Tuesday, April 17, 2007

How to Make Sure Your Security Software Is Working

Spurred by phenomenal demand, the security software industry is mushrooming. That's a good thing: With the sophistication of hackers and snooping apps at an all-time high, we need all the security we can get. And no single anti-malware application is likely to provide complete protection. A layered approach running a variety of programs, each helping to cover the others' shortcomings, works best for dealing with new threats.

For instance, you might need a "raw PC analysis" tool that reviews the apps that start automatically with Windows and stops any spies from loading on their own. The best known of such utilities is HijackThis, which identifies many startup programs and processes but doesn't say whether any pose a real threat. Security firm XBlock Systems' X-RayPC (free) tries to help with that: Click its Online Analysis button, and it identifies the apps known to be 'good' programs, narrowing the search for a parasite.

Antivirus software is a must, of course, but it's not foolproof. If you get hit with a virus before the company that makes your antivirus software has released a virus definition, a virus scan may tell you your machine is clean. If you find a suspicious file on your system and your antivirus software hasn't raised an alarm, you can get a second opinion at two free sites: Virustotal.com, where you can upload a suspect file and run a comprehensive scan using 23 separate antivirus products; or Jotti, which scans files slightly more quickly because it uses only 15 different antivirus engines.

Both antivirus and antispyware applications try to catch new threats by detecting certain types of telltale characteristics and behaviors. But how can you gauge the effectiveness of your program's behavior-based protection?

Spycar (free) is a suite of utilities that probe how your antispyware or antivirus app reacts to the behaviors spyware engages in: Changing the Windows Hosts file (which could redirect your browser to malicious sites), adding favorites to the Internet Explorer menu, or changing parts of the Windows Registry. Any worthwhile security scanner should watch for these warning signs and prevent these actions.

Running Spycar won't harm your system, but if you can run the program without your antispyware or antivirus program going apoplectic, it's time to buy new security software.