Client Remote Support
Articles & Case Studies Library   Show | Hide
3 Steps to Desktop Security
w.02.2007 / r.05.2009
Desktop Security
The biggest issue here is not the damage to your computer, but the damage to your business. If one of your desktops became infected by a keylogger, and the mastermind behind it captured your employees usernames and passwords, that person could log in and start stealing data - data like credit card numbers. Anything stored on your network is vulnerable and can be used to take something from you without permission, or via blackmail. Your computer may not just "go boom". A Saavy thief would rather you think that everything is fine, so he can continue stealing what he pleases, for as long as he can.

I will briefly discuss three steps that are important to keeping your computers and data secure.

Desktop Antivirus Software
There are many vendors selling their version of antivirus, accompanied usually by their version of a firewall, anti-spyware, and anti-adware. I prefer to stick with the larger vendors that sell to thousands of customers, i.e. Microsoft, Symantec, Mcafee, BitDefender and Computer Associates.

In the end, it really does not matter which one of these you choose. Their protection is at about the same level and each have their pros and cons. Sure, some report may say that one is marginally better than the other, but then next year, or next month, things change. You'd be hard pressed to truly find an unbiased report anyways. Long story short, if they are a large vendor, they have too much at risk. It is not worth the time to split hairs to determine which package was marginally better last year and assume they'll keep it up this year. Besides, you should not rely on antivirus alone to maintain security.

The single most important factor to consider is the packages ability to *detect* a virus or virus-like activity.

One thing to avoid is software that pops up, telling you it did something every 5 seconds. Security is their job, not yours - it should not hinder your work. A good program will not ask for your input on benign operations, but many do this to make you believe it's "doing a good job".

I used to use McAfee religiously, then Onecare, then Bitdefender. Bitdefender's 2009 engine has been problematic for us and our users. In addition, CA has been showing some bloat on older XP machines, so that led to me doing an out-of-band reevaluation of the market. I was very surprised at what I found.

Symantec rebuilt their engine recently from the ground up. Norton in the past had a real problem with bloat, speed and annoyance but in their 2009 antivirus, it is lean and mean. It has score a hair below the gold standard (Avira) and on price point that make it a very attractive choice. So, to my amazement, I use Symantec Antivirs, and am very happy for now.

Please note that ANY of the above titles (and others) are perfectly fine to use. This is really only one third of your protection anyhow.

Human & Third Party Scanners
Much can be said for an actual human familiar with the PC inspecting your system.

Periodic inspection of your process list is important. The process list shows everything currently running on the computer. Right click on the taskbar and choose Task Manager. Click the Processes tab. You can type all these program names (i.e, foo.exe) into Uniblue ( and get a pretty accurate description of what it is. If you find something that does not sound right to you, have someone inspect further.

Check your startup configurations - this list includes anything additional that starts up when Windows boots. Click Start, Run and type 'msconfig'. Click on the tab titled Startup. Do the same thing here and lookup names, or catch a clue from the "path" it is using.

Periodically go through your Add/Remove Programs list in Control Panel. See if any programs got installed without your knowledge.

Download and periodically run Microsoft's Malicious Software Removal Tool.

Download and periodcally run Microsoft's Rootkit Revealer. It can detect all rootkits published on

Data Protection
This is a very important part of security. Even if someone cracks into your network or PC, you can minimize your exposure by assuring the data, to them, is useless. There is really no other way to accomplish this other than to use third party encryption programs, the most accepted being PGP.

PGP has a very cool utility called Netshare; we find that it fits into many small business' workflow. Netshare allows each user to make a PGP key that is unique to them. This "key" needs a passphrase to operate. A user can encrypt data on their computer or network storage, and choose other people to have access to the files. So, Bob in accounting can encrypt his files, but add Cheryl in accounting and Chris in Payroll to have access by simply adding them to the list of users for those files.

Each person needs to purchase PGP Netshare, create a Public and Private KEY, and set their passphrase. Everyone, no matter their position, can share their keys, so when you want to allow someone access, you simply drag their key into the "allowed keys" pool. PGP Netshare uses PGP Desktop to configure, and is very simple and intuitive. PGP Desktop also comes with the ability to shred files, which permanently makes deleted files unrecoverable.

When in Doubt
Not many people are completely comfortable with PCs and how to upkeep them. So, when in doubt, ask a professional - like us, or your local computer repair consultant, and choose wisely.

   Other Scanners
   The Next Step

Contact Us
terms of service : authorized usage policy : © 1999 - 2016 gish network