Russ Harvey Consulting - Computer and Internet Services

Security Software

Antivirus, Antimalware & Firewall Protection

Software | Evaluating Solutions | Fixing Issues
Update Your Software | Current Alerts | Hoaxes

Protecting your computer from viruses, spyware and other threats

You Need a Security Suite

Having a simple antivirus program is no longer sufficient.

Your computer must be protected by a current security suite that includes antivirus, antimalware, anti-phishing, anti-ransomware, keylogger & screengrabber protection plus an effective advanced two-way firewall.

  • Multi-faceted and simultaneous blended threats can overwhelm any protection unless the software is designed to deal with all of them simultaneously.
  • Because threats develop and change so rapidly, current security software relies more upon recognizing malicious patterns of infections than databases of past attacks.
  • Some infections are difficult to repair, particularly ransomware which encrypts your data and extorts money via untraceable bitcoins.
  • Malware (sometimes called spyware) can go unnoticed yet risks your privacy by stealing information and slows down your computer. Protection is specialized software with access to a current database of malware and removal instructions.
  • Keyloggers capture key strokes including passwords and other private information. There are both hardware and software keyloggers.

Keep ALL Your Software Current

The security battle is a cat and mouse game between malicious actors and security software companies. New threats can overwhelm your security software, especially if you don't keep it up to date.

In addition, you must ensure that your operating system and programs are all current to protect you computer from zero-day and newly discovered vulnerabilities.

Backup for Insurance

Keep a current backup of everything important to you. These backups are your only method of recovery if a new threat is undetected or cannot be treated effectively (i.e. ransomware).

Free Versions Available

Ensure your protection is always current. You have no excuse for not running security software. Many vendors offer FREE versions of their security software for personal use.

Recovery Can Be Expensive

However, remember the time and money you've put into your computer and software (never mind your data). It can be much more expensive to recover from an infection that your security software is unable to contain or treat than to simply purchase decent security software in the first place.

Ransomware Protection

Most current antivirus programs provide some protection against ransomware but this is different than other malware. A failure to protect your data could be catastrophic.

Several companies provide tools that can help recover files if you send them a copy of an encrypted file with the unencrypted original to help determine the correct recovery tool but there is no guarantee.

What About the Mac?

The Mac has a reputation for being safe without an antivirus, but it is time to change that opinion. Count the number of Macs compared to PCs in Starbucks these days if you still think malicious actors have no reason to target Macs.

Apple devices have experienced a surge in popularity in recent years. According to IDC, the company now accounts for 13.5 percent of global smartphone shipments and 7.5 percent of global PC shipments. This increase in usage has not gone unnoticed by attackers. A rising number of threat actors have begun developing malware designed to infect devices running Mac OS X or iOS. — Symantec

You need to be running decent security (antivirus) software on your Mac.

Malware protection is particularly weak and we now have proof that Macs can get ransomware. Choose an effective program that doesn't significantly slow down the system. More…

What About Linux?

Like Macs, many Linux users are under the impression that they don't need antivirus protection. Again, it is time to change that opinion.

We are well into the 21st century, but it is astonishing how people can still believe that Linux-based operating systems are completely secure. Indeed, “Linux” and “security” are two words that you rarely see together. — Sophos

You need to be running security (antivirus) software on your Linux computer.

AV-TEST.org doesn't yet test Linux security software for home users (it has a much higher profile in server software) but that time is coming.

You Need to Be Vigilant

Many threats, including ransomware, evolve rapidly and use zero-day vulnerabilities (weaknesses in software that are exploitable even before they are discovered).

Security software using virus signatures can only protect you against known threats. Newer or evolved threats are harder to detect so most security software depends more on detecting unusual or malicious activity (threat emulation) to prevent unknown threats from infecting your computer.

Prepare for Disaster

Be prepared for disaster before it happens. Backup your data regularly so you'll still have a copy of your data if you're infected. You'll lose what isn't backed up, particularly in the case of ransomware, so schedule accordingly.

A USB thumb drive can keep copies of your most current documents between backups and can mean the difference between losing a week's work or rapid recovery.

Hidden File Extensions

Windows hides “known” file extensions by default. While they are known to Windows, many users don't understand the risks they can pose such as which files that can infect your computer.

Several file types (including .EXE, .SCR, .COM and .BAT) are not safe to open, especially when received as an email attachment.

You should change your settings to unhide known file types.

Disable Macros in MS Word

Word macros contained in an attached document in a spam email are commonly used to infect your computer. You should disable macros in MS Word.

Open a Word document, select Options, click on Trust Center then Trust Center Settings then Macro Settings. Choose “Disable all macros with notification.”

Watch for Unusual Activity

You need to be vigilant and wary of what you download and install. If you notice unusual file activity you might want to disconnect your network connection. While you may not protect your own data, disconnecting from the Internet can protect other computers and devices on your network, particularly if you share files between them.

Avoid risky behaviour.

Like any other piece of malware, common sense goes a long way. The critical thing is it's not going to install files by itself. You have to initiate some action. — Jason Glassberg
  • Be wary when opening email. Malware generally spreads though malicious email attachments (including JPG images, documents and ZIP files) leaving you susceptible to data loss and identity theft. See Trustwave's Tale of the Two Payloads as an example.
  • Links can be faked, especially in emails. Fake links (those that go elsewhere than what is indicated by the linked text) can be used in emails, websites or text messages. See how to tell fake links.
  • Be wary of recent (short-term) domains and shortened links (often used on Twitter).
  • Watch what you post online. Information posted online, particularly in social media, can be use to personalize attempts to scam you.

Learning More

My security basics, malware, firewalls and phishing & identity protection have more information on how to better protect yourself.

Return to top

Security Software

While you can still purchase security packages in retail stores, online sites offer software at reduced rates, with 24-hour access, instant updates, and on-line technical support. I suggest only purchasing online directly from the vendor.

Save Backups of Installation Software & Licenses

If you do purchase your software on-line, be sure to save a copy of the downloaded installation file (preferably on removable media so you can reinstall it if you need to repair it or suffer a catastrophic loss of your operating system).

Not All Products As Effective

Assessing and comparing security products is difficult. Reviews are essentially taking a snapshot of a series of products at a single point in time. Some products will have just completed an update that causes them to rate higher, yet those results could be different in a week or a month because security software deals with the ever-changing world of online threats.

AV-Comparatives.org tests -- click to see live results.

AV-Comparatives.org tests can show significant variations in the ability of different security products to prevent infections:

  • green were automatically blocked;
  • yellow were user dependent; and
  • red were compromised.

These results vary by month as vendors update their products and fix issues. I strongly recommend checking the reviews of products suitable for your operating system:

Recommended Security Solutions

ZoneAlarm Extreme Security

I strongly recommend ZoneAlarm Extreme Security for complete security protection while protecting your privacy.

ZoneAlarm also provides a separate Anti-Ransomware service for a monthly fee. This is an additional protection on top of your primary security software. ZoneAlarm Extreme Security includes ransomware protection.

Check Point ZoneAlarm Anti-Ransomware is the most effective ransomware-specific security tool we've seen. In testing, it showed complete success against all of our real-world samples. — PC Magazine

Recommended Alternatives

  • Kaspersky Antivirus is very highly rated, but I prefer the version licensed with ZoneAlarm for more comprehensive protection.

Mac and Linux

The Mac and Linux have traditionally been safer than Windows for security, but this is no longer true.

Free Antivirus Solutions

I strongly recommend sticking with a paid subscription because it will offer more frequent updates, better security and your requests for help will always get priority over similar free products. Some free versions may not perform as well as you expect.

In its recent endurance test, which was carried out over a period of 6 months, AV-TEST tested 18 Internet security suites for their protection, performance and usability. The test shows: more than two-thirds of the protection packages can be recommended, but the best performance does cost some money. Paid software packages are also the most secure. — AV-TEST

The cost of repairs to your computer if a free product fails you will far exceed the cost of most security products. But if you can't afford it, there are basic (and sometimes excellent) free protection for home users.

ZoneAlarm Free Antivirus + Firewall

Free Antivirus + Firewall is an excellent free option for personal use but ZoneAlarm Extreme provides better protection and coverage.

ZoneAlarm isn't compatible with any other security software except MS Windows Defender.

Windows Defender

Earlier versions of Windows Defender provided mediocre protection, but current versions in Windows 10 have improved significantly and this shows up in the current reviews.

Simple, straightforward and with decent malware protection, Windows Defender is a no-muss, no-fuss way to protect Windows computers. — Tom's Guide
After years of lagging behind competitors, Microsoft Windows Defender has earned a coveted AV-Test "Top Product" award. The free, built-in antivirus software in Windows 10 performs just as well as — or even better than — many of its paid competitors. Your Windows PC can now repel the vast majority of malware threats right out of the box. — Tom's Hardware

What About Other Antivirus Solutions?

Other products may be excellent security software solutions but I have not personally tested them recently. Some require significant system resources (mainly RAM) to run and many have a firewall inferior to ZoneAlarm Extreme, my recommended solution. More about evaluating solutions.

Microsoft Security Essentials

I don't recommend Microsoft Security Essentials (a beefed-up Windows Defender), free for individuals and small businesses with up to 10 PCs. Support could cease at any time.

ISP-Provided Packages

Many ISPs (particularly those offering broadband services) now include security software protection either included as a part of their regular services or for a fee. I've not been particularly impressed by any I've seen.

Many ISPs automatically check email for spam and viruses. This can be an excellent first line of defense but needs to be backed up by an installed security suite since not all viruses are spread by email.

Return to top

Evaluating Security Software Solutions

  • Purchased software generally offers better protection, especially when threats are evolving quickly.
  • Free software provides protection for those that truly cannot afford to purchase protection.
  • Verify the system requirements (optimally the recommended rather than minimum requirements) to ensure your computer can run the software, in particular, RAM (memory) and available disk space.
  • Avoid creating your own “suite.” Running multiple security programs can create a conflict that prevents detection rather than improving it.

Microsoft Security

Microsoft enables the Windows firewall by default and checks for the presence of a current antivirus solution and scans for malware with Windows Defender.

This provides for a base-line protection but is insufficient on its own. The exception is a recent copy of Windows Defender on a fully-updated Windows 10 system.

Use a Security Suite

A security suite that includes all the security protection is recommended rather than shopping for various components.

Consumer Protection

Consumers, including small businesses, can check out the evaluations found on reliable websites and magazines to evaluate antivirus and other security products. I strongly recommend AV Comparatives for independent reviews of antivirus software.

Often one product will excel in one area but be weak elsewhere so be sure to include your specific needs into the evaluation process. Both the strengths and weaknesses of specific products can change over time so be sure to view a current assessment.

Don't trust blanket statements that say that the code is “military-grade” or “NSA-proof”; these mean nothing and give a strong warning that the creators are overconfident or unwilling to consider the possible failings in their product. — Electronic Frontier Foundation

False Positives

The number of false positives (safe files tagged as viruses) should be few or none. Most antivirus programs look for certain traits that are common to virus activity to detect unknown threats. Unfortunately, this can occasionally tag legitimate programs.

Files such as password hacking utilities for recovery specialists are legitimate in some cases but are something that should not be on most people's computers and therefore are not false positives.

Automatic Scans and Updates

Ensure that your security software will update automatically and provide for a scheduled scan to detect issues missed while running a realtime scanner (the one that checks files as they are opened).

Many people simply don't add protection and fail to ensure it is updated frequently (it is like not having health insurance or ignoring expired health insurance).

Enterprise Protection

If you're looking at protecting an enterprise you'd best choose a Managed Security Services Provider (MSSP) because enterprises involve a different level of risk. Trustwave's MSSP Buyers Guide will help you evaluate solutions.

Return to top

Issues with Antivirus Software

If your computer is infected with the DNS Changer, you probably can't get Internet access. Fix it or learn more.

Multiple Security Products can Conflict

If you're having issues with your security software, verify that there are no competing security products installed on your system.

Competing antivirus, anti-spyware and firewall programs can conflict with each other, leaving you vulnerable to infection by viruses, malware and other threats.

  • Microsoft's Windows Defender and Windows Firewall are generally either allowed or disabled by most security software.
  • McAfee Security Scan Plus (installed with Adobe Flash as an optional download) is not recommended but shouldn't conflict.

Finding Help

While there are some generic similarities between security products (they provide the same function), you'll need to see help specific to the program(s) you're running.

I suggest that you seek help on the support website for your product then try the support forum if you have no luck. Try searching for your specific problem, using an error message or similar search criteria.

Generic searches on the Web can be helpful, but you'll need to ensure that the suggestions don't get you into more trouble or land you on a malicious site.

Return to top

Update Your Software

Maintain Your Security Software

Regularly download and install security software definitions and program updates.

  • New virus and spyware definitions usually update automatically.
  • Even though your security software updates automatically, it is a good idea to regularly update manually.

Install Program Updates

Program updates usually need to be downloaded from the Web and installed.

Rule-of-thumb: If you download it from the Web, it has to be manually installed by clicking on the downloaded installer.

Update Your Operating System

Regular updates to your operating system (including service packs) closes zero-day vulnerabilities, provides additional security as well as updating existing features.

  • Set your operating system to automatically check for updates.
  • Even though you should have automatic updates set, it is a good idea to check for updates manually.

Service packs are significant updates to your operating system and provide a baseline for maintaining security.

Obsolete? Upgrade or Uninstall

Upgrade or uninstall any software that becomes unsupported.

  • Don't run unsupported versions of Windows or other operating systems.
  • Upgrade your software when your vendor no longer offers updates.
  • If a subscription renewal doesn't update the base engine of your current security program you need to purchase a complete new version.

Microsoft Programs Vulnerable

Microsoft Office, Internet Explorer and similar programs are often tightly tied into Windows and creates vulnerabilities even if you're not using them for their intended purpose.

  • Microsoft Office vulnerabilities are used to compromise email programs and inject threats into the system's web browser.
  • Even if you're not using Internet Explorer, it cannot be uninstalled so it needs to be updated.

Internet Explorer much more vulnerable to malware exploits. Don't use IE for browsing the Web.

Return to top

Current Alert Listings

Checking For Alerts

You can find current alert listings on the AVG, F-Secure, McAfee and Norton websites.

If your security software generates an error or detection message, you can use that to learn more about what was detected by searching the web using the identifiers. Note that different vendors can describe the same infection differently.

Spectre and Meltdown

Meltdown and Spectre are a hardware vulnerability was discovered in early 2018 that affects virtually every computer and mobile device produced since 1995.

The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution -- which of course is not a solution -- is to throw them all away and buy new ones. — Bruce Schneier
Meltdown only affects Intel processors, while Spectre -- the more serious exploit -- affects processors from Intel, AMD, and ARM. — Tom's Hardware

Security Patches

The patches significantly affect system performance and AMD restart issues.

[C]urrent estimates suggest anywhere from a 5%-30% decrease in overall software performance. — TrustWave

Hoaxes

Fake Virus & Spyware Warnings

Watch out for “ads” on websites that appear to "find" spyware on your system.

  • They display fake alerts, then offer to remove them only if you purchase their product.
  • In most cases they indicate an unrealistic number of infections.
  • Do NOT click links on websites running a simulated (but realistic-looking) “infection reports” on your computer.
  • These can also appear on your desktop in a Windows dialogue box.
  • Don't fall for these tactics. They are rip-offs or fakes.

The best defense is to keep your protection current and to know how your security software displays its warnings.

Telemarketing Scams

You many also receive calls from telemarketers selling security software.

Simply hang up. Learn more….

Email “Warnings” Illegitimate

You've received a message from a friend that suggests you forward it to everyone in your address book. What do you do?

Don't forward it. Delete the message!

It doesn't matter what the content is. Any request to forward information to everyone is highly suspect when it is sent to a group of people. Others don't like junk mail any more than you do.

99.9% of these are hoaxes or some other form of malware.

Hoaxes are Social "Viruses"

Hoaxes are social “viruses” that take advantage of our compassionate nature.

Features like the following should make you suspicious:

  • Any request to forward the message to everyone in your address book is almost certainly a hoax.
  • Hoaxes use emotional rather than factual approaches to lure you in (see an example).
  • Hoaxes depend on our concern for our computers (such as "virus" warnings) or greed (chain letters that pay big dividends) or compassion for others (such as saving a sick child).
  • Many cite "authority" sources. If in doubt, check the authority's website for confirmation.

Avoid Spreading Ignorance

Fake news is at an all-time high. Facebook and others continue to publish an incredible amount of news that isn't based upon fact. People forward it out of ignorance (or perhaps with malicious intent to confuse others).

Begin with a simple Internet search for unique specifics in the message. This will give you information to test the legitimacy of any message.

  • Do not forward email "warnings." Most are false.
  • Check for accurate virus information from antivirus vendors.

One site aiming to stop fake news is StopFake.org. While focused on Ukrainian issues, it is an example of how an expert site can help to restore truth.

Other Hoax Information Sites

You might also wish to check out:

Return to top

Related Resources

Related resources on this site:

or check the resources index.

Return to top


If these pages helped you,
buy me a coffee!


RussHarvey.bc.ca/resources/antivirus.html
Updated: October 31, 2019