Proactive Security

Proactive Security - Part 1

I've also called this plan "Bullet-proof Security", although it's more of a bullet-proof vest than a full suit of armor. Although I believe it's hella stout defense, I use a separate computer for online banking, taxes and business transactions. I do use my everyday computer for credit card purchases though. [see part-3]

Part 2 — Windows 7 (and Vista) >>>
Part 2 — Windows XP >>>
Part 3 — Banking, et al. >>>

Rethinking online defense:

The motivation of online attackers has morphed from graffiti to greed. International networks of skilled Internet criminals now design, sell and deploy sophisticated crimeware. Fresh attacks begin as soon as vulnerabilities become publicly known, and sometimes long before. Botnets — networks of compromised computers — are openly rented online. Exploitable data pilfered from victims is sold at commodity prices. [examples]

Reactive security programs can no longer keep up with the flood of emerging threats. There now are literally millions of new variants of malware every year. Security software vendors can no longer add new signatures (definitions) fast enough to keep up. And the malware scanners introduce new vulnerabilities of their own.

Like many others, because conventional protection was getting out of hand, I switched to a proactive, behavior-based defense. That reduces the number of security programs needed for an adequate defense, and with fewer intrusive programs to slow it down, my computer is more responsive. The proactive approach also means that I am more secure than I was before.

Why it's time to revise online defense:

The old approach is losing the war

Malware is evolving too fast for antivirus apps to keep up: "Today's for-profit malware pushers use dedicated test labs and other increasingly professional techniques to improve their chances of infecting your computer. And the techniques they employ to outpace security software makers appear to be working."
Unsafe at any speed: 7 Dirty Secrets of the Security Industry: "The certification standards confirm that devices block 100 percent of all replicating malcode. The catch is that 75 percent of malcode coming into networks is non-replicating, such as Trojans. When the standard was set, non-replicating malcode represented 5 percent of malcode. Certification means [a product] caught 100 percent of 25 percent of the bad stuff."
Anti-Virus Firms Scrambling to Keep Up: "The sheer volume and complexity of computer viruses being released on the Internet today has the anti-virus industry on the defensive, experts say, underscoring the need for consumers to avoid relying on anti-virus software alone to keep their home computers safe and secure."
Talking malware with Eugene Kaspersky: How an online security leader sees the current battle against malware.
Windows and IE are no longer the only targets: Other programs are now targets for attack -- everything from security programs to media players are vulnerable.
Microsoft Office Under Siege: "Attackers and flaw finders are pounding away at Microsoft Office applications, discovering new ways to attack millions of Windows machines."
Another approach to online security that is similar to mine: "Gizmo" Richards has also concluded that the conventional "layered" approach to security offers diminishing returns.

A new security strategy:

Proactive, not reactive

Blocking viruses and spyware by using signature-based scanning is a reactive measure. There's no way to keep signatures up to date for the new malware that's churned out every day. Some crimeware is even designed to generate a new signature for each attack. Virus scanning still has its place, but you also need something smarter.

Malware has to find a way to install itself before it can initiate harmful action. Most of these installation behaviors are well known. Why not watch for this malicious behavior instead of trying to catch every variant of the malware? If you can block installation, the malware is stymied.

There's another dimension of behavior that can be blocked too. Malware has to come from somewhere. Some websites silently install malware when you visit. Others serve up malware disguised as useful software. Why not block those evil websites?

There are now online services that screen websites for malware and other adverse behavior. The best of these services are augmented by human networks that report problem websites. McAfee SiteAdvisor and Exploit Prevention Lab's LinkScanner are prime examples of services that block malware at the website level. Firefox 3 natively blocks access to websites that are known to attack visiting computers.

If you visit the websites behind the software and services that I use in my setups, [XP] [7] you'll learn more about how they add "smarts" to security. You'll also discover that this strategy is not original with me. ;-)

Part 2 — Windows 7 (and Vista) >>>
Part 2 — Windows XP >>>
Part 3 — Banking, et al. >>>

• map of security section

• email security
• web smarts
• catalog of threats
• elements of defense
• security software
• strong passwords
• 7 steps to security
• bullet-proof security
• WiFi and hotspot security
• how to wipe your hard drive
• how to remove malware

• attack vectors: deception: the #1 threat; spam and scams; phishing; bogus and booby-trapped webpages; poisoned ads, comments, etc.; popup warnings; drive-by email; attachments; downloads; social and p2p networks; hackers and worms
• malicious content: spyware; viruses and worms; trojans

"Bureaucracy defends the status quo long past the time when the quo has lost its status." --Laurence J. Peter