Protection against viruses, spam, Spyware, etcetera, etcetera, etcetera, is
becoming even more critical as time goes by. I am running MS XP Professional
(SP2), but am uncomfortable in relying solely on MS products and technology for
protection. But, the number of products out there today, claiming to be able to
provide same, seems to be expanding exponentially, so:
- How does one go about deciding on what product to use in removing the vermin
and protecting against future infections?
- What criteria (aside from price) could (or should) you use in making one’s
decision and product selection?
- Would a bundled application (all defenses in one) be necessarily more
effective than several standalone products?
- Finally, is there some location on the Web where one could find truly valid,
independent assessments/reviews of products out there today?
A number of good questions that I think a lot of people share.
If we’re paying attention at all, we’re constantly getting told “protect
yourself!”. Great. With what? There’s a ton of crap out there, to put it
bluntly, how should you decide what to buy?
I’ll tell you how I decide.
Become a Patron of Ask Leo! and go ad-free!
I’m going to take your questions in reverse order.
Is there some location on the Web where one could find truly valid,
independent assessments/reviews of products out there today?
I’m a huge believer in reputation.
By reputation, I don’t necessarily mean that the products you see everywhere
are the ones to use. Rather, I mean that when you do a little bit of research,
these are the products that real people recommend.
Unfortunately I know of no single location I would turn to for that
information. Rather, I’d be looking at several different sources from which to
draw my own conclusions.
The data for your research can come from a variety of places. For example I
chose my anti-virus solution based on a very simple recommendation:
Microsoft’s. When I left the company in 2001, Computer Associates eTrust
Anti-Virus was the Microsoft-internal anti-virus solution distributed to all
employees for installation on company machines and with license (and even
encouragement) to take home and install on machine that might remotely connect
to the corporate network. Given the target that Microsoft is, and was, that
seemed like a pretty strong endorsement. And indeed, I’ve been using it ever
since and been exceptionally happy with the product.
Research naturally also includes mainstream tech and PC publications, like
perhaps cnet.com or pcmag.com. In addition, frequently consumer publications
such as Consumer’s Reports will also review the current state of products. I
tend to be just a little skeptical, and in fact in quickly researching current
recommendations for this article I find that I don’t necessarily agree with
some of their conclusions. So I typically wouldn’t rely on them for my only
source of information, but they’re a great start to at least get a sense of the
products that are available.
Another good resource turns out to be many retail stores like Amazon that
allow product reviews to be posted on their sites. You’ll frequently see a lot
of feedback on any given product that you might be considering. While no
product ever gets 100% positive feedback (you can’t please everyone), you can
quickly get a very good sense of whether a product is valuable, or simply too
risky to consider.
There are thousands of web sites on the internet that provide a forum for
discussion, and there you’ll often find strong opinions as well. The problem
here is once again identifying those sites that are legitimate and not pushing
an agenda of their own. Sites like lockergnome.com, daniweb.com spywareinfo.com
and others are often both great reference sites, as well as discussion forums
containing the opinions of many knowledgeable users.
So if there’s not one place, and all of the above (and others) won’t agree
on what the “best” is, how do you decide?
I look for trends. If more people complain about product A than B across
multiple sites and sources, then I’d lean towards product B.
Would a bundled application (all defenses in one) be necessarily
more effective than several standalone products?
In my fairly strong opinion, no.
I base that primarily on the four+ years of problem reports and feedback
that I’ve received here at Ask Leo!. It just seems that the combined suites
cause more problems and miss more malware or security issues that a well chosen
set of individual solutions.
My theory is that the suites start with a really good single
product – say an anti-virus solution. In order to create a suite of the
manufacturer then buys or creates what I can only assume are second-rate
additional components, like an anti-spyware solution or firewall. The net
result is that they don’t integrate well, and while one component my have you
protected from one form of malware, another won’t do as well.
There may be good suites out there, but my personal opinion right now is
that you’re better off selecting individual solutions.
What criteria (aside from price) could (or should) you use in making
one’s decision and product selection?
Well, I’ve already spoken about reputation. That’s number one, in my
I also believe in sticking with popular and well known brands. For any of
the solutions you’ll quickly see the same names over and over again. That’s a
good thing. If after seeing all those names repeatedly you’re suddenly
presented with some solution you’ve never heard of, it’s time for some heavy
Many products include subscriptions. By that I mean that in order to keep
your database of malware up to date you’ll need to pay an annual subscription.
I’m not going to argue pro or con on this just yet, only to say that be sure to
realize that it may happen, various products will have different requirements
and prices, and then factor that into your decision.
And finally, the basic stuff: make sure that the product’s system
requirements match your system’s capabilities.
I’ll also add one disrecommendation: if you suddenly find yourself
faced with a popup that says something to the affect of “you’re infected, click
here to download our product to fix it”, DON’T! Any kind of
add or pop-up that looks like a warning and that directs you to a specific
product or website is simply not to be trusted.
How does one go about deciding on what product to use in removing
the vermin and protecting against future infections?
So far we’ve talked about my approach to specific product selection, but
just what products do you need?
Here’s the short list:
- You must have a firewall of some sort. Software or hardware
matters less than just making sure you have one in place.
- Anti-virus protection. At a minimum a product that you can configure to scan
periodically, and perhaps one that includes real-time protection, for example
scanning as you download files.
- Anti-spyware protection. While it seems like viruses and spyware are kinda
sorta the same thing (and they kinda sorta are), the fact is that they are
different in many respects, and the best approach to detect them is quite
different. Hence, a separate anti-spyware tool is a requirement as well.
I’m also assuming some common sense here – things like don’t execute
attachments you don’t know are safe – but that’s not something you can purchase
at your local computer store.
So what do YOU run?
You didn’t ask explicitly, but a real quick shortcut to deciding all this is
to find someone you trust, and just do what they’re doing. In some ways that’s
how I arrived at my anti-virus solution, as I described above.
So, on the chance that you might trust what I’m doing, here’s what keeps the
computers at Ask Leo! world headquarters safe:
- CA Anti-Virus 2008 (I’m actually
running older versions, but this is the current equivalent.) On most computers
it’s configured to scan nightly, though on some where the risk is perhaps a
little higher, real-time scanning is also enabled. This is a subscription
product, and to me worth it.
- Microsoft Windows Defender is my
anti-spyware solution. It’s free.
- My NAT router is my firewall. There are no software firewalls enabled on
most of my computers. When I travel I use the built-in Windows firewall, which
sometimes gets left on by mistaken when I return home with no ill effects.
And that’s it. Well, that and the other steps outlined in my earlier article
Internet Safety: How do I keep my computer safe on the
internet? Things like keeping Windows up to date, understanding physical
security, and so on.
And that whole “common sense” thing as well. It’s not as common as we’d like