I’ve already talked why it is desirable to install security software first. Now, let us talk of what types of security software to install. Actually, there are a bunch of them. There are keyloggers, password crackers, (yes, you need those to determine the strength of your own) port scanners, IDS, (with weird names like SATAN and SAINT. lol) and more. But don’t fret. Those security software are not essential for most users. I’ll try to discuss them in a future post on Network Security Software. Here, let’s focus on the essential security software that you really need to install on your PC.
Prior to the Web—or before it became mainstream, at least—there is only one essential security software to install for the average home user; and that is the antivirus software. During those times, I’m not even sure if the term security software was already used because there is only one anyway. (vis-à-vis an average user) An antivirus software scans and removes computer viruses, worms, and trojan programs. A good antivirus software should prevent the infection in the first place. They detect these viruses either by signature or by behavior. Antivirus software can also be real-time or scan-based.
An antivirus software using signature-based detection checks the files in your computer and compares it to a database of known virus signatures. If there is a match, the antivirus software reports the file as a virus. This means that your virus signature database must be up to date. Otherwise, a new virus won’t be detected by your antivirus software as its signature is not yet in the antivirus software’s database. There will be misses in this system and its magnitude is proportionate to the age of your virus signature database.
If your antivirus software uses behavior-based detection, it observes the behavior of programs in your system. If it acts like a virus, the antivirus software flags it as so. Needless to say, there will be a lot of false positives with this system. The fun thing is that most antivirus software will be reported as a virus by other antivirus software using behavior based detection. The reason is that most of the functions of an antivirus software like reading all files in a directory, locking it, taking charge of main memory, etc., are very virus-like.
Most modern antivirus software, however, uses a combination of the two. Some call their behavior-based detection system as heuristics. What’s confusing is that other antivirus software use the term heuristics as an advanced form of signature-based detection. But let’s not bother you with that, shall we? Normally, they go through signature detection first so as not to waste time doing heuristics when the file’s signature is, in fact, already in the virus signature database.
As mentioned earlier, an antivirus software can either be real-time or scan-based. A scan-based antivirus software will only run if told to do so via right clicking a file to be scanned or by selecting it in the Programs menu. A real-time antivirus software, on the other hand, will load itself into memory as soon as your operating system starts and oversees all running processes.
You need one and only one antivirus software with real-time protection. If you install two or more, you will not be increasing your computer’s security. In fact, you will weaken it. That is because both antivirus software will be trying to kick and lock each other out. That’s just how they work. You can, however, install another scan-based antivirus software. There would be no conflict in that setup. You’ll end up with a real-time antivirus software and two scan-based antivirus software. (the real-time antivirus software almost always includes a scan-based antivirus software)
When the Internet escaped from the educational institutions and military facilities and entered into the household, things got a little bit more complicated. People started to connect and viruses, worms, and trojans began spreading at a faster rate compared to the previous age of sneaker net. E-commerce emerged and credit card transactions followed. Then came a new breed of malware called spyware. These sneaky little pests are similar to viruses except that they mainly gather data instead of harming your computer.
Security software companies created spyware software to combat this specific threat. A lot of money is lost due to spyware and spyware software aims to prevent this. Spyware software operates similarly to an antivirus software. There are also real-time spyware software and scan-based spyware software. Since spyware hide in a lot of places, spyware software works double time in tracking them. A common place where spyware software hunts for spyware is in browser helper objects. Some antivirus software already include spyware software.
But even if spyware software is installed in your computer, you should still be very careful with what sites you visit. Spyware software is not yet as mature as antivirus software and new spyware pop up all the time. In addition, it seems to be easier to get infected by spyware than by a virus. Merely viewing a site can get you infected when you need to download and install something first unless it is just Flash or Silverlight. (Be wary of message like: click here to view this site.)
The third security software that you’ve got to have is a firewall software. If your computer were a house it is one with a lot of doors. These doors are called ports and firewall software acts as the guard. There are 1,023 common ports or doors to your computer. Depending on installed software like messaging, chat and games, it could, however, go as high as 65,000! Not all of those will be open but a lot of them could be. And you have to know which. If you don’t guard your ports, hackers can easily enter your system while whistling a tune. Could you sleep at night if even one of your 65,000 doors are unlocked or open? How about a hundred? There is a reason why Microsoft included a built-in firewall software with their operating system.
Firewall software allows you to monitor your ports, specify which ports are opened, specify which program can access which ports and which protocol can be used by what program in which port. The best firewall software will allow you a very fine grained control over the above variables. Windows has a built-in firewall software but it only allows limited configuration. For ordinary purposes, though, I think this built-in firewall software is enough. Your question is probably which port should you open and which should be closed. Ideally, all unnecessary ports should be closed in you firewall software. And what is necessary would depend on what software you have in your machine. Windows default firewall setting is a nice place to start.
Note that firewall software screens incoming and outgoing data transmissions. This means that a firewall software can augment your spyware program. Aside from making sure that hackers cannot enter your system from the outside through open ports, it also prevents unauthorized outbound communications. As I said, spyware is meant to spy and gather data like account information, browsing or purchasing history, and data for determining demographics. It has to send this data some time. When it does, your firewall software can flag it and prevent the connection. So, even if a spyware managed to pass through your spyware software undetected, it can hopefully be caught by your firewall software.
There are a lot of things I want to write about these topics. I am even considering separate blogs for each of the topics above. They are so deep and change so fast. What I am able to provide here is just a bird’s eye view of sorts. I’ll try to probe deeper in succeeding posts. Or maybe, I’ll just write a book. ;) (kidding)