Antivirus vs. Firewall – Do I Need One or Both?

What is an antivirus program and how is it different than a firewall program? Both are security programs commonly used on computing equipment, but they function very differently. Antivirus programs work by having a “definition” of viruses (think of it as a cheat sheet). It scans currently installed and incoming data or programs for programming code that matches those definitions. Firewalls are about network traffic and communication. They have a “cheat sheet” of malicious websites and prevent communication to or from those locations. More advanced firewalls will monitor the communications or traffic generated by the installed applications on a computer for behavior type to ensure something like a word processing program is not sending credit card numbers to a 3rd party. One works at the boundary between a computer and the internet. The other works at the point where data and programs are stored. Palo Alto breaks it down in more detail in this article!

The next question is do you need both or is one better than the other? For most of us, we should have both. Computer and internet security works most effectively when you layer defenses. A type of attack that can penetrate one defense is typically vulnerable to other types of defenses. Firewalls are GREAT at preventing problems but do NOTHING if something gets through. Antivirus software is good at scanning new files and programs, but really comes into play when something gets through the firewall. The antivirus will recognize the infection and remove it if possible. If not, most will quarantine the impacted files and await instructions on how to handle them. By combining both types of security you greatly reduce the potential impact of malware.

One of the areas I see exploited by malware is because the average user has everything connected (smart phones, computers, laptops, tablets, home smart appliances, cameras, etc…..) but doesn’t have everything protected. For some devices, like appliances, you cannot add stand-alone antivirus or firewall programs. It is very important on those programs (especially if they have any access to the internet or other devices) to update their firmware. The first question I get asked is what is firmware and how do I update it? Think of firmware as simplified software that involves the most basic of commands. For example, firmware will define to the rest of the machine what happens when an on/off button is pressed and what the “true/false, yes/no, positive/negative” signal from that button means. Almost all software today has a setting to either automatically update firmware OR to update it upon request. Really simple machines that do not connect to the internet (Example: an old toaster) never need an update to their firmware.

The next area of concern is devices connected to the internet and part of your home network that do NOT have a stand alone firewall or antivirus installed. The most common example is your smart phone. This is especially a problem because we use our smart phones to look up stuff, complete financial transactions, login to multiple accounts, etc…. This makes our smart phone a tier 1 penetration point (high risk) and yet commonly users only install a firewall and/or antivirus on their computer or laptop. Most never think about their smart phone.

What are some anti-virus and/or firewall products users can install or is the default/free stuff that comes with your operating system enough? In my opinion, if you are running a business or doing anything with money (including making purchases); you should have both installed. Free anti-virus and firewall programs are better than nothing but will not protect you from a major attack OR help prevent an infection from spreading. Forbes has a good article that breaks down the pros/cons for some of the major players. Some options are:

  • McAfee & Norton – probably two of the most well known providers. Both are approximately the same price, have protection for laptops/desktop/tablets/smart phones, require some computing resources to function and therefore will slow your device down some, have user interfaces that assume you are NOT a geek, etc….
  • Eset – has become more popular because of the quality of protection it provides and the minimal resources required to run.
  • Trend – very simple user interface that many users find intuitive to navigate.

If you wait for something to happen, the consequences are significantly more costly than if you take protective steps first. One of the first steps we all should take is to list all the devices that connect to your home/business network. Next, check the settings of any involved firmware to see which ones you need to schedule for manual updates. If they are on a schedule for automatic updates, users need to periodically check to make sure it is happening. Now you need to determine which devices have little or no protection but are capable of running a stand alone antivirus and/or firewall program. This will be just about all devices running an Apple, Windows, Android, or Chrome OS. Finally, install protection where you are able, ensure simple devices that cannot run stand-alone protection have multiple layers of security provided by various network devices, and remove network access for anything you determine is “not worth the risk” (Example: old gaming device that you never play but is connected to your network).

Finally, if you don’t feel comfortable doing this, you should be hiring someone like me to periodically review your devices and help minimize your risks.

Wi-Fi: What You Need to Know!

Wi-Fi is a topic that even if you are not a nerd or geek you need to know the basics. Why? Because very few of us exist without access to the internet and most of us are using a wireless connection to make that happen. The other common wireless options are cellular and satellite connectivity. Let’s talk about what Wi-Fi is. First, it is NOT an acronym. Unlike almost everything else involving technology, it doesn’t stand for something more long winded. In short, Wi-Fi is the international standard for computing technology to talk to each other over the wireless 802.11GHz frequency. For a more detailed explanation check out Cisco’s information.

Think of the internet as a major road/highway system with destinations. The websites and various applications or programs you access via the internet are your destinations. The road or highway that connects you from your laptop/desktop (starting destination) to various websites/cloud based applications is the internet. Now just like the roads you drive on with a vehicle, the internet has roads made of different materials, capacities, durability, etc…. and just like when you drive a car… you experience many different types of roads to get from point A to point B. For the internet, a browser is the “car” you drive. Most of us use Safari on Apple and Microsoft Edge or Google Chrome on non-Apple devices. So very similar to the vehicle route, if part of your journey involves a small, congested, or “rough surface”; your overall travel time will increase. The same is true with the internet. You can have a very large high-speed connection coming into your home but if the Wi-Fi connectivity in your home is poor, your internet experience will be poor.

So let’s just focus on the portion of the internet involving Wi-Fi. This technology only covers a very short distance. It’s better at distance than bluetooth but not good enough to cover anything more than a home or small yard space. The current Wi-Fi standard is Wi-Fi 7. Any device that can transmit or receive a Wi-Fi 7 signal will also be able to function with older Wi-Fi standards like 6 but keep in mind that speed and security will be less. By the same token, upgrading your home router (the device in your home that connects the wired connection from outside to the wireless devices in your home) will have little to no impact on your internet experience if your laptop, desktop, tablet is only running an older version.

Best practices and recommendations:

  • Since your router impacts multiple devices, make sure it is not obsolete technology. If you are using equipment provided by your internet provider it is just about guaranteed to be obsolete. Keep in mind that a router also functions as a traffic cop. It decides when to prioritise one connection over another so multiple devices experience minimal lag. The better the router, the more traffic it can manage without your internet experience downgrading (i.e., the TV buffering, websites taking a long time to load, tasks involving uploading/download files taking forever or timing out).
  • Walk around your home with a Wi-Fi analyzer or at minimum check the signal strength using a laptop, tablet, or cell phone with an active Wi-Fi connection. You want to ensure that dead spots don’t exist in the same locations where you need fast, solid network connectivity. For example, under the stairs to the basement is probably not a problem but the living room TV would be an issue.
  • Do a “real” device count of what needs a Wi-Fi connection. Everyone tends to think they need 1 or 2 connections per person. That is not even close to what is in a typical US home… every TV that is connected to the internet, every laptop/desktop/tablet, every smart appliance in the home, any cameras you have connected, a smart doorbell, etc… Not all of them will need a connection at the same time but most of them will and you want to allow growth room. For a family of four, you are probably looking at 50 – 100 connections.
  • Use a guest network and other firewall partitioning options on your router. Most routers now, at a minimum, have a main network and a guest network. The main network should not be used for visiting family members, your kids friends, maybe even your kids devices, etc…. Keep the part of the network where your personal financial transactions and/or work activity is separate for even trusted visitors. If you are a small business, this is even more important. DO NOT give clients access to the network where you run your business. A typical mesh router, which is most likely what you need if you are trying to cover 1200 SQFT or more, has additional firewalled network options. You can activate an IoT (internet of all things) network for various appliances throughout your location, have a separate network for young adults and their friends, etc…
  • Change your Wi-Fi passwords at least annually. The guest network password should be on a piece of paper right on the front of the fridge. When someone comes over, you want to be able to give it to them without having to go “look it up”. If you have a guest room, make a nice printout that you frame and place near the desk or on a dresser for your guests. Do NOT make it similar to your other passwords. This is going to be the one given to “trusted strangers or clients”. It should be something like “PatriciaGuest#2026#” or “HelpMeNow!_LOL”. Easy to remember or speak but not something like “Passw0rd”.
  • Make sure you have enabled Wi-Fi security settings. Keep in mind that some of your oldest devices are NOT going to be able to use the latest security. Typically, the oldest piece of equipment will be something like your garage door opener, old gaming system, or an old kitchen appliance. This is why it is important to not have them on the main network. If they are on a separate Wi-Fi network that is firewalled off from your main network, you can use an older, compatible level of encryption and still have the most current and secure technology where you have the most risk – where financial or business activities happen.

How often should you replace your router? If you have had it for more than 5 years, technology improvements will be substantial and it would be considered full life. Routers can last a very long time or fail quickly depending on usage and power fluctuations. Due to rolling brownouts in Southern California, you should not expect to get more than 5 years. Obviously as your usage needs change, you may need to upgrade sooner due to performance: your kids are now old enough that they have significant connectivity needs due to gaming activities, adding equipment and members to your home has increased the number of simultaneous devices, technology expectations and usage are different so a previously acceptable dead-spot no longer works for you, etc…

I’m experiencing slow internet and thinking I need to upgrade my internet service provider (ISP). Most of the time when someone calls their ISP to upgrade their plan, they are throwing away money. The typical business or user has plenty of incoming bandwidth if they were using it effectively at their location. Just replacing/upgrading your router can significantly improve your experience without needing to incur additional monthly fees.

Give me a call/text/email and let’s schedule an appointment! Let me review your location and figure out the best solution for your current usage and your planned next 5 years, set it up correctly, and make sure you understand how to use it.

Smart Locks—The Pros and Cons

The first question I get is, what is wrong with the old tried-and-true method—a key? Answer: Nothing. The decision to change to a smart lock technology should be because you want specific features of that type of lock and you have decided the potential negatives are outweighed by these new features. So, to make this decision, you first need to know your options.

  • Option 1—Traditional key lock. This is great for someone who doesn’t have an issue carrying around a key, has a specific set number of people who need access, the people who need access don’t change, and finally either doesn’t need to monitor who or when access activity happens OR fulfills that need via cameras.
  • Option 2—Mechanical combo lock. This is an often overlooked solution. Perfect for someone who doesn’t need tracking by the lock of who or when access is happening. Someone who doesn’t want all the potential complications associated with technology and, more importantly, solves the issue of needing to carry a key. These solutions are inexpensive, do NOT require a power source, and are straightforward to use and maintain. There are models good for both gate and traditional residential door security. Example Links: https://a.co/d/0ekJ5Owd, https://a.co/d/05HOx4V1.
  • Option 3—Electronic combo lock. This is where options start to occur, and you really need to evaluate the pros/cons of each specific model. Most can have more than one code and track usage by each code. This is particularly useful so your immediate family can have a simple code you always use and never change. Then, when you have someone like a house cleaner or landscaper, you can give them a different code that you change anytime you change services. Typically these locks require a Wi-Fi network and have a battery that will need periodic charging/replacing. Most also have the ability for real-time notifications via a smartphone. I also recommend this solution if you have latchkey kids. Do NOT give them the default home code. Give them a code that is unique to them. This way, if it is shared inappropriately and something happens, you know specifically what code was used, can have that discussion about security with your child (i.e., do not share their home code with your “friends”), and should change it regularly (recommend once a year). Example Links: https://a.co/d/04rKTwhd, https://a.co/d/01WIvesE, https://a.co/d/0cDaXECL. NOTE: I always recommend anything that requires power should always be designed with a physical key backup that is hidden onsite. Some smart lock designs do NOT have this feature. Most of them do have a low battery indicator, but humans tend to ignore messages. You would rather not be locked out of your home with no other alternatives for access other than breaking in.