Cybercriminals design malware to exploit vulnerable systems without user interaction being required – on the one hand, and craft attacks that take advantage of unaware computer users, in which user interaction is required – on the other hand.
The second part, of this two part attack approach, can only be defeated if the computer user is aware of current Internet threats. So, knowledge and experience, are critical ingredients in the never ending, and escalating battle, against cybercriminals.
In order to defeat attacks which rely on exploiting vulnerable systems, the preferred method to do so, is the implementation of a layered security approach. Employing layered security should ensure the swift detection of malware, before any damage occurs on the targeted system.
We live in a world in which we are surrounded by “buzz words”, and it seems that I’m occasionally guilty of using buzz words in writing this Blog. Buzz words which don’t always adequately explain a point, or which interfere with a readers understanding of a concept.
This was brought home to me recently when a regular reader emailed me privately; asking that I explain layered security. As I considered this, it occurred to me that this was a very legitimate question. From a reader’s perspective – just what is “layered security”?
What is layered security?
Let’s take the “buzz” out of layered security. Layered security, in its simplest form, consists of stacking security solutions, one on top of the other, to protect a computer from current, and zero day malware attacks (malware for which there is yet, no programmed defense).
Why do you need it?
The answer is pretty simple – gap management (words that are well know to consultants). In other words, no single security application is capable (nor should we expect a single application to be capable), of providing adequate computer system protection. Gaps exist in protection capabilities in even the most sophisticated security applications.
Layering (or stacking) security applications, offers the best chance of remaining infection free, by closing these gaps. Keep in mind however, that even the best layered protection strategy will not make up for the lack of experience, and intuitiveness, of many computer users. So, I’ll repeat what I said earlier “knowledge, awareness, and experience are critical ingredients in the escalating battle, against cybercriminals”
A consumer layered security approach: recommendations.
Backup – While you may not think that a backup strategy forms part of a layered security approach to Internet security, it is, without exception, a most crucial part. Consider where you would be if your layered security strategy failed. If you’ve ever lost critical data to a malware infection, no doubt you already consider it of primary importance.
Free backup utilities are readily available – see “Hard Drive Cloning is Easy with Free Easeus Disk Copy” and “Free DriveImage XML – “The Best Way to Backup Data?”, on this site.
Operating System and Application Patch Management – Again, this is an area that is often not considered as critical by many users. In a recent survey, Secunia, the Danish computer security service provider, well known for tracking vulnerabilities in software and operating systems, concluded that less than one in 50 Windows driven computers, are totally patched.
To stay ahead of the curve in this critical area consider downloading, and installing, the free Secunia Personal Software Inspector, which will constantly monitor your system for insecure software installations, notify you when an insecure application is installed, and even provide you with detailed instructions for updating the application, when available.
Firewall – Simply put, a firewall is an application, or a hardware appliance, designed to block unauthorized access to your computer from the Internet, at the same time permitting authorized communications.
There are many free Firewalls available, but many can be intrusive and not really appropriate for casual computer users. PC tools offers a very robust, uncomplicated, free Firewall, and more information is available here, “ PC Tools Firewall – A Freebie Worth Having”.
Antimalware – A front line antimalware application is absolutely critical to avoid system infection. Your primary application should be supplemented by an on-demand scanner (part of the stacking approach).
There is no harm in downloading more than one antimalware application to be used as a secondary scanner. In fact, doing so can be advantageous. However, be sure NOT to allow more than one application to autostart, in order to prevent conflicts. For a list and download links to recommended free antimalware applications, including secondary scanners, see “Tech Thoughts Top 8 Free Antimalware Applications”, on this site.
Antivirus – An antivirus application is another critical component in a layered defense strategy to ensure that if a malicious program is detected, it will be stopped dead in its tracks!
Avira AntiVir Personal (see “Free Avira AntiVir Personal Protection – Get the Real Deal!” on this site), is a very effective application which offers scans for viruses, Trojans, backdoor programs, hoaxes, worms, dialers and other malicious programs.
It’s simple interface provides access to a command structure, that makes it easy to repair, delete, block, rename and quarantine programs, or files.
Web Browser Security – Install a free Internet Browser add-on such as WOT (my personal favorite). WOT tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe web sites.
System Isolation – An isolator is a security application which dynamically isolates Internet applications including Web Browsers, Chat Clients, Email Clients, and so on. Isolators, or sandbox applications, prevent damage from intrusions and malicious software: viruses, worms, spyware, key loggers etc., including disallowing rogue software from being installed. To understand this concept more thoroughly, please see “Free GeSWall Isolates You From Cybercriminals”, on this site.
Zero Day Protection – Since most viruses, worms, Trojans and other types of Internet threats only last 24 hours, how do security applications that rely on a definition database to identify malware files (most anti-malware applications), keep up with this onslaught? The simple answer is; they don’t.
Threatfire, from PC Tools is a terrific security application which covers the vulnerability gap with respect to zero-day threats. ThreatFire blocks malware (including zero-day threats) by analyzing program behavior (heuristics), based on the theory that if it looks like a crook and acts like a crook, then it must be a crook, instead of relying only on a signature based database.
For additional information and a download link please see “Protect Yourself Against Zero Day Internet Threats with Free ThreatFire From PC Tools”, on this site.
The Internet is an uncertain world at the best of times, but by protecting your computer using a layered approach, you will reduce the chances of malware infections very substantially.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.