Security in Layers

Security in Layers

The most common method used by most people for securing their computer against Internet threats, is to install some sort of Anti-Virus software or even a complete Internet security package, call it a day and feel protected. While this is a good starting point, and is also popular conventional wisdom, the, 'install Brand X security software package and forget it about it' approach overlooks the fact that you are solely entrusting your investment, your data and your identity to only Brand X security software maker, in other words, relying on just one hole.

“Mus uni non fidit antro.” (“A mouse does not rely on just one hole.”)

Platus

In the context of securing your computer in this era of the Internet age, where new threats are borne daily, if not even hourly, conventional wisdom is not sufficient, although, using security software is still a good and prudent defense; alone it isn't enough. With up-to-date virus signatures installed, you are generally protected against the known vulnerabilities but what about the unknown vulnerabilities? Most makers of security software today do employ heuristics for detecting unknown vulnerabilities, that is looking for specific attributes that could represent malware, but this technology is immature and marginal at best.

For the most part the security software industry is reactionary in nature. A new threat first, has to be discovered, then a signature for it needs to be created, and then passed to you via an update. There is an element of time when you were left unprotected against that new threat. Consider also, the detection abilities of a new threat vary between the many different security software makers, and no one single software maker will be able to detect every threat 100% of the time in the least amount of time.

“Anti-virus software is not completely worthless, but mostly worthless. Malware writers generally test their software against the better anti-virus engines before releasing it, to try and dodge detection"

Joe Stewart, security researcher at SecureWorks

The security in layers approach does not rely on only one hole and acts proactively against Internet threats rather than reactionary.

"It's every man for himself. In the end, it seems every machine has to defend itself. The Internet was designed that way."

Vint Cerf, the 'father of the internet' Oct. 2008

The goal of securing your computer is not to "Cure" your system as threats arise, by installing a long list of software to combat them but instead to "Vaccinate" your computer against those threats. Proactive not reactive. Just like the 'father of the Internet' said, it's every man for himself. It's ultimately up to you to be aware of the Internet threats that exist today and to take the steps necessary to protect yourself against them.

The goal of this series of articles, Securing Your Computer - Security in Layers, is to help you learn of, and how to implement methods that protect yourself and your computer. The steps covered are mainly intended for Windows XP users but could also provide insight to areas of interest for other operating systems as well.

Security in Layers - An Overview

  1. Creating a Limited User Account
  2. Implement Software Restriction Policies
  3. Hardware and Software Firewalls
  4. Anti-Malware Software
  5. Hardening Windows Xp
  6. Best practices for the Internet

Security in Layers - An Introduction

The main layer of our defense will rest with the use of a Limited User Account. This is slightly un-conventional, and sadly under used, but none-the-less a very powerful means of deterring malware.

Should malware get into our computer by an means they will not be allowed to execute because of the Software Restriction Policy that will only permit programs to run if they are located either in the Program Files folder or the Windows folder. So if you accidentally click on an email attachment that you thought to be picture, but is really an executable, SRP will prevent it from running. Software Restriction Policies do not rely on virus signatures or heuristic technology so even if your security software misses it, SRP will not.

The next couple of layers discussed will be the ones that most of you are already employing or should be employing if you're not already doing so. Amazingly, some people choose to rely on the idea that because they do little online activity they are not at risk or could not possibly be a target for malware, and as a result do not use any type of security software, this is simply unwise and not recommended.

The next layer discusses some aspects of hardening Windows Xp and keeping all your software patched.

Lastly, we will talk about some best-practices for browsing the web and handling spam.

 

Further Reading

About Limited User Accounts:

Applying the Principle of Least Privilege to User Accounts on Windows XP

Why Non Admin

Why you shouldn't run as admin...

Why rootkits and anti-rootkits are irrelevant

Email or bookmark this post -

TOP