Last time I spoke about how the Webocalypse is not nigh, and that most tech scares are media fluff. That's not to say that there aren't dangers on the Web, and usually it is precisely because most threats are "small" that they are able to infect many systems.
"Anti" programs are all but mandatory nowadays. Antivirus, anti-malware, anti-spam, etc. It can be somewhat confusing for the less tech savvy.
So let's break things down, and best of all, look at the free options available.
The world of malware
There are many different kinds of nasties out there on the Web. These are all malware, or "bad software."
They are computer programs designed towards malicious and nefarious purposes. Sometimes it's just to annoy you. Other times it's to steal something valuable. And other times it's to hijack your computer. Here's a brief rundown:
- Virus: Any program that is designed to replicate and spread, usually with ill intent, by attaching itself to an existing program or file on your computer
- Trojan: Hitches a ride on another program, usually one you intentionally downloaded. Then it wreaks havoc.
- Worm: Mostly similar to a virus, except unlike a virus it can exist independently. Usually silent and stealthy, it doesn't always visibly affect your system. Can be used to create "back doors" for other malware to enter.
- Rootkit: A program designed to hide itself and/or other programs from detection. Usually allows other people to access and control your computer.
- Zero-day exploit: A security vulnerability that wasn't known until it's been exploited. The hardest to prepare against.
- Scareware: Programs that claim your system is infected and effectively "hold it hostage" until you pay for their software to remove it. Doing so only succeeds in giving them your credit card information.
- Spyware: Any program or software that records your computer's actions and activities, usually sending it to someone else for malevolent purposes.
- Keyloggers: A type of spyware that records your keyboard strokes, allowing someone to divulge passwords and login credentials.
- Zombie Computers: Refers to computers that have been hijacked and controlled by a program, usually as part of a much larger network of other manipulated computers in a botnet.
Notice spam is not listed here, as spam itself is just any "junk" material. Some spam however can house malware inside it.
Now some of the smaller malware, like viruses, some trojans and worms, and most spyware can "drive-by infect." Just the act of being connected to the Internet is enough for these little beasties to try and wiggle into your computer. Firewalls and most monitoring programs stop these in their tracks; these minor intruders just "spray-and-pray" to try and hit whomever happens not to have sufficient protection.
The more complex malware can't sneak aboard as quickly, so they will often employ other strategies to get inside. Usually they trick you into downloading them, or use other malware to scurry in and "open the gates" to them.
Anti-programs
So to defend ourselves from all this various malware we have anti-programs: antivirus, anti-trojans, anti-spyware, anti-malware, and other security programs like firewalls. So get one, set it, and forget it right?
Well malware authors are crafty and constantly make new versions of their malware. It's just like a biological virus or bacterium that keeps mutating; no vaccine keeps them at bay for long. At the same time code-authors often specifically write their malware to circumvent the bigger, more well-known anti-programs like Norton and McAfee, hoping to render them useless.
To try and counter this, anti-programs tend to specialize against the attacks against them. Lists of known malware are constantly updated every hour of every day in order to effectively guard against all of them. It's literally an arms-race between the malware-writers and anti-program developers.
The end result is that no single anti-program can effectively stop all malware, all the time.
There are three types of protection programs:
- Proactive: Detects when known malware is attempting to integrate itself into your computer and stops it
- Reactive: Doesn't stop malware from infecting your system, but detects and removes it afterwards
- Constant: Runs in the background constantly monitoring your system, usually blocking known malware from ever installing
Usually most anti-programs are predominantly one of these three types. Most antivirus software these days have a constant monitoring mode and a reactive removal tool. They block most malware from ever installing, but also allow the removal of malware when detected. Proactive software isn't necessarily running in the background and consuming computer resources, but only intervenes when it detects known malware intrusions. As a result, they don't consume as much computer resources to operate. Reactive software doesn't help until you've determined you have malware, then it specializes in removing it completely.
Because malware constantly adapts and tries to circumnavigate certain programs, running different programs in a cross-scan approach gives you the most coverage. A program designed to avoid proactive software may not be designed to outrun a constant anti-program. Proactive and constant programs are suited towards initially stopping malware, but aren't as strong in removing it once ingrained into the computer.
A good antivirus program scans and removes malware it detects. However, as explained above it won't catch everything, or be able to remove everything. A dedicated removal tool should also scan your system and remove malware it finds. Even if a malicious program can evade one of your safeguards, it likely won't be able to dodge both.
So it's good to have one of each type, as each has a different specialty. Some anti-programs are very good at removing malware, but can be resource-heavy and shouldn't be allowed to run all the time, otherwise they'd really degrade computer performance. Other programs are too harsh and shouldn't be used unless as a last resort, akin to using a wrecking ball to drive in a nail.
Lastly, know which programs overlap and to what degree. A proactive and constant type anti-program usually shouldn't conflict, but two constant ones definitely will. Most constantly monitoring antivirus programs won't work alongside others; either they'll negate each other or worse bring down the entire performance of your computer. This means only one constantly monitoring program should ever be installed at a time.
Which Ones To Use?
Many anti-programs are commercially available, but they can be expensive. In addition to simply purchasing the software, there are yearly subscription fees on top of that, plus having to purchase newer versions when they are released.
So what are decent anti-programs that are effective, cheap, and easy on the computer?
I recommend the following based on personal experience, not paid endorsement:
- For free but effective constant antivirus: AVG, Avast!, Microsoft Security Essentials and ZoneAlarm
- Commercial and effective antivirus software that is light and less mainstream: ESET Nod32
- Free proactive anti-malware protection: SpywareBlaster
- One of best, most trusted, and thorough reactive malware removal programs available; also free: MalwareBytes Anti-Malware
- A harsher, but effective free malware removal program. Specializes in removing tracking spyware. Not necessarily best for continued use, but good for cross-scanning: Spybot Search & Destroy
Obviously some of these programs have paid "Pro" or additional features, and you can decide whether they are worth the expense. But the free programs listed above will work to sufficient effect even without the paid features. So-called "Internet Security" suites provide additional safeguards, but the key things to have are at least an antivirus (most usually also scan emails too) and a dedicated reactive malware removal tool. A proactive program is optional, but I find them ideal for blocking most smaller malware from ever bothering my other protection tools.
Usually for the cost of one big commercial program you can get several smaller ones, or just use all free options. Ultimately it's a matter of convenience and preference.
Update, update, update
Just like a good knife that only worsens as it dulls, an anti-program that isn't constantly updated loses its effectiveness.
New types of malware are reported all the time, and in order to keep your protection programs ready against these new threats they need those new definitions in order to know what to look for. If an anti-program doesn't automatically update itself at least every other day, then get into the habit of manually updating your anti-programs at least a few times a week.
Also update your operating system, Adobe Flash, and Adobe Reader (Note: Deselect the option to download and install McAfee before downloading!)
Vulnerabilities are found all the time in these, and developers work to patch these holes. By not updating, you leave those holes open for malware to exploit them. Adobe Flash and Reader are used by many people and are prone to exploits, so keep those updated too. Malware is infamous for sneaking onto systems via infected Flash/.swf files and PDFs.
(In)Security Through Obscurity
Obviously Windows is infamous for all the malware it gets, while other operating systems like Linux or Mac OS get fewer malware attacks. True, due to the way Linux and Mac OS work they get some more innate security measures, but the bigger reason why they don't receive as much malware is because most malware isn't written for them. Computers running Windows still make up the majority of systems globally, especially in business/industrial settings. If someone wanted to disrupt business or infrastructure they'd write malware to harm what they're running, which is more likely Windows.
Most attempts on Linux fail because Linux users are generally more code-savvy and can readily deal with threats as they arise, so attacking them becomes ultimately moot.
Mac OS is comparable to Windows in that mostly consumers use it, and would be less prepared to defend against malware and more susceptible to falling for it. However Mac OS is currently not as prominent in security-conscious fields so there isn't as much incentive in undermining it.
For now though, Linux and Mac OS enjoy a relative safety thanks to their minority use, which in essence is only "security through obscurity." And that's not true security at all, for all it takes to break that peace is to put those operating systems in the cross-hairs and actually dedicate to the task of cracking them.
Also many smaller malware don't even attack at the operating system level, like trying to crash the computer, but work on simpler and more subtle layers. They may only install spyware or tracking malware, or intercept email for potential sensitive information, or steal login credentials. While these may not directly harm your computer, they can still greatly impact your lifestyle, especially if they steal your personal financial info.
Malware that comes in via downloaded content from the Web or email hits at the browser and email layer, and that affects all operating systems.
Good Habits
Lastly, just practice safe surfing. Don't click on anything suspicious. Never give out sensitive information like login credentials. Don't download attachments or other files from people you don't know. It's like finding a half-eaten sandwich on the floor; even if it looks appetizing don't put it in your mouth. It's probably full of germs. The same goes with your computer.
Many of the nastier pieces of malware can't just infect your machine at whim; they need to be manually installed. Trojans latch onto other programs that you would install in order to get inside your system. Other malware disguise themselves as "good" programs to get you to install them.
Now, not all bad things on the Internet are malware. Phishing involves deceiving users into giving away their sensitive info. Usually this is done by masquerading as something official and then demanding your info. It's like a scam over the phone; they pretend to be your bank asking for your account information, but in reality they just want you to give away your PIN number.
For exmaple if you get an email from PayPal, asking you to login, don't immediately click on the link in the email. Doing so is supposed to bring you to the PayPal website, and when you go to the website from that link you may see the PayPal website. All the links may even work, and go to other areas of the website. But it's all a facade.
You'll try to login, and then it'll say there's a problem and prompt you to try logging in again. You attempt one more time, but to no success. You're annoyed and frustrated, and the scammers now have your PayPal login.
It's just like a card skimmer.
Always go directly to the PayPal website yourself and login, then conduct your account business. Always look for the secured login icon in the URL bar that confirms you're actually logged onto the real PayPal website. If you don't see it while logged in, you may be on a fake.
Don't be afraid, just be smart
There are millions of dangers in our everyday lives, and yet we manage to live day by day. For all the potential hazards on the road while driving we just have to be smart, aware, and take precautions. Using the Web is the same way. It's something for us to use and enjoy, just be mindful of how to be safe while doing it.
What are some of your safeguarding tips and precautions?