Guard Dogs

Some programs specialize in intrusion detection, much like electronic guard dogs. Their effectiveness vary, but they generally perform two main tasks:

• monitor sensitive areas (registry, system folders);
• intercept system calls (execution of programs, file suppression…);

Many intrusion detection systems do more than that, but in a nutshell they know what parts of your system deserve special attention, and they prevent programs from running (if they are unknown) or doing suspicious things (like asking the system to automtically run some program on startup).

Their disadvantage is that you will have more alerts to deal with, thus more decisions to make, and this can interrupt you and slow you down, you and your colleagues, a bit in your work. In addition, choosing the right IDS is sometimes not easy, since many have features overlapping with those of other products; every vendor tries to sell “whole security packages”, but as a customer you want the best in every area.

Horror Stories

You probably have heard of various stories about users being hacked, robbed of their money in the most scary ways. Some programs can monitor every keystroke on your machine, and wait until they identify a credit card number. Some programs can take snapshots of your computer screen. Some programs can alter the system so that you don’t log on to your normal web bank account, but on some machine in Russia. Some programs do nothing but wait that their creator send them orders, generally attacks on corporate sites (yahoo, amazon…).

All of this is possible, but as soon as you take some precautions, this becomes more and more very unlikely. The precautions are first and foremost to never install suspicious programs, like, those supposing helping you cheat on online poker rooms… As in real life, be smart and don’t trust strangers unless you have serious reasons to do so.

Our Selection

Below is our selection of our recommended security software. It is based on personal experience, knowledge of basic-to-intermediate security concepts, and many hours of browsing the security-dedicated forums.

One very important thing to realize, is that most people are anywhere near qualified to give recommendations in security software. This includes ourselves!!. Indeed, discussing the pros and cons of different products, beyond usability, require a thorough knowledge of how things works. We are talking expert knowledge here. What you will find on most forums is users opinions, no more, no less.

People are going to tell you that the product they chose is very good, but they won’t be able to tell you precisely why and bear their opinion out with figures and facts. They are going to talk about resource consumption (memory, CPU), but they won’t have statistics, just “an impression”. It’s like, I recommend you this lawyer, he is very professional, he has a clean office, and he made ads on local TV. We don’t mean to be derogatory, but we need to know what advice is really worth.

Besides, some magazines have advertisement contracts with several vendors, and their tests and recommendations simply cannot be trusted.

Your best bet is to spend enough time on the serious security forums, and identify the really knowledgeable individuals, those who go into details, who are accurate, who don’t mix up opinions with facts. Some of them are well known from the industry, and they work or have worked for famous companies.

We recommend you the following products:

Note that products can evolve very fast, especially in the security field, but we will try to keep this page up-to-date.

Resources

• Wilders Security
• Castelcops
• AV Comparatives
• Security Focus
• Firewall Leak Tester
• A thread About Experts
• New Threats And Antivirus Protection