I don’t know about you, but I’m no longer surprised when I hear of a massive data breach. Hundreds of millions of personal account credentials have been stolen in 2016 alone, and we’ve seen a 29% increase in data breaches since 2013. The number of new malware variants detected consistently rises, and we see increasingly sophisticated permutations of dangerous code affecting home users, businesses, and industry alike.
Yet we still find some users blindly wandering the Internet with the bare minimum of protection installed, almost willing malevolence into their computer. Why is this? Are there conflicting opinions confusing us as to the best security practices for our home computers? I’m going to examine a couple of commonly misconstrued security statements I’ve heard, and help you make the right security decisions.
I Only Use “Nice” Websites
Here, I am talking about the way you use the Internet. How you negotiate websites, your awareness of basic and common scams, and where you’ve an increased exposure to malicious behaviour that you can easily negate.
There are obviously numerous sites associated with malicious activities, drastically increasing the potential of your system picking up something unwanted. Logic tells you this list includes pornography and other NSFW content, warez, keygen, and cracking sites, piracy sites offering free downloads of popular subscription content, and so on.
While this type of thinking is certainly correct in some ways, intelligent purveyors of malware realized long ago that this just wouldn’t serve enough malware to enough individual systems to make their efforts worthwhile. Instead of porn, malware moved to international shipping logistics. Instead of free film downloads, malware moved toward niche food and drink blogs.
You’ll see from the above Vertical Risk of Web Malware Encounters figure that in 2014 websites relating to the pharmaceutical and chemicals industries were far more likely to provide a malware encounter than when visiting a website relating to utilities.
To clarify: an encounter is when malware is detected and blocked, rather than a straight up compromise, where a score of 1 represents an average risk to users. The below image illustrates malware encounters by region.
Recent years have seen malefactors take advantage of the dynamic content delivery systems supplying much of the advertising to the myriad websites we visit. Instead of hosting the malware on the website itself, the malware is “hidden” in the advertising. Malvertising campaigns are a persistently growing threat.
Vadim Kotov, Senior Security Researcher at Bromium, estimates that “last year alone, there were malvertising attacks on more than a quarter of the Alexa 1,000,” many of which were silently infecting hundreds of thousands of computers around the world. A separate report released by Cyphort (report requires email sign-up) claims that malvertising infection rates rose by 325% from 2014 to 2015, as more and more malware developers seek to cash in on the expansive new market.
Malvertisements present a new issue that many popular premium and free antivirus solutions are only just beginning to wake up too, so it lies upon other security practices to stop these issues before infection.
Antivirus Doesn’t Do Anything Anyway
This has to be one of my favorite statements. Or this parallel: “Antivirus software doesn’t catch actual viruses. What it does is increase your level of paranoia, slow your computer down, and stop you using it effectively.” It is a commonly cited opinion, but fundamentally misguided when weighed against factual evidence, the testimony of thousands of experts, and the actual reports of billions of users.
The problem can lie with incorrectly configured antivirus software, or perhaps antivirus that has not been kept up to date. Similarly, another old (but really horrifically wrong) antivirus adage is that of using multiple software suites to build a super-antivirus wall, when literally the opposite is true.
Antivirus cannot catch everything, and there is no software suite in existence with a 100% detection and removal rating. Why? Because viruses are constantly evolving! Just like their biological counterparts, their creators tweak and modify code to maintain their chance of sneaking in, under the radar.
So What Do I Do?
In 2016, it isn’t about having a single solution. It is all about optimizing your security applications to provide maximum coverage, and there is no single security application that will keep you 100% safe.
We are lucky in that while there are a seemingly gargantuan number of threats attempting to get in, we’ve enough options to build an excellent defensive wall around our computers. But while your antivirus is good at catching certain attacks, you need another line of defense before that. You’ll need:
You need a good antivirus. Numerous free options are available, or you can spring for a premium option if you so desire.
Sophos Home is looking like a good choice at the moment, regularly receiving high scores for malicious URL blocking and antiphishing, as well as good scores for general malware and virus detection and removal.
Avast Free Antivirus 2016 also scores highly at a range of independent labs, with almost universally high scores in malware blocking, malicious URL blocking, and antiphishing. Avast also comes with a range of bonus features, such as a password manager, but not all of these features are fully effective.
Your Windows installation does come with Windows Defender, and the latest iteration for Windows 10 has scored higher than in previous years. However, many security experts consider Windows Defender to be a baseline of security other antivirus suites should aim to beat — and if they cannot beat it, you shouldn’t be using it.
This forms another protective barrier between you and those attempting to gain access to your computer. There are a massive range of script management addons and extensions available for all of the major browsers, and Microsoft Edge is slowly catching up with the rest. These addons manage the content accessed within your browser, and can block some of the malicious scrips set primed to inject when you access a website, accidently click upon an errant advert, or indeed, malicious links disguised as functional buttons. Consider installing some of the following:
Tracks and alerts you to a range of threats including malicious cookies, bugs with known vulnerabilities, as well as tracking beacons and pixels. Ghostery will display a list of trackers you can manually (or automatically) choose to block, limiting the number of potentially malicious content providers you might be connected with.
Offers you greater control over how and where your personal information is shared with the numerous dynamic content delivery systems. Disconnect saves time and bandwidth, and generally provides an ever-so-slightly faster browsing experience. The browser add-on comes with an easy to understand interface, and you can turn certain requests off or on as you see fit.
Disconnect is also available as a desktop installation, coming with more features, as well as offering a Pro and Premium version.
UMatrix offers a new, visual approach to blocking certain types of content you access through your browser. Instead of the normal drop-down menus and searches for hidden settings, uMatrix provides an easily navigable grid containing information on each website you visit, the content it is serving you, what scripts are in action, and much, much more.
One of the most useful features of uMatrix are hostname block lists. These extensive, individually curated lists block a huge number of known and active malware servers, older malware servers, and known malicious URLs. There are additional block lists available for download, but the integrated ones offer an excellent additional layer of protection for your system.
Browser extension Web of Trust will not directly block any malicious scripts or content arriving on your system, but it does provide a useful insight into the perceived status of a website as decided by other Internet users. You can also contribute to the welfare of your fellow Internet users by flagging similarly unreliable websites.
Once installed, a small circle will appear alongside URLs returned in search, and links within pages. You’ll see a nice green circle for highly rated sites, and a horrific red circle for those with less-than-perfect reputations.
However, this is community curated, and while the developers and other users are relatively quick to reassign any false ratings, it can still be gamed to lead you to a malicious site. Be aware!
In a similar vein, ScriptSafe offers a simple but effective method of controlling the scripts active in your browser, with a relatively easy to navigate interface.
When Will I Be Safe?
If you install and update your antivirus, install a script management add-on in your browser and select some of the integrated block lists, and generally consider where you’re clicking, on which website you’re visiting, where you’re getting your downloads from, and generally consider the reputation of the websites you’re visiting — then you’ll be in with a fighting chance of keeping your system safe.
You might hear people say “I browse the Internet with no protection,” and some of them might be okay. But with the advent of serious ransomware infections demanding payment and encrypting files, would you really take that chance?
I know I wouldn’t.
What is your current security combination? Do you have any apps our readers might benefit from? Let us know below!