Antivirus software

Security Software: Protection or Extortion?

Now that Rick Broida has stated his case, it's time for our security advocate to weigh in. Is Rick correct to say that security apps are just a waste of time, money, and system resources? What say you, Robert?

Robert Vamosi: Why Security Software Makes Sense Today

I understand the motivations of people--like my PC World colleague Rick Broida--who say you don't need to spend money on computer security. If you have the time and knowledge to lock down your PC, then you are certainly welcome to fly in the face of the billion-dollar security software industry. But as a security reporter for the last ten years, I've seen some really scary stuff in the wild, enough to convince me that a nominal investment of $50 a year or so for a decent Internet security suite is well worth it. Besides, I don't have the spare time to be clever about my PC: I just set it and forget it.

I agree that good behavior online goes a long way toward avoiding a significant share of the malware lurking out there. If you never stray from "safe" e-commerce sites, and if you never download porn, grab free games, or gamble online, then your chances of acquiring malware are considerably lower. But recently even legit sites have been festooned with hidden iframes, each silently directing your browser to download content from who knows where.

Unfortunately, even the latest Web browsers can't detect compromised sites within the first few minutes after the attack hits. Although browsers have made tremendous strides in malware protection, in tests that I've done with Internet Explorer and Firefox, I've seen a latency of up to 1 hour before they'll report a newly compromised site as bad. Without active heuristics from a security software product, how would you know whether your favorite travel site has fallen victim within the last 10 minutes?

Rick is right to say that a network router can block a good amount of malware, and that Windows XP SP2, Vista, and 7 all have built-in firewalls for blocking inbound traffic. But the Windows Firewall is not a good defense against rogue outbound traffic. Despite what Microsoft claims, its firewalls are not true two-way firewalls; they still leave outbound ports open. Why? Microsoft Office software (Word, Excel, Access) communicates with various servers such as the SharePoint Server, so by default Microsoft makes that process easy--even if you don't run SharePoint at home. As a result, what Microsoft actually says is that its outbound firewall permissions remain open "except where excepted." Sure, I suppose I could sit down and configure my own firewall rules to block this and that; but then again, I could simply download and use the free versions of ZoneAlarm and Comodo (both of which block unusual in and out traffic) and be done with it.

I see some flaws in the claim that a router, the Windows Firewall, and a Web browser are enough to protect you. Say, for example, that some rogue software gets in through a compromised Web page on port 80. Once installed, the rogue malware then looks for a way back out of the infected PC. Every time any application tries to open a new Generic Host Server connection, my ZoneAlarm flags me and gives me the option to shut it down. Not all Svchost.exe connections are bad, mind you, but if I'm not opening new applications and ZoneAlarm prompts me out of the blue, then I'm right to be suspicious.

I have no problem with Windows Defender, but what's defined as spyware is elusive; no two companies agree. That's why it's good to have more than one opinion. Installing a non-Microsoft security product, say, the free AVG software, as a companion is a much safer choice. And, seriously, is it wise to entrust your computer's security to the one company that wrote its operating system and most of the programs that OS uses? When it comes to computer security, diversity is usually better.

As for performance, almost all security vendors are working hard to reduce the resource drains of yesterday. For example, both McAfee's utilities and Symantec's Norton products, once seriously bloated and slow, have slimmed down and sped up dramatically. Even free tools are faster today, and almost all of them now allow you to reschedule intensive scans to run in the background or overnight.

I've never had a virus (or any kind of malware) infect my computers, and thanks to a small investment of time and money, I probably never will.

Subscribe to the Daily Downloads Newsletter

Comments