Antivirus vs. Firewall – Do I Need One or Both?

What is an antivirus program and how is it different than a firewall program? Both are security programs commonly used on computing equipment, but they function very differently. Antivirus programs work by having a “definition” of viruses (think of it as a cheat sheet). It scans currently installed and incoming data or programs for programming code that matches those definitions. Firewalls are about network traffic and communication. They have a “cheat sheet” of malicious websites and prevent communication to or from those locations. More advanced firewalls will monitor the communications or traffic generated by the installed applications on a computer for behavior type to ensure something like a word processing program is not sending credit card numbers to a 3rd party. One works at the boundary between a computer and the internet. The other works at the point where data and programs are stored. Palo Alto breaks it down in more detail in this article!

The next question is do you need both or is one better than the other? For most of us, we should have both. Computer and internet security works most effectively when you layer defenses. A type of attack that can penetrate one defense is typically vulnerable to other types of defenses. Firewalls are GREAT at preventing problems but do NOTHING if something gets through. Antivirus software is good at scanning new files and programs, but really comes into play when something gets through the firewall. The antivirus will recognize the infection and remove it if possible. If not, most will quarantine the impacted files and await instructions on how to handle them. By combining both types of security you greatly reduce the potential impact of malware.

One of the areas I see exploited by malware is because the average user has everything connected (smart phones, computers, laptops, tablets, home smart appliances, cameras, etc…..) but doesn’t have everything protected. For some devices, like appliances, you cannot add stand-alone antivirus or firewall programs. It is very important on those programs (especially if they have any access to the internet or other devices) to update their firmware. The first question I get asked is what is firmware and how do I update it? Think of firmware as simplified software that involves the most basic of commands. For example, firmware will define to the rest of the machine what happens when an on/off button is pressed and what the “true/false, yes/no, positive/negative” signal from that button means. Almost all software today has a setting to either automatically update firmware OR to update it upon request. Really simple machines that do not connect to the internet (Example: an old toaster) never need an update to their firmware.

The next area of concern is devices connected to the internet and part of your home network that do NOT have a stand alone firewall or antivirus installed. The most common example is your smart phone. This is especially a problem because we use our smart phones to look up stuff, complete financial transactions, login to multiple accounts, etc…. This makes our smart phone a tier 1 penetration point (high risk) and yet commonly users only install a firewall and/or antivirus on their computer or laptop. Most never think about their smart phone.

What are some anti-virus and/or firewall products users can install or is the default/free stuff that comes with your operating system enough? In my opinion, if you are running a business or doing anything with money (including making purchases); you should have both installed. Free anti-virus and firewall programs are better than nothing but will not protect you from a major attack OR help prevent an infection from spreading. Forbes has a good article that breaks down the pros/cons for some of the major players. Some options are:

  • McAfee & Norton – probably two of the most well known providers. Both are approximately the same price, have protection for laptops/desktop/tablets/smart phones, require some computing resources to function and therefore will slow your device down some, have user interfaces that assume you are NOT a geek, etc….
  • Eset – has become more popular because of the quality of protection it provides and the minimal resources required to run.
  • Trend – very simple user interface that many users find intuitive to navigate.

If you wait for something to happen, the consequences are significantly more costly than if you take protective steps first. One of the first steps we all should take is to list all the devices that connect to your home/business network. Next, check the settings of any involved firmware to see which ones you need to schedule for manual updates. If they are on a schedule for automatic updates, users need to periodically check to make sure it is happening. Now you need to determine which devices have little or no protection but are capable of running a stand alone antivirus and/or firewall program. This will be just about all devices running an Apple, Windows, Android, or Chrome OS. Finally, install protection where you are able, ensure simple devices that cannot run stand-alone protection have multiple layers of security provided by various network devices, and remove network access for anything you determine is “not worth the risk” (Example: old gaming device that you never play but is connected to your network).

Finally, if you don’t feel comfortable doing this, you should be hiring someone like me to periodically review your devices and help minimize your risks.

Wi-Fi: What You Need to Know!

Wi-Fi is a topic that even if you are not a nerd or geek you need to know the basics. Why? Because very few of us exist without access to the internet and most of us are using a wireless connection to make that happen. The other common wireless options are cellular and satellite connectivity. Let’s talk about what Wi-Fi is. First, it is NOT an acronym. Unlike almost everything else involving technology, it doesn’t stand for something more long winded. In short, Wi-Fi is the international standard for computing technology to talk to each other over the wireless 802.11GHz frequency. For a more detailed explanation check out Cisco’s information.

Think of the internet as a major road/highway system with destinations. The websites and various applications or programs you access via the internet are your destinations. The road or highway that connects you from your laptop/desktop (starting destination) to various websites/cloud based applications is the internet. Now just like the roads you drive on with a vehicle, the internet has roads made of different materials, capacities, durability, etc…. and just like when you drive a car… you experience many different types of roads to get from point A to point B. For the internet, a browser is the “car” you drive. Most of us use Safari on Apple and Microsoft Edge or Google Chrome on non-Apple devices. So very similar to the vehicle route, if part of your journey involves a small, congested, or “rough surface”; your overall travel time will increase. The same is true with the internet. You can have a very large high-speed connection coming into your home but if the Wi-Fi connectivity in your home is poor, your internet experience will be poor.

So let’s just focus on the portion of the internet involving Wi-Fi. This technology only covers a very short distance. It’s better at distance than bluetooth but not good enough to cover anything more than a home or small yard space. The current Wi-Fi standard is Wi-Fi 7. Any device that can transmit or receive a Wi-Fi 7 signal will also be able to function with older Wi-Fi standards like 6 but keep in mind that speed and security will be less. By the same token, upgrading your home router (the device in your home that connects the wired connection from outside to the wireless devices in your home) will have little to no impact on your internet experience if your laptop, desktop, tablet is only running an older version.

Best practices and recommendations:

  • Since your router impacts multiple devices, make sure it is not obsolete technology. If you are using equipment provided by your internet provider it is just about guaranteed to be obsolete. Keep in mind that a router also functions as a traffic cop. It decides when to prioritise one connection over another so multiple devices experience minimal lag. The better the router, the more traffic it can manage without your internet experience downgrading (i.e., the TV buffering, websites taking a long time to load, tasks involving uploading/download files taking forever or timing out).
  • Walk around your home with a Wi-Fi analyzer or at minimum check the signal strength using a laptop, tablet, or cell phone with an active Wi-Fi connection. You want to ensure that dead spots don’t exist in the same locations where you need fast, solid network connectivity. For example, under the stairs to the basement is probably not a problem but the living room TV would be an issue.
  • Do a “real” device count of what needs a Wi-Fi connection. Everyone tends to think they need 1 or 2 connections per person. That is not even close to what is in a typical US home… every TV that is connected to the internet, every laptop/desktop/tablet, every smart appliance in the home, any cameras you have connected, a smart doorbell, etc… Not all of them will need a connection at the same time but most of them will and you want to allow growth room. For a family of four, you are probably looking at 50 – 100 connections.
  • Use a guest network and other firewall partitioning options on your router. Most routers now, at a minimum, have a main network and a guest network. The main network should not be used for visiting family members, your kids friends, maybe even your kids devices, etc…. Keep the part of the network where your personal financial transactions and/or work activity is separate for even trusted visitors. If you are a small business, this is even more important. DO NOT give clients access to the network where you run your business. A typical mesh router, which is most likely what you need if you are trying to cover 1200 SQFT or more, has additional firewalled network options. You can activate an IoT (internet of all things) network for various appliances throughout your location, have a separate network for young adults and their friends, etc…
  • Change your Wi-Fi passwords at least annually. The guest network password should be on a piece of paper right on the front of the fridge. When someone comes over, you want to be able to give it to them without having to go “look it up”. If you have a guest room, make a nice printout that you frame and place near the desk or on a dresser for your guests. Do NOT make it similar to your other passwords. This is going to be the one given to “trusted strangers or clients”. It should be something like “PatriciaGuest#2026#” or “HelpMeNow!_LOL”. Easy to remember or speak but not something like “Passw0rd”.
  • Make sure you have enabled Wi-Fi security settings. Keep in mind that some of your oldest devices are NOT going to be able to use the latest security. Typically, the oldest piece of equipment will be something like your garage door opener, old gaming system, or an old kitchen appliance. This is why it is important to not have them on the main network. If they are on a separate Wi-Fi network that is firewalled off from your main network, you can use an older, compatible level of encryption and still have the most current and secure technology where you have the most risk – where financial or business activities happen.

How often should you replace your router? If you have had it for more than 5 years, technology improvements will be substantial and it would be considered full life. Routers can last a very long time or fail quickly depending on usage and power fluctuations. Due to rolling brownouts in Southern California, you should not expect to get more than 5 years. Obviously as your usage needs change, you may need to upgrade sooner due to performance: your kids are now old enough that they have significant connectivity needs due to gaming activities, adding equipment and members to your home has increased the number of simultaneous devices, technology expectations and usage are different so a previously acceptable dead-spot no longer works for you, etc…

I’m experiencing slow internet and thinking I need to upgrade my internet service provider (ISP). Most of the time when someone calls their ISP to upgrade their plan, they are throwing away money. The typical business or user has plenty of incoming bandwidth if they were using it effectively at their location. Just replacing/upgrading your router can significantly improve your experience without needing to incur additional monthly fees.

Give me a call/text/email and let’s schedule an appointment! Let me review your location and figure out the best solution for your current usage and your planned next 5 years, set it up correctly, and make sure you understand how to use it.

Bluetooth General Information

The most common question I get about Bluetooth technology is, “Is it safe to use next to the human body (i.e., headphones) for long periods of time”?

Yes. Bluetooth technology is nonionizing electromagnetic radiation (EMR). Here is a good article that lays out the medical information in easy to understand “non-doctor” format!

The next most common question is, “Is it safe data transfer”?

Yes. Bluetooth range is limited to 5–15 feet. The first layer of protect is this range. If you were going to “hack” the signal, you would need to be very physically close. Current Bluetooth technology uses encryption. Each generation of Bluetooth technology is able to use a greater form of encryption.

Why use it?

Multiple reasons…..

  • The limited range makes it difficult to hack.
  • The type of EMR involved is safe around humans. In fact, it is very hard for it to penetrate below the skin layer.
  • It is not transmitting openly and has its own form of encryption security.
  • Due to the frequencies involved in Bluetooth technology, it uses very little power compared to other forms of wireless technologies. This makes it a good source for things like keyboard, headphones, etc… connectivity. Bluetooth can transmit small files but not really a good choice, therefore most applications involving files are not setup to use it.
  • Newer Bluetooth devices can now connect simultaneously to multiple devices (i.e., one headphone connect to 2 cell phones and a computer).

Using Public Wi-Fi

Most of us will travel and want to use public/free Wi-Fi at some point. Let’s talk about one of the most easy hacks bad guys will use to access your data. You walk into a coffee shop in a hotel or high tourist area and hook up to the local Wi-Fi. What you didn’t know is that a “bad actor” got their first and set up his own Wi-Fi signal. He/She will use a Wi-Fi name that looks legit and since they are sitting probably within feet of you it has the strongest signal. They even setup some “fake” term pages to have you agree to usage rules, just like you expect when you connect to a public Wi-Fi. Now here is the problem. They give you internet access but remember you have told your device that this connection is “trusted”. That means your security is probably not going to stop anything it does. So, unless you are using a VPN they can see every website you go to, every username you type/select, every password you enter, every credit card you use, etc….

How would you protect yourself? First, don’t use public Wi-Fi for financial transactions (i.e., don’t pay for something). Using it for surfing the web, watching a video, etc… is relatively safe. Next, really look at the “I agree” pages that come up. Does it have misspelled words, does the URL look like it is from a different website/company, are the details what you expect, etc….and most importantly, do NOT remember and automatically connect to this connection. Especially in a hotel restaurant, coffee house, or lobby, the bad guy will setup up shop and you “trust and remember his connection”. Then at night he/she will walk through the hotel with their device on, checking to see if anyone left their computer, smartphone, tablet on so it will automatically connect when he/she is in range. Now, when you are sleeping, and he/she can access your device without worrying about you noticing anything is happening.

Use a VPN if you can. A virtually private network (VPN) can best be described as your device (when on the internet) is on a highway system (like a car) and there are entrance/exit ramps all the time that go to specific website locations or addresses. When you use a VPN, it creates a tunnel or wall around your device, so none of those ramps are available except for the one you specifically want to use, nobody can drive up beside you and “see in your windows”, nobody can make eye contact with you because they cannot see in the windshield, etc… Sometimes VPNs will prevent a website from working properly (Ex. if you are watching TV via an app from your cable provider they need to know your physical location to be in compliance with various broadcasting agreements because some content it location specific therefore the VPN blocks with information transfer or provides false information that will prevent the website from functioning).

Have antivirus and a firewall installed and active. This will not prevent the bad guys from seeing your data but will help prevent any “care package” of malware they leave behind from working correctly.

Connect with your cellular connection instead of using free/public Wi-Fi. Your cellular connection has some built-in security features, and your phone technology is hardwired to ensure it can ONLY connect to a legitimate connection via cellular signal. Especially when on international travel this may be prohibitively expensive, so weigh the risk vs. benefits before using your cellular connectivity for data.

Use a password or network key protected Wi-Fi that has encryption when possible. Even if it is used by lots of customers, it should be more secure than something accessible to anybody within physical range that can answer the terms with “I agree”. An example of this would be a bed and breakfast that only gives out the Wi-Fi password to paying clients.

Pay attention to your account/device activity. If you start seeing transactions you didn’t authorize, emails sending you didn’t send, etc… make sure you run a “stinger” to check for a malware BEFORE you start using that same device to change passwords. If the bad actor has access as you start changing account passwords, he is going to know the new ones the same way he accessed the original passwords. Give me or some geek you trust a call if this is happening, and make sure you leave the device OFF until you get it checked out. Do this quickly, not days later when you have “time”. The more time they bad guys have access to your accounts, the more damage they can do.

Having Issues with Your Wi-Fi?

Do you have connectivity problems at your home or small business? Let’s walk through some troubleshooting to determine what is the difficulty and how to solve it.

First, go get your internet bill and review what level of service/speed you are supposed to receive. Keep in mind that you should have both a download and upload speed. The speeds mentioned will be the maximum, so your service will be less than these numbers, but it should be close in performance.

Next, go to where the internet comes into your building (i.e., where the device from Cox, AT&T, Spectrum, etc…) is plugged into the wall. Most likely, you received a “gateway”. That mean it is a modem (something that translates the single received into something a computer, laptop, tablet, smartphone, etc… can use) and a router (something that acts as a traffic cop and organizes the internet traffic so it doesn’t cause a “traffic jam” when multiple devices are on the internet at the same time). Most gateways or modems will have 4-5 wired Ethernet ports for usage. Plug in your laptop/desktop with a wire and go to a testing website. I recommend http://www.speakeasy.net. Do NOT use one provided by your internet service provider. They quite often give a bias result for their own product. A wired connection directly from the modem or gateway will be the best service and a good indicator of what you are receiving. If it is significantly lower than what you are paying for, contact your provider for maintenance.

Now let’s talk about that same speed test done in different rooms using different devices throughout your home or property. If you are using an old laptop, cell phone, or desktop to “test” your Wi-Fi, the problem may be your device. Older equipment have older Wi-Fi cards. Even if your router/gateway is putting out a strong, fast signal, they will only be able to use the maximum your device can handle. If you have areas that have only one or two bars of coverage, then your router/gateway cannot provide enough signal in those locations. This is very typically for users trying to access the Wi-Fi out by the pool, in a basement, or some location with lots of material interference like under a staircase. This is where the internet provider gateway just doesn’t do the job. SOLUTION: Turn off ONLY the Wi-Fi on the gateway and plug in your own router. If you have a router, upgrade it. Give me a call/text/email and this is something I can do for you, including recommending the replacement equipment.

Next, how many devices need the internet and what are they using it for? Just sending some emails is not a heavy usage. Watching videos from streaming services like Hulu or Netflicks is a completely different usage level. If you are talking 2 adults and 1 teenager household with a fairly technology connected lifestyle, you have probably 20–50 devices using the internet…many at the same time.

  • Smart TVs — at least 3
  • Smartphones — at least 3
  • Tablets — at least 2
  • Smartwatch — at least 2
  • Smart appliances (Ex: refrigerator) — at least 2
  • Home Security system (Ex. Video doorbell, wireless chimes, etc….) — at least 2
  • Wireless speakers — at least 2 systems
  • Outdoor smart lights, speakers, etc….) — at least 1
  • Smart media devices (Ex: Blu-ray player, DVD player, etc…) — at least 2
  • …and more

Make sure your router is designed to handle the load. Most households should upgrade to a mesh router. If you just added a “range extender” to an area with poor coverage, that location will be significantly slower than the area serviced directly from the gateway or main router. Mesh routers are designed to have a primary unit where the internet comes into the building and additional satellite units that ONLY require an electrical connect to “mesh” a seamless area of Wi-Fi coverage.

Remember, your internet usage will go nothing but up over time. Modem technology doesn’t change very often, but router technology does. This is why the gateway provided from your internet provider will not keep up with your needs. Give me a call and I can evaluate your current situation, recommend the right hardware solution, and set it up. I will even provide you with a single page summary of all the equipment and associated passwords.

Don’t forget that if you are working from home or have kids, you need to enable the Guest Wi-Fi network and turn off “sharing” between it and your primary Wi-Fi network. The guest network is what visiting family or friends should be using, and definitely that should be true of your kids friends. Keep the home network with a different Wi-Fi name and password. This minimizes the potential for your network to be compromised by an infected device with access.