Best free security suites
How Gizmo protects his PCs
So many subscribers have asked me this question that I figure it's time to answer it publicly:
"Gizmo, could you tell me what security products you use to protect your computer? You must be using the very best packages available and I'd like to use them as well."
Today I'm going to tell you the security products I use but I'm going to start by telling you they are not all that important.
That's because the main way I protect my PC is not with good security products but rather with good security practices.
I regard protecting your PC from infection to be analogous to crossing a busy road unharmed. Stepping onto the road is like logging on to the internet. Crossing safely is like avoiding infection; you don't want to get hit.
Now there are two ways of crossing that road:
The first way is to be very careful about where you cross and to be watchful and aware of the dangers. In other words, make sure you don't get hit.
Another approach is to protect yourself with something like an army tank and cross anywhere, anytime. If you get hit, you rely on the tank to protect you.
Now no sensible person would adopt the latter approach to crossing a road, yet when it comes to computer security that's exactly what most folks do.
"Hey man, I'm using the latest McNortsky Super Security suite and nine other security scanners. I can do anything I want on the net and I'm invincible"
Sorry baby, you are not. You are the guy in the tank crossing the road who's about to get trashed by a big interstate semi.
I know. I've witnessed that accident many times.
If you want real computer security, you need to adopt safe computing practices. Like the rules of road safety we teach our kids, these practices are simple and well known. You can find them here:
http://www.techsupportalert.com/how-to-secure-your-pc.php
So, apart from safe computing practices, how do I defend my PC?
Quite sparsely compared to some users.
On all my computers I always surf in a sandbox using Sandboxie and Firefox.
My firewall and AV scanners vary across different computers because I like to get hands-on experience with different products. Of course, each PC has only one firewall and one AV scanner.
The firewalls I'm using at the moment include Comodo, ZoneAlarm Pro and lately, the full version of Online Armor. All have inbuilt HIPS capability.
The only AV scanners I use are the paid version of Avira Personal and NOD32.
I don't have any anti-spyware or anti-trojan programs running, though I do carry out regular on-demand scans using WebRoot SpySweeper and CounterSpy. I never find anything.
For rootkit detection I do regular on-demand scans using GMER, Panda Anti-rootkit and DarkSpy. Again, I never find anything but I still consider it a good practice to do these regular on-demand scans.
Are these products the very best available? I can't say. What I can say is they are among the top contenders. I can also say there are other equally good products, including Kaspersky AV and Spyware Doctor that I'm not using just now.
In fact, I don't want to get into the whole "this is the best security product" game. It's like discussing the best tank to be in when crossing the road.
Folks, instead of playing the "best product" game, put your time and energy into better security practices.
If you do, your computer will end up a lot safer, a lot faster and your wallet will end up a lot fatter as well.
AVG version 8 Free released - Gizmo's recommendations
In late February AVG Technologies announced AVG V8, the latest incarnation of their popular anti-virus scanner. Version 8 includes fully integrated spyware protection, rootkit protection and web link checking of search engine results. It is yet another example of a former anti-virus scanner transforming into an anti-malware scanner, a trend I noted in last month's editorial column.
On April 24 the free version of AVG V8 was released, and was promptly met with howls of derision. The free version excluded the rootkit scanner, active protection against hostile websites and a number of the other goodies added to the commercial V8 product. It also was proving to be very buggy.
Worse still, AVG announced that they would discontinue (at the end of May) the virus updates for the current V7.5 free version as well as their free anti-spyware and rootkit detection products.
I can fully understand user's disappointment with these announcements, but this is a perfectly normal commercial decision. AVG is, after all, a commercial organization, not a charity.
Their move does, however, present users of AVG's free software with a problem. Before the release of the V8, many AVG users employed an excellent security setup that combined the free version of AVG AV 7.5 with AVG's free anti-spyware scanner. With both these products being phased out, users are faced with a dilemma.
There are a couple of options:
Based on the evidence available as of today, I think the best route for free software users who want maximum protection is to switch to the free Avira AV [3] scanner and optionally, bolster this with the free Spyware Terminator program [4] or, less desirably, Windows Defender [5].
I say this because the free Avira product includes rootkit protection, while the free AVG does not. It is also more stable. Furthermore, Avira has better overall protection than AVG. Check out the AV Comparatives results [6] and you will see what I mean.
On the downside, Avira has limited active email protection, will nag you more than AVG free and the interface is somewhat more crude. But the overall level of protection is excellent.
Another option which offers a tad less protection but greater convenience is to switch to the free Avast! scanner. The latest version of Avast! is a major improvement on what was already an impressive product. And the free version includes anti-spyware, anti-rootkit and email protection, so you don't need to use it in concert with another product.
On the downside Avast! is resource hungry. Subscriber Basil Irwin pointed out that "not counting pseudo-drivers, Avast! consumes around 70MB of memory compared to 8MB for AntiVir. I didn't do any formal testing of CPU consumption or timing of various common operations, but there was no doubt in my mind that Avast! noticeably slowed several common operations, like program loading and file copying."
For average users with modern PCs I suggest the low hassle Avast! Option, while higher risk users may be better off going with Avira.
You could, of course, just stick with AVG 8 Free, and bolster your defenses with other products. However, there have been too many V8 "bug" reports to suggest this is an attractive option at this point in time.[1] http://www.grisoft.com/ww.90627
[2] http://free.grisoft.com/ww.download-avg-anti-spyware-and-anti-rootkit
[3] http://www.free-av.com/en/products/1/avira_antivir_personal__free_antivirus.html
[4 http://www.spywareterminator.com
[5] http://www.microsoft.com/athome/security/spyware/software/default.mspx
[6] http://www.av-comparatives.org/seiten/ergebnisse_2008_02.php
Microsoft security news
The Microsoft "Patch Tuesday" for May [1] resulted in the release of four security bulletins covering six flaws, four of which were rated "critical" by Microsoft.
One of the critical-rated patches addressed problems in the Microsoft Jet Database Engine for Windows 2000, XP and Server 2003. This is a long overdue fix as exploits for this Windows component flaw have been in active circulation for months.
The three other critical-rated patches are for Microsoft Office. Virtually every version of Office is affected as well as related products such as the Word Viewer.
This yet again reinforces what I have said previously: that reading Office files with Microsoft viewers does not necessarily provide you with protection against a malware infected file. If you simply "must" open an Office file from an unknown source, such as that funny Powerpoint slide show you got in an email, then open the file in a sandbox. More details here [2].
All of the updates are distributed automatically via the Microsoft Update Service. Dial-up users in particular need to be aware that these updates are large files and will require a considerable period of time online to be successfully downloaded. If you are not certain that you have received the updates then visit the Microsoft Update Service [3] now.
[1] http://www.microsoft.com/technet/security/bulletin/ms08-may.mspx[2] http://techsupportalert.com/dr/safe-surfing.php
[3] http://update.microsoft.com (Requires IE5 or later)
Vista SP1 finally released, XP SP3 to follow
Vista SP1 was publicly released on March 18 and distribution via the Windows and Microsoft Update Services will start in mid-April. According to Microsoft, SP1 was "focused on addressing specific reliability, performance, and compatibility issues, supporting new types of hardware, and adding support for several emerging standards."
In plain English this means that the majority of users won't derive any general benefit from installing SP1 and, indeed, some may experience problems as the result of the install.
That said, Vista users should still install the pack and the safest way to do this is via the Microsoft Update as opposed to the Windows Update Service. That's because Vista requires certain hardware drivers to be updated prior to installation, and the Microsoft Update Service will handle this automatically. Full details of the changes in Vista SP1 can be found here [1]. If you don't get SP1 delivered by the end of April you can check here [2] for possible reasons. Ho hum.
Windows XP SP3 has been released to manufacturing, and the public release may be expected soon (some say in the second half of April). There have been reports from release candidate users that it improves system performance by up to 10%, but when I look at these reports it seems like a case of Chinese Whispers to me. I hope I'm wrong. Whatever, SP3 will be welcome if only because it will ease the current huge task of installing three years worth of post SP2 Windows updates each time a XP SP2 system is installed.
[1] http://tinyurl.com/5qqbhb (Microsoft.com)[2] http://blogs.msdn.com/usisvde/archive/2008/03/19/windows-vista-sp1-released-to-windows-update.aspx
Microsoft security news
The Microsoft "Patch Tuesday" in April resulted in the release of eight security bulletins [1], five of which were rated "critical" by Microsoft. The bulletins covered, in total, ten flaws in Microsoft Windows, Office and Internet Explorer.
A number of the flaws could be exploited simply by visiting a hostile website. This could lead to a user's PC being totally compromised by the attacker. This reinforces the message I have been telling you for months: these days it is essential that you surf the internet with your browser sandboxed or running with reduced privileges. Full details on how to do this can be found here [2].
All of the updates are distributed automatically via the Microsoft Update Service. Dial-up users in particular need to be aware that these updates are large files and will require a considerable period of time online to be successfully downloaded. If you are not certain that you have received the updates then visit the Microsoft Update Service [3] now.
[1] http://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx[2] http://techsupportalert.com/safe-surfing.php
[3] http://update.microsoft.com (Requires IE5 or later)
How to protect your PC from security threats
Vendors of computer security products are always trying to create a climate of fear among PC users in order to scare them into buying their products. In some respects that climate of fear is well deserved, but it is equally true that most threats can be defeated by adopting relatively straight-forward defensive tactics rather than loading up your PC with dozens of security products. My latest thinking on the subject can be found here [1]. Support Alert subscriber Glyn Burgess has written an interesting article [2] which tries to get an objective fix on the computer security threat. He then goes on to outline his own security setup. I don't agree with everything Glyn says but his views are well informed and the article is well written.
[1] http://www.techsupportalert.com/how-to-secure-your-pc.php
[2] http://www.techsupportalert.com/computer-security-for-non-paranoids.htm
Microsoft security news
The Microsoft "Patch Tuesday" in March resulted in the release of four security bulletins each of which was rated "critical by Microsoft." The bulletins covered in total seven flaws in Microsoft Excel including patches for a number of exploits that were in active circulation.
If you are thinking that the problems with Excel are all now fixed then think again. According to security organization Secunia [1] there are still multiple vulnerabilities in Excel including some confirmed by Microsoft as being in active circulation.
Until Microsoft gets around to patching all known flaws, users should not open Excel files from unknown sources or, alternatively, they should open such files in a sandbox or other safe environment.
Further details of the Microsoft March updates can be found here [2]. All of the updates are distributed automatically via the Microsoft Update Service. Dial-up users in particular need to be aware that these updates are large files and will require a considerable period of time online to be successfully downloaded. If you are not certain that you have received the updates then visit the Microsoft Update Service [3] now.
[1] http://secunia.com/advisories/28506/[2] http://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx
[3] http://update.microsoft.com (Requires IE5 or later)
Microsoft security news
January's set of security patches from Microsoft contains just two fixes, one of which is rated as "important" and the other as "critical." If your PCs are set to download and install updates automatically then you should already be protected, but it's always a good idea to visit Microsoft's update website [1] occasionally and opt for an automatic check to ensure that you're not missing any important updates.
The "critical" rated patch, MS08-001, fixes a problem in the way the "Windows kernel processes TCP/IP structures that contain multicast and ICMP requests." The flaw could allow a Windows PC to be compromised simply by being connected to the internet and without any user action required. The flaw is rated "critical" for Windows XP and Vista systems but only "important" for Windows 2000 and 2003 server editions.
The "important" patch, MS08-002, affects Windows 2000 through to XP but not Vista. Microsoft says it "resolves a privately reported vulnerability in Microsoft Windows Local Security Authority Subsystem Service (LSASS). The vulnerability could allow an attacker to run arbitrary code with elevated privileges." This sounds worse than it is; the attack can only take place if the attacker has access to valid login information.
Further details of the Microsoft November updates can be found here [2]. All of the updates are distributed automatically via the Microsoft Update Service. Dial-up users in particular need to be aware that these updates are large files and will require a considerable period of time online to be successfully downloaded. If you are not certain that you have received the updates, then visit the Microsoft Update Service [1] now.
[1] http://update.microsoft.com (Requires IE5 or later)[2] http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx
Selecting the best AV program/security suite
Who do you believe when trying to work out the best anti-virus products? You can't believe all the testing "authorities" because they often disagree. Regular contributor Briard has addressed this problem head-on by bringing together, in one report, an impressive analysis of how the top AV products are rated by the major testing organizations. He uses this to produce a short list of the top products. Briard then goes on to look at the latest Security Suites from some of the top rated vendors and comes up with some definite recommendations. This is another outstanding report from Briard. It's comprehensive, well researched and a delight to read. Furthermore, I agree with pretty much everything he has to say. Highly recommended.
http://www.techsupportalert.com/review-security-guards.htm
Secunia Inspector now available as a free stand-alone program
In recent months I've urged all readers to scan their PCs regularly using the free Secunia online Software Inspector Service [1]. It's a terrific product that identifies software with known security defects on your PC and tells you where you can get the latest patches and updates. Now Secunia has released a downloadable version that runs on your PC rather than from their website. According to Secunia, it looks for and checks "4,200 different applications", while "the web-based Secunia Software Inspector only detected around 40." Unlike the online service, it also checks for products that have reached the end of their life and are no longer being supported. It's currently only a beta and has a few bugs. On my PC it detected several products that had already been patched and insisted on evoking Internet Explorer for update downloads rather than my default browser Firefox. That aside, it detected nine software packages with flaws and another eleven that were obsolete, all of which were missed by the online service. Am I impressed? You bet! This is a mandatory download even though there are bugs. Many readers will be shocked by the number of flawed software packages on their PC which are revealed by this product. Beta software free for non-commercial uses, Windows 2000 SP4, XP SP2, 2003, 5.3MB.
[1] http://secunia.com/software_inspector/
[2] https://psi.secunia.com/
Free security tools
This site offers an eclectic collection of free security utilities covering encryption and CRC style file verification. Also included is an interesting free notepad replacement, a search and replace utility, a backup program and more. Thanks to Joe Fox for the suggestion.
http://members.ozemail.com.au/~nulifetv/freezip/freeware/
Microsoft security news
It was a quiet month for Microsoft with only four security patches released on "Patch Tuesday" the 11th of September. Only one was rated as "critical." This dealt with a problem with the much-disliked Microsoft agent "Clippy" that could allow Clippy to be co-opted by attackers to help take over your computer.
Further details of the September updates can be found here [1]. All the updates are distributed automatically via the Microsoft Update Service. Dial-up users in particular need to be aware that these updates are large files and you will need a considerable period of time online for them to download successfully. If you have any doubts whether you have received the updates, then visit the Microsoft Update Service [2] now.
[1] http://www.microsoft.com/technet/security/bulletin/ms07-sep.mspx
[2] http://update.microsoft.com (Requires IE5 or later)
Microsoft OneCare public beta
Microsoft has also announced the public beta release of its new all-in-one OneCare security product that includes anti-virus, anti-spyware, a firewall, backup and more. The final version when released in June this year will be sold on an annual $50 subscription basis but you can try the beta for free. My advice is don't. The reception has been uniformly bad with reports of broken systems, false positives and missed detections abounding. Worse still, it appears to be just a kludging together of separate products rather than the unified security solution promised.
http://www.windowsonecare.com/
How to surf with complete security
Well it cost me $189 to make my web surfing totally secure but it looks like you can do it for free.
Regular readers of this newsletter are aware that I surf the web using a virtual PC that's hosted on my normal PC. This virtual PC is created with the VMWare Workstation program.
The advantage of this approach is immediate; I don't care if the virtual PC gets infected because I can just shut it down and the infection is wiped out without affecting the real PC that hosts the virtual PC.
I also use a virtual PC to download and install new programs. Once again, if my virtual PC becomes infected by a virus, spyware or a trojan, I can just shut it down, re-start and the infection will be gone.
Another benefit is privacy; when I shut down the virtual PC, all traces of my surfing history disappears as well.
These benefits may be attractive, but most folks aren't prepared to fork out $189 for VMWare Workstation in order to get them.
But now you can get the benefits for free. The VMWare Corporation has released a free cut-down version of VMWare Workstation called VMWare Player.
VMWare Player can't create new virtual machines like VMWare Workstation but it can "play" existing ones. It works like this: you install the Player, then load an image of a virtual machine using the Player. Once the image is loaded, you have exactly the same virtual environment and features as if you were using VMWare Workstation. That means you can shut down and re-load that image as many times as you like, eliminating any infections and history in the process.
VMWare have on their web site a whole batch of free pre-configured virtual machine images including a "Browser Appliance" which is a pre-configured Linux based system with the Firefox Browser installed. You can use this to browse the web securely without fear of infection.
If you use the Browser Appliance, you are not installing Linux on your Windows PC but rather are running a virtual machine that uses Linux. It won't interfere with your normal Windows PC in any way.
You don't have to worry about complex Linux networking either. The VMWare Reader will transparently connect you to the internet using your normal Windows connection.
Of course you don't have to run a Linux Virtual Machine, you can run one that uses Windows or any other operating system. All you need is to get your hands on the appropriate virtual machine image.
A quick Google search will reveal quite a few images available on the web including various versions of Windows. However I'd be pretty sure most of these present Windows Licensing problems.
The ideal approach is to create your own image based on a separate licensed copy of Windows. Don't use your normal workstation license though, Microsoft licensing does not permit that.
Unfortunately you can't create a new virtual machine image using the VMWare player - you need the full $189 VMWare workstation to do that. You can however, use readily available freeware utilities to achieve the same result. Here's a link to a web site that shows you how:
http://johnbokma.com/mexit/2005/10/26/vmware-player-windows-xp.html
This process is not for beginners but is well within the scope of almost all experienced users.
Rolling your own virtual machine has another advantage: preconfigured images are big, often 500MB and more, so creating an image on your own PC saves a lot of your internet bandwidth.
I encourage you to download the VMWare Player and try building your own virtual machine. Using a virtual environment will change the way you view computing. Once you are freed from security and privacy concerns you will be free to surf the internet to places you would never dream to go, free as well to install and try out programs to your heart's content, knowing that at any time you can wipe everything from your PC just by hitting the Virtual Machine reset button.
VMWare Player: Freeware, Windows and Linux versions available, 28.2MB
http://www.vmware.com/products/player/
See you next month.
Gizmo