When it comes to today's aggressive malware programs, preventing malware from ever getting on your PC is a better strategy than trying to intercept it when it tries to run.
Make sure to use a blend of different technologies(LOTS OF PROGRAMS ARE AVAILABLE) and products when you use security software, not just signature scanners. Remember, absolutely no product provides 100% protection.
You can prevent malware getting on your PC by combining safe computing practices with other techniques such as reducing the privileges of high risk programs, policy restriction progams, sandboxing and the use of virtual machines.
Reducing the privileges of high risk programs is a simple workable solution for most users. Policy restrictions offer greater security and usablity than reducing priviliges, but can slow down your internet connection speed drastically. Sandboxing, virtualization and policy restrictions offer a more complete solution but are not entirely free of practical problems. For those who can work with these problems, sandboxing, other virtualization solutions and policy restrictions offer the best way currently available to prevent malware installing itself on your PC.
With these elements in place the only active security software you really need are an inbound firewall (Windows Firewall will suffice), any good anti-virus program and a behavioral blocker. That said you can, indeed should, supplement these with periodic on-demand scans of your PC with a good anti-spyware product and a good rootkit detector. These on-demand products won't impose the on-going overhead you would incur with security software that uses active monitoring.
This set up is better security than other users who employ multiple layers of real-time signature scanners. Even better your PC will run much fast; a complete contrast to machines running multiple real-time security products.
None of this comes without cost. Defensive computing requires time and discipline. Users not prepared to put in the effort are advised to stay with a layering strategy using multiple security products.
For me, the days of running five or more active security software products on my PCs are over. So your Grandmother was right: An ounce of prevention is worth a pound of cure.
No comments:
Post a Comment