I’ve maintained for a long time that the more computer savvy a user is the more security savvy that user generally is. In other words, the best security is what’s between the user’s ears. I’ve also stated on many occasions that the vast majority of malware requires some sort of interaction from the user in order to deliver its payload.
Security experts will often explain in great detail the types of methods used by hackers to compromise a system but, trust me, in the vast majority of those cases the hacker either requires hands-on access to the computer or for the user to inadvertently initiate a malicious payload – clicking on a malicious link, opening an infected attachment, installing malicious software, etc. Essentially, it is not an easy assignment for a hacker to compromise the system of a home user who is both computer and security savvy.
So, the answer to the question, “How much security is enough?”, is that it often depends on each user’s level of computer and security savvy. What follows is what I would recommend for the average home user.
Windows Built-in Security
Despite what you might read to the contrary, Windows is actually a very secure operating system, including a number of excellent security mechanisms out of the box:
- Microsoft Defender (formerly known as Windows Defender): The antivirus built into Windows began life as a bit of a joke but the ensuing years have seen it improve out of sight, to the extent that Microsoft Defender is now generally rated by most experts as among the most effective, right up there with the best commercial/premium offerings, and lab test results certainly back up that opinion
- SmartScreen: Provides protection against potentially malicious files and unwanted applications, plus additional protection for the Edge Browser against malicious websites and downloads
- Windows Firewall: In its default configuration Windows Firewall is a pretty basic firewall, but it does, however, do a good job of helping to protect the system from unauthorized access
- Windows Sandbox: Provides a safe and secure mechanism for testing unknown software and any risky activity, especially online – unfortunately, only available in Pro editions
That is a pretty strong combination of protections, but is it enough? In a word, no. It does, however, represent excellent core security and is a very good starting point.
Additional Security Measures
Password Manager
With many websites and most online services requiring the user to sign in via an account these days, a good password manager should be an integral part of every user’s security arsenal. A good password manager will create and remember very strong passwords for you and those passwords are very securely locked away. My recommended password manager, Bitwarden, for example, utilizes strong encryption and one-way salted hashing to protect passwords. Every user, regardless of their level of proficiency, should be utilizing a good password manager.
Browser Hardening
Most browsers these days include protection from downloading potentially malicious files and/or software, similar to the SmartScreen function in the Edge browser. However, considering most malware infections emanate from an online source, it certainly doesn’t hurt to harden a browser’s security. There are quite a few browser extensions available to help with that but I would recommend only two:
- Anti-Tracking Extensions: This is probably more of a privacy measure than security. However, these extensions do help prevent trackers from profiling users based on their online activity. There are a number of very good anti-tracking extensions available but some are more prone to breaking website features than others. In my experience, Privacy Badger from the EFF (Electronic Frontier Foundation) provides the optimum balance and is what I generally recommend
- NOTE: The Brave browser already includes effective anti-tracking built-in as well as anti-fingerprinting
- Phishing & Malicious Website Protection: This is very much recommended for less experienced users and even for more advanced users who tend to randomly surf the web. I recommend the free Malwarebytes Browser Guard browser extension. Malwarebytes is a well-known and reputable name in the security industry and the Browser Guard extension provides very effective protection by automatically blocking access to risky websites – those websites aren’t even loaded unless the user chooses to bypass the block
Second-Opinion Malware Scanner
This one is purely optional but recommended nonetheless. Today’s antivirus solutions provide very effective protection, but very little in this world is 100% foolproof and, if malware does happen to sneak through, you’re much better off utilizing a second-opinion scanner rather than scanning the system with the same software that allowed the malware through in the first place. I recommend two excellent second-opinion (or on-demand) malware scanners: Malwarebytes Antimalware Free edition or Emsisoft Emergency Kit.
- Malwarebytes Antimalware Free: Essentially, a trial version of Malwarebytes Antimalware which requires installation – you can either choose to disable real-time protection immediately or simply wait until the trial period expires, at which time the software reverts to a malware scanner/remover only
- Emsisoft Emergency Kit: Portable freeware which includes an excellent malware scanner/remover. NOTE: The Emsisoft scanner is quite aggressive and so more prone to false positives. It is therefore more suited for advanced users
BOTTOM LINE:
Can you have too much security? I believe some users do tend to go a bit overboard with their security arrangements, but I guess with more resources on hand these days thanks to enhanced hardware specs, that’s not such a bad thing.
What security measures do you employ? Please share via the comments.
—
Good day Jim. We go way back here on DCT, and I am told I can be (very) paranoid when it comes to online security and safety. It is not just being cautious of clicking and infecting oneself, but not blindly giving away ones identify to help build marketing profiles. Does sound silly since we leave digital tracks everywhere when we use a credit card.
That said, for online safety, I use KIS because of the extras with respect to how I can configure the switches, and AdGuard to help mask my movements.
Prefer to use Firefox and Brave, and depending on which computer I use, there are different extensions I employ. I also tame Windows from their data gathering, but more for why give it away for free, Mindblower!
G’day MB,
When it comes to security, there is no such thing as being overly cautious (or “paranoid”). The truth is that far too many users are nowhere near cautious enough.
I also rely on MS Defend and, knock on wood, have not been hurt in 23 years. (Twenty-three years ago, I was indeed hurt.)
Will have to try BitWardem one day. Right now, not feeling good about leaving all my passwords on a computer/server that might be hacked.
Is VirusTotal any good? Seems to be.
Hey Steve,.
VirusTotal is an excellent service for checking the safety of files, particularly downloaded executables. Every software I recommend here is double-checked through VirusTotal’s malware scanning service.