Friday, February 29, 2008

On Antivirus Applications, Malware, and Safety on the Net

Over the years I've tried numerous antivirus apps. I've used several versions of Norton, used McAfee, Kaspersky, Avast, AVG, Panda, and Nod 32 from Eset. For years Norton was the standard with McAfee a close second. Around 2003 or so Symantec the maker of Norton piled on the features and became ridiculously bloated and unmanageable. Around this time I tried Panda which sounded better and in fact slowed my computers down far less, and seemed very effective. I've tried AVG and Avast both excellent for free software. AVG in particular is a lightweight application that seems effective.

Lately after reading a recommendation in PC Magazine I decided to give Norton 2008 a try. The new version of Norton is less hassle than the old versions and seemed to slow down my PC less. I was happy with it until it did its daily scan, at that point everything slows way down. I frequently have 3-5 applications open at once and often have Firefox and or IE 7 open with multiple tabs. But when AVG or Nod 32 are running scans I saw little or no performance hit. Another point of annoyance is that I also have an IBM ThinkPad which has Symantec's corporate edition of Antivirus and Firewall. This application runs extremely fast both in the background and when doing scans. Why can't Symantec use this antivirus engine in their consumer grade product? Why does their consumer grade product suck so badly compared to the corporate version? I've noticed pretty much the same thing with McAfee which I use at work.

Of course do antivirus suites work anymore? With today's virus and spyware writers having the huge monetary incentive to keep crap from being removed from your machine probably the best antivirus/malware is the end user.

Some general rules to live by in today's computing world are:

  1. Keep Windows updated, keep your Automatic Updates on and set for a time your machine is usually running.
  2. Keep your Virus and antispyware definitions up to date.
  3. Scan your machine daily, with antivirus and antispyware. Run only one antivirus but use multiple antispyware tools. Generally it's best to run only one antivirus at a time. However you can run as many antispyware tools as you like. The 3 best known free spyware programs are Ad-aware, Spybot Search and Destroy, and Microsoft Defender. It also makes sense to run a commercial antispyware program such as Spyware Doctor. All of these programs can be had at
  4. Do most of your computing especially online work as a limited user. Not operating as an administrator is always safer even if you are using a Mac or Linux system.
  5. Don't click on links in an email. Never log on to EBay, PayPal, or any online financial site from a link in an email. Always type in the website manually to go to your bank or EBay account.
  6. If you have teenagers using a family computer always have them log into the computer on a non-administrator account. Consider using Microsoft Windows Steady State program which will undo any changes done to the hard drive by limited users at the next re-boot. This program works great but may be a little on the geeky side. It does take some time to set up properly, but I've been playing with it and find it quite remarkable. Its designed to be used on public computers, such as in libraries so at the end of the day the administrator just re-boots the machine and it returns to its pre-configured condition.
  7. Use Internet Explorer 7, Firefox, or Opera. Internet Explorer 6 is notoriously insecure and should be upgraded to 7 ASAP. Even IE 7 should only used for windows update on Windows XP. Firefox or Opera are generally less targeted by hackers and mal-ware writers. Firefox is getting more popular and is now becoming a target for exploits more and more. Use the add on, "No Scripts" which allows users to opt in for sites running scripts. "No Script" disables all scripts on a site until the user allows scripts to run hopefully preventing dangerous java script exploits from unknown or miss typed URLs. Vista users are safer in IE 7 than XP as Vista runs IE 7 in "protected Mode" which attempts to sandbox the browser from the hard drive. IE 7amp; also has a fairly effective phishing filter, which notifies the user if the link you clicked on in an email isn't taking you to the banking site you thought you were going to.
  8. Use Windows Vista, if you can. Windows Vista was built with a priority of safe computing being one of Microsoft's primary goals. Unlike Windows XP which claimed to be safe when first released Vista truly does have a number of features that make you safer. The UAC or User Account Control is a feature similar to account permissions contained in most UNIX based OS's, that asks for an administrator's password whenever the user install software, hardware, or changes the system in a major way. This has saved me, it can save you from, "drive by malware attacks" where just browsing to a website with malicious code and infect you without clicking on anything.
  9. Use virtual machine software such as Microsoft Virtual PC or similar software from VMware. Or a simpler solution is to use Sandbox IE. Sandbox IE allows you to use your browser in a "virtual sandbox" that protects your computer from malware as long as you don't save anything to your hard drive.
  10. Last but certainly not least, use a nat router. A cheap but effective router either wired or wireless is a must have, in today's online environment. A router will reject traffic from the Internet that was unsolicited thus effectively acting as a hard ware firewall. Even if you only use 1 PC and it's connected to your modem, you should put a router between you and the internet. This applies to high speed connections of course, I'm not sure they make routers for dial up. Dial up users should probably use a third party software firewall such as Zone Alarm or Comodo both are free and work quite well.

No comments: