Now incorporating 112 Review, Community Safety Review & Military Review

Anti-virus software is not the only computer security tool

The truth is that anti-virus software is but one of many computer security tools and the way things are going we seem to be needing ever more. This is a shame and could turn people off the Internet and such all together.

By Michael Smith (Veshengro)

When Mike Saign received an email - purportedly from an eBay auctioneer - accepting his rather low offer for a high-end golf club he reckoned there to be something fishy about it and smelled a rat.

The sender of the email claimed that his PayPal account was down and asked Saign to wire payment to him via Western Union. Instead, however, having his suspicions aroused, Saign, downloaded Iconix e-mail ID, a free tool that pegged the e-mail as a fake.

Then, having saved from being scammed, Saign disabled Iconix and hasn't used it since. Because, he says, he feels like the security software in a normal computer keeps you away from most bad things.

That, however, is not necessarily so and I am sure those of us in the know would rather disagree with him in that.

In fact fraudulent e-mails and tainted and “contaminated” websites are more prevalent than ever. Spam, much of it pitching fake drugs and financial scams, according Symantec, accounts for 80% of all e-mail. The number of new strains of malicious programs has increased fivefold in 2007 over 2006, and about 20,000 new malicious programs are unleashed on the Web each day, according to AV-Test Labs.

Most consumers are, however, in a real and serious fog about the array of security tools they can – and probably should – use to protect themselves.

Craig Spiezle, Microsoft's director of security and privacy, says his own wife couldn't tell anyone which security tools they really ought to be using. "The big challenge we're dealing with is the volume and velocity of new threats," says Spiezle.

The thing is, though, if Microsoft actually would configure their software in a better way – we know it can be done from the likes of Linux (a system that I use for work) – people would actually have no need for such an array of security software which, again, also slows down the performance of the computers often. Especially here the performance of the older models and those with a low memory.


Because we are basically in a pandemic situation as far as consumer PC infections go that (home) PC users are left to decipher for themselves what set of security products they ought to be using and how much protection they are actually getting. No one has, as yet, figured out a business model to cure that.

There are many tools in the armory of computer security, but each will only offer narrow protection,therefore, consumers need to try to understand what each of these tools actually tackles.

Anti-virus programs fail to catch every malicious program. So keeping anti-virus subscriptions current isn't enough, though it does a great deal. Consumers must also get in the habit of quickly installing all software program updates from Microsoft (With caution, I would add there. Always do a “manual” install and choose what you want to install), Apple, Adobe, Mozilla and Java, because many contain the latest security patches.

Beyond that, consumers should consider using:

Certified e-mail: Iconix and Goodmail each sell services to businesses that assure the authenticity of e-mails sent to customers.

Iconix recently launched e-mail ID as a free program consumers can install in their Web browser. The program verifies e-mail sent from 500 companies, including eBay, PayPal, Citibank, Amazon.com and Expedia.

However, the Iconix program can also be a pain the the backside, I am afraid to say, and sometimes takes quite a while to deal with the emails. It also does not work, I have found, with email clients other that Outlook, and with only some of the Web-based services.

The best way, in most cases, as far as untrustworthy emails, phishing emails and scams are concerned, is good old fashioned common sense. If something is too good to be true it more than likely is. If someone tells you you have won a lottery that you have no idea of ever entering then it is a scam, as simple as that. Bill Gates also does not give away any of his money to the likes of you and me. So, do not forward such scam emails. They clog up the Net.

Web page scanners: These tools use varying technologies to gauge the reputation of most Web pages. Programs such as AVG's LinkScanner, ScanSafe's Scandoo, Trend Micro's TrendProtect, McAfee's SiteAdvisor and Finjan's SecureBrowsing grade Web pages as safe, unsafe or questionable.

Web scanners aren't perfect. But they provide a layer of protection against what has become cybercrooks' favorite way to spread malicious programs: via the Web. "The more layers you have, the safer you are," says Roger Thompson, AVG chief research officer.

While, once upon a time, not so long ago, I have been one of the greatest advocate of AVG and would tell everyone to get it, anyone who has read my recent article on the AVG8 program will know why I have changed my tune.

Browser security tools. Microsoft's Internet Explorer 7 (anyone using IE7 must their head examined – I was forced by something from MS to install it but refuse to use it) and Mozilla's Firefox 2 (this is the browser that cannot be too highly recommended for security and safety), the most widely used Web browsers. Both those browsers offer anti-phishing filters that alert users if they try to click to bogus websites set up to fool them into typing passwords and other sensitive data. Microsoft, however, distributes IE7 with this feature disabled, so users must choose to turn it on, while in Firefox 2's anti-phishing filter is always on.

There are no 100% solutions in security as far as computers are concerned for you tell a hacker that a system is safe and the first thing he is going to do is set himself the task to crack it. This is the same with viruses. As soon as the virus writers realize that their virus is being caught they change the code and create a new one. Only the greatest of vigilance as to what sites we visit and what email we deal with can give us some measure of safety, combined with some good tools. But, common sense is also useful on the Internet; let's use some more of it.

© M Smith (Veshengro), May 2008

1 comment:

Kotto said...

I agree that pure antivirus software as such is not enough, that is why most people now speak about complex internet security software. But taking into account common user's mentality, we should admit that "antivirus" has acquired a much broader meaning, the one of "internet security" to be more precise. So, the word "virus" also means "malware". The meaning expansion is no good for experts, but for regular surfer is quite enough.
As for phishing attacks, I would advise to use IE7 with a phishing filter on, or Firefox that also has a good built-in phishing filter. If you have a complex internet security package, like Kaspersky or Norton, you might be able to rely on their anti-phishing features. You can read more about phishing and how to fight it here.