Your PC is constantly under attack. Network worms want use it as a base to launch further attacks. Malicious Web sites try to turn it into a remote-controlled zombie by exploiting weaknesses in the browser or operating system. Spyware does its best to steal your personal info. Phishing e-mails and Web sites hope to fool you into giving away your financial passwords. Luckily, you have a doughty defender fighting off these vermin—your security suite.
The absolutely essential elements of a security suite are antivirus and antispyware (preferably integrated into a single module) along with a two-way personal firewall. Spam filtering is important, too, unless you get your e-mail filtered at the server level. We also look for some elements of parental control, privacy protection, or both. Microsoft's OneCare started a trend for adding backup and performance tuning; a number of other suites have followed suit. So there are definite similarities among the suites. But current suites also shake out into two groups with very different styles. The "we do it all for you" gang will add almost any feature that's marginally related to security, while those in the "lean and mean" group stick to the essentials. Whichever style suits you, there are plenty of choices. What should you look for?
Firewall Protection in Two Directions
The firewall is critical. A personal firewall's first task is to put all of your computer's ports in stealth mode, making it completely invisible from the Internet. Of course, it should allow necessary communication among the computers within your local network. This isn't tough; the built-in Windows Firewall can do it. But not all suites pass this simple test.
The firewall should also control outbound communication, preventing Internet access by unauthorized programs. The old-fashioned way to accomplish this was simple: When a given program tried to access the Internet for the first time, the firewall would ask the user whether or not to allow it. The problem is that most users aren't qualified to answer that question. Some products try to solve this problem by predefining access for hundreds (or thousands) of known good programs. That cuts down on the confirmation pop-ups, but doesn't eliminate them. Others, such as F-Secure Internet Security 2008 and Kaspersky Internet Security 7.0, "solve" the problem by running with this feature turned off by default—a poor choice.
The smartest firewalls use a three-part strategy. They automatically allow access for known good programs and delete known bad programs. When a program doesn't fit either category, the firewall keeps an eye on its behavior and allows access as long as the program doesn't try anything sneaky. Clearly this takes a lot more programmed-in intelligence than the simple ask-the-user plan, but it's definitely better for the user. Norton Internet Security 2008 and Panda Internet Security 2008 are two good examples of this approach in action.
There's always the possibility that malicious software will attack your firewall directly to disable its protection. Firewalls (and security programs in general) should resist if malware tries to kill their processes, turn off their services, or otherwise disable the protection they offer.
Your firewall may or may not protect directly against Web-based attacks that exploit vulnerabilities in the operating system or browser. Some, like NIS 2008, actively block exploits and even identify them by name. But most rely on their malware-protection abilities to prevent the exploit from doing harm, even if it does manage to plant a malicious file on your computer.
No comments :
Post a Comment