Russ Harvey Consulting - Computer and Internet Services

Antivirus Protection

Software | Hoaxes | Fixing Issues | Evaluating Solutions | Current Alerts

About Protection

Changing Requirements

At one time an antivirus program was sufficient to protect your computer from the annoying (and often destructive) "bugs" that attacked your computer.

Today, viruses are blended with multi-faceted and simultaneous threats, making them much more dangerous and resulting in serious implications for your personal privacy as well as for your finances if you aren't fully protected.

You Need a Security Suite

Your computer must be protected by a current security suite that includes antivirus, anti-spyware, keylogger / screengrabber protection plus an effective advanced two-way firewall.

  • Without a suit of products that work together, you cannot have complete security from infections and attacks on your computer. The 11 most common computer security threats each indicate a danger level and prevalence ranking that helps you to evaluate the risk, but you need to protect yourself from all of them simultaneously.
  • Infections can make your computer unworkable and it is often difficult (or impossible) to repair the damage caused. You need to ensure you have a current backup
  • Malware can go unnoticed yet risks your privacy and uses resources you've paid for to benefit someone else. Botnets are big business.

Ensure your protection is always current. You have no excuse for not running security software. Many vendors offer free versions of their security software for personal use (although they may not perform as well as you expect).

What About the Mac?

The Mac has a reputation for being safe without an antivirus, but perhaps it is time to change that opinion. Choose an effective program that doesn't significantly slow down the system. Malware protection is particularly weak. More about Mac security…

Windows XP More Vulnerable

I'm not the only one to recommend that Windows XP be retired even though most security software providers continue to support XP. There are significant weaknesses (more than newer Windows versions), exasperated by the continued use of the obsolete Outlook Express and Internet Explorer (Microsoft chose not to update Internet Explorer for XP).

In an October 2014 report, ComputerWorldUK noted:

Fifty-two percent of the [half-million] compromised computers were running Windows XP, a figure that is at once unsurprising -- considering that support for Windows XP, including patches, ended in April 2014, according to the report.

Most of those computers were running Internet Explorer, which is to be expected given both the size of the Internet Explorer install base and the number and variety of exploits available for this browser, the report said.

Return to top

Antivirus & Security Software

While you can purchase anti-virus & security packages in retail stores, these sites offer software at reduced rates, 24-hour access, instant updates, and on-line technical support.

Not All Products As Effective

AV-Comparatives.org tests -- click to see live results.

AV-Comparatives.org tests show significant variations in preventing infections:

  • green were automatically blocked;
  • yellow were user dependent; and
  • red were compromised.

The line near the top shows protection provided by Windows 7 “out of the box” (not good enough).

Recommended Security Solutions

I strongly recommend ZoneAlarm Extreme Security (complete security protection which includes everything in ZoneAlarm Antivirus). Their Internet Security Suite is also recommended, but is not as effective in fighting todays blended threats.

Rated #1 by AVTest.org. ::: Save up to 50% on ZoneAlarm today!

  • Kaspersky Antivirus is very highly rated, but I prefer the version licensed with ZoneAlarm for more complete protection.
  • AVG Internet Security includes a firewall. There are separate versions for Mac, mobile and business.
  • Panda Cloud Antivirus paid Pro version includes a community firewall, protection on pubic WiFi networks and VIP support.

The Mac and Linux have traditionally been safer than Windows for security, but this is no longer true.

Free Antivirus Solutions

I strongly recommend sticking with a paid subscription because it will offer more frequent updates, better security and your requests for help will always get priority over similar free products. But if you can't afford it, these provide basic (and sometimes excellent) protection for home users:

NOT Recommended

I don't recommend the following products.

Microsoft Security Essentials (a beefed-up Windows Defender) is free for individuals and small businesses with up to 10 PCs.

Zero-day detection was mediocre, but the popular free antivirus program performed well at spotting malware…the product performs worse when compared with other free or paid offerings. — AV-Test.org

Windows 8.1 comes with an enhanced version of Windows Defender, but the outgoing firewall is turned off by default. Turning it on can overwhelm the casual user with constant alerts.

  • Windows Defender is included with Windows Vista and later but is an anti-spyware/anti-malware product, and does not include antivirus protection.

Other Antivirus Solutions

These may be excellent anti-virus solutions, but I have not tested them recently. Most require a great deal of your system resources (mainly RAM) to run and many disable ZoneAlarm, my recommended firewall. More about evaluating solutions.

Free Products

Return to top

Hoaxes

Beware of Fake Spyware-removers

Watch out for “ads” on websites that appear to "find" spyware on your system. They install a fake program, then offer to remove it if you purchase their product. Don't fall for these tactics. They are rip-offs or fakes.

The best defense is to keep your protection current and to know how your security software displays warnings.

  • Do NOT click links on websites running a simulated (but realistic-looking) “infection reports” on your computer. These can also appear on your desktop in a Windows dialogue box.
  • Internet Explorer much more vulnerable in allowing malware to install unasked. Don't use IE for browsing the Web.

You many also receive calls from telemarketers selling security software. The CRTC has some advice on dealing with these calls. I recommend that you simply hang up.

Most Email “Warnings” Are Illegitimate

You've received a message from a friend that suggests you forward it to everyone in your address book. What do you do?

Don't forward it. Delete the message!

It doesn't matter what the content is. Any request to forward information to everyone is highly suspect when it is sent to a group of people. Other's don't like junk mail any more than you do.

99.9% of these are hoaxes or some other form of malware. I suggest you stop and take a closer look at the message before taking any action. I'm appalled at how often people repeatedly forward these things without checking them out.

Hoaxes are Social "Viruses"

Hoaxes are social viruses that take advantage of our compassionate nature. Features like the following should trigger you to investigate further:

  • Any request to forward the message to everyone in your address book is almost certainly a hoax.
  • Hoaxes use emotional rather than factual approaches to lure you in (see an example).
  • Hoaxes depend on our concern for our computers (such as "virus" warnings) or greed (chain letters that pay big dividends) or compassion for others (such as saving a sick child).
  • Many cite "authority" sources, most of which never issue such warnings. If in doubt, check the authority's website for confirmation.

Avoid Spreading Ignorance

Begin with a simple Internet search for unique specifics in the message. This will give you information to test the legitimacy of any message.

  • Do not forward email "warnings." Most are false.
  • Check for accurate virus information from antivirus vendors.

Other Hoax Information Sites

You might also wish to check out:

  • Snopes.com Rumour Has It has an extensive categorized listing of urban legends and rumours.
  • HoaxBusters which maintains a site dedicated to the various on-line scams and hoaxes that don't necessarily relate to virus activities.
  • Hoax-Slayer debunks email hoaxes and exposes Internet scams.
  • The Identity Theft Resource Center has many useful resources.
  • TruthOrFiction.com lists rumours, inspirational stories, virus warnings, humorous tales, pleas for help, urban legends, prayer requests and calls to action with details about their truth or fiction.
  • Cyber-Museum of Scams and Frauds lists various financial schemes promoted by email and other means.

Return to top

Fixing Issues with Antivirus Software

If your computer is infected with the DNS Changer, you probably can't get Internet access. Fix it or learn more.

Fixing Issues with AVG

I used to deploy AVG in combination with the ZoneAlarm Free Basic Firewall on dozens of Windows systems used by home users with a limited budget. However, upon the release of ZoneAlarm Free Antivirus + Firewall I stopped installing AVG because the protection is nowhere near as effective:

  1. ZoneAlarm Extreme Security
  2. ZoneAlarm Internet Security Suite
  3. ZoneAlarm Free Antivirus + Firewall (for personal use only)

For those wishing to continue to use AVG or another antivirus, the ZoneAlarm Free Basic Firewall is still available for those that qualify.

Be Sure to Run the Current Version

If you choose to run AVG, be sure you are running the most current version available:

If you're having difficulties with your AVG and are running the most current version, have a look at the potential solutions below.

Be Sure You're Getting the Right Product

Hint: read all the screens carefully so that you get to the correct download page. Upgrades with a price indicated are not free (nor is TrialPay — you're required to purchase other products to get your "free" product). See my Recommended Windows Software for more information and direct download options.

Experiencing Problems with AVG?

If you're having problems with your AVG Free, have a look at the AVG FAQ. There are tabs with the following options:

  • Hot Topics;
  • Installation;
  • Update;
  • Virus FAQ; and
  • Sales.

Although help is provided for earlier versions, you should always be running the most current version.

You can also look for help on the AVG Free Forum or check the AVG Download Center for AVG products.

PocoMail & Barca with AVG

If you're using PocoMail or Barca with AVG, there is a potential problem with allowing AVG to certify incoming and outgoing email. This is easy to fix:

  1. Open the AVG User Interface by double-clicking on the icon.
  2. Click on the Options menu and select Advanced Settings.
  3. From the Advanced Settings window that appears, click the “plus” on Email Protection from the menu on the left to expand the menu then repeat to view the expanded menu under Email Scanner.
  4. Click on Certification and ensure both certification boxes are unchecked (if you're using the free version you may be unable to uncheck the incoming email certification).
  5. Click OK to save your settings.

I tend to do this with all AVG installations because the certification means nothing to the recipient. You can't trust the sender for security — you have to take care of it for yourself.

Save Backups of Installation Software & Licenses

If you do purchase your software on-line, be sure to save a copy of the installation file(s) (preferably on removable media) so you can reinstall it if you need to repair it or suffer a catastrophic loss of your operating system.

ISP-Provided Packages

Many ISPs (particularly those offering broadband services) now include anti-virus protection either included as a part of their regular services or for a fee. Some ISPs activate it automatically, but most require some action on your part. This can be an excellent first line of defense, backed up by an installed anti-virus program (since not all viruses are spread by email).

However, many of the packages provided by ISPs to install on your computer (such as Shaw Secure) are very intensive users of system resources and are not necessarily the best products available. Try my recommended solutions instead, particularly if you're a home user where some excellent free options are available to you.

Return to top

Evaluating Antivirus Solutions

Assessing Antivirus Solutions

You can do a search for the various sites that evaluate antivirus and other security products. Be sure to include your specific needs into the evaluation process.

Often one product will excel in one area but be weak elsewhere and these change as products evolve. Check AV Comparatives Summary Reports for independent tests of various antivirus software.

False Positives

False positives (safe files tagged as viruses) is another problem. Most antivirus programs look for certain traits that are common to virus activity to detect unknown threats. Unfortunately, this can tag legitimate program files — obviously creating issues for the person depending upon the A/V program.

See how various vendors did each year on AV Comparatives False Alarm Tests. More recent data is found here.

Consider Other Related Risks

Antivirus protection can no longer be considered a stand-alone issue. There are other security issues tied in with virus protection including privacy (malware and spyware), identity protection, parental control, security issues with instant messenger (IM) software and firewall protection.

Compatibility of Products

If you buy individual products, ensure that they are compatible with each other. If you buy multiple packages or suites, ensure that they are not going to overwhelm the available resources on your computer—in particular, RAM (memory) and available disk space. Many current packages are very large and not all play nicely with other security software.

For example, newer versions of Norton Antivirus is now a suite, with a built-in firewall that insists on uninstalling other firewalls (including my recommendation, ZoneAlarm). While this protects you from running multiple firewall products (they can conflict and deny you the protection you think you're getting) it doesn't provide for an option for turning off the Norton firewall without receiving continuous warnings from the Norton software.

Unnecessary Components

If you don't run Instant Messenger (IM) software, you don't need to run protection against the dangers posed by IM software (provided you've uninstalled or disabled the built-in MSN Messenger software). Be sure any product containing that protection has the option to disable any such unnecessary feature, saving you some resources where not required.

This assumes that you are aware of the risks of disabling components. Microsoft enables the Windows firewall by default and checks for the presence of a current antivirus solution — unfortunately necessary as many people simply don't add protection and fail to ensure it is updated frequently. Think of it as driving without car insurance when that unfortunate moment occurs when its needed.

Return to top

www.RussHarvey.bc.ca/resources/antivirus.html
Updated: July 31, 2015

Protecting your computer from viruses, spyware and other threats

Current Alert Listings

ShellShock (“Bash Bug”)

This vulnerability is named for the GNU Bash shell but vulnerability extends (at least potentially) beyond that one program (hence my preference for Shellshock over “BASH”).

A new vulnerability has been found that potentially affects most versions of the Linux and Unix operating systems, in addition to Mac OS X (which is based around Unix). Known as the “Bash Bug” or “ShellShock,” the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271) could allow an attacker to gain control over a targeted computer if exploited successfully. — Symantec

The biggest threat at present is to web servers, but many other devices that make up the Internet of Things could be more at risk and more difficult to patch.

This is certainly one of the worst, if not the worst, vulnerabilities that's been discovered this year, said Roel Schouwenberg, a security researcher at Kaspersky Lab. We most definitely haven't seen the end of all the different implications. — The Wall Street Journal

See my Linux and Mac pages regarding Shellshock on those systems.

Poweliks: Difficult to Detect or Remove

A new malware program called Poweliks attempts to evade detection and analysis by running entirely from the system registry without creating files on disk, security researchers warn. — PC World

Poweliks is malware that avoid detection by running completely in the Windows Registry — there are none of the usual file on the hard drive for your antivirus program to check for. The document has been detected in a Word document attached to a fake Canada Post and/or USPS email claiming to have information about items ordered for the recipient.

[A]ntivirus solutions have to either catch the file (the initial Word document) before it is executed (if there is one), preferably before it reached the customer's email inbox. Or, as a next line of defense, they need to detect the software exploit after the file's execution, or, as a last step, in-registry surveillance has to detect unusual behavior, block the corresponding processes and alert the user. — Paul Rascagnères, G Data Software Security Blog

Heartbleed Bug

Updated May 5, 2014

The Heartbleed bug official site -- click to learn more.

Heartbleed is a widespread security bug that affects webservers (OpenSSL runs on 66% of the web). Until fixed, hackers may be able to obtain user names, passwords and credit card numbers that have previously used on affected websites.

Catastrophic" is the right word. On the scale of 1 to 10, this is an 11. — Bruce Schneier

What Do You Need to Do?

Avoid logging into secure servers (those where you're using credit cards, passwords and other secured information) until you are sure they are not vulnerable.

It's not enough for companies to simply patch the copy of OpenSSL — the software at the root of the Heartbleed bug. Companies must also revoke and reissue digital certificates for their Heartbleed-vulnerable sites. And the clock is ticking. — Mashable

It is recommended that you change passwords for affected sites after they've been patched.

One site called it a “crap shoot” since sites may not report when they've fixed the vulnerability on their servers. Most major sites have been fixed, but verify the site was both vulnerable and has fixed the problem then change your passwords on those sites.

Use the tools below to determine if the secure sites you use are patched:

Learn more about Heartbleed on these sites:

CryptoLocker: Holding Your Digital Life for Ransom

CryptoLocker is ransomware, a form of malware that poses a significant threat to your data. If infected, CryptoLocker encrypts your data so that you cannot access it and demands that you pay a significant ransom fee to regain access to your data.

Like any other piece of malware, common sense goes a long way. The critical thing is it's not going to install files by itself. You have to initiate some action. — Jason Glassberg
  • Backup your data regularly so you'll still have a copy of your data if you're infected.
  • Be wary when opening email. Malware generally spreads though malicious email attachments (including JPG images, documents and ZIP files) or fake links, leaving you susceptible to data loss and identity theft.

CryptoLocker Ransomware Information Guide and FAQ is a great resource for those dealing with the original CryptoLocker. You might be able to obtain a recovery key at decryptcryptolocker.com by providing a sample infected file.

New Variations

CryptoLocker has since morphed into new variations such as CryptoWall, CoinVault and TorrentLocker which don't respond to CryptoLocker solutions.

Other Alerts

You can find current alert listings on the AVG, McAfee, F-Secure and Norton websites.

If you think you might have triggered a virus on your computer view the screen shots of several virus infections.

Return to top

Related Resources

Related resources on this site:

or check the resources index.

Return to top


If these pages helped you,
buy me a coffee!