Most people I talk to (when it comes up at cocktail parties) are concerned about their online safety and security. So it caught my attention when I saw the headline,Google Security Expert Criticizes Meaningless Antivirus Excellence Awards. It seems that Verizon has been certifying products as “excellent” for having the ability to, well, run:
Some of the certification “criteria” included the likes of: “Enable and disable the Detection of Malware” (which is a basic start/stop button for the scanning process), “Retrieve and apply the latest Engine and Signatures over the Internet” (the antivirus must be able to update itself), “On-Demand Detection” (the antivirus must start a scan when you press a button, or a new file is detected), and “Report no false positives” (well, duh!).
The expert, Travis Ormandy also says, “All of the major security vendors are using ancient codebases with no awareness of modern security practices, it’s still hacking like it’s 1999.”
Is it safe?
In my reading, there is general agreement that virus and malware protection programs should be the last line of defense, not the first. The burden falls on you, dear user, to make intelligent choices in your online behavior. Some of these include:
- Don’t download and install programs from the Internet unless you really, really, really trust the site you’re downloading from. Downloading from Microsoft or Adobe is OK, as long as you verify that you’re actually on the correct site. (Hint: click the padlock icon in the browser address bar to check the site’s owner.)
- Don’t even visit sites that offer downloads of copyrighted material. (You can wait until the last season of Downton Abbey shows up on Amazon.)
- Stay away from online porn (You’re better than that, aren’t you?)
- Keep your operating system and programs updated to their latest versions. Use automatic updates whenever possible.
- Don’t open any email attachments unless you know the person who sent them.
- Don’t click on any links in emails without checking to see where they go. (Move the cursor over the link and its URL will be displayed.) Apply a “reasonableness test” here. Order confirmations from companies that you’ve never heard of are especially common.
Can you do more? Sure you can.
The above are about changes in behavior. Next are some additional steps you can take that require a bit more effort:
- Use a password manager to create a different, secure login for every online account you have. I use LastPass, which is free for personal use on desktops and laptops (and cheap for mobile devices). The security of knowing that all of your accounts have strong, individual passwords is worth the minor hassle of learning a new software program.
- Use multi-factor authentication for your most important accounts (Gmail, banking, Facebook, etc.). These systems add an extra authentication step after entering your username and password, often a code sent to your phone. More and more sites are making this option available.
- If you frequently use a laptop at public WiFi hotspots, install web proxy software that encrypts your connection, whether or not your favorite cafe provides secure WiFi. I use a Chrome plugin called ZenMate (free if you only use the browser extension).
- Make the Chrome browser your default. Chrome has numerous safety features built in, including showing you a warning message before you visit a site that is suspected of containing malware or phishing.
A final, more radical step (and one that I’ve adopted) is to use the Internet on a Chromebook or other Chrome OS device. Because Chrome OS can’t install software in a traditional sense, it is almost completely resistant to malware. File storage is “in the cloud” and all files are automatically virus scanned before being saved. In the unlikely event that the system becomes corrupted, the “power wash” feature resets the computer to a clean state – including all of your programs and settings – in a few minutes. I’ve even switched to using a “Chromebox” for my desktop work computer and only rarely fire up my Windows box. (Bonus benefit: the thing is practically silent, unlike my old tower computer which is like sitting next to a small vacuum cleaner.)
If you have any questions about specific suggestions, leave them in comments and I’ll be glad to answer them as best I can.