Security

Security – It’s all about layers

Layers of computer security.

Security – It’s all about layers
by Chris Taylor, President, Ottawa PC Users’ Group

I once heard, “The only secure computer is encased in concrete and dropped in the middle of the ocean. And even then, I am not really sure.” There is no such thing as absolute computer security; it’s all about layers. If one security layer fails, you hope another layer will provide the protection you need.

In the beginning (i.e. the mid 1980s), personal computer security focussed on antivirus. The aim was to block known bad programs from running on your computer. With few personal computers networked, viruses spread slowly. Back then, antivirus signature files were updated about once a month and that actually served us pretty well.

In the 1990s, Internet connectivity grew exponentially, as did security threats. Even Microsoft understood (albeit a little late) that more than just antivirus was needed and introduced a firewall in Windows XP SP2 in August 2004.

In January 2003, the SQL Slammer worm spread to 90% of all vulnerable hosts world-wide in the first 10 minutes after release. It exploited a vulnerability for which a patch had been available for 6 months. Vulnerability management was born in the realization that few users would, or indeed could reasonably be expected to keep all their software up-to-date with security patches.
The fundamental concepts behind antivirus, firewalls, and patch management have not changed over the years. But each has become more complex.

Blocking “known bad” with antivirus signature files is arguably essential. But now, with more than 10 million new malware variants per month (https://www.av-test.org/en/statistics/malware/), it is not enough. Antivirus programs use heuristics to catch unknown malware. More and more are using real-time blocking techniques to stop new malware before you get updated virus signature files.

To this day, the firewall built into Windows (now called Windows Defender Firewall), is aimed solely at preventing unsolicited inbound connections from getting through. It eschews more advanced capabilities, such as those found in GlassWire. While people who read GlassWire’s Cybersecurity News are likely to be able to handle issues regarding computer security, Microsoft does not want to deal with even a very small fraction of their billions of users not being able to figure out if some program should be permitted to access the Internet.

Vulnerability management has evolved. Microsoft’s Windows Update service has matured since it was introduced with Windows 98. While not problem-free, Windows Update is remarkably robust. Other vendors have added self-updating capabilities and most are quite reliable. Unfortunately, a lot of vendors don’t include automatic updating capabilities. I should add that my biggest concern is about patching security vulnerabilities, not feature updates.

Secunia Personal Software Inspector, which was bought a number of years ago by Flexera, was a wonderful vulnerability management program. PSI tracked over 20,000 programs for security vulnerabilities and patches. Unfortunately, that program went end-of-life in April, 2018. I have yet to find a good replacement for PSI. Some former employees of Secunia are building a new vulnerability management program (https://vulndetect.com/), so hope remains.

Computer security goes well beyond these technical safeguards, but I think antivirus, firewalls, and vulnerability management represent the bedrock of computer security. Every computer user should embrace all three and watch for advancements in each to keep ahead of the latest threats.

About Chris Taylor:  Chris is on the Community Review Board for SAN’s OUCH! security awareness newsletter designed for everyone, and we’re excited about his second contribution to the GlassWire newsletter!

Discussion

Leave a Reply

Your email address will not be published. Required fields are marked *