I’ve maintained for a long time that the more computer savvy a user is the more security savvy that user generally is. In other words, the best security is what’s between the user’s ears. I’ve also stated on many occasions that the vast majority of malware requires some sort of interaction from the user in order to deliver its payload.
Security experts will often explain in great detail the types of methods used by hackers to compromise a system but, trust me, in the vast majority of those cases the hacker either requires hands-on access to the computer or for the user to inadvertently initiate a malicious payload – clicking on a malicious link, opening an infected attachment, installing malicious software, etc. Essentially, it is not an easy assignment for a hacker to compromise the system of a home user who is both computer and security savvy.
So, the answer to the question, “How much security is enough?”, is that it often depends on each user’s level of computer and security savvy. What follows is what I would recommend for the average home user.
Windows Built-in Security
Despite what you might read to the contrary, Windows is actually a very secure operating system, including a number of excellent security mechanisms out of the box:
- Microsoft Defender (formerly known as Windows Defender): The antivirus built into Windows began life as a bit of a joke but the ensuing years have seen it improve out of sight, to the extent that Microsoft Defender is now generally rated by most experts as among the most effective, right up there with the best commercial/premium offerings, and lab test results certainly back up that opinion
- SmartScreen: Provides protection against potentially malicious files and unwanted applications, plus additional protection for the Edge Browser against malicious websites and downloads
- Windows Firewall: In its default configuration Windows Firewall is a pretty basic firewall, but it does, however, do a good job of helping to protect the system from unauthorized access
- Windows Sandbox: Provides a safe and secure mechanism for testing unknown software and any risky activity, especially online – unfortunately, only available in Pro editions
That is a pretty strong combination of protections, but is it enough? In a word, no. It does, however, represent excellent core security and is a very good starting point.
Additional Security Measures
With many websites and most online services requiring the user to sign in via an account these days, a good password manager should be an integral part of every user’s security arsenal. A good password manager will create and remember very strong passwords for you and those passwords are very securely locked away. My recommended password manager, Bitwarden, for example, utilizes strong encryption and one-way salted hashing to protect passwords. Every user, regardless of their level of proficiency, should be utilizing a good password manager.
Most browsers these days include protection from downloading potentially malicious files and/or software, similar to the SmartScreen function in the Edge browser. However, considering most malware infections emanate from an online source, it certainly doesn’t hurt to harden a browser’s security. There are quite a few browser extensions available to help with that but I would recommend only two:
- Anti-Tracking Extensions: This is probably more of a privacy measure than security. However, these extensions do help prevent trackers from profiling users based on their online activity. There are a number of very good anti-tracking extensions available but some are more prone to breaking website features than others. In my experience, Privacy Badger from the EFF (Electronic Frontier Foundation) provides the optimum balance and is what I generally recommend
- NOTE: The Brave browser already includes effective anti-tracking built-in as well as anti-fingerprinting
- Phishing & Malicious Website Protection: This is very much recommended for less experienced users and even for more advanced users who tend to randomly surf the web. I recommend the free Malwarebytes Browser Guard browser extension. Malwarebytes is a well-known and reputable name in the security industry and the Browser Guard extension provides very effective protection by automatically blocking access to risky websites – those websites aren’t even loaded unless the user chooses to bypass the block
Second-Opinion Malware Scanner
This one is purely optional but recommended nonetheless. Today’s antivirus solutions provide very effective protection, but very little in this world is 100% foolproof and, if malware does happen to sneak through, you’re much better off utilizing a second-opinion scanner rather than scanning the system with the same software that allowed the malware through in the first place. I recommend two excellent second-opinion (or on-demand) malware scanners: Malwarebytes Antimalware Free edition or Emsisoft Emergency Kit.
- Malwarebytes Antimalware Free: Essentially, a trial version of Malwarebytes Antimalware which requires installation – you can either choose to disable real-time protection immediately or simply wait until the trial period expires, at which time the software reverts to a malware scanner/remover only
- Emsisoft Emergency Kit: Portable freeware which includes an excellent malware scanner/remover. NOTE: The Emsisoft scanner is quite aggressive and so more prone to false positives. It is therefore more suited for advanced users
Can you have too much security? I believe some users do tend to go a bit overboard with their security arrangements, but I guess with more resources on hand these days thanks to enhanced hardware specs, that’s not such a bad thing.
What security measures do you employ? Please share via the comments.