Computer Security, Defense-in-Depth

The most popular forum in our message boards is Virus, Spyware and Trojan Removal. After we’ve helped someone remove one or more infection from their system, the most popular question is, “How can I keep it from happening again”?

One of our experts has authored a post, Preventing Malware and Safe Computing. It’s a wealth of knowledge, and people are often referred to it.

Today, I came across Diane Wilson’s comment at Ed Bott’s blog. I like it. Concise, no-nonsense advice. I  agree with most everything. It mostly mirrors my philosophy, and current configuration:

1. Stay behind a router. NAS is a great filter for many attacks.
2. Use a firewall. Windows firewall works well enough.
3. Keep your OS up to date, not just in updates, but in versions. I’m already running Win 7 RC as my primary system at home, and I’ll be on Win 7 for good as soon as it goes RTM. Remember (or learn) that security must be pro-active, and that Vista and Win7 took huge steps in this direction. Address space randomization. Array and string range-checking to limit buffer overruns. And more.
4. UAC. Live with it. It’s your friend.
5. 64-bit. Required driver signing is your friend.
6. IE protected mode.
7. Data Execution Protection, turned on for everything. No exceptions.
8. Windows Defender.
9. Oh, one more thing. Anti-virus software.

I think the first suggestion contains a typo. It refers to a NAS, or Network Attached Storage. While they have become inexpensive, and easy to configure. They offer limited security protection. However, they can help protect your data. Most likely she meant NAT, or Network Address Translation. NAT hides your system’s IP address behind another IP (the router’s). Another advantage to a wireless router is that almost all of them now contain a hardware firewall.

Next is the firewall. While the default Windows firewall only offers inbound, and not outbound protection, it’s silent. It won’t confuse users with options, and popups the way other firewalls can. Simple and effective.

Suggestions 3 through 7 involve the operating system, and settings. What’s the most secure Windows operating system? Currently, it’s 64-bit Vista, with all updates, user account control (UAC) enabled, with Internet Explorer 8 running in Protected Mode (Vista’s default settings). Data Execution Protection is a feature of the CPU, that is enabled by the 64-bit OS.

What would I change? Windows Defender is included with Vista, and doesn’t do any harm. However, it’s also not particularly effective. It is a good idea to run an application that catches what your anti-virus might miss. My recommendation is MalwareBytes AntiMalware.

The comment quoted was in response to an article on Microsoft’s new free anti-virus product, Microsoft Security Essentials. It shows great promise, but is currently in beta, and they aren’t accepting additional participants at this time. My current recommendation for free antivirus is Avira AntiVir. If you can live with the popup windows everyday as it updates, it offers a great definition database, clean interface, and is light on system resources. Avast and AVG also offer quality, free antivirus options.

What would I add? Secunia offers a free, one-stop update service for security patches. As Windows has become more secure, other applications are targeted. Recent examples include Adobe Acrobat, Java, and Flash. OpenDNS offers free protections against known phishing, and malware sites. As well as offering web filtering options that can block content where much malware originates.

Finally, a security article wouldn’t be complete without a mention of backup. There are some nasty infections out there today. We’re seeing far too much Virut and Sality, and they’re pretty much impossible to remove. Be prepared for the worse. We previously wrote a five-part series on backup options for the home user.