Too much protection?
So, I had someone make a comment the other day:
“My IT staff are all over us about security and viruses. They keep upgrading our security, and it feels like I really have to work to get anything done anymore. Do we have too much protection?”
There are many ways to look at security. I happen to be a believer in a layered approach. Each layer has a function and purpose. Sometimes those layers seem to replicate each other, but if implemented correctly they will not adversely affect the person sitting at their desk just trying to do their job.
Take anti-virus for example. This is a security feature every computer should have, and it should ALWAYS be up to date. In a business environment, you will likely have this feature built into your firewall or another device that protects your network from the dangers that are on the internet. Does this mean that you don’t need a good anti-virus solution on each desktop computer in the company? NO! You need the protection on the computers to protect you from the times a coworker or client (we’ll call him Bob) brings in a flash drive with a file they worked on at home. The anti-virus in your network firewall does not protect you from malware that could be on that flash drive. And if Bob doesn’t have adequate protection on his home or office computer, then you would potentially be introducing a virus or other malware into your office computer and possibly the entire office network. However, with anti-virus on your office computer, it would alert you if there was something bad on the flash drive.
You can have “too much” anti-virus if you have more than one anti-virus program installed on your computer. The programs are known to occasionally see each other as a threat and then cause problems. They also all use some of the same “hooks” in the operating system to provide their security. If two or more try to use the same hook at the same time, then you have a major conflict. This has been known to cause crashes, and at the very least extremely poor performance on the computer.
“What about add-on applications that look for other threats, not just viruses, and malware,” you ask? I’ll give you my approach. It may not be the best for you and your situation, but as a consultant that goes to multiple business locations every day, sometimes locations that are known to have an active infection (the reason they called me), it is proven and works great for me.
Personally, I use a stand alone anti-virus product, not a suite. I have found the suites to be…how to put it nicely…a little heavy handed and sometimes extremely resource intensive. There are many good anti-virus products out there. Over the years I have used Avast!, Symantec Endpoint Protection, BitDefender and a few others. My current weapon of choice is BitDefender. It gets frequent updates, is reasonably light weight (meaning not resource intensive) and I have yet to see anything sneak past it, even in environments that are known to be actively infected.
To round out my personal protection, I have a subscription to Malwarebytes. This program does not look for viruses in the way a tradition anti-virus does. It targets active malware. When I go into a client situation where I know they are actively infected and I need to clean them up, Malwarebytes is able to detect in an incoming request from the source computer and actively block the activity, even before my anti-virus needs to get into the loop. This makes my computer not have to work as hard to protect itself (since the infections never get to the computer at all), and sometimes makes it easier to identify the source computer on the network.
Additionally, I make sure I have a firewall on my laptop that keeps out connections I have not specifically authorized. A firewall on each computer in a business is not always a feasible approach. It can complicate the administration of the network in many ways. If you decide to check your firewall and see that it is not on, don’t panic! Call or email your network administrator and ask if this is by design. Most of the time you will hear yes. Here is where I may get a little flack… I use third party software for all of my protections…except the firewall. Here I simply use the Windows firewall. My experience shows that this is adequate protection. In a business environment, it is also easy for you network administrator to manage and maintain policies on. I have never been a fan of the built-in anti-virus protection, but as things stand right now I am comfortable with the Windows firewall.
The answer to the original question “do we have too much protection?” is a combination of yes and no. You really can’t ever have enough, if it is done right. You can have poorly configured, poorly managed, and poorly implemented solutions. You can have too many protection programs installed. But overall, if implemented in a layered fashion where each piece does not trample on the other, you can never have “too much” protection.
As a side note: I DO NOT recommend that you test your personal computer protection by connecting to networks that you know have problems. Sometimes there are threats that can get past even the best defenses. I do this because it is part of my job. I have many years of experience and the knowledge to deal with the threats, which is why I am a consultant with many happy clients.
Techie Guru 