Anti-Malware and Firewall
Windows Vista, Windows 7 & Apple's OS X: Yes, Vista, Windows 7 and OS X are operating systems, but they are designed from the start to be more secure than XP. I find many are upgrading to Windows 7 or shifting to Macs for security reasons.
The original Windows operating systems were designed with all doors wide open. You had to know enough to close the doors you did not need - if you could find them. Windows XP was so heavily patched it became difficult to rebuild a system. There were 2,267 "fixes" to XP across Service Packs 1, 2 and 3 (SP1, SP2 and SP3).
(DOWNLOAD the worksheet with all the patches listed)
Vista and Windows 7 start with most doors closed and add Wizards and other easy to use tools to open doors as needed. Windows 7 has made great strides in creating an environment less prone to attacks.
(Full Story - Windows 7 Security Assessment...)
Early Firewalls focused on keeping bad stuff from getting into your system. However, there was little protection on what goes out prior to Windows 7. Outbound Security has been addressed in Windows 7.
(Full Story - Vista Outbound weakness...)
What about Apple? Though less prone to attack, the lower number of malware incidence appears more a function of market share than Software design. So, the Mac OS X may no longer provide safe haven according to a recent article. (Full Story - Mac vulnerability...)
My overall experience with Vista over the past years has been favorable. I own a Compaq desktop running Vista. I also own a system running Windows 7. Vista seems to be more stable and secure than XP. I support Vista systems and have had only three suspected viruses.
Windows 7 is very secure and runs as lean as a clean install of XP. Microsoft seems to have it right on this one. There are still compatibility issues at the hardware and software level. Watch for Quickbooks issues specifically. The firewall is very strong.
It is true that it takes more experience than the average home user possesses to integrate Vista or Windows 7 into a home network with existing XP systems and older printers. Print and file sharing takes more know-how than XP but it is this reluctance to share that also seems to make it less vulnerable to intrusions. Windows 7 adds a feature that makes it easier to securely share if all the systems are running Windows 7. It is called the HomeGroup.
Windows 7 is easier to setup if the machine is compatible. Newer machines generally are Wndows 7 friendly but check before you invest.
A utility is available from Microsoft to check if your machine is Windows 7 compatible. Download the Upgrade Advisor Tool from Microsoft onto the machine you wish to upgrade. Call us if you have any problems with the tool. Limited phone support is free.
It is fairly easy for users to navigate Vista or Windows 7 if they know XP. It is under the hood that Microsoft has moved a number of technical tools around. This made it hard at first to do tasks that were routine on XP. Once found, each decision to relocate appeared based on sound reasoning.
A clean install of Windows 7 is supposed to run as fast as a clean install of XP. Vista has some inefficiencies that are addressed in Windows 7. I have installed Windows 7 on a number of machines and find the installation to be well designed.<
Networking mutiple Windows 7 machines together is very easy. Adding XP and Vista machines into the mix can be tricky. Call us if your having trouble. I will be glad to help.
G-Data: I just removed this from my system. Through a process of elimination using Process Explorer, I discovered G-Data was causing the system to run near 100% CPU usage. It ran fine on my system for 9 months. I suspect some update at some time in the last few months triggered the change in behavior. I only just got around to troubleshooting the issue. I am not saying G-Data will cause the same problems on your system. I am just taking it off the recommended list (updated 8/2/2011)
Microsoft Security Essentials: This is a FREE COMMERCIAL Anti-Malware offering from Microsoft. Microsoft Essentials is the only top rated free anti-virus available for commercial use. It installs quickly, efficiently and has the power of Microsoft behind it. It is an extension to the Windows Firewall rather than something to replace it. I let it slip past my radar scope until recently. I have been impressed with its non-Microsoft like qualities - simple, resource friendly and free.
But in the AV-Test results it was rated below average on Protection for Windows 7 - the most important feature. The results for XP and Vista are not yet available for Quarter 2. It ranked below AVG in Protection but above it in how effective it was to repair an infection and usability. The highest rated in the AV-Tests overall was from Panda Security. I have no direct experience with Panda Security products but plan to test one soon.
And now you can run Essentials on up to 10 business PCs (Oct 8, 2010).
Augmented AV-Test Results
Read the MaximumPC Review of Security Essentials (Apr 14, 2010).
AVG: This is a good FREE NON-COMMERCIAL anti-virus package for home use. It does a good job of protecting against viruses but is not thought by some to be as strong at removing them once they are installed. The free license is not valid for dedicated business systems. The free version is too limited anyway for the type of automation required for business critical systems.
AVG Internet Security 2011 is out now. I have not tested AVG Internet Security 2011. The SafeSearch feature adds a green check-mark icon to each Google result if it is deemed a safe site to surf. This does not guarantee safe surfing. I recently got my first virus in many months from a site I found describing odd facts about the world. I followed a link from another site to the infected site rather than finding it through a search directly. The virus was slick. It went around AVG and Spybot while they were alerting me to the threat! Four hours later I was back to normal. Always keep a current system backup.
I do not use AVG for commercial use. I ordered a "Network" version for a client two years back that turned out to be for Terminal-Server instead. It was my error in not reading more carefully. I was unable to contact a human to correct the problem. Emails were never returned. I have not tried them since as a commercial product. In 2009 I had another chance to work with them and was not impressed.
Kaspersky: I have had good success with this product for commercial users. I was attracted to it by the loyal following of technical fans and by the user claims of improved performance over products by McAfee and Symantec. The installation is clean; documentation sufficient; protection solid. It also deploys well on small networks.
A TechWorld article from January 2010 states:
"In traditional detection tests performed by AV-Test.org, this Russian-made program detected 97.27 percent of known malware samples, lackluster when compared with the performance of some competing apps we tested, which caught 99 percent or more of the threats. It fared better in heuristics tests that gauge how well a program protects against new malware with no known signature. At a time when the bad guys crank out astounding numbers of malware variants to evade traditional signature scanners, such proactive protection is more important than ever. Here Kaspersky came in third with a 66.83 percent block rate."
Norton (by Symantec): This is by far the best known anti-virus and firewall software. It is well suited to small business especially with the new 360 product that covers up to three systems with one license.
A TechWorld January 2010 article gave it mixed reviews:
"In traditional detection tests using known Trojan horses, spyware, worms, and other baddies, Norton successfully detected 99.5 percent of samples from AV-Test.org. That's a good showing, but other apps did even better, leaving Symantec's entry in a middle tier sixth place in this category.
Norton dropped toward the bottom in heuristic tests designed to simulate a security program's ability to ward off new and unknown malware. It blocked only 42 percent of two week old signature files and newer malware, the second worst showing in the bunch. But it did much better in behavioural analysis (which identifies malware based solely on how it acts), identifying and blocking 9 out of 15 samples, for third place. And it correctly removed the same number of files based on its behavioural analysis, better than any other app.
Norton's throughput of 9.26MB per second for automatic scans of files as they're opened or saved put it squarely in the middle of the pack. But it did a superb job of dealing with rootkits, blocking and removing all ten samples of this type of stealth malware."
I have not had a great deal of experience with Norton 360 and nothing unfavorable to date. Previous versions of Norton have used enough resources to slow systems down noticeably. I have seen figures as high as 19%.
Also, the Internet Security package needs expert assistance at times to convince the firewall to allow through needed traffic. It is unclear how necessary the firewall part of the package will remain in the Vista and Windows 7 environments. These operating systems have fairly strong firewalls built in.
McAfee: This is the second best known anti-virus and firewall although it rated poorly on the AV-Tests for 2010 Q2. I have had the opinion for some time that it was less of a resource drain than Norton. This is not based on any scientific trails. Previous versions have been fairly intuitive to use. I have no direct experience with the latest version. For further comparison see this PC World article.
ESet NOD32: This is a package being sold at MicroCenter. I had it installed at one time on the compter I am using to type this message. I have found it to be a solid performer. I dod not have a virus while it was installed...but then again I am pretty careful surfing. I removed it to install G-Data when my annual subscription elapsed.
According to an April 23, 2007review in PC World : " NOD32 has the best proactive protection by far, but its overall malware detection is second-tier, and it has an overly technical interface."
A TechWorld article from January 2010 found it wanting, however.
"NOD32 lagged behind every other program we tested when it came to detecting known malware with signatures. Against AVTest.org's huge store of known Trojans, spyware, and other malware, its block rate of 94.8 percent was decent, but strong performance from the majority of the apps we tested has raised the bar."
"BitDefender has excellent malware detection and a good price, but it adds a noticeable (though not show-stopping) system slowdown."
Sun Microsystems is promoting a FREE alternative to Microsoft Office that really works. I am most familiar with version 2.0. I use it on my main office XP and Vista systems. The latest version at this writing is 3.2.1. Keep checking here for updated reviews.
The suite can read and write MS Word, Excel and Power Point. It also has a somewhat weaker drawing program and a database. It is important to change the options to default to saving documents in MS Office formats (.doc, .xls,...) and not the native OpenOffice formats (.odt, ...). You lose some formatting capabilities but the portability is well worth the change. You can always choose the format during each save dialog and select the native format if needed. HINT: Make the changes to the defaults in the
Tools-->Options dialog available from any of the programs in the suite.
Office Write: This is the alternative to Word. It does a good job of reading and writing most Word files. It is not as strong on inserted graphics - scaling, cropping and annotating. It has a different interface for mail merge functions that is better in some ways - not as good in others. If you are familiar with Word, it takes little training to use the basic package. Expect more extensive trial and error re-training to use the more advanced features.
Office Calc: This is the alternative to Excel. It does a good job of all the basic spreadsheet tasks I use. I have not done extensive macro development. If you have needs that sophisticated, it may be best to go with Excel just to eliminate any doubts. Some of the keyboard short-cuts are different but overall you will feel quickly at home.
GIMP: This is a unique FREE bitmapped or raster graphics creator and editor. It does not do vector graphics. Its most obvious uniqueness is the way it opens separate independent windows on the desktop. This unusual interface makes sense once you get used to it. It can even create animated GIF files like those used on web banner adds. The animated result is a little more grainy than commercial products like ULEAD, but is good for simple tasks, proto-typing, training or hobbies. It can also be programmed and run in "batch" from the command line as a scheduled task. There are add-in or plug-ins available for all sorts of tasks. It will run under Windows 2000 or above as well as many Apple and UNIX systems.
One of my hobbies involves taking recordings of family members talking about their history, editing the recording and creating CD's for the rest o the family. I have also taken old reel-to-reel tape recordings of Christmas gatherings and converted them to CD. Here are some of the tools I use.
Audio Recorder Pro and MP3 Splitter & Joiner: This simple Recorder does a good job of recording from several sources. It helps to have a pre-amp between the source and the recorder to adjust tone and volume. The companion splitter is used to create tracks for the CD so the listener can more easily skip forward and back.
Nero Burning ROM and Wave Editor: I use version 6.0 of this popular suite of products. It could probably handle the recording and splitting tasks but "we like what we know"! The Wave editor is great for adjusting the volume. It can get static out of old recordings but leaves an artificial sounding voice pattern. It is best to use the pre-amps analog filtering capabilities whenever possible. The burner allows projects to be stored so that complex combinations of tracks can be assembled once and burned time and again with very little effort.
Wireless networking is going through a major shift in standards to the new N-Type known as the IEEE 802.11N standard. The real data throughput is at least 100 Mbps, with the possibility of even higher raw data rate at the physical layer (PHY), and should be up to 5 times faster than 802.11a or 802.11g, and perhaps 25 times faster than 802.11b in mandatory modes of operation. It is projected that the new N-Type also offers better operating distance and full compatibility with current WLANs.
There are two competing proposals of the the new N-Type standard, expected to be ratified: WWiSE and TGnSync. Though there are already many products on the market based on Draft 2.0 of this proposal, the TGn workgroup is not expected to finalize the amendment until December 2009. ( see IEEE 802.11n ) ( see 802.11n White Paper )
The hardware is out now and the price differences are minimal. Early performance reports were not impressive (May 2006). An October 2007 review was more upbeat:
"This year's products -- representing the latest from Belkin, D-Link, Linksys, Netgear and SMC -- with a few exceptions, did much better in the interoperability department, and we occasionally saw performance better than the best of last year's crop. It's clear, though, that we still have a long way to go to get to interoperability levels on a par with those common in 802.11g and 802.11a deployments" ( full NetWorld article )
I have no direct experience with a full N-Type environment. Here are some test results from ExtremeTech.com that may be useful.Similar to the reviewers I have had good success with the D-Link Rangebooster products. They are good price/performance choices.
Remote Management tools allow one PC to remotely control or manage another PC over the internet. This can be over the local LAN inside an office or from anywhere in the world.
These are used by vendors for remote support and, in one case, for a supervisor to monitor and assist employees in a call center.
GoToMyPC: This is one of the best known services for remote management. It has a free trial period offer after which it becomes a monthly paid service. It has a number of option for business that make it suitable for more complex environments.
LogMeIn: This is a newer service that offers a limited product for free that provides much of the functionality of GoToMyPC without the monthly charge. It also offers a premium paid service. I have experience with both GoToMyPC and LogMeIn and prefer LogMeIn in most small environments.
TeamViewer: This is a free service for non-commercial use. It allows remote control to be initiated by both parties using a Session ID and a password. This is good when a friend or family member needs help with their computer but you have not loaded GoToMyPC or LogMeIn on their systems. These older services have commercial versions to allow ad-hoc remote control but they are a bit costly for the home office.\
TightVNC: This is a free utility that is well suited for a LAN. It can be used to remotely control your office PC from home, but the security issues are problematic at best and there is a FREE solution in LogMeIn. It is fast to load and easy to setup on a LAN. It can run as a service independent of the user logging on to the local system.