+44(0)1633 276003 [email protected]

Anti-malware solutions“Malware” covers a huge range of threats including viruses, spyware, ransomware and more. So, anti-malware solu­tions must defend on several fronts. Many include anti-spam and firewall solu­tions too, as these block common malware sources.

Some oper­ating systems are more secure than others, but nothing can be 100% secure. Malware is built to work around any pre­dictable default pro­tec­tions. So, whilst it’s worth keeping built-in anti-malware up to date, you’ll need more.

Essential Anti-Malware Components

So, what fea­tures should you look for in your anti-malware solution? Well, there are five that no system should be without.

1. Anti-Virus

The most obvious requirement is an effective, up-to-date anti-virus system. These mainly handle:

  • Viruses – which need human inter­action to spread
  • Worms – which self-rep­licate. These can take down an entire network of com­puters without much human involvement
  • Trojans – which hide malware inside files and pro­grams that look poten­tially useful

These clas­si­fic­a­tions mostly refer to the delivery method. Their malware pay­loads may do all kinds of harm. These threats evolve so rapidly that anti-virus rules need fre­quent updates. Ideally, these occur every hour, but should be checked at least daily.

Viruses can spread through many media. Email attach­ments and links put infection only a single, absent-minded click away. Just plugging in an infected USB stick can install a key-logger to steal pass­words — or worse. Nat­urally, viruses can be hidden in down­loads, too. So, good anti-virus pro­grams integrate with email pro­grams and browsers. This lets them provide “on-access” scanning of all drives, down­loads and attach­ments.

Hacked web­sites can also be invisibly infected to install malware on vis­itors’ com­puters. Scanning links and web pages slows them down too much for most users. Still, some anti-malware solu­tions track known problem sites and can block some risky actions.

2. Firewall

A firewall is a vital com­ponent of any anti-malware system. Its job is to examine the source, des­tin­ation and type of data entering and leaving your machine. They block poten­tially dan­gerous data transfers by breaking the con­nec­tions they’re using. Applic­ation control options extend this to lim­iting which pro­grams can send and receive data.

Finally, Windows allows other com­puters to connect through several “ports” (data channels) by default. These “open” ports make Windows machines easy to find — and attack — across net­works. You can read more about how to block open ports here, but a good firewall can fix this auto­mat­ically.

3. Anti-Spyware

No defence is perfect, so it’s wise to protect against the things malware does if it gets through. Unfor­tu­nately, this could include any­thing a hacker could do from your key­board. However, typical ‘spyware’ beha­viour includes logging key­strokes and identity theft.

So, an anti-key­logger helps to protect pass­words and sens­itive data. Sim­ilarly, identity pro­tection systems track requests for sens­itive data like pass­words and bank details. This ensures such details aren’t sent to untrusted sites without your per­mission.

4. Anti-Ransomware

Ransomware illustrationRansomware hit the news big-time in 2017. It encrypts your data and offers to decrypt it for a ransom. Decryption requires a key that only the attacker has. So, please don’t ask other techies to “crack the code” — we don’t like having to dis­ap­point you.

If you’re lucky, paying the ransom will recover your files. Criminal hackers do this often enough to keep people paying — but not always. Also, ransoms often use anonymous “crypto­cur­rencies” like BitCoin. These can be hard to get if you haven’t bought them in advance and can’t access your com­puter.

In late 2016, malware hit an indi­vidual every 10 seconds and a business every 40 seconds. In early 2017, 60% of malware carried ransomware. If you need more stats to get your col­leagues to take ransomware ser­i­ously, check out this post.

So, there are several ways to mit­igate ransomware attacks. Some just stockpile BitCoin and expect to pay up. However, average ransoms now exceed $1000. So, with no guar­antee of getting files back, that’s a last resort. A safer option is to keep fre­quent, con­stant backups. I’ll cover that in more detail later in this cyber­se­curity series.

Still, even backups often lose the most recent file changes. So, a new type of anti-malware program has risen to meet the ransomware chal­lenge. Anti-ransomware attempts to detect when and how files are being encrypted. It learns the encryption pattern, blocks the process and attempts to restore the files.

5. Anti-Rootkit

Malware often defends itself. Some disable known anti-malware solu­tions, so your defences must be able to defend them­selves. Other malware sets up re-install­ation triggers in case any­thing dis­ables it. Anti-malware solu­tions can defend against that too, so some malware goes a step further.

A rootkit effect­ively sits outside your oper­ating system. When you turn the com­puter on, it activates first. This lets the rootkit control how the oper­ating system starts up and limits any defences. As a result, dealing with a rootkit may need spe­cialist help. So, any anti-rootkit fea­tures your security solution can offer are a plus.

Free vs Paid Anti-Malware Solutions

Price may not be a tech­nical feature as such, but it’s often the main con­sid­er­ation. This is a mistake. Even the best free anti-malware solu­tions are limited in scope.

On the other hand, how much would it cost to recover if all your com­puters were wiped tomorrow? Now add in the cost of the dis­ruption to your business. That’s what it would be worth spending to prevent such a dis­aster. Thank­fully, the cost of good anti-malware solu­tions is tiny by com­parison. So, they should be a no-brainer for any small business.

However, some solu­tions are more effective than others. Also, they all work at low levels in the oper­ating system to block unex­pected beha­viour. This often makes com­bining solu­tions from dif­ferent vendors unre­liable — and it can be cata­strophic.

Conclusion

So, it’s worth looking for a fully-integ­rated security suite. Several cyber­se­curity com­panies offer good, full-fea­tured solu­tions. Per­sonally, I’ve found ZoneAlarm’s solu­tions reliable. ZoneAlarm was the first popular, port-closing firewall for Windows. It now includes best-of-breed com­ponents like Kaspersky anti­virus, too. PC Mag also recently rated ZoneAlarm Anti-ransomware as “the most effective ransomware-spe­cific security tool”.

This article is part of a cyber­se­curity series that began here. Don’t miss the next part! Use the form in the sidebar to sub­scribe to email alerts for new art­icles