Multi-layered Computer Security

Thomas Zucker-ScharffSenior Data Analyst
CERTIFIED EXPERT
Veteran in computer systems, malware removal and ransomware topics.  I have been working in the field since 1985.
Published:
Updated:
If you are like me and like multiple layers of protection, read on!

First let me explain that I am extremely paranoid about computer security issues and computer backup issues.  This means that I only feel safe if I am running unknown programs and visiting unknown sites in a virtual machine.  In that way, if anything happens, I simply exit the virtual machine and delete to the last saved image.  But since most people do not run VMs, I thought it would be a good idea to delineate the best way to harden your computer against malware (malicious software includes, but is not limited to, virii, adware, malvertising, BHOs, ransomware and just about anything else that gets onto your computer which you didn't want there).

  

So how can you prevent these things from wreaking havoc on your computer?  There are several steps you can take.  The first thing anyone should do is install a good Antimalware application.  An antivirus application is good, an Endpoint Protection application is better.  So what is the difference between AV apps and EP apps?  There are some basics, many AV applications only prevent virii, while EP apps include

 

  • website malware protection
  • protection against potentially unwanted programs (PUPs)
  • protection against potentially unwanted modifications (PUMs)
  • general malware protection
  • rootkit scanning/protection
  • unwanted adware protection 

 

Looking at this list one would think that you wouldn't need anything else, but that would be incorrect.  First protection against PUMs is all well and good, but it isn't really robust even in the best of the endpoint solutions.  This is also true with rootkit detection.  Even the best of the EP solutions don't do as well as the standalone rootkit detectors.  What about keyloggers and programs that make your computer into an internet bot (one of many machines that reports back to a command center host and, many times, unknowingly disseminates malware)?


How can I protect myself?

How can you protect yourself against these perils and against the current spate of ransomware?  I will tell you how I do it and let you draw your own conclusions.  

   

  • The first thing I install on any machine is a good endpoint protection suite.  I prefer Malwarebytes Pro (remember you get what you pay for - yes the free version is good, but if you want constant protection, pay the minuscule amount of money and get the pro version).
  • Next I install WinPatrol Plus.  This app has been around a long time and has gotten a lot better with age.  It monitors certain default locations and files you specify for changes and asks you if you really want that change made.  It also has some great other features like a delayed startup.  If you keep an eye out you can get it on sale (I got 3 copies for 0.99 each some time ago).
  • I install an alternate hosts file from MVPS.com, which remaps all currently known malware sites to 127.0.0.1, which is your computer.  So if you click a link that would take you to one of these sites, you'll get an error message instead (assuming you aren't running an http server with a mapping for 127.0.0.1).
  • If you are afraid your computer may get botted, you can install the free RUBotted from Trend Micro.
  • To protect yourself from ransomware (see this article), you should install something like Cryptoprevent (free or Premium), Hitmanpro.Alert, Cryptoguard, Umbrella - for networks, or check this page for a toolkit. (all of this is discussed in more detail in the article on ransomware, as is multilayered security) 

 

Using more than one solution

You can even use more than one AV/AM software suite! But there is ONE caveat, never run what most applications call on-access scanning (scanning files as they are accessed or downloaded) from more than one suite.  The reason for this is simple and logical.  When more than one AV/AM is running on-access scans, they may see each other as performing suspicious activity and end up quarantining or deleting (depending on your settings) necessary files.  If you just DISABLE on-access scanning in one of the software suites, you won't run into that kind of trouble.

  

On one machine I had at home, I ran Microsoft Security Essentials (MSE) with on-access scanning turned off and Malwarebytes Pro (with rootkit scanning turned on - another tidbit of information is that by default this setting is off).  I also switched out the host file and made the registry changes that Cryptoprevent does automatically for you.

 

My solution

I have only ONCE had any malware problems on either my home or work machines (knock fake wood).  The biggest problem any of us face is what has come to be known as the ID10T error (if you don't already know, that means the end user, denoted by leet for an idiot, is the problem).  The one time I did have a problem on one of my computers, the home one; it was due to a drive-by infection served up by malvertising when my wife visited a legitimate site on a browser installed on our laptop.  I bring this up because that was before I installed several pieces of software to prevent that happening again.  Since installing the software mentioned above, I have had no problems at all.

  

Thank you for reading my article, please leave valuable feedback. If you liked this article and would like to see more, please click the Yes button near the: Was this article helpful? at the bottom of this article just below and to the right of this information and/or the thumbs up icon.

  

I look forward to hearing from you. -  Tom - twitter @cyberdad

0
1,454 Views
Thomas Zucker-ScharffSenior Data Analyst
CERTIFIED EXPERT
Veteran in computer systems, malware removal and ransomware topics.  I have been working in the field since 1985.

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.