Russ Harvey Consulting - Computer and Internet Services

Security Software

Antivirus, Antimalware & Firewall Protection

Software | Evaluating Solutions | Fixing Issues
Update Your Software | Current Alerts | Hoaxes

Protecting your computer from viruses, spyware and other threats

Too many lack security software or fail to frequently update it if they do.

Depending on your operating system, adding antivirus protection beyond what's built in ranges from a good idea to an absolute necessity.
PCMag

If your security fails, you pay a high price — lost data and reduced productivity.

No Excuse

You have no excuse for not running security software.

Many vendors offer FREE versions of their security software for personal use.

You Need a Security Suite

Having antivirus-only protection is no longer sufficient. Your computer must be protected by a security suite.

That means an up-to-date security suite that is currently maintained.

The security suite must include antivirus, antimalware, anti-phishing, anti-ransomware, keylogger & screengrabber protection plus an effective advanced two-way firewall.

  • Multi-faceted and simultaneous blended threats can overwhelm any protection unless the software is designed to deal with all of them simultaneously.
  • Because threats develop and change so rapidly, current security software relies more upon recognizing malicious patterns of infections than databases of past attacks.
  • Some infections are difficult to repair, particularly ransomware which encrypts your data and extorts money via untraceable bitcoins.
  • Malware (sometimes called spyware) can go unnoticed yet risks your privacy by stealing information and slows down your computer. Protection is specialized software with access to a current database of malware and removal instructions.
  • Keyloggers capture key strokes including passwords and other private information. There are both hardware and software keyloggers.

VPN Recommended

Because so many of us are mobile (and because of the massive profiling and collection of personal data) a VPNs has become necessary.

Not all software is as effective.

Keep ALL Your Software Current

Ensure your protection is always current.

The security battle is a cat and mouse game between malicious actors and security software companies. New threats can overwhelm your security software, especially if you don't update it regularly and upgrade it when no longer supported.

In addition to running current security software, you must ensure that your operating system and the programs on your system are all current for your computer to be protected from zero-day and newly discovered vulnerabilities.

Business Users

Businesses need to invest in excellent security software.

Just as you install alarm systems and good quality locks to protect your physical premises, you need to protect your virtual premises. For too long this computer security has been ignored.

Lost Productivity & Credibility

Businesses that fall victim to ransomware or a security breach suffer irreparable damage to their reputation and will certainly lose productivity.

Consider Your Investment

Consider what you've invested into your computer and software (never mind your time and data).

Recovery Can Be Expensive

Recovery can be expensive (if possible at all) and you'll be without your computer while it is in the shop. What would that downtime mean to your personal or business commitments?

If you had simply purchased decent security software and trained your staff in security basics in the first place you may have avoided these costs.

Backups Ensure Data Recovery

Keep a current backup of everything important to you. These backups are your only method of recovery if an undetected threat cannot be treated.

In the worst case scenario, you could purchase a new computer and software, but your data is irreplaceable. A secured backup would be priceless.

Ransomware Recovery

Most current security suites provide some protection against ransomware but failure could be catastrophic.

Backups to devices continually connected to your computer are just as vulnerable to ransomware as the computer itself. Ransomware is starting to target cloud storage because that is where the data has gone.

No Guarantees

Several companies provide tools that can help recover files if you send them a copy of an encrypted file with the unencrypted original to help determine the correct recovery tool but there is no guarantee. Ransomware is a rapidly evolving risk.

Paying Ransoms Foolish

If you choose to pay the ransom, you're only making future attacks more likely. You can't be certain that you'll be provided a recovery key or that your system is safe afterwards.

Remember, you're dealing with electronic blackmailers (crooks).

Some security companies appear to negotiate with the ransomers. If true, that seems too much like a symbiotic relationship, encouraging future ransom attacks.

What About the Mac?

The Mac has a reputation for being safe without an antivirus, but it is time to change that opinion. Macs outnumber PCs in Starbucks these days.

macOS X is more secure than Windows. macOS used to be considered a fully secure operating system with little chance of security flaws, but in recent years we have seen hackers crafting additional exploits against macOS. — Forbes

You need to be running decent security (antivirus) software on your Mac.

What About Linux?

Like Macs, many Linux users are under the impression that they don't need antivirus protection. Again, it is time to change that opinion.

Linux is considered to be more secure than other operating systems. However, it's increasingly a target of attackers, as Linux systems are used for critical roles like, web servers and internal file servers. In addition to being susceptible to Linux-based and cross-platform exploits, unprotected Linux machines can also become distribution points for Windows, Mac, and Android malware. — Sophos

You need to be running security (antivirus) software on your Linux computer.

AV-TEST.org doesn't yet test Linux security software (it has a much higher profile in server software) but that time is coming.

You Need to Be Vigilant

Many threats, including ransomware, evolve rapidly and use zero-day vulnerabilities (weaknesses in software that are exploitable even before they are discovered).

Security software using virus signatures can only protect you against known threats. Newer or evolving threats are harder to detect so most security software looks for unusual or malicious activity (threat emulation) to prevent unknown threats from infecting your computer.

Prepare for Disaster

Be prepared for disaster before it happens. Backup your data regularly so you'll still have a copy of your data if you're infected. You'll lose what isn't backed up, particularly in the case of ransomware, so schedule accordingly.

A USB thumb drive or portable drive with copies of your most current documents between backups can mean the difference between losing a week's work or rapid recovery.

Hidden File Extensions

Windows hides “known” file extensions by default. They are known to Windows, but many users don't understand the risks or which files can infect their computer.

Several file types (including .EXE, .SCR, .COM and .BAT) are not safe to open, especially when received as an email attachment.

You should change your settings to unhide known file types.

Disable Macros in MS Word

Macros contained in an attached Word document attached to a spam email are commonly used to infect your computer. You should disable macros in MS Word.

Open a Word document, select Options, click on Trust Center then Trust Center Settings then Macro Settings. Choose “Disable all macros with notification.”

Watch for Unusual Activity

You need to be vigilant and wary of what you download and install. If you notice unusual file activity you might want to disconnect your network connection.

While you may not protect your own data, disconnecting from the Internet can protect other computers and devices on your network, particularly if you share files between them.

Avoid Risky Behaviour

People tend to value convenience over caution.

Like any other piece of malware, common sense goes a long way. The critical thing is it's not going to install files by itself. You have to initiate some action. — Jason Glassberg

Be Wary When Opening Email

Malware generally spreads though malicious email attachments (including JPG images, documents and ZIP files) leaving you susceptible to data loss and identity theft. Trustwave's Tale of the Two Payloads is an example.

Links Can Be Faked

Links that don't go where indicated by the linked text can be used in emails, websites or text messages to misdirect. See how to tell fake links.

Be wary of recent (short-term) domains and shortened links like those used on Twitter.

Oversharing on social media?

Information posted online, particularly in social media, can be use to personalize attempts to scam you. They can also be used to hack your passwords.

Return to top

Security Software

While you can purchase security packages in retail stores, online sites offer software at reduced rates, with 24-hour access, instant updates, and on-line technical support. I suggest only purchasing directly from the vendor online.

Be sure to save a copy of the downloaded installation file and license (preferably on removable media so you can reinstall it if you need to repair it or suffer a catastrophic loss of your operating system).

Not All Products As Effective

Assessing and comparing security products is difficult. Reviews are essentially taking a snapshot of a series of products at a single point in time. Some products will have just completed an update that causes them to rate higher, yet those results could be different in a week or a month because security software deals with the ever-changing world of online threats.

AV-Comparatives.org tests -- click to see live results.

AV-Comparatives.org tests can show significant variations in the ability of different security products to prevent infections:

  • green were automatically blocked;
  • yellow were user dependent; and
  • red were compromised.

These results vary by month as vendors update their products and fix issues. I strongly recommend checking the reviews of products suitable for your operating system:

Recommended Security Solutions

ZoneAlarm Extreme Security

I strongly recommend ZoneAlarm Extreme Security for complete security protection on Windows computers while protecting your privacy.

ZoneAlarm also provides a separate Anti-Ransomware service for a monthly fee. This is an additional protection on top of your primary security software. ZoneAlarm Extreme Security includes ransomware protection.

Check Point ZoneAlarm Anti-Ransomware is the most effective ransomware-specific security tool we've seen. In testing, it showed complete success against all of our real-world samples. — PC Magazine

Recommended Alternatives

  • Kaspersky Antivirus is very highly rated and is recommended for Macs and as an alternative. I prefer the version licensed with ZoneAlarm (Windows only) for more comprehensive protection.

Mac and Linux

The Mac and Linux have traditionally been safer than Windows for security, but this is no longer true for either Mac or Linux systems.

Free Antivirus Solutions

I strongly recommend sticking with a paid subscription because it will offer more frequent updates, better security and your requests for help will always get priority over similar free products. Some free versions may not perform as well as you expect.

In its recent endurance test, which was carried out over a period of 6 months, AV-TEST tested 18 Internet security suites for their protection, performance and usability. The test shows: more than two-thirds of the protection packages can be recommended, but the best performance does cost some money. Paid software packages are also the most secure. — AV-TEST

The cost of repairs to your computer if a free product fails will far exceed the cost of most security products. However if you truly can't afford it, there are basic (and sometimes excellent) free protection for home users.

ZoneAlarm Free Antivirus + Firewall

Free Antivirus + Firewall is an excellent free option for personal use but ZoneAlarm Extreme provides better protection and coverage.

ZoneAlarm isn't compatible with any other security software except MS Windows Defender. ZoneAlarm products are only available for Windows computers.

Windows Defender

Windows Defender (now called Windows Security Center on Windows 10 systems) has much better reports than previously. Effective protection requires a fully-updated Windows 10 system.

The modern-day Microsoft Windows Defender Security Center protects against Trojans, viruses, ransomware, and other types of malware, but it also manages your security overall. It's always active on systems that have no other antivirus installed. If you install a third-party security solution, Windows Defender's antivirus component goes dormant, to avoid any conflict. We salute Microsoft for ensuring that all users have at least some degree of antivirus protection. Our latest testing suggests that Defender does a good job. — PCMag

Defender's biggest plus is its minimal impact on system resources. It also offers a Offline Scan which can scan for and delete persistent malware before it has a chance to load.

However, Defender doesn't yet warrant eliminating other protection.

Windows Defender's own developers seem to consider it a Plan B, rather than a main solution. If you install a third-party antivirus, Windows Defender goes dormant, so as not to interfere. If you remove third-party protection, it revives and takes up the job of defense again. The best antivirus programs, even free antivirus tools, perform significantly better in testing and offer more features. — PCMag

What About Other Antivirus Solutions?

Other products may be excellent security software solutions but I have not personally tested them recently. Some require significant system resources (mainly RAM) and most have a firewall inferior to ZoneAlarm Extreme, my recommended solution. More about evaluating solutions.

Microsoft Security Essentials

I don't recommend Microsoft Security Essentials (a beefed-up Windows Defender). Support for new installations ended with the end of Windows 7 support, but existing installations can get signature updates until 2023.

Malwarebytes

Malwarebytes can be downloaded and installed for free. However, without a premium subscription, it doesn't automatically scan your system and recent tests by AV-Test were less than stellar.

It is a good interim solution for checking an unprotected (infected) computer. Long-term security is not provided by the free version.

ISP-Provided Packages

Many ISPs include security software protection either as a part of their regular services (some charge a fee). I've not been impressed by any I've seen. Most are intensive memory hogs.

Many ISPs automatically check email for spam and viruses. You still need an installed security suite to protect your system.

Return to top

Evaluating Security Software Solutions

Often one product will excel in one area but be weak elsewhere so be sure to include your specific needs into the evaluation process. Both the strengths and weaknesses of specific products can change over time so be sure to view a current assessment.

Don't trust blanket statements that say that the code is “military-grade” or “NSA-proof” these mean nothing and give a strong warning that the creators are overconfident or unwilling to consider the possible failings in their product. — EFF

Avoid creating your own “suite.” Running multiple security programs can conflict with each other and prevents detection rather than improving it. One security program can appear to be attacking the system when viewed by competing security software.

  • Purchased software generally offers better protection, especially when threats are evolving quickly.
  • Free software provides protection for those that truly cannot afford to purchase protection.
  • Free security software is not licensed for businesses.
  • Verify the system requirements (optimally the recommended rather than minimum requirements) to ensure your computer has enough RAM (memory) and available disk space to run the software.

Security addons like browser extensions can increase your vulnerability and threaten your privacy.

Microsoft Security

Microsoft enables the Windows firewall by default and checks for the presence of a current antivirus solution, enabling Windows Defender if security software is not detected.

Base-line Protection

These capabilities provides for a base-line protection on a fully-updated Windows 10 system but is insufficient on its own.

Third-party security software is designed to work alongside Windows Defender (but no other security software).

Use a Security Suite

A security suite that includes all the security protection is recommended. Avoid shopping by component to meet your needs.

Consumer Protection

Companies that use misleading language or outright lie about the suitability of software need to be exposed.

Avast is harvesting users' browser histories on the pretext that the data has been 'de-identified,' thus protecting your privacy. But the data, which is being sold to third parties, can be linked back to people's real identities, exposing every click and search they've made. — PCMag

Consumers don't have the ability to assess claims made by software vendors.

No consumer would realistically have an inkling that their antivirus software could be selling their browsing data and—even more sensitive information such as mouse movement — to an array of third parties. — US Senator Mark Warner

Consumers, including small businesses, can check out the evaluations found on reliable websites and magazines to evaluate antivirus and other security products.

I strongly recommend AV Comparatives for independent reviews of antivirus software.

False Positives

The number of false positives (safe files tagged as viruses) should be few or none. Most antivirus programs look for certain traits that are common to virus activity to detect unknown threats. Unfortunately, this can occasionally flag legitimate programs.

Files such as password hacking utilities for recovery specialists are legitimate but can be flagged by security software. This sort of software should not be on most people's computers.

Automatic Scans and Updates

Ensure that your security software will update automatically and provide for a scheduled scan to detect issues missed while running a realtime scanner (which checks files as they are opened).

Enterprise Protection

Enterprises should consider a Managed Security Services Provider (MSSP) because these larger businesses involve a different level of risk.

Return to top

Issues with Antivirus Software

No security software is ever a finished product. Conditions are continually changing and, without constant updates to both the product and its methods of detection, the software cannot do the job it was designed to do.

First, Check for Updates

At any one point in time, specific security products can be more or less effective than their competition.

Ensure that there are no updates available starting with new virus definitions (installed automatically) then seek newer software versions (requiring manual download and installation).

Scan Your System

Once everything is updated, do a complete scan of your system including archived (zip) files.

Multiple Security Products can Conflict

If updating your software doesn't resolve issues, you need to verify that there are no competing security products installed on your system.

Competing security programs can conflict with each other.

Today's programs use “threat emulation” to detect new and unknown threats which looks like malicious activity to a second security program. Rather than improving security, multiple products leave your system vulnerable.

  • Microsoft's Windows Defender and Windows Firewall are generally either allowed or disabled by most security software.
  • McAfee Security Scan Plus (installed with other software as an optional download) shouldn't conflict but is also unnecessary.

Use a Security Suite

I strongly recommend installing a decent security suite rather than independent antivirus, anti-spyware, anti-ransomware and firewall programs to avoid bloat and ensure compatibility.

Finding Help

While there are some generic similarities between security products (they provide the same function), you'll need to locate help specific to the program(s) you're running.

Start with Vendor's Site

First, seek help on your product's support website and their support forum. Search for your specific problem, using an error message or other specific search criteria.

Internet Searches

Generic searches on the Web can be helpful, but you'll need to ensure that the suggestions don't get you into more trouble or land you on a malicious site.

 

Maintain Your Software

All software requires maintenance.

Update Security Software

Regularly download and install security software definitions and program updates.

  • New virus and spyware definitions usually update automatically.
  • Even though your security software updates automatically, it is a good idea to regularly update manually.

Major updates provide new features while interim updates fix security gaps.

Install Program Updates

If you download an update from the Web, it has to be manually installed by clicking on the downloaded installer.

Update Your Operating System

Set your operating system to automatically check for updates.

It is also a good idea to check for updates manually.

Updates Improve Security

Updates to your operating system do more than install new features.

Updates remove zero-day vulnerabilities and improve security.

Service Packs

Service packs are significant updates to your operating system and provide a baseline for maintaining security.

Windows 10 now has two feature updates per year, spring and fall, as well as periodic security updates.

Obsolete? Upgrade or Uninstall

Upgrade or uninstall any software that becomes unsupported.

  • Don't run unsupported versions of any operating system.
  • Upgrade your software when your vendor no longer offers security updates.

Base Engine Updates

Some security products don't update the base engine automatically.

You may need to purchase the newest version to get current security but check to see if you can download an updated version from the vendor's site first.

Microsoft Programs Vulnerable

Built-in programs are tightly tied into Windows and vulnerable even if you're not using them.

  • Microsoft Office vulnerabilities have been used to compromise email programs and inject threats into the system's web browser.
  • Microsoft Edge cannot be uninstalled so it needs to be updated, even if you're not using it.
  • Internet Explorer is obsolete and pending removal in Windows 10.

Return to top

Hardware Issues

Some vulnerabilities are hardware-based.

Spectre and Meltdown

Meltdown and Spectre were discovered in early 2018 that affects virtually every computer and mobile device produced since 1995.

Hardware released after 2018 shouldn't be as vulnerable. New processors have been re-engineered to avoid a similar problem in the future.

Security Patches

The patches significantly affect system performance and AMD restart issues.

Return to top

Current Alert Listings

Checking For Alerts

You can find current alert listings on the AVG, Bitdefender, F-Secure, McAfee and Norton websites.

Error Messages

If your security software generates an error or detection message, you can use that to learn more about what was detected by searching the web using the identifiers.

Different vendors can describe the same infection differently.

Fake Error Messages

Beware of fake error messages.

Return to top

Be Wary of Hoaxes

There are many forms of hoaxes, including social media, news reports, emails and websites. See: hoaxes, urban legends & fake news.

Know Your Security Software

The best defense is to keep your protection current and to know how your security software displays its warnings.

Legitimate security software will list the actual threat, not simply tell you there are hundreds of infected files.

I will only discuss those concerning computer warnings in this section.

Fake Virus & Spyware Warnings

Watch out for “ads” on websites that "find spyware on your system."

These websites are simulated (but realistic-looking) “infection reports.”

Once installed, the software displays fake alerts, then offers to remove them only if you purchase their product.

Popup Messages

Popups telling you that you're infected or that security problems have been detected are seldom true except those generated by your security software.

Don't fall for these tactics. They are rip-offs or fakes.

Telemarketing Scams

You many also receive calls from telemarketers telling you your computer is infected.

Simply hang up.

Related Resources

Related resources on this site:

or check the resources index.


If these pages helped you,
buy me a coffee!


 

Return to top
RussHarvey.bc.ca/resources/antivirus.html
Updated: March 20, 2021