Russ Harvey Consulting - Computer and Internet Services

Antivirus Protection (Security Software)

Software | Hoaxes | Fixing Issues | Evaluating Solutions | Current Alerts

Changing Requirements

At one time an antivirus program was sufficient to protect your computer from the annoying (and often destructive) "bugs" that attacked your computer.

Today, viruses are blended with multi-faceted and simultaneous threats, making them much more dangerous and resulting in serious implications for your personal privacy as well as for your finances if you aren't fully protected.

You Need a Security Suite

Your computer must be protected by a current security suite that includes antivirus, anti-spyware, keylogger / screengrabber protection plus an effective advanced two-way firewall.

Ensure your protection is always current. You have no excuse for not running security software. Many vendors offer FREE versions of their security software for personal use.

However, remember the time and money you've put into your computer and software (never mind your data). It can be much more expensive to recover from an infection than to simply purchase decent security software in the first place.

What About the Mac?

The Mac has a reputation for being safe without an antivirus, but it is time to change that opinion.

Apple devices have experienced a surge in popularity in recent years. According to IDC, the company now accounts for 13.5 percent of global smartphone shipments and 7.5 percent of global PC shipments. This increase in usage has not gone unnoticed by attackers. A rising number of threat actors have begun developing malware designed to infect devices running Mac OS X or iOS. — Symantec

You need to be running security (antivirus) software on your Mac.

Malware protection is particularly weak and we now have proof that Macs can get ransomware. Choose an effective program that doesn't significantly slow down the system. More…

You Need to Be Vigilant

Many threats, including ransomware, evolve rapidly and use zero-day vulnerabilities (weaknesses in software that are exploitable even before they are discovered).

Security software using virus signatures can only protect you against known threats. Newer or evolved threats are harder to detect so most security software depends more on detecting unusual or malicious activity (threat emulation) to prevent unknown threats from infecting your computer.

Prepare for Disaster

Be prepared for disaster before it happens. Backup your data regularly so you'll still have a copy of your data if you're infected. You'll lose what isn't backed up, particularly in the case of ransomware, so schedule accordingly.

Unhide “Known” File Extensions

Windows hides “known” file extensions by default. They are known to Windows, but can include files that can infect your computer.

Several file types (including .EXE, .SCR, .COM and .BAT) are not safe to open, especially when received as an email attachment.

With hidden file extensions the file samplefile.txt.exe would be displayed as samplefile.txt leading you to think the file is a text file and safe to open.

To unhide these extensions, click on Start ⇒ Control Panel ⇒ Appearance and Personalization ⇒ Folder Options then click on the View tab and de-select “Hide extensions for known file types.”

Watch for Unusual Activity

You need to be vigilant and wary of what you download and install. Watch for unusual file activity. While you may not protect your own data, disconnecting from the Internet can protect other computers on your network.

Avoid risky behaviour.

Like any other piece of malware, common sense goes a long way. The critical thing is it's not going to install files by itself. You have to initiate some action. — Jason Glassberg
  • Be wary when opening email. Malware generally spreads though malicious email attachments (including JPG images, documents and ZIP files) leaving you susceptible to data loss and identity theft.
  • Links can be faked, especially in emails. Fake links (those that go elsewhere than what is indicated by the linked text) can be used in emails, websites or texts. See how to tell fake links. Be wary of recent or short-term domains and shortened links (often used in texts and on Twitter).
  • Watch what you post online. Information you post online, particularly in social media, can be use to personalize attempts to contact you.

Learning More

Security Basics, Malware Detection & Removal and Phishing & Identity Protection have more information on how to better protect yourself.

Using Obsolete Windows Risky

Windows XP is at significantly higher risk for infection than a supported version of Windows, exasperated by the continued use of the obsolete Outlook Express and older versions of Internet Explorer.

Vista is the next version of Windows to expire (April 11, 2017) and similar warnings will apply.

…XP PCs should not be used to constantly surf the Web or serve as an e-mail platform. Most of the malware finds its way into a Windows system via these pathways.

Here's another unanimous recommendation by the security vendors surveyed: Whenever there is an opportunity, the user ought to switch over to more recent Windows versions such as 7 or 8. — AV-TEST

In an October 2014 report, ComputerWorldUK noted:

Fifty-two percent of the [half-million] compromised computers were running Windows XP, a figure that is at once unsurprising -- considering that support for Windows XP, including patches, ended in April 2014, according to the report.

Most of those computers were running Internet Explorer, which is to be expected given both the size of the Internet Explorer install base and the number and variety of exploits available for this browser, the report said.

Return to top

Antivirus & Security Software

While you can purchase anti-virus & security packages in retail stores, these sites offer software at reduced rates, 24-hour access, instant updates, and on-line technical support.

Save Backups of Installation Software & Licenses

If you do purchase your software on-line, be sure to save a copy of the installation file(s) — preferably on removable media — so you can reinstall it if you need to repair it or suffer a catastrophic loss of your operating system.

Not All Products As Effective

One of the most common questions we get asked at Tom's Guide is "Is Windows Defender good enough to protect my PC?"

The short answer is: Nope. The longer answer is: No, but it might be someday. — Tom's Guide

AV-Comparatives.org tests -- click to see live results.

AV-Comparatives.org tests (see graphic) show significant variations in preventing infections:

  • green were automatically blocked;
  • yellow were user dependent; and
  • red were compromised.

These results vary by month as vendors update their products and fix issues. I strongly recommend checking the reviews of products suitable for your operating system:

Recommended Security Solutions

ZoneAlarm Extreme Security

I strongly recommend ZoneAlarm Extreme Security for complete security protection (Internet Security Suite is not as effective in fighting todays blended threats).

Rated #1 by AVTest.org. ::: Save up to 50% on ZoneAlarm today!
 

Recommended Alternatives

  • Kaspersky Antivirus is very highly rated, but I prefer the version licensed with ZoneAlarm for more complete protection.
  • Panda Cloud Antivirus paid Pro version includes a community firewall, protection on pubic WiFi networks and VIP support.

Mac and Linux

The Mac and Linux have traditionally been safer than Windows for security, but this is no longer true.

Free Antivirus Solutions

I strongly recommend sticking with a paid subscription because it will offer more frequent updates, better security and your requests for help will always get priority over similar free products. Some free versions may not perform as well as you expect.

But if you can't afford it, there are basic (and sometimes excellent) free protection for home users.

ZoneAlarm Free Firewall

ZoneAlarm Free Firewall together with Microsoft's built-in Windows Defender is less than ideal (I'd recommend ZoneAlarm Extreme).

ZoneAlarm is only compatible with MS Windows Defender, and is not compatible with any other antimalware software.

However, it does provide basic firewall protection that is missing from most free products.

Recommended Alternatives

These solutions are recommended ONLY if combined with the ZoneAlarm Free Firewall (basic firewall only):

  • ClamWin Free Antivirus comes with an easy installer and open source code. However, there is no real-time scanner (you need to manually scan files for viruses) and no firewall.
  • AVG Free Personal Edition provides excellent basic protection for home users with light requirements (not suitable for online banking or shopping).
  • Panda Cloud Antivirus has a very minimal footprint (free for home users and non-profit organizations) but is missing most of the features of the paid product, including .

NOT Recommended

I don't recommend the following products.

Microsoft Security Essentials (a beefed-up Windows Defender) is free for individuals and small businesses with up to 10 PCs.

Zero-day detection was mediocre, but the popular free antivirus program performed well at spotting malware…the product performs worse when compared with other free or paid offerings. — AV-Test.org

Windows 8.1 and Windows 10 comes with an enhanced version of Windows Defender, but the outgoing firewall is turned off by default. Turning it on can overwhelm the casual user with constant alerts.

  • Windows Defender is included with Windows Vista and later but is an anti-spyware/anti-malware product, and does not include antivirus protection.

Other Antivirus Solutions

These may be excellent anti-virus solutions, but I have not tested them recently. Some require significant system resources (mainly RAM) to run and many have a firewall inferior to ZoneAlarm, my recommended firewall. More about evaluating solutions.

Free Products

ISP-Provided Packages

Many ISPs (particularly those offering broadband services) now include anti-virus protection either included as a part of their regular services or for a fee. Some ISPs activate it automatically, but most require some action on your part. This can be an excellent first line of defense, backed up by an installed anti-virus program (since not all viruses are spread by email).

However, many of the packages provided by ISPs to install on your computer (such as Shaw Secure) are very intensive users of system resources and are not necessarily the best products available. Try my recommended solutions instead, particularly if you're a home user where some excellent free options are available to you.

Return to top

Hoaxes

Beware of Fake Spyware-removers

Watch out for “ads” on websites that appear to "find" spyware on your system. They install a fake program, then offer to remove it if you purchase their product. Don't fall for these tactics. They are rip-offs or fakes.

The best defense is to keep your protection current and to know how your security software displays warnings.

  • Do NOT click links on websites running a simulated (but realistic-looking) “infection reports” on your computer. These can also appear on your desktop in a Windows dialogue box.
  • Internet Explorer much more vulnerable in allowing malware to install unasked. Don't use IE for browsing the Web.

You many also receive calls from telemarketers selling security software. The CRTC has some advice on dealing with these calls. I recommend that you simply hang up.

Most Email “Warnings” Are Illegitimate

You've received a message from a friend that suggests you forward it to everyone in your address book. What do you do?

Don't forward it. Delete the message!

It doesn't matter what the content is. Any request to forward information to everyone is highly suspect when it is sent to a group of people. Other's don't like junk mail any more than you do.

99.9% of these are hoaxes or some other form of malware. I suggest you stop and take a closer look at the message before taking any action. I'm appalled at how often people repeatedly forward these things without checking them out.

Hoaxes are Social "Viruses"

Hoaxes are social viruses that take advantage of our compassionate nature. Features like the following should trigger you to investigate further:

  • Any request to forward the message to everyone in your address book is almost certainly a hoax.
  • Hoaxes use emotional rather than factual approaches to lure you in (see an example).
  • Hoaxes depend on our concern for our computers (such as "virus" warnings) or greed (chain letters that pay big dividends) or compassion for others (such as saving a sick child).
  • Many cite "authority" sources, most of which never issue such warnings. If in doubt, check the authority's website for confirmation.

Avoid Spreading Ignorance

Begin with a simple Internet search for unique specifics in the message. This will give you information to test the legitimacy of any message.

  • Do not forward email "warnings." Most are false.
  • Check for accurate virus information from antivirus vendors.

Other Hoax Information Sites

You might also wish to check out:

  • Snopes.com Rumour Has It has an extensive categorized listing of urban legends and rumours.
  • HoaxBusters which maintains a site dedicated to the various on-line scams and hoaxes that don't necessarily relate to virus activities.
  • Hoax-Slayer debunks email hoaxes and exposes Internet scams.
  • The Identity Theft Resource Center has many useful resources.
  • TruthOrFiction.com lists rumours, inspirational stories, virus warnings, humorous tales, pleas for help, urban legends, prayer requests and calls to action with details about their truth or fiction.
  • Cyber-Museum of Scams and Frauds lists various financial schemes promoted by email and other means.

Return to top

Fixing Issues with Antivirus Software

If your computer is infected with the DNS Changer, you probably can't get Internet access. Fix it or learn more.

Multiple Security Products can Conflict

If you're having issues with your security software, verify that there are no competing security products installed on your system.

Competing antivirus, anti-spyware and firewall programs can conflict with each other, leaving you vulnerable to infection by viruses, malware and other threats.

  • Microsoft's Windows Defender and Windows Firewall are generally either allowed or disabled by most security software.
  • McAfee Security Scan Plus (installed with Adobe Flash as an optional download) is not recommended but shouldn't conflict.

Finding Help

While there are some generic similarities between security products (they provide the same function), you'll need to see help specific to the program(s) you're running.

I suggest that you seek help on the support website for your product then try the support forum if you have no luck. Try searching for your specific problem, using an error message or similar search criteria.

Generic searches on the Web can be helpful, but you'll need to ensure that the suggestions don't get you into more trouble or land you on a malicious site.

Return to top

Evaluating Antivirus Solutions

Microsoft Security

Microsoft enables the Windows firewall by default and checks for the presence of a current antivirus solution and scans for malware with Windows Defender.

These provide a base-line protection but are insufficient on their own.

Use a Security Suite

A security suite that includes all the security protection is recommended rather than shopping for various components.

Assessing Antivirus Solutions

Several websites and magazines evaluate antivirus and other security products. Be sure to include your specific needs into the evaluation process. Often one product will excel in one area but be weak elsewhere and these change as products evolve.

False Positives

The number of false positives (safe files tagged as viruses) should be few or none. Most antivirus programs look for certain traits that are common to virus activity to detect unknown threats. Unfortunately, this can tag legitimate program files — obviously creating issues for the person depending upon the A/V program.

Automatic Scans and Updates

Ensure that your security software will update automatically and provide for a scheduled scan to detect issues missed while running a realtime scanner (the one that checks files as they are opened).

Many people simply don't add protection and fail to ensure it is updated frequently (it is like not having health insurance or ignoring expired health insurance).

Return to top

www.RussHarvey.bc.ca/resources/antivirus.html
Updated: September 22, 2016

Protecting your computer from viruses, spyware and other threats

Current Alert Listings

Ransomware | Server Vulnerabilities

Checking For Alerts

You can find current alert listings on the AVG, McAfee, F-Secure and Norton websites.

If you think you might have triggered a virus on your computer view the screen shots of several virus infections.

Ransomware

Holding Your Digital Life for Ransom

Ransomware is a form of malware that encrypts your most valuable data files (like Office documents, music, and photos) and demands a ransom for the encryption key.

CryptoLocker Started it All

CryptoLocker, released in 2013, demanded a significant ransom fee in BitCoins payable within 72 hours or the encryption key (the file needed for recovery) is destroyed.

CryptoLocker spread through ad networks but ransomware can be spread via email or TOR networks.

New Variations

While the botnets distributing CryptoLocker have been stopped, it has since morphed into new variations such as CryptoWall, CoinVault, TorrentLocker and Cerber which don't respond to CryptoLocker solutions.

Ransomware Resources

Server Vulnerabilities

Heartbleed, ShellShock & Poodle

2014 saw headlines about Heartbleed in April followed by ShellShock (or the “Bash Bug”) in September then Poodle in October.

Although these affect mostly servers (the computers that host websites and cloud services), we are all vulnerable because we use the services they provide.

Heartbleed

The Heartbleed bug official site -- click to learn more.

Heartbleed is a widespread security bug that affects webservers (OpenSSL runs on 66% of the Web). Until fixed, there was the potential for hackers to be able to obtain user names, passwords and credit card numbers that have previously been used on affected websites.

It's not enough for companies to simply patch the copy of OpenSSL — the software at the root of the Heartbleed bug. Companies must also revoke and reissue digital certificates for their Heartbleed-vulnerable sites. — Mashable

ShellShock (“Bash Bug”)

Named for the GNU Bash shell the biggest threat is to web servers, but many other devices that make up the Internet of Things could be more at risk and more difficult to patch.

ShellShock affects most versions of the Linux and UNIX operating systems, but also Mac OS X, which is based around UNIX.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. — Symantec

Poodle

Poodle is a potential vulnerability discovered by Google which takes advantage of “legacy” support for an older (and vulnerable) security protocol by current servers and browsers. By fooling the server into believing the newer TLS protocol is not available, forcing them to use SSL 3.0, even if a newer protocol is supported by that server.

Poweliks

A new malware program called Poweliks attempts to evade detection and analysis by running entirely from the system registry without creating files on disk, security researchers warn. — PC World

Difficult to Detect or Remove

Poweliks is malware that avoid detection by running completely in the Windows Registry — there are none of the usual file on the hard drive for your antivirus program to check for.

ZoneAlarm Extreme Security detects and blocks attachments infected with Poweliks and other similar malware via Threat Emulation if activated.

Return to top

Related Resources

Related resources on this site:

or check the resources index.

Return to top


If these pages helped you,
buy me a coffee!