Since the days of DOS, we have been told to install an antivirus program on our computers to keep our computers protected from viruses and other malicious software. Over the years, though, malware developers have become more advanced in their development of malware to the point where many antivirus programs are constantly playing catch up, or have failed to find malware installed on a computer.
Antivirus programs have also become more advanced in how they have detected malware, but have fallen short of protecting a computer 100% from various malware. In reality, most antivirus products are “reactive protection” from malware, and not “proactive protection”, meaning that they are able to find and remove malware once the malware has infected computers. While antivirus programs are still an important piece of securing your computer, it is now recommended to have a layered defense when it comes to security.
Protecting Your Computer with a Layered Defense
The most common way that a computer is infected is from the Internet. Malware can be installed on your computer from various sources – websites, e-mail, file-sharing, and other servers/computers that can connect to your computer.
There are many software and hardware that is used to connect to the various locations on the Internet, and each location should be involved in the defense of your computer. One weak spot in your defense could compromise the security of not only your computer, but also your network.
There are many areas that you should look at when developing the defense of your computer. Here are some that you should think about securing:
Router
The router is the gateway to the Internet from your computer and any device that connects to your local area network. If this isn’t secure, not only will your computer not be secure, but any device on your network won’t be secure.
Besides securing your router – especially for wireless routers – to prevent unauthorized access to your network, you can also block specific malware from reaching your computers and communicating back to servers on the Internet. This is done by changing the DNS servers on your router.
A DNS server is used by software – such as a Web browser – to translate the URL that you enter into the browser into a unique IP address. The IP address is the location of the server that the URL points to on the Internet.
A service I recommend for DNS servers is OpenDNS, which is a free service to use. OpenDNS allows you to block specific websites that can be harmful and could contain malware – think porn sites. OpenDNS can also block many advertising that have been known to also spread malware, and block malware from communicating back to a control server on the Internet.
By signing up and using OpenDNS, and then changing the DNS servers in your router to point to the OpenDNS servers, you then force all devices that are connected to your router to use OpenDNS.
Web Browsers
Your Web browser is probably the most popular application you use to get access to the Internet, so you will need to make sure you take the time to properly keep it as secure as possible. The most popular advice for secure browsing is to use an alternate browser besides Internet Explorer. There are other options, such as Firefox, Chrome, Opera and Safari.
Some Web browsers support add-ins or plugins. These little applications can be installed to add more features to a browser. Two add-ins I recommend are ones that prevent JavaScript from running from a domain automatically (NoScript for Firefox and NotScripts or Chrome), and an ad blocker that prevents ads from displaying automatically.
Many browsers also prevent Flash from loading automatically until you click a button, which is a great security feature, but if your browser doesn’t have such a feature, there may be an add-in that supports such a feature.
Anti-Malware Programs
Besides installing an antivirus program, you should also look at installing an anti-malware application. Anti-malware applications usually can detect more malware than the average antivirus application. Unlike antivirus applications, you can install multiple anti-malware applications on a single computer.
The main benefit of installing multiple applications is that each anti-malware application may be able to detect malware that another application could not detect.
Managing What is Installed
Having fewer applications installed reduces the attack area for malware. Many applications have security holes that can be exploited by malware, so installing only applications that you use reduces the chance of malware exploiting such holes.
The most “attacked” application on the planet now is Java. While Java does have its uses, the average home user won’t need Java installed. By uninstalling Java, you have essentially remove one of the largest target of malware developers.
If you need Java installed, you should prevent it from running in your Web browser, which can be done from the Java Control Panel applet.
Next on the list is Adobe Reader, which can easily be substituted for another PDF reader or even a Web browser such as Chrome and Firefox. There are many free, smaller, readers that may suit your needs. Adobe Reader is also a favorite target of malware developers.
Third is Adobe Flash, which is still needed for many websites so you may not want to remove it from your computer. With Adobe Flash, the best you can do to keep your computer protected is to always keep it updated.
There are two applications that I do recommend you install. The first is Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), which is used to help secure your applications while they are loaded. EMET helps mitigate malware from exploiting security holes in applications.
The second application you should install is Secunia’s Personal Software Inspector (PSI). This program will notify you if any application that is installed on your computer needs to be updated. PSI can detect if updates are available for hundreds of programs, so it can help you keep most of your applications updated.
You should take the time to go through the list of applications installed on your computer and uninstall the applications that you no longer use to reduce the chance of malware exploiting a security hole.
Keep Your OS Secure
In the Windows world running with an administrative account was the way of life. Starting with Vista, Microsoft has changed that way of life to the point where you don’t need to run with an administrative account on a daily basis. I have run my Windows 7 computer for over 4 years with a standard user account and have had no problems.
Running with a standard user account can help mitigate over 90% of vulnerabilities in Microsoft products. If you need an administrative account to perform an action on the system, such as change a setting or install an application, Windows will prompt you for the administrator’s password.
The other thing you need to make sure is that you keep your computer updated. Companies regularly release updates that include security fixes that you should install. Microsoft released updates on the second Tuesday of every month, unless there is a critical security issue that needs to be addressed before the next update.
Common Sense
Of course, the biggest security tip that I can give is to use common sense. Regardless of how much security you carry out, not using common sense can make any security useless.
Ensure you know what you are opening both in an e-mail and online. For e-mails be careful of attachments, and for websites, don’t download anything you didn’t request.
For applications, make sure you take the time to read through the screens of the install to make sure you aren’t installing any other application, such as toolbars. This is a common problem I see on many computers – opening a browser and seeing five toolbars load.
While an antivirus program is a necessity, much more is needed to make sure the security of your computer. There are many layers to security, and you need to make sure you take the time to make sure you have implemented a layered defense.