Over the years, I have found that there is no one best way to keep a computer safe from viruses. I have come to the realization that the only practical way to beat malware is to use teamwork — in other words, to create a multiple layers approach to computer security.
What does this multiple layers approach encompass? It means simply to use several of the best tools available to secure each part of a computer system that could get attacked, infected, or hacked.
What will you learn in this post?
I will show you:
- how malware could get in to your computer
- how to mitigate the threat of a malware intrusion in to your computer
- which specific settings to use to minimize the risk of malware intrusion
- which specific software programs to use to create a super strong defense against malware
- which specific software programs to use to keep your computer clean of junk data
- what common sense steps you can take to further improve your multiple layers approach to computer security
Two Ways Malware Gets In
Malware can get into your computer in one of two ways — via the internet or from a local data storage unit (CD, DVD, USB drive, etc.).
The most usual way to get infected is that the user does something stupid. For example, opens an attachment or a link from a scammy email. Or visits an unsafe site online. Or downloads pirated software, which often includes malware packaged into it. Or just copies some weird files from a friend’s CD or external drive to his or her computer.
In some rare cases your computer might get infected simply by inserting a USB thumb drive into your computer. So, if you see a USB thumb drive just lying around on the street or on the office floor, don’t pick it up and insert it into your USB port.
As you can see, the one common denominator of most malware infections is an unwanted user action. If your company has its own corporate network, the best way to prevent malware from entering the network is to create strict policies that all users have to follow.
However, in this post, I want to focus on solutions for home users, not corporate networks.
Everyone is connected to the internet nowadays. And so, the first point of contact your computer has with the outside world is your router.
In the multiple layers approach to computer security, setting up your router correctly is most important.
There are some very simple router settings you can utilize to massively improve the safety of your web-connected computer.
1. Admin Password
Change your router’s factory default admin password. This is a no-brainer. There are lists of default passwords available on the internet for free.
The new password you create should be really strong. Read my post on how to create strong passwords, if you are not sure about this.
2. Traffic Encryption
Make sure to use the strongest possible encryption for the data going through your router. Never use the Wired Equivalent Privacy (WEP) algorithm.
For your home network, go with
And, again, very importantly, make sure that you use a strong password as your
Read my post on how to create strong passwords, if you are not sure about this.
3. Network Name (SSID)
Change the network name, or
You can check whether UPnP is disabled using GRC’s ShieldsUp!.
5. Wi-Fi Protected Setup
Created by the Wi-Fi Alliance in 2006, this security standard is vulnerable to brute-force attacks and should be
6. Access Restriction
It is a good idea to enable access restrictions to your router based on the MAC addresses of the connecting devices. This setting doesn’t prevent MAC address spoofing, but weeds out the less talented attackers.
After taking care of your router, the next stop in our multiple layers approach is your computer’s firewall. A firewall controls all the incoming and outgoing network traffic on your computer.
Windows comes with a basic firewall pre-installed. Be sure to use it. You can find it under
For a more advanced and customizable firewall, I recommend using
Comodo’s firewall also notifies you with a popup message whenever an unknown or first used program tries to connect to the internet. You can then decide how to treat that program — allow it, block it, or specify a rule for it.
The WinPatrol Family
After the most straightforward intruders are taken care of by the firewall, it’s time to take a look at the more sneaky intrusions, such as unwanted system changes and potentially unwanted programs (PUPs).
Your computer is full of software programs doing, in many cases, almost anything they want. Reigning in their capabilities is the next step in the multiple layers approach to computer security.
I have been using
It is also a very useful tool in finding out what processes are running in memory. And, of course, you can shut down any process and remove them from the list of services scheduled to run after the next reboot. This is extremely helpful when cleaning up virus infections. Obviously, with the setup I am describing here, you should never experience an infection.
Then, a year ago WinPatrol’s vendor came out with two new products —
WinPrivacy gives you total control over which programs that are already installed on your computer you allow or don’t allow to connect to the internet. For example, I don’t like to get automatic updates for Adobe or Google software on my computer. So I simply block their connections.
WinAntiRansom is the best program in the fields of antiransomware and zero-day threat protection.
The bundle of all three WinPatrol products costs just $199.95 for lifetime licenses. And they are absolutely worth it — all three products come with lifetime licenses, free future updates, and can be installed on up to 5 computers you personally use. These three WinPatrol security tools give you a complete overview of what your softwares are up to at all times.
Only after all these steps do we arrive at the standard antivirus programs in our multiple layers approach. This is so because antivirus programs are really not that great in protecting you against the more intelligent (and nasty) kind of malware. But they do a good job in spotting the everyday bad stuff, so they still have a place in my multiple layers approach to computer security.
You can imagine your antivirus software as an agent with a database of all known malware that checks every process that gets started on your computer. The databases of all major antivirus programs are constantly updated (several times a day, actually), so the better antivirus programs do catch most of the malware out there. That’s because most of the malware is really just slightly changed copies of already known malware.
If you have nothing else at hand, use Microsoft Security Essentials.
But any one of the following antivirus packages will do a decent job:
For some time, I was using Microsoft Security Essentials, AVG, and Malwarebytes Anti-Malware. But all the conflicts and irregularities among them forced my hand.
Now, I have only Comodo Internet Security installed, simply because I already had Comodo Firewall installed. Comodo Internet Security is free and is also handy because it becomes part of the Comodo family of products. All Comodo programs (firewall, antivirus, sandbox) are located in one place and can be accessed using one icon.
I also use Malwarebytes Anti-Exploit which automatically starts up whenever I launch a browser or an email client. It helps keep my computer safe from online attacks.
Cleaning and Maintenance
Besides keeping safe from intrusions, your computer also needs regular maintenance in removing unused files, junk data, leftover registry entries, etc.
I have written about the processes of decrapifying and removing unnecessary files in the past.
Lately, I have been using Wise Care 365 Pro which replaces all of the free programs mentioned in the above referenced posts. And, best of all, it costs only $30.
Protect Your Kids
If there are small children connecting to the internet in your home, I also recommend using K9 Web Protection by Blue Coat Systems. It’s completely free and goes a long way in protecting your children from all the nastiness that can be all-too-easily found online.
You can further improve your online security and privacy by using the following browser add-ons:
Common Sense Things in a Multiple Layers Approach
When online, it is good to think about the fact that a lot of people can get access to your metadata — i.e. what sites are you visiting, when, for how long, what is your behavioral pattern on those websites, where do you go next, and much much more.
The following common sense choices can drastically reduce your metadata footprint and even hide your true identity from any observers:
- Use a VPN to hide your public IP address, enhance your privacy, and encrypt your internet connection.
- Reveal only as much about yourself online as you deem necessary and tolerable. There’s no need to foolishly run around naked on the interwebs — use fake data and disposable emails.
- Use your common sense when opening websites. Don’t ignore Firefox’s and Google’s warnings about attack sites.
- When downloading files, look out for an SSL green lock icon on websites and for an EV SSL green bar with the company name for banks, eshops, and payment processors.
- For email attachments, make sure that you have scanned them with at least one antivirus program, before opening them.
- Prefer free, open-source, and portable versions of programs for your software needs.
- Before installing a program, scan the installation package with at least two current antivirus programs. Or, even better, check them via virustotal.com.
- Use KeePass, so that you don’t use stupid passwords and don’t have to remember complex pass-phrases.
My hope is that this overview will help some people overcome their fear of all the threats and infections lurking out there, waiting to get inside their computers.
By building out a logical, well thought through, multiple layers security system, you can defend yourself against virtually all attacks. And unless you let a malware in by doing something stupid, there is no need to panic.
I will write up a similar post about the procedures of cleaning up a malware infection, in case the unthinkable has already happened.
Liked this post?
Subscribe to our newsletter to receive early notification of new posts and deals: