Back To Security Basics

This article was re-published, with permission, in Chicz magazine Winter 2013 issue, under the title “SECURITY Basics.”

Malware, viruses, trojans, keyloggers, phishing… the internet can be a dangerous place to “live” and do business.

I recently had the displeasure of helping more than a couple of not-so-tech-savvy friends disinfect their home systems of various nasty infections. While working away on their computers, I asked probing questions to decide what sort of behavior opened their systems up to the “bad guys” in the first place. I found that in each case, a few things could have been done to prevent their computers from being infected. In one case, my own young son may have been the vector of attack, which lead to a discussion about basic online security not being taught in school… which in turn lead to this blog. My goal is to make my less than savvy friends, and my children, more aware of potential threats, how to recognize them, and how to defend against them. I hope to make my explanations as simple to understand as possible, I will attempt to keep the techno-babble at a minimum, though it can be difficult to gauge the understanding level of others, so if I speak “over your head,” it is not intentional, and your feedback could help me improve that.

Let me begin with the most simple, basic truism of computing…

Security 101: Everybody Needs Antivirus

Now this seems like a no-brainer to me. But I do continuously run into systems that are unprotected. Usually, though not always, these are Macs. To illustrate why Mac users need protection too, I am going to give a little Mac history, and hopefully the Windows users will be able to see how this applies to them without going into specifics of Windows malware history.

I am a Mac user and a Mac admin. I have personally seen Mac specific rootkits and viruses in the wild. I have witnessed system intrusions as they happened, and have seen files altered or deleted from disk while I watched. Don’t believe the hype that some magical Macintosh shield is going to protect you from viruses, trojans, malware, and the like. All operating systems are vulnerable to attacks, none of them are 100% safe. Don’t believe me? Google MAC Defender, but be careful what you click on.

Macs used to have such a small share of the personal computer market that they were virtually ignored by cyber criminals. Windows was the dominant system, and security on early versions of Windows was so lax that criminals were able to quickly write and deploy malware to Windows systems. Because of that, most Mac users felt invulnerable, they thought that Macs never got viruses. In reality, criminals just didn’t target Macs back in the “good ol’ days” because there were so few of them. Fast forward to 2011, Microsoft has (believe it or not) gotten very good at security (relatively speaking), making it more difficult for criminals to penetrate a fully protected and patched Windows system. Couple that with Apple’s amazing product successes over the last couple of years, and increasing market share. Now cyber criminals see walled fortresses when they look at Windows systems, and they see an increasing number of largely unprotected stick forts flying Apple flags popping up in back yards. That means there’s a potentially lucrative emerging market for malware in those shiny Apple boxes.

With that being said, we all need antivirus, Mac and Windows alike, but only install an antivirus solution that is 100% legit, that is from a reputable, well-known source. Avoid obscure antivirus products, products from companies that many people have never heard of, and never download antivirus from a file sharing site or peer-to-peer network. Installing a “cracked” or “pirated” antivirus product would be like handing the keys of your house to a burglar.

Know the name of your antivirus product, know the company it came from. If you see an antivirus window or message pop up on a website, tread very carefully. Criminals are known to frequently trick internet users into inadvertently downloading malware disguised as antivirus software. This is why you should be very familiar with your own antivirus product, so that you can differentiate what is a legitimate message from your antivirus, and what is a bogus message from “the bad guys” trying to trick you.

My antivirus recommendations.

Windows users should consider using Microsoft Security Essentials. This tool is not shareware, it is not crippleware, it is fully functional, no nag screens, no annoying messages, no tricks. It is a good antivirus product, provided for free, direct from Microsoft. This should be the starting point for providing basic protection on your Windows system.

Mac users should consider using Sophos Anti-Virus for Mac Home Edition. It is not shareware, it is not crippleware, it is fully functional, and does not have nag screens, annoying messages about upgrading, and constant attempts to trick you into paying for a bloated product. I use and recommend this tool from Sophos, it is a free, trusted, reputable, and fast antivirus package for Mac. It also helps me protect my Windows using friends by identifying and removing Windows malware from email, so I don’t inadvertently pass along infections.

Sure, there are more powerful antivirus packages that you can buy out there, but if you just want basic protection on your home computers, the products listed above are a good place to start.

If you really want to pay for an antivirus protection, then I would suggest McAfee Total Protection for Windows, or Intego VirusBarrier X6 for the Mac.