-------------------------

Part 3 - The Anti-Virus Conundrum

One of most common defenses I hear from clients when I tell them I have discovered that a virus is cause of their "problem" goes like this: "But I'm using an anti-virus. I've always had one! The man in computer shop put it on for me".

The Man In The Computer Shop, by dint of fact he is "in computers" and speaks all that jargon stuff, is perceived as an Expert Who Can Be Trusted. I mean, do you argue with your plumber about pipe diameters and flow rates? Do you quiz your electrician about safe electrical loads? No. He is expert and you expect him to know.

Warning: Do not carry any of trust you may place in a qualified specialist tradesperson over to computer industry. Look at computer game as being more akin to motor trades. You don't expect car salesman to be an expert in tune-ups, or mechanic to repair a tear in your upholstery. Each to his own.

Many computer retail sales people are quite competent when it comes to configuring a PC, but keep in mind that there is no necessity for them to be other than good salespeople. Unless you work in a company that has ready access to a professional IT support person, there is much you will have to do yourself to get your computer safe. There is also much you will have to become aware of for it to stay that way.

My favorite saying with respect to anti-virus protection is this: "An anti-virus program is only as good as day it was made". Expected response: "Huh?", which is OK because then I get to explain.

A virus is just a computer program and, reduced to basics, a computer program is just a special type of document containing alpha-numeric characters – called “code”. The publishers of anti-virus software carefully analyze code of a known virus program and determine a “fingerprint” or “signature” that can be said to be characteristic of that particular virus. That information is added to a database of signatures of other viruses that have also been analyzed.

The anti-virus program compares data on computer’s hard drive (or in memory) with information stored in its database of virus signatures. If a match is found, likelihood of a virus is high and an alert is issued, or some other pre-programmed action takes place.

There is also a more complex detection method called heuristics which, rather than looking for specifically defined characteristics, looks for “virus-like behavior". If your anti-virus program offers a heuristics option, do make sure it is enabled. Sometimes anti-virus programs that offer heuristics don't have that option enabled by default.

Now if I tell you that new viruses are being released onto Internet every day of week, can you see how your anti-virus program will soon become useless against an ever-growing number of viruses for which it will have no characteristics? So my favorite saying becomes: An anti-virus program is only as good as last time it was updated.

-------------------------

Part 7 - Firewalls

For most "average" computer users, hearing word "firewall" usually evokes one of two responses. The first is along lines of "Oh, that's complex big-business stuff – it's not something I need or could afford". The other group, probably due to exposure to advertising, online forum discussions, etc. automatically associates "firewall" with a software brand such as well known ZoneAlarm. The latter group have edge. At least they know that a firewall is (or more correctly, can be) a consumer item they could purchase and install if they were so inclined.

Now, nature and purpose of this article dictates that I don't tell all of story all of time. For example, I am now telling you there are two types of firewall to consider. In actual fact number of "types" depends entirely on how you choose to categorize them. For our purposes a simplistic breakdown is both adequate and legitimate.

The two types we'll discuss are software and hardware firewalls. The latter usually takes form of a small "black box" that plugs into your Internet connectivity device (e.g. cable, ADSL or dial-up modem) and also into your PC or into some network component such as a Hub or Switch. By way, "black boxes" are almost never black; term simply denotes a device whose exact inner workings are irrelevant to discussion. It is only what goes in and what comes out that matters.

Frequently called a Personal Firewall because it only protects one PC, a software firewall is, as name suggests, simply a computer program. What software and hardware Firewalls have in common is that they both receive, inspect and make decisions about all incoming data before passing it on to other parts of system.

A most important difference between software and hardware firewalls is that hardware Firewall doesn’t control outbound communications to any significant degree. This becomes a real problem once some scumware program that has capability to communicate back out to Internet gets into your hard drive.

On other hand, software Firewall offers strong control over both incoming and outgoing data. You will be justified in wondering why you need to use two different types that both control incoming connections. There are several reasons but, from point of view of a computer user, as good a reason as any is “much improved usability”.

The software Firewall’s control over incoming connections is quite powerful. Using its programmed “intelligence”, it can analyze incoming data streams. However it cannot make final “block or allow” decisions without your help until you have “taught” it how to respond to different situations. It needs to learn as it goes. In short, software type will frequently need to ask you to make decisions on what to do about certain incoming data packets – whether to allow them in or not.

That’s fine, until frequency of alarms becomes distracting to point of being annoying. While you are trying to concentrate on other things in face of these interruptions, there is a very real risk that you will take easy way out and command software Firewall to “always allow” or “always deny” such data packets, without giving careful thought to consequences — which could be significant either way.