Some basic security questions

[Thump553]

My solo business computer recently got infected with malware which took me quite a lot of time and effort to clean up (if it is cleaned up). I eventually reformated and restored my system from scratch, reinstalled everything and didn't copy back any data until it had been virus screened as well as malware screened by two programs-malwarebytes and superantispyware.

My OS is 32 bit Vista Home Premium. System needs are modest, mostly word processing and browsing.

Right now I have one computer directly connected to a DSL modem, running McAfee suite provided by ATT and Macrium Reflect as backup software. My questions:

1) Would MS Security Essentials II be a step up, a step down or roughly equivalent to what I'm using now?

2) Would adding a router (and its firewall) improve my security substantially (don't foresee any other need for a router here).

3) Out of curiousity why don't antivirus programs detect or stop malware? Until this infection I had no idea about the distinction and I think I'm more computer savy than the average user. It was tech support at McAfee that led me to Malwarebytes, ironically enough. The file that caused the infection was on my computer for several years with antivirus running constantly, including when it was downloaded. Neither Norton or McAfee never did anything about it despite many, many full scans.

 

[Chiefcrowe]

1) It depends on who you ask but i think MSE would be a step up. It certainly seems faster to me.

2) Best practice is to use a hardware router/firewall on your system.

3) Sometimes malware is created/updated at a much faster rate than AV or antimalware software so it gets through. Also, there are a lot of 0 day exploits out there that sometimes people don't know about and are used to get into systems.

 

[fredbeard1301]

1. IMHO Anything is a step up from McAfee but I use Avast if you're interested. MSE is nice but it doesn't have the same detection rate as Avast and in fact MSE is much lower.
2. A router and software firewall is a great combination. The router hides your system(s) from outside attacks and the software firewall detects the outgoing buggers.
3. See #1 Avast has all the bases covered and it's free. It has scored higher marks than Norton and McAffee for 2 years running. If you're someone who trusts something they actually pay for than I suggest G-Data. I know it's not as popular as Norton or McAfee but it has higher detection rates, lower false positives, and a very high malware detection and innoculation.

I hope this helps ya!

 

[wheresmybacon]

My solo business computer recently got infected with malware which took me quite a lot of time and effort to clean up (if it is cleaned up). I eventually reformated and restored my system from scratch, reinstalled everything and didn't copy back any data until it had been virus screened as well as malware screened by two programs-malwarebytes and superantispyware.

My OS is 32 bit Vista Home Premium. System needs are modest, mostly word processing and browsing.

Right now I have one computer directly connected to a DSL modem, running McAfee suite provided by ATT and Macrium Reflect as backup software. My questions:

1) Would MS Security Essentials II be a step up, a step down or roughly equivalent to what I'm using now?

Provided you're getting the latest signatures and program updates, both of these suites are fine. You aren't hurting yourself with either choice.

2) Would adding a router (and its firewall) improve my security substantially (don't foresee any other need for a router here).

Unless your DSL modem has built-in NAT functionality, adding a hardware router is an absolute must. Attaching directly to a modem with no NAT is suicide from a security standpoint. Find out if you're running NAT - do an ipconfig from a command prompt and check your IP address. Typically, the first 2 octets will be 192.168. If they're something else, odds are your modem isn't running NAT.

3) Out of curiousity why don't antivirus programs detect or stop malware? Until this infection I had no idea about the distinction and I think I'm more computer savy than the average user. It was tech support at McAfee that led me to Malwarebytes, ironically enough. The file that caused the infection was on my computer for several years with antivirus running constantly, including when it was downloaded. Neither Norton or McAfee never did anything about it despite many, many full scans.

It's a good question, and I don't have an answer. My prediction is we'll see more and more products in the future that are one-stop shops for virus and malware detection and removal, but unfortunately right now they seem to be different tools for different jobs.

 

[Gamingphreek]

1) Would MS Security Essentials II be a step up, a step down or roughly equivalent to what I'm using now?

McAfee consistently scores one of the lowest in Antivirus benchmarks. Additionally, it takes a significant amount of resources even while sitting idle. MSE is a great program - up there with NOD32. Unless you are doing a managed anti-virus setup (Which you aren't), there is no reason not to use MSE.

2) Would adding a router (and its firewall) improve my security substantially (don't foresee any other need for a router here).

It is very very disturbing that you aren't using a firewall already. I apologize if this seems harsh; however, that is reckless and irresponsible of you. If you have a computer system, it is your responsibility to protect it to the best of your ability. Operating a computer in this manner is one way that botnets are formed.

Whatever you do, enable some sort of Firewall right now! Whether you go to a Firewall/Router combination with NAT, Software Firewall, or Dedicated Firewall, just do something

3) Out of curiousity why don't antivirus programs detect or stop malware? Until this infection I had no idea about the distinction and I think I'm more computer savy than the average user. It was tech support at McAfee that led me to Malwarebytes, ironically enough. The file that caused the infection was on my computer for several years with antivirus running constantly, including when it was downloaded. Neither Norton or McAfee never did anything about it despite many, many full scans.

Well you have to think of this from a programming perspective.

First off, in order to detect malicious code, you have to have a signature. If nobody has created one yet, then you can't detect it. In other words, you can only defend against what you know.

Second off, different heuristics are used by the various A/V Software Suites. Some are more effective (NOD32) and some are not (McAfee).

Third off, any competent piece of malicious code:
A. Obfuscates itself in some way shape or form
B. Dynamically generates its functions
C. Covers its track in some way

Defense, *generally speaking* plays catch up with respect to Offense in IT. Manufacturers can only do so much. The rest depends on the user - right now you have:
A.) Left you computer WIDE OPEN without a FW
B.) Claim to have had a piece of malware on your computer for 1+ years
Once again, I know this sounds harsh, but if you don't feel that you are competent enough to manage your own security, you should have someone else manage it for you. Having a piece of Malware on your computer for a year merely hammers the whole "botnet" argument home even more.

32 bit Vista Home Premium

Reinstall with 64 Bit Windows 7 or 64 bit Windows Vista- both of which are more secure than the 32 bit.

-GP

 

[Thump553]

Thanks for the responses all. Gamingfreak: I have always been running with a software firewall, either the Windows native one or Norton's or McAfee's. What disturbed me is that what turned out to be the infected software went through many scans of either Norton or McAfee without any detection. If I had known it was malware obviously it would have been gone a long time ago.

I think I'll end up switching to MSE II and adding a router for the additional hardware firewall.

One more question-again from a fairly ignorant viewpoint about the ins and outs of security: I understand that virii, etc. are continually being developed and you must update your scanning software to stand a chance. What then is the advantage of a "hardware" firewall-which I assume never updates?

 

[Gamingphreek]

Thanks for the responses all. Gamingfreak: I have always been running with a software firewall, either the Windows native one or Norton's or McAfee's. What disturbed me is that what turned out to be the infected software went through many scans of either Norton or McAfee without any detection. If I had known it was malware obviously it would have been gone a long time ago.

I think I'll end up switching to MSE II and adding a router for the additional hardware firewall.

One more question-again from a fairly ignorant viewpoint about the ins and outs of security: I understand that virii, etc. are continually being developed and you must update your scanning software to stand a chance. What then is the advantage of a "hardware" firewall-which I assume never updates?

I'm very glad that you were running a Software Firewall. I was getting worried the more I typed the last message before I knew that

Norton isn't bad but they haven't been leading the A/V Charts of late. McAfee is a lost cause (Unless Intel can fix them up). I understand there is only so much you can do above and beyond that- what I thought was the lack of any Firewall was fueling that last post still

MSE would be a good fix. Running a router with NAT and a Firewall is a good decision. Make sure to format your computer before you connect to the router-- cleaning is an inexact science to say the least.
------------------

I think you are confusing the purposes of a Firewall and Anti-Virus software.

• 
  A/V Software is a reactive security measure which cleans your computer in the event that malicious applications are introduced to the system.

• 
  A Firewall is a proactive security measure designed to manage inbound or outbound connections to a given network.

Consider the following systems:

• 
  No A/V. No Firewall.

• 
  A/V. No Firewall.

• 
  A/V. Firewall.

If I were attempting to compromise System A, I would be able to follow regular internet traffic in (or open up any given port) on the computer to receive my malicious code (Lack of Firewall). From there, that malicious code is neither identified during storage or execution and I am able to run the code thereby compromising the system (Lack of Antivirus).

On System B, I obviously would be able to get the code on there. If there was a signature out for my A/V software and the software was able to detect that code, then it would follow some sort of a rule to neutralize my malicious code during storage or execution.

On System C, I wouldn't be able to get the code to the system in the first place thereby preventing the second stage of my attack from ever occurring.

(*Note: This is covering a very basic example and doesn't guarantee security on a given Network/System)

Hopefully that helps you out a little bit - If you have more questions, don't hesitate to ask. Everyone here is more than willing to help!

-Kevin

Edit: Let me also say that the benefits of a Hardware vs. Software Firewall are a bit more complex. In short; however, for your purposes a Router/FW combo is more than sufficient.

 

[Chiefcrowe]

Another thing you should Strongly consider is to run your computer with a limited user account. This helps a lot for stopping malware since it won't even be able to execute for the most part!

 

[lxskllr]

I don't want to be /that/ guy, but your stated needs are a good match for Linux. That would reduce your (effective)virus exposure significantly. Linux isn't the answer for everyone, and it doesn't replace good security, but it's worth considering.

 

[jarplpn]

i have avast and think it works great had norton when purchased computer but did not renew was not happy with it;s performance

 

[alkemyst]

MSE and knowing where you are surfing to are two major things.

What I have found is most business machines that get infected end up having a torrent software on them and / or porn/pirated music/movie sites in the history

Without knowing what the actual malware was it's hard to say why it wasn't caught. Also having malware on a machine doesn't mean it was necessarily running.

Many A/V are setup and a full scan is never ran. The quick scans can easily miss stuff off the beaten path.

 

[NetGuySC]

You should really check our Anandtech's resident security expert's (mechBgon) website, This site simply demonstrates how to secure your pc, mostly using what is built into your computer already.

http://www.mechbgon.com/build/security2.html

 

[Thump553]

Thanks NetGuySC, that guide is chock full of information and very readable. Definately bookmarked.

 

[Lanyap]

Google your DSL modem model. Most have built in firewall and DHCP server. Adding a router may not really help with malware.


If you get the paid version of Malwarebytes it will allow you to run real time with your AV instead of on-demand for the free version.

 

[Thump553]

Google your DSL modem model. Most have built in firewall and DHCP server. Adding a router may not really help with malware.


If you get the paid version of Malwarebytes it will allow you to run real time with your AV instead of on-demand for the free version.

Hey, timely look at this thread-I had planned to run out at lunchtime to buy a router. My dsl modem is a Seimens Speedstream 4100 and according to the manual it does have a firewall within it. I'm having a bit of trouble reaching the configuration page for the dsl modem to check it out. Manual says go to http://speedstream, that gets me nowhere. http://192.168.0.1 gets me to the SBC Connection Information Page with a tab for Remote Accesss. I'll try that when I feel braver/more foolhardy.

I ended up going with MS Security Essentials which I think has real time malware detection-doesn't it?

EDIT: Ignore most of the above-a little further googling lead me to a statement that the ATT version of my modem doesn't have a firewall. Will pick up a router and install it to be on the safe side.

 

[Gamingphreek]

Hey, timely look at this thread-I had planned to run out at lunchtime to buy a router. My dsl modem is a Seimens Speedstream 4100 and according to the manual it does have a firewall within it. I'm having a bit of trouble reaching the configuration page for the dsl modem to check it out. Manual says go to http://speedstream, that gets me nowhere. http://192.168.0.1 gets me to the SBC Connection Information Page with a tab for Remote Accesss. I'll try that when I feel braver/more foolhardy.

I ended up going with MS Security Essentials which I think has real time malware detection-doesn't it?

EDIT: Ignore most of the above-a little further googling lead me to a statement that the ATT version of my modem doesn't have a firewall. Will pick up a router and install it to be on the safe side.

MSE supersedes Windows Defender takes care of all Adware/Malware detections.

-Kevin

 

[gsellis]

I also recommend modifying your local host file (windows\system32\drivers\etc\host.) from the following site.

http://someonewhocares.org/hosts/

It kills a lot of sites that either have annoying popups, are known malicious sites, and some that are vulnerable to malicious attacks that can infect you. The only negative is that if you do not update it at least quarterly, you will get logon popups as some site names in ads change and then try to forward you to a 'localhost' setting.

Remember that a firewall only protects you from malicious, directed attacks and worms for the most part. Your behavior is what trottles a lot of it.

And MSE 2 with Malwarebytes is a good 1-2 punch, at least for me.