Until just a few years ago, I used a “full featured” Internet Security software. The common practice was to have some sort of software firewall to protect your system from Internet attacks. Most of these programs come bundled now with Anti-Virus software, browser protection, spam protection, and spyware protection. Back in the day, I used Zone Alarm then later I started to use Symantec Internet Security and finally graduated to Norton 360 back in 2004. Today, I don’t use any of them. In fact, I think they are some of the worst things you can put on your Windows system. They’re basically now just “Bloatware”; overgrown and overpriced software to make you feel like your protecting your system from hackers.
So how does one protect themselves from spyware, malware, viruses, and spam without compromising the performance of their Windows computer investment? That is what exactly what I set out to find out. I spent the last 18 months trying out as many different software combinations and configurations as I could. I tested 10 different AV programs, malware detectors like SpyBot, software firewalls and other so called PC protection software. I tested on Windows XP, Vista, and Win7 on two different systems. First, a disclaimer; this was in no way a scientific test. I simply installed the software, observed, used benchmarking software to test the systems performance, then just wrote down what I witnessed. So this is what I eventually came up and with combined with my field experience; My 7 steps to protecting your home network:
- Step 1: Use a Hardware Firewall. Don’t use third party software firewalls if you have a good internet router. By “good internet router”, I mean a router that has a “Firewall” built-in that can be turned on at the router level. Not every router does, so check the manual or the help screen.
In my opinion, using the third-party firewall products actually slows down your system and slows down your internet browsing. If you don’t have a good internet router, get one. I recommend the Linksys Dual-Band Wireless-N Gigabit Router
- Step 2: Turn on the Windows Firewall on all your machines (Its free and it works). In step one, I didn’t say “DON’T” use a firewall, just not a third-party software one if you have a router that can handle it. Microsoft’s built in firewall works just fine for me and it didn’t slow down any of my test machines. It adds another level of protection without compromising performance and did I mention it was free? Its usually is turned on by default if your system has been kept up to date. But make sure you check that it is. In most cases, there wont be any configuration necessary.
- Step 3: Use a good Anti-Virus software (ESET NOD32 or Kaspersky Anti-Virus 2009). It should scan fast and have as little a footprint on your system as possible. Schedule the scans for after-hours. If your machine becomes noticeably slower while it scans, it might be caused by the AV software itself being. Only buy the AV product and NOT the “Internet Security” offering.
- Step 4: Use Windows Defender on all your machines (Its FREE and IT WORKS) to protect from Malware and Spyware. It will also protect against “Browser Hijacking” and annoying POP-UPS. SpyBot and Ad-Aware are good alternatives but have higher overhead so they will slow down your internet browsing and or your entire system if you have less than 2GB memory. (I didn’t see the performance hit with 4GB memory)
- Step 5: Use a registry monitor. I use PC Tools Registry Mechanic (RM) because it was the only one that didn’t take over my system. Second choice is Spybot. Either one can monitor small changes to your system. If somehow something gets thru your security gauntlet, most of these malware/spyware infections are made in the registry so it makes sense to monitor those changes. Both of these products can monitor the registry, scan the registry, and fix most of the problems it finds. The second benefit of these products is that the can fix other problems with your system not caused by malware.
- Step 6: Keep your system updated. Microsoft Update is turned on for all my machines. My AV is set to automatically update signatures on a daily basis. Microsoft usually knows about security holes before the press gets a hold of it. There are thousands of cases of people getting infected with a nasty bug because they didn’t apply an update that was released a year ago. If you routinely turn off your machine when your not using it, schedule a day to run updates manually at least once a month.
- Step 7: Get an independent security audit. In my testing, I used the free service provided by Gibson Research Corporation called “ShieldsUP!!” There are a few others out there but ShieldsUP! is simple to use and really gives you a clean view of your internet vulnerability. Trojans, Malware, and Spyware use open ports to gain access to your system. That is what a firewall is used for; to keep those ports closed. If the firewall is not doing a good job then it will leave ports open leaving you with a security hole that can be manipulated. ShieldsUP! will scan your system from outside to find vulnerabilities and give your a report. I used that report to determine how good or secure my test systems were configured. Sample reports:
My final advice : Use common sense. Just like your home, if you leave the windows open or doors unlocked, eventually someone you don’t want is going to come in and cause harm. Maintain and keep those door locks and windows, fix your leaks, get a dog or install an alarm system, and you should be able to handle any intrusion with ease. To hackers, your computer is just another door into your home or life.
Disclaimer: Keep in mind that doing these steps should be part of your “Best Practice”. Its not set in stone and it doesn’t mean that if you do these things you will never get attacked or infected. But NOT doing anything will most certainly guarantee you will get attacked or infected.
Learn More:
|
|
|
|
Great advice!!! I’ll be using this blog to reconfigure and protect my home network. Operating a small business from home requires prudence. This is a well of great adice to help protect your system from data loss, damage and compromise!!!
Thanks Cybertek