The Only Anti-Malware Strategy That Works

image

I just finished setting up a new computer system for a friend; an average user, and as I was tinkering with the system, one though kept bouncing around in my head. “What do I need to do to keep her protected on the Internet?”

I started with the usual things of course, including installing the following security applications.

PC Tools Firewall – PC Tools Firewall is definitely worth considering as a new Firewall installation, or as a replacement for a current Firewall that is not meeting expectations.

SUPERAntiSpyware Professional Edition – Thanks to Mike Duncan of SUPERAntiSpyware, I had a spare lifetime license.

Avira AntiVir Personal – Offers on demand scans for viruses, Trojans, backdoor programs, hoaxes, worms, dialers and other malicious programs. As well you can repair, delete, block, rename and quarantine programs, or files.

Firefox – I then installed the most effective security add-ons, including NoScript, KeyScrambler, Adblock Plus and BetterPrivacy.

WOT – Web of Trust, a browser add-on which offers Internet users active preventive protection against Web-based attacks, online scams, identify theft, and unreliable shopping sites.

Winpatrol – This program uses a simple yet effective method of fighting all kinds of malicious programs.

GesWall – An isolator which dynamically isolates Internet applications including Web Browsers, Chat Clients, Email Clients, and so on.

Malwarebytes’ Anti-Malware – A simple, intuitive, and easy to use interface, makes Malwarebytes’ Anti-Malware straightforward to setup, customize and run, for both less experienced and expert users alike. This application was installed as a secondary on demand scanner.

So what could go wrong with this kind of armor against the pack of jackal-like cyber-criminals who prowl the Internet? The short answer is – plenty.

adware 4She still faces substantial risks while surfing the Internet regardless of the antispyware, antivirus, and the other Internet security applications I installed.

Malware evolves so rapidly today, that staying ahead of the curve has proven to be all but impossible for security software developers, despite their best efforts.

While it may be true that reputable Anti-malware software is often capable of detecting harmful and malicious attempts to compromise a computer, this is not always the case. Anti-malware programs that rely on a definition database (most anti-malware programs), can often be behind the curve in recognizing the newest threats.

You might be wondering just how many new malware threats circulate on the Internet – and here’s one answer. Over the last three months alone, PandaLabs has recorded five million new strains of malware.

On the face of it, it may appear that this huge number of new malware strains presents an insurmountable problem. But malware itself is only part of the problem.

The method used to deliver the malware – social engineering – that’s the most significant problem currently, for an average user. Social engineering, which relies on, and exploits our natural curiosity, is a sure winner for the bad guys.

Cyber-criminals are increasingly relying on this aspect of social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots on our computers.

So the problem I found myself having to deal with was “If all these security applications I installed won’t offer her absolute protection against cyber-criminals, what, or who will?” The only plausible answer was – she must take on this responsibility herself. The inescapable fact is – she must become her own best protection. In my experience it’s the only strategy that works.

My friend, from a physiological perspective, had a need to believe, and desperately wanted to be able to trust, that the installed security applications would totally protect her on the Internet.

She, like the rest of us, needed to become convinced that a mild case of paranoia when using the Internet, was in her own best interest. Being paranoid, suspicious, and untrusting while surfing the web, might not make her invulnerable to malware infections or worse, but it will certainly reduce her odds enormously.

It took considerable effort to finally convince her that mild paranoia would play an important role in preventing her from becoming a victim of cyber criminals.

Particularly, overcoming the instinctive human response (and we all have it), to just “click” while surfing the Internet. That instinctive response, if she continued, would pose one of the biggest risks to her online safety and security.

Security experts argue (including me), that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous.

At the end of the day I finally managed to get her agreement that she would not engage in any of the following unsafe surfing practices.

Downloading files and software through file-sharing applications such as BitTorrent, eDonkey, KaZaA and other such programs.

Clicking links in instant messaging (IM) that have no context or are composed of only general text.

Downloading executable software from web sites without ensuring that the site is reputable.

Using an unsecured USB stick on public computers, or other computers that are used by more than one person.

Opening email attachments from unknown people.

Opening email attachments without first scanning them for viruses.

Opening email attachments that end in a file extension of .exe, .vbs, or .lnk.

Regular readers of this site are very familiar with the following recommended security strategy to protect their computer system, their money and their identity:

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected. Most of all, understand that you are your own best protection.

If you are unsure if you have adequate software based protection on your computer, then check out “The 35 Best Free Applications – Tried, Tested and Reliable! ”, on this site, and download free security software that is appropriate for your personal circumstances.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under Anti-Malware Tools, Antivirus Applications, Browser add-ons, Don't Get Scammed, Don't Get Hacked, Firefox, Firefox Add-ons, Freeware, Internet Safety, Malware Advisories, Online Safety, PandaLabs, Safe Surfing, Software, Spyware - Adware Protection, Windows Tips and Tools, WOT (Web of Trust)

7 responses to “The Only Anti-Malware Strategy That Works

  1. Hey Bill,
    I’ll link this in my post as thanks.
    Great work.

  2. Bill,
    Great job, I think the key to being secure especially for the average user is knowledge. People can be well set up with good tools like the one you set your friend up with, but unless their awareness is heightened against the threats they will be vulnerable.
    I just got a real tear jerker of a spam from a person supposedly on the front lines from Iraq who had been through hell and now needed a little help getting 1.7 million dollars out of the country to help support the families of his fallen comrades. Nice try A*****e but its the kind of story that would have sucked my mother in in a heart beat.
    The nature of the threat transcends anti-virus and even operating systems. A well crafted phishing attack can snag someone even if they’re running Linux. The recent Java vulnerabilities make updating your plugins as important as updating your anti-virus.
    Keep up the good work.
    Mark

  3. Pingback: The only Anti-Malware strategy that works « Freeware Elite – Best Freeware Reviews and Downloads

  4. The greatest difficulty I have with clients is convincing them to change… They want all security software to run in the background with no thought or action required by the client. I set them up the best I am able; then wait for another call. Its a mixed blessing; I get repeat business and yet another chance to educate a client. I also feel bad that I had to go back – again.

    • Bill Mullins

      Thanks for your comment Keith. Good to hear from a tech on this issue.

      As Bruce Schneier says *If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology. *Unfortunately, the average user continues to rely on technology for protection.

      Bill

  5. A wonderfully clear and concise article which echos much of what I try to teach my clients. I will definitely be directing many of them to this article.

    • Bill Mullins

      Thank you Nomad.

      I’m glad to learn that you teach your clients these fundamental practices. If all techs practised this, it would increase the level of security for all of us.

      Bill