It shouldn't happen to an IT consultant
Spend your time doing business, not IT.
Sunday 12 October 2008, 7:06 PM
Keeping malware at bay
Choosing AV and anti-spam approaches is tricky, with many variables and much hype. Here are my experiences in keeping things simple and working in ways that won't distress users but will keep trouble at bay.
My AV of choice is Kaspersky Anti-Virus, it's relatively stable with a respectable detection rate. I also like its ability to build a bootable rescue disk, a feature, that used to be standard in AV packages. It enables a PC to be scanned and cleaned by booting from an clean uninfected CD. This prevents malware starting up along with Windows and fighting back. Like every other AV package it's not perfect, occasionally I've found machines it disagrees with, but it has a free one month (albeit very naggy) trial. It's worth making use of until you are happy all is well.
I use Kaspersky's custom install to leave out 'Pro-active protection'. That's a 'feature' that intercepts and ask user approval for application activity it considers suspicious. It's near impossible for even the technically aware to know whether to block or allow actions, let alone your average user, so it's best turned off.
Why not use Kapsersky Internet Security that includes a personal firewall and spam filter? Like Hi-Fi systems you'll get a better result if you buy separates, freeing you to pick the best components from different makers and just as importantly leave out the ones you don't need.
In particular I dislike personal firewalls. When a program contacts the outside world for the first time they demand explicit permission. These days almost all programs legitimately make a call home to check for updates. Since most malware is installed in good faith by users unaware it of its evil ways the fact it wants to talk to the outside world is no guide to the level of threat. Worse many apps do so without warning at unpredictable times, so user action can not be linked to the message asking permission. Non-technical users stand no chance of always making the right choice, When they get it wrong, applications can stop working altogether or no longer update, leaving the machine at greater risk. It's arguable which is more dangerous.
Stick with Windows or more usefully, your router's firewall though I'd disable the routers' Universal Plug and Play (UPnP) capabilities, a Microsoft protocol that that enables incoming connections to pass through a NAT router/firewall. When a serious UPnP vulnerability becomes public (which hasn't been for a while) every port scanning hacker potentially has access to every unpatched the PC on the LAN. UPnP is used by some games and applications, such as some MSN Messenger features; if disabling it causes problems, you can generally set up the application's requirements manually on your router.
My spam filter of choice is Spamfighter. For the moment Outlook 2007 also does a pretty good job while Outlook 2003 increasingly lets through more spam. Microsoft's protection is of course a top spammer target while Microsoft's desire to shift the latest version suggests that come Office 14 Outlook '07s anti-spam abilities will also decline.
I'll revisit this area later. Threats change and software can change even more - just because a particular package is excellent this year, that's no guarantee that next year's version won't be much worse. I have to look after a large and very varied set of clients, so it doesn't take me long to find out when something stops cutting the mustard. None of the vendors admit it, but we're all part of an ongoing experiment in silicon ecosystems that would make Darwin's eyes water. Happy mutations!
My AV of choice is Kaspersky Anti-Virus, it's relatively stable with a respectable detection rate. I also like its ability to build a bootable rescue disk, a feature, that used to be standard in AV packages. It enables a PC to be scanned and cleaned by booting from an clean uninfected CD. This prevents malware starting up along with Windows and fighting back. Like every other AV package it's not perfect, occasionally I've found machines it disagrees with, but it has a free one month (albeit very naggy) trial. It's worth making use of until you are happy all is well.
I use Kaspersky's custom install to leave out 'Pro-active protection'. That's a 'feature' that intercepts and ask user approval for application activity it considers suspicious. It's near impossible for even the technically aware to know whether to block or allow actions, let alone your average user, so it's best turned off.
Why not use Kapsersky Internet Security that includes a personal firewall and spam filter? Like Hi-Fi systems you'll get a better result if you buy separates, freeing you to pick the best components from different makers and just as importantly leave out the ones you don't need.
In particular I dislike personal firewalls. When a program contacts the outside world for the first time they demand explicit permission. These days almost all programs legitimately make a call home to check for updates. Since most malware is installed in good faith by users unaware it of its evil ways the fact it wants to talk to the outside world is no guide to the level of threat. Worse many apps do so without warning at unpredictable times, so user action can not be linked to the message asking permission. Non-technical users stand no chance of always making the right choice, When they get it wrong, applications can stop working altogether or no longer update, leaving the machine at greater risk. It's arguable which is more dangerous.
Stick with Windows or more usefully, your router's firewall though I'd disable the routers' Universal Plug and Play (UPnP) capabilities, a Microsoft protocol that that enables incoming connections to pass through a NAT router/firewall. When a serious UPnP vulnerability becomes public (which hasn't been for a while) every port scanning hacker potentially has access to every unpatched the PC on the LAN. UPnP is used by some games and applications, such as some MSN Messenger features; if disabling it causes problems, you can generally set up the application's requirements manually on your router.
My spam filter of choice is Spamfighter. For the moment Outlook 2007 also does a pretty good job while Outlook 2003 increasingly lets through more spam. Microsoft's protection is of course a top spammer target while Microsoft's desire to shift the latest version suggests that come Office 14 Outlook '07s anti-spam abilities will also decline.
I'll revisit this area later. Threats change and software can change even more - just because a particular package is excellent this year, that's no guarantee that next year's version won't be much worse. I have to look after a large and very varied set of clients, so it doesn't take me long to find out when something stops cutting the mustard. None of the vendors admit it, but we're all part of an ongoing experiment in silicon ecosystems that would make Darwin's eyes water. Happy mutations!
Previous
