Antivirus vs. Firewall – Do I Need One or Both?

What is an antivirus program and how is it different than a firewall program? Both are security programs commonly used on computing equipment, but they function very differently. Antivirus programs work by having a “definition” of viruses (think of it as a cheat sheet). It scans currently installed and incoming data or programs for programming code that matches those definitions. Firewalls are about network traffic and communication. They have a “cheat sheet” of malicious websites and prevent communication to or from those locations. More advanced firewalls will monitor the communications or traffic generated by the installed applications on a computer for behavior type to ensure something like a word processing program is not sending credit card numbers to a 3rd party. One works at the boundary between a computer and the internet. The other works at the point where data and programs are stored. Palo Alto breaks it down in more detail in this article!

The next question is do you need both or is one better than the other? For most of us, we should have both. Computer and internet security works most effectively when you layer defenses. A type of attack that can penetrate one defense is typically vulnerable to other types of defenses. Firewalls are GREAT at preventing problems but do NOTHING if something gets through. Antivirus software is good at scanning new files and programs, but really comes into play when something gets through the firewall. The antivirus will recognize the infection and remove it if possible. If not, most will quarantine the impacted files and await instructions on how to handle them. By combining both types of security you greatly reduce the potential impact of malware.

One of the areas I see exploited by malware is because the average user has everything connected (smart phones, computers, laptops, tablets, home smart appliances, cameras, etc…..) but doesn’t have everything protected. For some devices, like appliances, you cannot add stand-alone antivirus or firewall programs. It is very important on those programs (especially if they have any access to the internet or other devices) to update their firmware. The first question I get asked is what is firmware and how do I update it? Think of firmware as simplified software that involves the most basic of commands. For example, firmware will define to the rest of the machine what happens when an on/off button is pressed and what the “true/false, yes/no, positive/negative” signal from that button means. Almost all software today has a setting to either automatically update firmware OR to update it upon request. Really simple machines that do not connect to the internet (Example: an old toaster) never need an update to their firmware.

The next area of concern is devices connected to the internet and part of your home network that do NOT have a stand alone firewall or antivirus installed. The most common example is your smart phone. This is especially a problem because we use our smart phones to look up stuff, complete financial transactions, login to multiple accounts, etc…. This makes our smart phone a tier 1 penetration point (high risk) and yet commonly users only install a firewall and/or antivirus on their computer or laptop. Most never think about their smart phone.

What are some anti-virus and/or firewall products users can install or is the default/free stuff that comes with your operating system enough? In my opinion, if you are running a business or doing anything with money (including making purchases); you should have both installed. Free anti-virus and firewall programs are better than nothing but will not protect you from a major attack OR help prevent an infection from spreading. Forbes has a good article that breaks down the pros/cons for some of the major players. Some options are:

• McAfee & Norton – probably two of the most well known providers. Both are approximately the same price, have protection for laptops/desktop/tablets/smart phones, require some computing resources to function and therefore will slow your device down some, have user interfaces that assume you are NOT a geek, etc….
• Eset – has become more popular because of the quality of protection it provides and the minimal resources required to run.
• Trend – very simple user interface that many users find intuitive to navigate.

If you wait for something to happen, the consequences are significantly more costly than if you take protective steps first. One of the first steps we all should take is to list all the devices that connect to your home/business network. Next, check the settings of any involved firmware to see which ones you need to schedule for manual updates. If they are on a schedule for automatic updates, users need to periodically check to make sure it is happening. Now you need to determine which devices have little or no protection but are capable of running a stand alone antivirus and/or firewall program. This will be just about all devices running an Apple, Windows, Android, or Chrome OS. Finally, install protection where you are able, ensure simple devices that cannot run stand-alone protection have multiple layers of security provided by various network devices, and remove network access for anything you determine is “not worth the risk” (Example: old gaming device that you never play but is connected to your network).

Finally, if you don’t feel comfortable doing this, you should be hiring someone like me to periodically review your devices and help minimize your risks.