Helping people with computers... one answer at a time.

"Is my PC secure" really has only one answer: no. A more practical question is: what steps can you take to be as secure as possible?

I currently installed Avast internet security 5 on my PC running Window 7. I also use malwarebytes anti-malware. My question is: is my pc is secure with those two anti-malware packages?

Yes and no.

But mostly no.

I look at it a different way completely:

There is no such thing as a secure computer.

Let me explain why I say that, and what that means you need to do.

I never want people to think that their computers are "secure". (And for the record, I do include PC's, Mac's and Linux machines in that statement.)

"Tools like malware scanners, firewalls and more can do a lot, but they can only do so much."

Once you assume that it's secure, it implies you can stop thinking about security. Nothing could be further from the truth.

Tools like malware scanners, firewalls and more can do a lot, but they can only do so much. They have no way to protect you from the least secure thing on your computer.

That's you.

Don't take it personally - I'm the least secure thing on my computers as well.

The rule is very simple: there is no software, no device, no "fix" that will protect you from yourself.

Even with the best combination of software and hardware there's simply no way I'd ever call a computer "secure" because there's still someone using it who, by definition, is not secure.

And of course there's no "best" combination of hardware and software either. Some are better than others. Some combinations work out well and others don't. Some are more sensitive to the situation, differences in system configuration and usage. And on top of that, it's all constantly changing over time as new malware and new tools continually appear or are revised.

So after that little rant, let me perhaps more directly address your question.

Avast and Malwarebytes are fine tools, but you haven't indicated how else your system is configured.

As outlined in my article Internet Safety: How do I keep my computer safe on the internet? the basics for security include:

  • A firewall.

  • Anti-virus software.

  • Anti-spyware software.

  • Keeping all software up-to-date.

  • Physical security.

  • Mobile security.

  • Your own personal behaviour online.

As you can guess by now, I consider the last the most important of all.

And I'll absolutely agree - it shouldn't be that way, and it would be really nice if it weren't. Everything ahead of it on the list is important and can help a lot, don't get me wrong, but ultimately anything protection that they offer can be thwarted by our own behaviour if we're not careful.

Article C4313 - May 13, 2010 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

19 Comments
Edgar Diaz
May 13, 2010 11:25 AM

I really think a computer is quite secure until the moment you go online.

Jeffrey
May 13, 2010 8:25 PM

@Edgar, I think that is part of what was meant by "Your own personal behaviour online." in the article above

Bob
May 14, 2010 1:06 AM

Edgar's comment is quite false, in my opinion.
A computer is only safe if you:
(a) never even connect it to the internet
(b) never expose the machine to a source that may have been connected, such as a memory stick or non-commercial disk from a friend.
Even pictures, videos and music (though unlikely) can contain viruses.

Joe
May 14, 2010 2:59 AM

To comment nr 1. Not exactly, inserting an external memory card or stick can be just as bed as going online.

robert p
May 18, 2010 11:17 AM

Although I would not want to test this, but in theory, my computer could be stolen right now, and nothing of value is lost. "In theory". Yes, it would make my life hell for a while, but nothing financial can be accessed. I use the one time CCN generator from Discover Bank, so there is not a single CCN in the machine that would work. I have online banking, but to access it, also have a small pocket card that generates a new six digit number for a password. No old numbers would work. Am I fully safe? Of course not, but I do feel better using these methods.

sirpaul1
May 18, 2010 5:42 PM

We Windows users are NOT as safe as you think!

http://www.zdnet.com/blog/hardware/update-new-attack-bypasses-every-windows-security-product/8268?tag=nl.e589

MmeMoxie
May 18, 2010 10:25 PM

Leo, excellent article. Bottom line, it is the PC users that determine how 'secure' your PC really is. As I try to explain to family and friends, that are not computer savvy, maintaining your PC is as important as maintenance on your car. Would you drive your car without ever checking the oil or gas or tires? NO!!! Then why do you treat your PC without regard for securing or maintaining it, in the best way possible?

It takes work, time and energy to keep your PC as secure as possible. Now, this doesn't mean that you must do this 4 times a day, but at least once a week. Make it a habit, once a week, take the time to do what is necessary to keep your PC in 'top' condition.

Another thing, that newbies or computer illiterates do, is never Defrag! I can't tell you how many PCs that I have 'repaired' for family and friends, that were simply running slowly, because the hard drive was so fragmented, that it took forever to 'find' any of the data. It wasn't viruses or Worms or Trojan Horses or spyware or malware that caused the slowness, just the hard drive simply being fragmented.

So, I advise that they do a maintenance on their PCs once a week. This means, updating all of their security programs BEFORE they scan, then do thorough scans with their anti-virus, spyware and malware programs. Then when they are finished doing all of that ... Defrag. This will keep their PCs running as smoothly as possible.

Albie
May 19, 2010 2:36 AM

I realize that all systems have flaws, but it is surely better to have something than nothing.
I use AVG and scan everyday
Malwares Antimalware
Super Antispyware
Advanced System Care
My Windows Firewall is on.

Don't know what else one can do, apart from playing safe

johnpro2
May 19, 2010 4:21 PM

I am secure ...I pull the SATA lead from my hard drive, insert a non writable DVD {obtained from a magazine}and boot to Gos which is a light Linux based operating system which has all important apps included for free. The load time is only a few minutes.

I access my bank and perform all banking tasks, go on line and pay for airline tickets in the knowledge that my PC cannot be infected.
When finished I reconnect the hard drive & reboot to Windows as normal.

Jp

Aaron
May 19, 2010 5:40 PM

Wow johnpro2, I had never thought of doing that. Seems like a good idea, time consuming maybe but worth it.

I run Kaspersky Internet Security 2010 on my Vista 64-bit machine. I like to think that Kaspersky is doing a good job. I run at least 2 database updates on Kaspersky everyday and Defender when it wants to. I follow this up with a full computer scan by both programs. Sometimes it seems like overkill to me but I guess that nothing is ever enough when it comes to computer security.

William C. CURTIS
May 20, 2010 3:58 PM

I am a computer keeg which is the opposite of geek. I appreciate any help I can get. Which is why I read your newsletter faithfully (not that I understand much!) (Not your fault.) And learn frequently. Thanks.

johnpro2
May 21, 2010 6:54 PM

Aron writes:
....... time consuming maybe but worth it.

^^^^^^^^^^^^

It would be much quicker if I could throw a switch to disconnect the hard drive, although this step is not really even required as the hard drive does need not be even accessed. I disconnected the HD to make a point.
btw, is there a SATA switch available that can be rigged up which would make the process fairly painless ?
Perhaps this in the future might be the way to go ..virus infestation has passed the joke stage now.
Jp

Aaron
May 25, 2010 1:28 PM

Hmm, as for your SATA switch johnpro I don't know if such a thing is made. I did some minor digging and came up with this however.
http://lifehacker.com/5160614/build-your-own-sata-switch
Seems to me that this switch just changes between 2 or 3 different hard-drives. But I guess if you only had one plugged in and switched to your "Second Drive" it would be just like unplugging your primary.
It says on the website posted above that you can make your own switch with a soldering iron and some skill but I don't think my parents would appreciate that. (I'm 15 btw) If I do decide to get one I will just have to come up with $32.

johnpro2
May 25, 2010 6:37 PM

Thanx Aaron ...I think a purchase would be the way to go ...I always feel totally safe with physical disconects rather than a software one ..some bad folk just love to work out ways to circumvent software security solutions.
I am going to try out the new version of Fedora 13 as a boot disk soon https://fedoraproject.org/get-fedora

Jp

johnpro2
May 25, 2010 9:26 PM

On revision, not sure if Fedora 13 will run from the cd/dvd like some linux distos do.eg Gos which I have used.If a hard drive installation is required, this defeats the tight security benefits of having a non writable operating system.No point in leaving the door partly opened.
The following link has live cd/dvd versions
http://www.thefreecountry.com/operating-systems/linux-livecd-distributions.shtml

Jp

Aaron
June 1, 2010 9:43 PM

Ya I guess if you are required to have a writable HD for your (want to be) non-writable OS that does kinda defeat the purpose...

And "Partially open". So true. Give them a way and they will eventually figure out SOMETHING to infect a computer.

thomas mitchell
June 8, 2010 10:42 AM

I use avast as my resident scanner scanning everything i do online.Zonealarm as my inbound and outbound firewall and mac spoofing. So far no problems.

Aaron
June 15, 2010 10:16 AM

LOL! SPOOFER!! (Its a CoD4 thing) Anyways, sounds like you have a good setup too Thomas. ;)

Carlos Coquet
June 29, 2010 9:14 PM

Here is an understandable way to put it. You can pass a background check being a murderer. You killed someone last week and they just have not found the body yet. Antivirus software depends on a "fingerprints" database to detect threats and those "fingerprints" may take quite a while to get there. Malware, like graffitti, are written every minute yet the AV software houses do not find out about them until someone reports them and they've had time to analyze them. Since I am not sure they share any information amongst themselves, one software house may detect a virus that another one does not.
Heuristic methods are not foolproof either. Let's say your very good looking daughter is playing with friends in the park and you happen to notice a guy in his 30's following her every move with his eyes. You call the police, right? More than likely a pedophile. "Common sense". Now the polcie show up to question him and he pulls out his PBS employee id and business card. He is a talent scout for Sesame Street. Feel supid now ?? Similarly, even heuristics fail here and there. (And, depending on how everything was handled, your daughter may have lost any chance she had to make it on TV!!)

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.