Page Shortcuts:

Please donate to help keep this information up to date and that way everyone will benefit.

Internet Security Overview

At Network PM it is my mission to source the best security and management applications backed by friendly, helpful, reliable and trustworthy vendors so to optimise your work processes and secure your assets. For more information about my vendors please click on the link to view a list of my vendors.

Internet security can be difficult stuff to understand, so I will begin with my conclusion and recommendation, then you can read on if you are interested in the fine details of my findings.

Conclusion

If you have access to the Internet or email you need to have excellent internet security, which includes not only protection against all forms of malware (viruses, spyware, adware, riskware, trojans, root-kits, worms, keyloggers, etc), but also a firewall and spam filter. The right choice in Internet security will help prevent your computer or files from being infected, corrupted or stolen. Consider it an investment to protect your assets.

Be aware that there is no anti-virus, anti-spam or firewall protection product that will protect you from 100% of the threats out there on the World Wide Web (the Internet). The point to Internet security is to minimise the risk of computer infection, identify theft and privacy invasion. Unfortunately there is nothing you can do to truly eliminate this risk.

When infected, your computer may experience the following symptoms: your computer may become slow and unresponsive; programs may not function properly as they once did; you might get pop-ups on screen; and your data (emails, photos, documents, etc) may become corrupt and unrecoverable or even stolen, which entails privacy concerns.

For most people and businesses, I recommend either of Eset's security solutions, NOD32 Antivirus or Smart Security, in combination with Malwarebytes' Anti-Malware. Eset as your primary automated protection, which must be licensed, and Malwarebytes as your secondary manually operated protection, which is free.

Additionally for larger businesses, I recommend disabling the firewall protection in Eset Smart Security v4 and only relying on the firewall protection in your internet modem (you may need a computer technician to turn this firewall on for you). As for spam filtering, I recommend you deploy the various tactics described later on this page or simply use Eset Smart Security's spam filter.

Findings

Anti-virus

According to AV Comparatives, renowned for their independent and unbiased anti-virus product comparisons, Eset NOD32 Antivirus, and consequently Eset Smart Security, are 2006's and 2007's all-round top performers for protecting computers from all forms of computer infections, such as viruses, spyware, adware, riskware, trojans, root-kits, RATs (remote access tools), worms, keyloggers, and potentially dangerous and unwanted programs. Eset continues to be one of the overall top performers every year. Click on the Eset links above for complete information about this protection.

There used to be once upon a time when I only had to recommend a single product to help minimise the risk of getting a computer infection, but these days there are some very tricky common infections which get passed most anti-virus products, even the best ones. This is where Malwarebytes is very useful, as it's very likely to detect and remove such infections. Malwarebytes is free to use so long as you manually update it and perform a full scan with it. Just remember to elect to remove everything it finds. Simple as that. The only times you need to use Malwarebytes is when you think you might be infected but your primary anti-virus protection can't detect any infections.

In my experience, I have proven two things:

Neither solution should be relied on by itself; and
Together they make a very effective combination.

Please don't think that Malwarebytes is all you need for protection. I emailed the maker/vendor of Malwarebytes and requested them to participate in the AV Comparatives tests, but they replied stating their product would fail the tests as it's not designed to be an anti-virus product, but rather specifically targeting spyware threats. And because it does a very good job at it, I recommend using it as your secondary protection. Either manually update it and scan with it by using it unlicensed, or purchase a license for it so you can schedule the updates and scanning to occur automatically. But if you choose to license it, please ensure you don't enable its pro-active protection as it will slow down your computer unnecessarily and possibly conflict with Eset's pro-active protection which detects a much wider range of threats. The important rule here is to only have one program's pro-active protection enabled at any one time. Pro-active protection is the first layer of protection in anti-virus/spyware products that's always ON monitoring your computer's activity for threat-like behaviour.

Anti-spyware

According to AV Comparatives, it is not worth having additional protection programs installed on your computer which are specifically anti-spyware focused. Their statement is based a test which they labelled "detection of potentially unwanted programs" performed in October 2006 that "the additional protection of an anti-spyware program isn't very beneficial".

I used to agree with the above statement for a long time, because the more protection you install onto your computer, which give you some level of automated protection, the more strain you are placing on your computer's performance (the slower your computer will become). Also the more complicated you are making it for yourself, not to mention the possibility that one program can conflict with another program if they are both providing automated protection.

However, in my experience disinfecting my client's computers, I have witnessed a growing need of more protection. The reason being, many computers seem to easily get the same sort of infections which usually get passed the protection provided by most anti-virus products, including those independently proven to be among the best. Eventually I came across one program that can detect and remove these specific infections called Malwarebytes Anti-Malware, which is categorised by its maker (vendor) as an anti-spyware product. And through experience I have proven using Eset as your primary automated protection and Malwarebytes as your secondary manually operated protection (used only when needed), you have much greater protection which will greatly minimise the chances of you requiring a technician, like myself, to do the disinfection for you.

So to clarify, I only disagree with AV Comparative's statement referring to Malwarebytes being the one and only exception (that I'm currently aware of) otherwise if it weren't for Malwarebytes I would still agree with their statement.

Anti-spam / Spam Filtering

Spam aka junk email... very annoying! My recommendation depends on your individual circumstances which I elaborate on below. But first allow me to clarify that there is no spam filtering product that is 100% accurate and there is no way to put a definite stop to spam. The point here is to avoid and minimise spam.

You can get spammed (receive unsolicited emails or junk email) for a number of reasons, such as:

Your email address is stated on a website;
You have given your email address to a website that:
- has shared or sold your email address with untrustworthy affiliates; or
- has been hacked and your email address was stolen;
You, a friend, a family member or a client has your email address on their computer which has been hacked or infected and your email address stolen.

There is a list of steps one can take to avoid and minimise spam, but not all steps are practical for everyone:

Change you email address;
Encrypt all email addresses that you have on your website;
Implement spam filtering at the mail server level;
Implement spam filtering on the affected computers.

To avoid spam, if practical change your email address occasionally, because it's probably the least expensive and possibly the least technical option. But the downside to this is telling all your friends and family of your new email address. If you're a business or expect legitimate emails from people not already on your contact list (such as clients), then avoiding spam by changing your email address occasionally is not going to be practical.

If it's impractical for you or you simply don't like the idea of changing your email address occasionally, then the only options available to you are to rely on anti-spam protection and, if you have a website which details any of your email addresses, you should consider it a necessity to encrypt the email addresses on those web pages. I recommend both of these options as the second step to take to minimise spam.

Encrypting email addresses on all of your web pages that contains them will prevent web page "crawlers", "spiders" or "bots" from extracting your email addresses from the code within your web pages. Encrypting your email addresses on your website has the purpose of avoiding spam to begin with. It's more of a preventative measure than a counter measure.

Web page "crawlers", "spiders" and "bots" are the names given to programs that are designed to navigate the Internet to scan the content on every single web page. These programs sometimes have the legitimate purpose of helping a search engine, like Google, build a database or index of keywords. But sometimes these programs have the sole evil purpose to extract email addresses from web pages for spamming purposes.

If choosing to encrypt your email addresses, be aware that some "encrypting" services are misleading as they use what's called "obfuscation" which is NOT encryption and is in fact easy to read and reverse. More importantly some bots are likely intelligent enough to "see through" obfuscation. The encryption I recommend to protect your email addresses on your web pages cannot be reversed. I'm not aware of any place that offers this service free of charge, therefore I recommend purchasing a license for Protware HTML Guardian. Once you've purchased the relevant license, you have the option to hire me to do the encryption for you at a rate of $11 per page (inc GST) since the process is quite daunting and too technical for most. This encryption is only needed on the pages that actually contain email addresses. For further information please contact Todd from Network PM.

Your next option is to enable spam filtering at the "mail server level". This is controlled by the company hosting your email, which will either be your internet service provider or the company that hosts your domain name (website). This may cost you from $0 to around $60 per year and is typically not very effective. If this option isn't effective enough, you could try increasing the sensitivity of the spam filter, but be aware that as you increase the sensitivity of a spam filter, you increase the chances of false positives. False positives are legitimate emails being incorrectly filtered as spam, and any such emails would automatically be deleted and not recoverable This is another reason why this level of spam filtering is fairly undesirable. Also note that most mail server spam filtering systems do not provide you with the option to modify the spam filter's sensitivity.

For some bigger businesses, you might be looking for a "server-level" spam filter to install to your own personal server computer at your workplace. When looking for one of these solutions, ensure it has the ability to be "taught". This feature is called "Bayesian Analysis". Without this feature, the product will be nearly as ineffective as described above. For an in-depth review of some server-level spam filters, check out the review at Network Computing. Their best scorers were:

Your last option for handling spam is to install a spam filter on the affected computers. This level of spam filtering is called "client-end" spam filtering i.e. you are the client and the spam filtering is done at your end, on your computer. There are many choices out there and you may go through half a dozen before you find one that is actually good enough. But I will save you from this pain by placing you on the right track.

With the ideal client-end spam filter, you are able to teach it so it becomes more accurate and reliable. This feature is called "Bayesian Analysis". As stated in my conclusion at the top of this page, I recommend you use the user-friendly spam filter in Eset Smart Security. But if you want something else, I recommend you try SpamBayes, which is free.

Whichever spam filter you try, assuming it has Bayesian Analysis, you'll have to spend about 2 or so weeks teaching the spam filter so it can "learn" from its mistakes and gradually become more accurate at filtering spam. Spam filters detect spam email in two ways. The first is through a basic set of rules which are by default included in the installation of the spam filter program. These are updated via program updates, which is often automated so you don't have to worry about it. The second method is by means of the "Bayesian Analysis" feature, where the user manually marks or classifies a sufficient number of emails as legitimate emails or as spam. This process "teaches" the spam filter to automatically filter similar spam messages in the future.

Firewall

While anti-virus protection, or at least Eset NOD32 Antivirus or Eset Smart Security, will help protect you from all forms of malware (viruses, spyware, malware, adware, trojans, worms, root-kits, etc), a good firewall will protect you from both human and programmed hackers which can utilise malware that may already be on your computer. A "programmed hacker" is simply a dangerous software program (malware) that is programmed, coded or designed to systematically find a way into your computer. More accurately, a firewall will prevent unauthorised access to your computer. For example, if a hacker gains access to your computer, they could steal, infect or destroy your files and operating system. Some consequences to this could be identity theft, plagiarism, the destruction of personal or critical business files, computers that are slowed to a crawl, computers that won't boot-up, and the list goes on. Whatever you can imagine is probably possible!

There are basically two features in firewall protection: inbound and outbound protection.
There are two forms of firewall protection: software and hardware.
There are basically three types of users: advanced users who are tech-savvy, basic users who aren't tech-savvy and those in-between. Which one do you feel you are?
There are two types of computer setups: single stand-alone computers and computers that are on network along with other computers.
Let's say there are basically two types of Internet access: Dial-up (slow) and broadband (fast).
Depending on your individual circumstances and your budget, the following information will help determine the best course of action for you.

Inbound firewall protection protects you from hacking attempts that originate from the internet, whereas outbound firewall protection protects you from hacking attempts that originate from an infection (virus, trojan, worm, etc) that's already on your computer. For example, the infection will try to access the internet to send your private or confidential information and files to some criminal on the internet. This generates "outbound" activity. Outbound firewall protection is sometimes called "program control". But outbound hacking attempts could only happen if your anti-virus or internet security program has missed a computer infection (virus, trojan, worm, etc). Be aware that not all outbound activity is bad, in fact, most of it is safe.

Software firewalls contain both inbound and outbound firewall protection whereas hardware firewalls contain inbound firewall protection with extremely limited, and sometimes absent, outbound firewall protection. I recommend not worrying about outbound firewall protection, or "program control", as it's too technical or annoying for most people to bother with. For those tech-savvy users who do know how to properly use a firewall's program control feature, it can be quite frustrating to deal with, which is why I don't even bother using it myself.

Software firewalls, if used correctly, and they rarely are, can be safer than hardware firewalls because they are more strict. This is because they are designed for outbound firewall protection (program control), and not just inbound firewall protection. But with this advantage comes the requirement of knowing more about the legitimate programs that are on your computer and how dangerous programs (like viruses, trojans, etc) can pretend to be legitimate programs by "hooking" into them. Software firewalls analyse every program's attempt to access the internet and if the firewall cannot determine if it's absolutely safe, which is most of the time, it will prompt you with a security alert or question that asks you something like, "Do you want to allow [program name] to access the Internet", and you have to know whether it's safe to answer "allow" or "deny".

Most users answer "deny" when they're not sure how to answer. In this case "deny" is the safer option but this could easily cause a legitimate program to not function properly, because by answering "deny" you forbid the program in question from accessing the Internet. So if you then notice a program not working properly you'll need to navigate through your software firewall's user interface and look for the list of programs you have denied access to the Internet and manually set it to "allow access". But this will be quite a daunting process for most users, and furthermore, unbelievably, some firewall program's are not designed very well and will require you to reinstall it to resolve the issue.

But there's good reason behind the "program control" feature in software firewalls, that is, dangerous programs, like viruses, trojans and worms for example, that are intelligent enough to get passed your anti-virus protection, will try to establish access to the Internet from your computer to send your private or confidential information to a criminal somewhere on the internet. If this happens the software firewall will hopefully question that program's attempt to access the Internet and ask you to "allow" it or "deny" it. It's on these occasions that you must know to "deny" it.

As mentioned in my conclusion, I recommend Eset Smart Security's firewall protection as it can operate on 3 modes to suit all types of users:

"Automatic" mode, the user-friendly mode, where the firewall will not ask you all those technical security related questions, but instead just a couple of basic ones.
Technically put: the firewall will automatically evaluate all network communications. This will allow all standard outgoing connections and block all non-initiated incoming connections. This mode is suitable for most users and I use this mode myself.
"Interactive" mode, which will ask you those security related questions like, "Do you want to allow [program name] to access the internet?".
Technically put: the firewall will evaluate all network and internet communication attempts based on the rules which have been defined for it. For communications where no rules have been defined, the user will be asked which action should be taken. This mode is suitable for technical users who have the patience and advanced knowledge of firewall programs. Furthermore, if you wish to use the program control feature of a firewall program, I recommend using the free Comodo Firewall as it does a lot better than Eset Smart Security's program control feature according to Matousec tests.
"Policy-based" mode, where the firewall will evaluate all network and internet communication attempts based on the rules which have been defined for it. For communications where no rules have been defined, the communication will be denied. This mode is suitable for corporate environments whose internal technical support wish to enforce extremely strict access to the internet. It also requires a great deal of time to perfect the policies that govern the computer's internet or network access.

Sadly, if you have dial-up internet access your only option is to use a software firewall because dial-up modems aren't sophisticated enough to contain a hardware firewall like broadband modems do. In which case, again I recommend Eset Smart Security's firewall as it caters for all types of users.

A hardware firewall is often built-in to your broadband modem and never asks you questions because they are not designed with outbound firewall protection (program control) in mind. In other words, they don't block programs on your computer when they attempt to access the Internet. This is why hardware firewalls are not as safe as the best software firewalls. However you can customise your hardware firewall to block usage of certain ports in order to prevent dangerous programs that are already on your computer from accessing the Internet and passing out any information stored on your computer, but this is quite pointless as explained by Internet.com as there are 65,000 virtual ports and you can't predict which ports dangerous programs will use. As long as you have one of the best anti-virus programs protecting your computer, such as Eset NOD32 Antivirus or Eset Smart Security, then there's already only a low chance of your computer becoming infected to begin with. The point I'm making here is, I recommend not worrying about outbound firewall protection (program control) because most people don't know how to use it properly anyway, even some tech-savvy users.

A good hardware firewall is one that contains:

Stateful Packet Inspection (SPI);
Denial of Service (DoS) protection; and
Network Address Translation (NAT).

Don't accept anything less. This is a must for a computer network. If you have broadband Internet access, then ensure your broadband modem comes with a built-in firewall with SPI, DoS and NAT. For example the Netgear DG834 for both a corporate computer network and a single stand-alone computer. Be aware that the built-in firewall of some broadband modems are disabled by default, so either try to get your provider to enable it for you, try it yourself by following its instruction manual, or pay a professional computer technician to do it for you.

Safer still would be to have both hardware and software firewall protection. But I deem it unnecessary to have both. One or the other is safe enough. And finally, remember there is no way to actually eliminate the risk of your computer getting infected or hacked, no matter how great your internet security is. So a good rule of thumb is to always try to exercise caution.

Finally, that's firewall protection over and done with.

Please donate to help keep this information up to date and that way everyone will benefit.