The winning security model

Introduction

It’s 2007, and malware is technically more sophisticated than ever before. Many of us have had first-hand encounters with spyware, viruses, worms and other malicious programs and sensibly made the decision to take appropriate measures to protect ourselves. Malware is so widespread now that even those lucky few who have not had an infection should seriously consider implementing Internet security measures. You need something reliable that encompasses as many risk areas as possible and will keep you safe online without getting in your way.

But where should you focus your search for that solution - antivirus, firewall, security suite or something else? That’s our main focus in this article - how to select the best combination of tools to address today’s threats. It’s designed to help you make an educated choice by showing you, through short video demonstrations and simple descriptions, how today’s malware infections work and why this should guide your decision-making process.

The modern threat landscape

It’s no secret that being online is fraught with danger these days. New types of threats are popping up every day; old malware gets upgraded and continues to represent a huge risk. With the increase in the numbers of malware writers and their increasing proficiency, it’s harder than ever for researchers to keep up. The gap between the number of malware writers and the number of virus hunters is widening and cannot be closed by ingenuity alone. Populous countries like China, India, Brazil and others are contributing scores of hackers to the worldwide malware underground; these individuals quickly master the skills needed to create mass-distributed malware attacks. Traditional anti-malware research operations simply don’t have the human resources to dissect and create signatures for every individual threat these armies of new malware writers produce.

Security in theory

Essentially, a computer is reliably protected against the majority of threats if the following fundamental requirements are met:

1. Proactive protection elements. These include Host Intrusion Prevention Systems (HIPS) and their close relatives activity restrictors, behavior analyzers, OS protection tools and privilege escalation barriers, as well as firewalls and other solutions that preemptively challenge threats that attempt to activate or propagate on a PC.
2. Reactive protection elements. These include traditional antivirus and anti-spyware solutions, as well as other signature-based and heuristics-based products.
3. A basic understanding of safe computing practices on the part of the user. This might include knowledge of key OS functions, how files and programs interact, how to keep software updated, and other safe online behavior widely available on security portals such as this one.

Let’s expand on these core elements a little.

1. Proactive protection is by no means a silver bullet - like anything else, it can be susceptible to creative circumvention techniques - but it does help to stop malware in its tracks without the need for the precise identification techniques used by reactive signature-based approaches. In practice, and as you will see in the upcoming video clips, proactive protection alone is capable of blocking up to 80% of all malicious activity on a PC. The downside (there’s always a downside - security is an ever-changing landscape of trade-offs between safety and usability) is a significant number of alerts and action prompts, which can be intimidating to a less experienced user. So it’s not unsurprising that the major cause of failure in proactive protection is incorrect user response, either from lack of knowledge or from the user complacent in the face of a barrage of alerts that often do not indicate any real threat. Outpost Firewall Pro and Outpost Security Suite Pro address this issue with the ImproveNet system, which automatically supplies the appropriate response based on real-world data.
2. Reactive protection is not dead yet. Antivirus and anti-spyware programs remain a formidable barrier against malware. They are the best tools to turn to if you want to remove an infection or check a file for validity before executing it for the first time, and they are of course very reliable at detecting existing threats. It’s the increasing number of new threats that limit the effectiveness of these more traditional solutions, and for this reason many people resort to using multiple different solutions, which can have a significant impact on system performance without necessarily increasing the detection factor. Outpost Security Suite Pro incorporates a unique combination anti-virus/anti-spyware engine with incremental scanning that minimizes the amount of system resources used to perform effectively.
3. A basic understanding of safe computing practices is vital. Some say that the best security tool is a person who intelligently uses his/her computer, is knowledgeable about existing security risks, and adheres to safe standards, and this is largely true. However, every worker needs good tools like those described above to ensure the best protection.

Security in practice

Like all things, the proof of good security practices is only proved when you begin to use them, so we’ve tested out the above theories in real-life situations. A fully patched Windows XP system is subjected to typical activity such as browsing the Internet looking for interesting new digital toys, then downloading and executing a variety of programs. We also experiment with managing spam. Each activity is conducted with and without security in place on the PC.

You can see video clips of each of these activities on a special web page here. We hope it serves as a useful illustration of how important it is to have protection that is both reactive (antivirus/antispyware) and proactive (host protection). Don’t forget to leave us your comments on the blog!