Cybercriminals design malware to exploit vulnerable systems without user interaction being required – on the one hand, and craft attacks that take advantage of unaware computer users, in which user interaction is required – on the other hand.
The second part, of this two part attack approach, can only be defeated if the computer user is aware of current Internet threats. So, knowledge and experience, are critical ingredients in the never ending, and escalating battle, against cybercriminals.
In order to defeat attacks which rely on exploiting vulnerable systems, the preferred method to do so, is the implementation of a layered security approach. Employing layered security should ensure the swift detection of malware, before any damage occurs on the targeted system.
We live in a world in which we are surrounded by “buzz words”, and it seems that I’m occasionally guilty of using buzz words in writing this Blog. Buzz words which don’t always adequately explain a point, or which interfere with a readers understanding of a concept.
This was brought home to me recently when a regular reader emailed me privately; asking that I explain layered security. As I considered this, it occurred to me that this was a very legitimate question. From a reader’s perspective – just what is “layered security”?
What is layered security?
Let’s take the “buzz” out of layered security. Layered security, in its simplest form, consists of stacking security solutions, one on top of the other, to protect a computer from current, and zero day malware attacks (malware for which there is yet, no programmed defense).
Why do you need it?
The answer is pretty simple – gap management (words that are well know to consultants). In other words, no single security application is capable (nor should we expect a single application to be capable), of providing adequate computer system protection. Gaps exist in protection capabilities in even the most sophisticated security applications.
Layering (or stacking) security applications, offers the best chance of remaining infection free, by closing these gaps. Keep in mind however, that even the best layered protection strategy will not make up for the lack of experience, and intuitiveness, of many computer users. So, I’ll repeat what I said earlier “knowledge, awareness, and experience are critical ingredients in the escalating battle, against cybercriminals”
A consumer layered security approach: recommendations.
Backup – While you may not think that a backup strategy forms part of a layered security approach to Internet security, it is, without exception, a most crucial part. Consider where you would be if your layered security strategy failed. If you’ve ever lost critical data to a malware infection, no doubt you already consider it of primary importance.
Free backup utilities are readily available – see “Hard Drive Cloning is Easy with Free Easeus Disk Copy” and “Free DriveImage XML – “The Best Way to Backup Data?”, on this site.
Operating System and Application Patch Management – Again, this is an area that is often not considered as critical by many users. In a recent survey, Secunia, the Danish computer security service provider, well known for tracking vulnerabilities in software and operating systems, concluded that less than one in 50 Windows driven computers, are totally patched.
To stay ahead of the curve in this critical area consider downloading, and installing, the free Secunia Personal Software Inspector, which will constantly monitor your system for insecure software installations, notify you when an insecure application is installed, and even provide you with detailed instructions for updating the application, when available.
Firewall – Simply put, a firewall is an application, or a hardware appliance, designed to block unauthorized access to your computer from the Internet, at the same time permitting authorized communications.
There are many free Firewalls available, but many can be intrusive and not really appropriate for casual computer users. PC tools offers a very robust, uncomplicated, free Firewall, and more information is available here, “ PC Tools Firewall – A Freebie Worth Having”.
Antimalware – A front line antimalware application is absolutely critical to avoid system infection. Your primary application should be supplemented by an on-demand scanner (part of the stacking approach).
There is no harm in downloading more than one antimalware application to be used as a secondary scanner. In fact, doing so can be advantageous. However, be sure NOT to allow more than one application to autostart, in order to prevent conflicts. For a list and download links to recommended free antimalware applications, including secondary scanners, see “Tech Thoughts Top 8 Free Antimalware Applications”, on this site.
Antivirus – An antivirus application is another critical component in a layered defense strategy to ensure that if a malicious program is detected, it will be stopped dead in its tracks!
Avira AntiVir Personal (see “Free Avira AntiVir Personal Protection – Get the Real Deal!” on this site), is a very effective application which offers scans for viruses, Trojans, backdoor programs, hoaxes, worms, dialers and other malicious programs.
It’s simple interface provides access to a command structure, that makes it easy to repair, delete, block, rename and quarantine programs, or files.
Web Browser Security – Install a free Internet Browser add-on such as WOT (my personal favorite). WOT tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe web sites.
System Isolation – An isolator is a security application which dynamically isolates Internet applications including Web Browsers, Chat Clients, Email Clients, and so on. Isolators, or sandbox applications, prevent damage from intrusions and malicious software: viruses, worms, spyware, key loggers etc., including disallowing rogue software from being installed. To understand this concept more thoroughly, please see “Free GeSWall Isolates You From Cybercriminals”, on this site.
Zero Day Protection – Since most viruses, worms, Trojans and other types of Internet threats only last 24 hours, how do security applications that rely on a definition database to identify malware files (most anti-malware applications), keep up with this onslaught? The simple answer is; they don’t.
Threatfire, from PC Tools is a terrific security application which covers the vulnerability gap with respect to zero-day threats. ThreatFire blocks malware (including zero-day threats) by analyzing program behavior (heuristics), based on the theory that if it looks like a crook and acts like a crook, then it must be a crook, instead of relying only on a signature based database.
For additional information and a download link please see “Protect Yourself Against Zero Day Internet Threats with Free ThreatFire From PC Tools”, on this site.
The Internet is an uncertain world at the best of times, but by protecting your computer using a layered approach, you will reduce the chances of malware infections very substantially.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Bill Mullins' Weblog - Tech Thoughts 
Hi,
Thanks for this useful article. Good job.
Best regards !
Thank you Murphy – appreciate you dropping by.
Bill
Bill,
Hmm, I think I finally get it.
Liam
Hey Liam,
Happy to hear that this article was helpful.
Bill
Hey Bill,
Excellent advice, and advice which I follow. One other thing I do a couple of times a week is use an online virus scanner, Panda Active Scan. As I write this, it is scanning my system, as something strange occurred a little earlier, the system froze up, and when I rebooted, my firewall had reset to default, which meant my custom settings had disappeared. None of my realtime scanners alerted me to anything, so to be on the safe side, I am running the online scan. So far, so good.
Mal
Hey Mal,
Using Panda Active Scan is a definite plus – very good advice.
I would be concerned as well in the circumstances you describe, so the scan/s is definitely the way to go. It’s unlikely that you’re dealing with an infection but…..
I’ve often found that when an application does not install properly, the symptoms you describe can occur. This happened to me (again), in just in the past few days. You might want to consider, running a scan with HiJack Thisand Auslogics Task Manager . ATM will give you a safety rating on running applications, processes, and services. Finally, consider running an application like CurrPortsto ensure that your open ports, and connections, are legitimate.
Bill
Hey Bill,
Thanks for that info, I hadn’t used these programs before, very handy. All seems well at this stage, still a few scans to run, but it seems like it’s just one of those things that happens sometimes, lol. Only problem is my paranoia goes through the roof til I am sure all is ok.
Thanks for the help.
Cheers
Mal
Hey Mal,
Happy to help.
Paranoia on the Internet? No! You must think there are bad guys, out in the wild blue, just waiting for ya. Oh hey – now that I think about it; there are. LOL
Being slightly paranoid, on the Internet, is the *only* safe way to surf – we sure have learned that.
Talk to ya later,
Bill
Pingback: IT Corner » Blog Archive » Layered Computer Security – What Is It? Why Use It? « Bill Mullins …
Thanks Bill–this is perfect. I definitely still have some gaps to tend to but now I know where. With all your previous columns, I’d say I was about 85% there already. And worrying about overkill is certainly not a concern any more.
Thanks again! You should get a super IT badge–saving newbies one blog at a time. 🙂
–CE
Hey CE,
I like that “saving newbies one blog at a time” – might have to make that my new motto!
Thanks again for the suggestion without which, I probably wouldn’t have written this article.
Bill
Pingback: Layered Computer Security – What Is It? Why Use It? « Bill Mullins … | Drakz Free Online Service
Great post Bill, another “layer” that saved one of my coworkers this week was the limited user. He booted his computer Monday to find his account had some thing called “Personal Antivirus” installed. It had all the usual bells and whistles fake AV programs have. Perfect duplication of the Microsoft Security Center, pop-ups declaring “you may be infected” and all the rest, you know the drill.
Fortunately he’s not an admin, and Malwarebytes had no problem getting rid of it when run from an admin account. Despite the fact that elevating privileges isn’t that difficult, most malware doesn’t usually do it. So running as a limited user especially in XP or 2000 (yes I still see it) is still a very good idea. The hassle of having to log in and out to install programs is nothing compared to dealing with malware installed in an admin account.
Cheers
Mark
Hi Mark,
I’m very familiar with the destructive power of Personal Antivirus – what a parasite!
I totally agree with you – “The hassle of having to log in and out to install programs is nothing compared to dealing with malware installed in an admin account”. Running as a non admin is such a simple thing, but the benefits can be enormous.
Thank you for pointing out this tip – something that all users should follow.
Bill
Pingback: PC Tools Internet Security 2010 – Free License Giveaway « Bill Mullins’ Weblog – Tech Thoughts
Pingback: Zemana AntiLogger – 1,000 Free Licenses to Give Away « Bill Mullins’ Weblog – Tech Thoughts
Pingback: The Winners in the PC Tools Internet Security 2010 Free License Giveaway Contest Are…. « Bill Mullins’ Weblog – Tech Thoughts