søndag, oktober 05, 2008

Personal Computer Security (Antivirus and Firewalls)

A great world of confusion drives the world of personal computer security. First of all I will discuss the Windows PC computers.

The need of a personal firewall:
While security companies don’t really want to tell the truth so that they can earn a lot of extra money on all the components and solutions you don’t need. I am here to help and confuse you. (Of course a lot of people might not agree to what I am saying, but this is al based long time experience)

First of all: Most normal users have no need for a personal firewall. Why? Because while before users hooked up to the Internet through dial up modems, today there is almost always a router with NAT functionality between. A NAT functionality is not the same as a Firewall but most of these boxes will have the possibility to run a basic firewall as well.

Even with only the NAT function you will greatly surpass outside attacks. Even if I don’t think it is strictly needed utilize the build in firewall function to get even more security as it can work both ways. Remember if you use it to tweak it to allow all the services you need to use. These basic firewall though will probably only work on port level so they will be useless to intelligent attacks from the inside.

So with no personal firewall how do we stop the attacks from the inside? Again depending on the quality of the personal firewall it might not be able to detect cleverly hidden attacks from the inside. Some of them will do however to mixed extend.

As a user however it will be up to you to allow the firewall rules. For many users, maybe most of them this can be a tedious and difficult process as its hard to know what are legal traffic and what is not. So again, many users with personal firewalls end up blocking important services and/or allowing malicious connections.

So how do we stop this threat if I say that we do not need the FW? When you are a personal user and not a Company who do you thinks represents the threat? Actual hackers sitting in a remote destination trying to get in to the system? Well sometimes it might be, but for most cases it is mass software based threats. Viruses, spyware, intelligent hackingtools, botnets and all kind of other Malware. What kind of software is it that deals with this? Different security packages like antiviruses, anti-spyware, botnet removers and etc.

Which means these software packages have been optimized to deal with the threat that you still think you need a FW for.
Final question here is. Do I still use personal firewalls? Occasionally.

Malware attacks
In the later years, I would say since around 2k3 antivirus and other malware removing packages have had a real hard time. This is because the nature of modern exploits has been moving swiftly to a new degree and the security software companies has a hard time to keep track.

I don’t know how many times I have seen that supposedly fully capable security packages are unable to stop a known virus attacking as well as removing it. When did it become acceptable for a security package not to be able to do its job? Often a user has to spend days, weeks to fix its computer often in the result of a complete reinstall.
It completely pisses me of that the security packages are such in a bad state and nobody does anything with it. Often I have resorted to Panda Antivirus which has a special capability of removal but lately again this has not been enough.

One day one security package is awesome, the next day the threat picture changes and it is rendered useless in the fight.
This means we as users are up to a new time of war, one that we can not win as even if we try to protect our computers the best we can, the software that are supposed to deliver the capability does not live up to its reputation.

And to be honest I have no solution for this.

One thing I think is very important for you users to think of for the future though is to have some software that are able to hinder the most modern type of attacks and specially browser based attacks.

The other option is to switch to LinuX, Unix or Mac OSX. While there will be times of malware and antivirus attacks on these systems as well, it is not now, and it will never be as many.

Ingen kommentarer: