Last weekend, a friend gave me a frantic SOS call. His computer was taking for ever to start up. Once it started, it took for ever to start an application. So he tried to reboot it. It took for ever to shut down. And my friend went on for ever telling me what his computer took for ever to do.
A quick visit over to his place revealed the problem: he had enabled Windows firewall, installed the entire McAfee security suite, had another anti-spyware program running just in case, had parental controls turned on, and had an assortment of pop-up blockers and anti-phishing toolbars. And he still wondered whether his computer was secure enough.
My friend is not alone. Almost everyone is paranoid about security these days. I know it’s a bad, bad world, but all these products and services with a prefix of anti are driving me crazy. Every year security suites add a couple of new "anti"s. I have three problems with this trend:
- Security companies are cramming security suites with so many products that few people understand what they are installing. They are fuelling fears among users rather than making them feel secure. I saw an identity-theft protection feature in one security suite. On closer scrutiny, it turned out to be an offer for a credit-report monitoring service. Now what does a credit report have to do with security of your computer? People want to install security software to prevent bad things happening to their computers; not to their credit histories. At this rate, you will find security monitoring for your home and a donation to the Police Benefit Association bundled with 2009 version of security suites.
- There is so much overlap among applications that it is almost impossible to have only one of each "anti" on your computer. So people end up having many of each variety on a single computer. Take pop-up blockers for example. Everyone has more than one.
- People think, erroneously, that two security suites are better than one and install them anyway. And after a while, they invariably end up being in my friend’s predicament.
Running multiple security suites on your computer may actually do more harm than good because one application may interfere with what another is doing. The right approach is to layer your security in order to eliminate threats at different levels.
Here is the approach I like to take. I like to think of my data to be surrounded by four concentric walls. To get to my data, an intruder would have to get past these walls one after another. If I can beef up security at each of the walls, I won’t need six security suites to protect my computer. Not only will I have a more secure environment, my computer will hum along quite nicely.
First Wall: The Network
At this level are:
- A wired or wireless firewall router with Stateful Packet Inspection (SPI) capabilities. The router does three things:
- It checks every data-packet passing through it. Packets that originate on my network or are requested from my network are allowed to pass through. Others are discarded
- It hides IP addresses of my computers and makes them invisible to bad guys on the Internet. This is called Network Address Translation or NAT
- If utilizing a wireless connection, it secures Wireless access to my network with WiFi Protected Access (WPA) security protocol
- Spam and virus filtering service for the e-mail server. This is to ensure that unwanted messages and harmful attachments are quarantined before reaching your network.
Make sure you have turned on spam and virus filtering on your mail service. If your mail service doesn’t offer these features, move over to one that does.
When you buy a router, make sure it has these features.
Second Wall: The Computer
If something undesirable gets past the first wall, it has to deal with a software firewall, an anti-virus application, an anti-spyware application, and an application which protects from instant messenger and e-mail threats on the client side. It is easier to manage these applications in a single suite rather than buying them individually.
I like CheckPoint’s ZoneAlarm security suite because
- Unlike McAfee’s and Symantec’s suites, it can be uninstalled cleanly and easily
- It doesn’t grind your computer to a halt by hogging memory
- You can turn off applications you don’t want
If you think McAfee’s or Symantec’s suite is better, don’t send me hate-mail. Go ahead and install your favorite suite. Just make sure that you:
- Install only one suite
- Disable Windows firewall (In my friend’s case, Windows put a bright red icon in the system tray insisting that he turn it on. So he did!)
Also make sure that Windows as well as your security suite receive patches and updates regularly.
Third Wall: The Communication Pipe
It is equally important to secure data traffic to and from your computer to protect it from bad guys who can peek into what goes over the wire with applications called sniffers. The best way to do so is to encrypt your communication.
You only need to encrypt important information such as bank account numbers, credit cards, social security numbers, and highly personal information. Typically you would use a browser for this purpose. Always use secured pages to transmit such data. You will know that pages are secure when your browser displays a little lock in the title or the status bar depending on its version. The address of the web pages will start with https:// instead of the usual http://. Check the certificate on the site to make sure the site is authentic.
If you use your browser to read e-mail, check whether your mail service lets you access it securely. If it does, access your mail securely whenever you can.
And watch out for phishing sites. The latest versions of browsers have anti-phishing features built in. If you are using an older browser, you will need to get a security suite which has phishing filters.
Turn on the pop-up blocker in your browser. You don’t need more than one. If you have one in your security suite, you may want to use that one. But I prefer the one in the browser because it is easier to turn on and off.
Fourth Wall: The Data Shield
If someone with a malicious intent manages to get past all the other barriers, you must prevent him from getting access to your data. The best way to do so is to encrypt critical it. You can either use built-in Windows features or use an application such as TrueCrypt. Make sure that you use a strong password to encrypt the data.
That’s all there really is to security. When you analyze the problem logically, you will have more confidence in the measures you have taken. You won’t be tempted to load up your computer with many different security suites.
Not only will it save you money, it will also save you time and give you peace of mind.
The PCMech.com weekly newsletter has been running strong for over 8 years. Sign up to get tech news, updates and exclusive content - right in your inbox. Also get (several) free gifts.
