority" sources, most of which never issue such warnings. If in doubt, check the authority's website for confirmation.
Avoid Spreading Ignorance
Fake news is at an all-time high. Facebook and others continue to publish an incredible amount of news that isn't based upon fact. People forward it out of ignorance (or perhaps with malicious intent to confuse others).
Begin with a simple Internet search for unique specifics in the message. This will give you information to test the legitimacy of any message.
- Do not forward email "warnings." Most are false.
- Check for accurate virus information from antivirus vendors.
Other Hoax Information Sites
You might also wish to check out:
- Snopes.com Rumour Has It has an extensive categorized listing of urban legends and rumours.
- TruthOrFiction.com lists rumours, inspirational stories, virus warnings, humorous tales, pleas for help, urban legends, prayer requests and calls to action with details about their truth or fiction.
- Washington Post Fact Checker — the truth behind the rhetoric.
- ThatsFake.com debunks fake news.
- Hoax-Slayer debunks email hoaxes and exposes Internet scams.
- The Identity Theft Resource Center has many useful resources.
- Cyber-Museum of Scams and Frauds lists various financial schemes promoted by email and other means.
Fixing Issues with Antivirus Software
Multiple Security Products can Conflict
If you're having issues with your security software, verify that there are no competing security products installed on your system.
Competing antivirus, anti-spyware and firewall programs can conflict with each other, leaving you vulnerable to infection by viruses, malware and other threats.
- Microsoft's Windows Defender and Windows Firewall are generally either allowed or disabled by most security software.
- McAfee Security Scan Plus (installed with Adobe Flash as an optional download) is not recommended but shouldn't conflict.
While there are some generic similarities between security products (they provide the same function), you'll need to see help specific to the program(s) you're running.
I suggest that you seek help on the support website for your product then try the support forum if you have no luck. Try searching for your specific problem, using an error message or similar search criteria.
Generic searches on the Web can be helpful, but you'll need to ensure that the suggestions don't get you into more trouble or land you on a malicious site.
Evaluating Antivirus Solutions
Microsoft enables the Windows firewall by default and checks for the presence of a current antivirus solution and scans for malware with Windows Defender.
These provide a base-line protection but are insufficient on their own.
Use a Security Suite
A security suite that includes all the security protection is recommended rather than shopping for various components.
- Antivirus protection can no longer be considered a stand-alone issue.
- Verify the system requirements (optimally the recommended rather than minimum requirements) to ensure your computer can run the software, in particular, RAM (memory) and available disk space.
- Avoid creating your own suite: running multiple security programs can create a conflict that prevents detection rather than improving it.
Assessing Antivirus Solutions
If you're looking at protecting an enterprise (not my expertise) you'd best look at a Managed Security Services Provider (MSSP) because they involve a different level of risk. Trustwave's MSSP Buyers Guide will help you evaluate solutions.
Consumers, including small businesses, can check out the evaluations found on reliable websites and magazines to evaluate antivirus and other security products.
Often one product will excel in one area but be weak elsewhere so be sure to include your specific needs into the evaluation process. Both the strengths and weaknesses of specific products can change over time so be sure to view a current assessment.
- Check AV Comparatives summary reports for independent tests of various antivirus software.
- See how various vendors did each year on AV Comparatives false alarm tests.
- AVTest options for mobile, Windows Home, macOS Home and Windows Business allow you to compare alternatives for your chosen platform.
- 17 software packages in a repair performance test after malware attacks.
Don't trust blanket statements that say that the code is “military-grade” or “NSA-proof”; these mean nothing and give a strong warning that the creators are overconfident or unwilling to consider the possible failings in their product. — Electronic Frontier Foundation
The number of false positives (safe files tagged as viruses) should be few or none. Most antivirus programs look for certain traits that are common to virus activity to detect unknown threats. Unfortunately, this can tag legitimate program files — obviously creating issues for the person depending upon the A/V program.
Some files that are legitimate in some cases (such as password hacking utilities for recovery specialists) are something that should not be on most people's computers and therefore not false positives.
Automatic Scans and Updates
Ensure that your security software will update automatically and provide for a scheduled scan to detect issues missed while running a realtime scanner (the one that checks files as they are opened).
Many people simply don't add protection and fail to ensure it is updated frequently (it is like not having health insurance or ignoring expired health insurance).