Monday, June 30, 2014
I'm the on-call tech guy for family members, and most of my "repair" jobs involve clearing out malware infestations. You know the kind: hijacked browsers, rampant pop-ups, seriously impaired computer performance.
The irony is that there's usually some kind of security software running on their machines, be it McAfee, Norton, or the like. But after hearing me mutter under my breath about PEBKAC errors, I get the inevitable question: "Well, what security software do you use?"
Crazy? Crazy like a fox, thank you very much. This has been my modus operandi for years, and I swear on a stack of Wikipedias I've never had a single issue. No viruses, no spyware, no rootkits, no browser hijacking. No identity theft, no keylogging, no trojans.
Have I had to reset passwords following database breaches like this one? Of course. But that's beyond my control. What I can control is my own PC and how I interact with the Internet. After nearly a decade of running virtually no third-party security tools, here's the score: Broida, 1; Hackers, 0.
I realize this flies in the face of conventional wisdom, which insists you don't even boot your PC unless it's running a comprehensive security suite. Meh. I'm fine with it in principle, and obviously some users need it, but I balk at both the cost and the performance impact (though both have decreased admirably in recent years).
How do I get away with this online offense, this browser blasphemy? There's no trick to it; it's just a simple trick.
My computer runs Windows 8, as secure an operating system as Microsoft has ever released. That's right, I said it. (Windows 7 was nearly as good, and I lived securely in it for years.) In addition to its built-in firewall, the OS offers anti-virus protection in the form of Defender (formerly the standalone Security Essentials), plus SmartScreen for protection from malware and phishing scams. Internet Explorer also provides plenty of safeguards against hijacking and the like, though I'm a Google Chrome user.
Speaking of which, all modern browsers -- IE, Chrome, Firefox -- employ robust security features of their own, and let's face it: your browser is the gateway to many, if not most, infections. Chrome, for example, will warn you about suspicious sites before letting you through to them, and its sandboxing helps prevent malware from "escaping" one tab and infecting all the others.
And that's it. Seriously. Between Windows, my browser, and my router (which has its own firewall, natch), I'm good. But there's one small add-on I do use, if only to buffer myself against momentary lapses of caution, and that's Web of Trust. It vets the search results displayed by Google and other engines, the idea being to prevent you from clicking through to a site that might be unsafe. Speaking of which...
Very often I find myself scratching my head, wondering how my relatives end up with such nasty incursions when I'm sailing along unscathed. The most likely answer: they're allowing it to happen, albeit unknowingly.
The two main culprits, in my opinion, are unsafe links (like the kind found in phishing e-mails) and spyware-infested downloads. One click of the former can steer you to a site that, just by viewing it, installs malware on your PC. As for the latter, many software sites are rife with ads masquerading as download buttons. You innocently click one, thinking you're downloading a particular program, but when you go to install it, bam: malware city.
I feel especially guilty about this kind of thing, as I have occasionally steered users to freebie-software deals embedded on pages like these. Despite what I think are clear instructions, some folks invariably end up clicking in the wrong place.
The moral of the story, of course, is "look before you click." Whenever possible, mouse over a link to see where it's actually going to take you, and if the URL differs from what you'd expect, don't click. Likewise, steer clear of splashy "Download" buttons; very often the program you're after is accessible via a hyperlink, not a button.
Also, learn to recognize spam when you see it. Mail services like Gmail do a great job filtering out most of it, but sometimes an errant bit of junk gets through -- and very often it's a phishing message that can lead you to trouble.
Oh, and for heaven's sake, stop trying to download pirated music and movies. It's not only illegal, but also a surefire way to end up with malware.
Let me be clear: I'm not recommending that everyone ditch their security software and do like I do. I'm merely telling you what has worked for me. The simple combination of built-in security tools and some common-sense caution has kept my computers secure for years -- and for free. How do I know for sure? Every so often I run Malwarebytes Anti-Malware Free. Never so much as a blip.
My questions for you: what security software do you use, and has it been effective at keeping malware at bay? When was the last time it caught an incursion, and under what circumstances? Do you think I'm being an unsafe netizen, or are you intrigued by my approach?