“Malware” covers a huge range of threats including viruses, spyware, ransomware and more. So, anti-malware solutions must defend on several fronts. Many include anti-spam and firewall solutions too, as these block common malware sources.
Some operating systems are more secure than others, but nothing can be 100% secure. Malware is built to work around any predictable default protections. So, whilst it’s worth keeping built-in anti-malware up to date, you’ll need more.
Essential Anti-Malware Components
So, what features should you look for in your anti-malware solution? Well, there are five that no system should be without.
The most obvious requirement is an effective, up-to-date anti-virus system. These mainly handle:
- Viruses – which need human interaction to spread
- Worms – which self-replicate. These can take down an entire network of computers without much human involvement
- Trojans – which hide malware inside files and programs that look potentially useful
These classifications mostly refer to the delivery method. Their malware payloads may do all kinds of harm. These threats evolve so rapidly that anti-virus rules need frequent updates. Ideally, these occur every hour, but should be checked at least daily.
Viruses can spread through many media. Email attachments and links put infection only a single, absent-minded click away. Just plugging in an infected USB stick can install a key-logger to steal passwords — or worse. Naturally, viruses can be hidden in downloads, too. So, good anti-virus programs integrate with email programs and browsers. This lets them provide “on-access” scanning of all drives, downloads and attachments.
Hacked websites can also be invisibly infected to install malware on visitors’ computers. Scanning links and web pages slows them down too much for most users. Still, some anti-malware solutions track known problem sites and can block some risky actions.
A firewall is a vital component of any anti-malware system. Its job is to examine the source, destination and type of data entering and leaving your machine. They block potentially dangerous data transfers by breaking the connections they’re using. Application control options extend this to limiting which programs can send and receive data.
Finally, Windows allows other computers to connect through several “ports” (data channels) by default. These “open” ports make Windows machines easy to find — and attack — across networks. A good firewall can fix this automatically.
No defence is perfect, so it’s wise to protect against the things malware does if it gets through. Unfortunately, this could include anything a hacker could do from your keyboard. However, typical ‘spyware’ behaviour includes logging keystrokes and identity theft.
So, an anti-keylogger helps to protect passwords and sensitive data. Similarly, identity protection systems track requests for sensitive data like passwords and bank details. This ensures such details aren’t sent to untrusted sites without your permission.
Ransomware hit the news big-time in 2017. It encrypts your data and offers to decrypt it for a ransom. Decryption requires a key that only the attacker has. So, please don’t ask other techies to “crack the code” — we don’t like having to disappoint you.
If you’re lucky, paying the ransom will recover your files. Criminal hackers do this often enough to keep people paying — but not always. Also, ransoms often use anonymous “cryptocurrencies” like BitCoin. These can be hard to get if you haven’t bought them in advance and can’t access your computer.
In late 2016, malware hit an individual every 10 seconds and a business every 40 seconds. In early 2017, 60% of malware carried ransomware.
So, there are several ways to mitigate ransomware attacks. Some just stockpile BitCoin and expect to pay up. However, average ransoms now exceed $1000. So, with no guarantee of getting files back, that’s a last resort. A safer option is to keep frequent, constant backups. I’ll cover that in more detail later in this cybersecurity series.
Still, even backups often lose the most recent file changes. So, a new type of anti-malware program has risen to meet the ransomware challenge. Anti-ransomware attempts to detect when and how files are being encrypted. It learns the encryption pattern, blocks the process and attempts to restore the files.
Malware often defends itself. Some disable known anti-malware solutions, so your defences must be able to defend themselves. Other malware sets up re-installation triggers in case anything disables it. Anti-malware solutions can defend against that too, so some malware goes a step further.
A rootkit effectively sits outside your operating system. When you turn the computer on, it activates first. This lets the rootkit control how the operating system starts up and limits any defences. As a result, dealing with a rootkit may need specialist help. So, any anti-rootkit features your security solution can offer are a plus.
Free vs Paid Anti-Malware Solutions
Price may not be a technical feature as such, but it’s often the main consideration. This is a mistake. Even the best free anti-malware solutions are limited in scope.
On the other hand, how much would it cost to recover if all your computers were wiped tomorrow? Now add in the cost of the disruption to your business. That’s what it would be worth spending to prevent such a disaster. Thankfully, the cost of good anti-malware solutions is tiny by comparison. So, they should be a no-brainer for any small business.
However, some solutions are more effective than others. Also, they all work at low levels in the operating system to block unexpected behaviour. This often makes combining solutions from different vendors unreliable — and it can be catastrophic.
So, it’s worth looking for a fully-integrated security suite. Several cybersecurity companies offer good, full-featured solutions. Personally, I’ve found ZoneAlarm’s solutions reliable. ZoneAlarm was the first popular, port-closing firewall for Windows. It now includes best-of-breed components like Kaspersky antivirus, too. PC Mag also recently rated ZoneAlarm Anti-ransomware as “the most effective ransomware-specific security tool”.