Antivirus vs. Firewall – Do I Need One or Both?

What is an antivirus program and how is it different than a firewall program? Both are security programs commonly used on computing equipment, but they function very differently. Antivirus programs work by having a “definition” of viruses (think of it as a cheat sheet). It scans currently installed and incoming data or programs for programming code that matches those definitions. Firewalls are about network traffic and communication. They have a “cheat sheet” of malicious websites and prevent communication to or from those locations. More advanced firewalls will monitor the communications or traffic generated by the installed applications on a computer for behavior type to ensure something like a word processing program is not sending credit card numbers to a 3rd party. One works at the boundary between a computer and the internet. The other works at the point where data and programs are stored. Palo Alto breaks it down in more detail in this article!

The next question is do you need both or is one better than the other? For most of us, we should have both. Computer and internet security works most effectively when you layer defenses. A type of attack that can penetrate one defense is typically vulnerable to other types of defenses. Firewalls are GREAT at preventing problems but do NOTHING if something gets through. Antivirus software is good at scanning new files and programs, but really comes into play when something gets through the firewall. The antivirus will recognize the infection and remove it if possible. If not, most will quarantine the impacted files and await instructions on how to handle them. By combining both types of security you greatly reduce the potential impact of malware.

One of the areas I see exploited by malware is because the average user has everything connected (smart phones, computers, laptops, tablets, home smart appliances, cameras, etc…..) but doesn’t have everything protected. For some devices, like appliances, you cannot add stand-alone antivirus or firewall programs. It is very important on those programs (especially if they have any access to the internet or other devices) to update their firmware. The first question I get asked is what is firmware and how do I update it? Think of firmware as simplified software that involves the most basic of commands. For example, firmware will define to the rest of the machine what happens when an on/off button is pressed and what the “true/false, yes/no, positive/negative” signal from that button means. Almost all software today has a setting to either automatically update firmware OR to update it upon request. Really simple machines that do not connect to the internet (Example: an old toaster) never need an update to their firmware.

The next area of concern is devices connected to the internet and part of your home network that do NOT have a stand alone firewall or antivirus installed. The most common example is your smart phone. This is especially a problem because we use our smart phones to look up stuff, complete financial transactions, login to multiple accounts, etc…. This makes our smart phone a tier 1 penetration point (high risk) and yet commonly users only install a firewall and/or antivirus on their computer or laptop. Most never think about their smart phone.

What are some anti-virus and/or firewall products users can install or is the default/free stuff that comes with your operating system enough? In my opinion, if you are running a business or doing anything with money (including making purchases); you should have both installed. Free anti-virus and firewall programs are better than nothing but will not protect you from a major attack OR help prevent an infection from spreading. Forbes has a good article that breaks down the pros/cons for some of the major players. Some options are:

  • McAfee & Norton – probably two of the most well known providers. Both are approximately the same price, have protection for laptops/desktop/tablets/smart phones, require some computing resources to function and therefore will slow your device down some, have user interfaces that assume you are NOT a geek, etc….
  • Eset – has become more popular because of the quality of protection it provides and the minimal resources required to run.
  • Trend – very simple user interface that many users find intuitive to navigate.

If you wait for something to happen, the consequences are significantly more costly than if you take protective steps first. One of the first steps we all should take is to list all the devices that connect to your home/business network. Next, check the settings of any involved firmware to see which ones you need to schedule for manual updates. If they are on a schedule for automatic updates, users need to periodically check to make sure it is happening. Now you need to determine which devices have little or no protection but are capable of running a stand alone antivirus and/or firewall program. This will be just about all devices running an Apple, Windows, Android, or Chrome OS. Finally, install protection where you are able, ensure simple devices that cannot run stand-alone protection have multiple layers of security provided by various network devices, and remove network access for anything you determine is “not worth the risk” (Example: old gaming device that you never play but is connected to your network).

Finally, if you don’t feel comfortable doing this, you should be hiring someone like me to periodically review your devices and help minimize your risks.

What is Encryption?

When it comes to computers and the average end user, encryption typically involves two completely different usages. Let’s start with what is encryption? Encryption is the process of converting ordinary programming coding or data to a “secret” code that you need the encryption key in order to decipher the content.

So the two forms that most end users deal with is sending/receiving data and hard drive security. Let’s start with the sending and receiving of data. The most common forms are email encryption and virtual privacy network (VPN) tunnels. Email encryption is an “add on” provided by your email service that scrambles the data of an email so it cannot be read or opened unless the receiver has the key. The key is tied to unique user identifiers to prevent just a random person from opening/reading the email. A VPN is used to create a virtual “wall” of encryption around your data as it travels through the internet. If you think of the internet as a highway system with various exit ramps for different website addresses, then a VPN is a tunnel around your lane in the highway that prevents anyone from looking in your windows and prevents you from exiting off at the wrong ramp. VPNs are typically used by business to employee connections, financial transactions, or people who simply don’t want anyone to know where they are from and where they are going!

Hard drive encryption (sometimes referred to as endpoint encryption) is where the entire hard drive of a computer needs a key by each program in order for it to access data or perform functions on the hard drive. This is VERY useful if someone is wanting more security than just a password. Think of it as having additional security behind the lock on the front door. The concern with hard drive encryption is it prevents some forms of IT support when you are having technical issues with your hard drive or software. It is REALLY important to ensure you have the hard drive backed up to a 3rd party location because quite often the only fix available with an encrypted hard drive is to “flatten and reload”. It is quite frequently what various malware/hackers do to hold your data hostage. They will “encrypt” the hard drive and then only give you the key if you pay a ransom (and sometimes not even then). Really essential that you don’t give permission to any application to encrypt your computer unless you really want it encrypted and have access to the associated key.

Using encryption on your computer is a great way to enhance the security already being provided by your firewall and antivirus services….especially for the transmission of data. Just keep in mind the trade-offs for maintenance and repair, or even the forwarding of an email to someone else.