(This blog will be updated as I change my mind, think of better things to say or just for the heck of it).

Alternative titles: “The Four Pillars of Internet Security”, “Dirty little secrets of the software world”, “Steal this software”. Or more appropriately: “There goes Alex again, burning bridges in the software business”.

People have sometimes asked me the seemingly simple question: “What do I do to protect myself on the Internet”?

Well, first off, a large number of the people we see getting hid very badly by spyware have older unpatched Windows systems–meaning, they are running Windows XP in practically its native original state, without security patches. So, making sure you’re running the latest security patches is quite important.

Trite bromides like “get yourself antivirus programs, a firewall and an antispyware program” wear thin. The response is invariably one of confusion: “What antivirus program?”, “What firewall?”, “Is a hardware firewall enough?”, and so on.

The simple fact is good internet security is based on what I call the Four Pillars of Internet Security. They are:

• Firewall protection
• Antivirus
• Antispyware
• Patching

With these basics, your internet experience is dramatically safer. Antispam, antiphishing tools, content inspectors and the rest are often necessary, but not absolutely necessary.

Now, you don’t have to pay through the nose for “security suites” that are sometimes, well, ten pounds of crap shoveled into a five pound bag. If it was a cost issue, people wouldn’t care. They’d shell out the bucks to get a good solution, and if they didn’t, we could all smirk and say “see, I told you so, if you’d just spent $80 on a security suite, you would still have a wife, a car and money in the bank.”

(I often joke that Internet security suites are worse than spyware. Spyware does a couple of notable things: It pummels you with popups and slows your system down. Internet security suites pummel you with popups (aka security warnings) and slow your system down. But worse, they have the audacity of charging you an arm and a leg.)

Introducing Security on the Cheap
I make my living making and selling software, so my interest is always to have you pay for it. But for those who want to save a buck or two, I’ve got my Security on the Cheap guide below. Getting these (mostly) free basics in now will make your internet experience dramatically more secure:

(Realize that most of the free solutions mentioned are gratis for only types of certain people, like home users. Check the terms of the licensing agreements.)

Get an antivirus program. Grisoft’s free antivirus is pretty decent. There’s the free AntiVir and the free Avast. Want to pay? Kaspersky’s is excellent but a wee pricey ($40), and I’m personally a bit fan of NOD32. Might want to try AOL’s new freebie as well. Or the free BitDefender (which I believe is unfortunately an on-demand scanner only — no real-time protection). If you want other suggestions, ask your friends or download the various trial versions out there.

Get a software firewall: You don’t have to spend money on a good firewall. My personal favorite: The Kerio firewall, which is a totally biased statement since it’s my product. However, another option is the ZoneAlarm personal version, free and good. (Sygate used to be great but has been discontinued).

Get an Antispyware tool: In my completely biased opinion, I of course recommond mine (CounterSpy), but WebRoot’s SpySweeper is a very solid product. (PC Tools makes an outstanding product as well, but to be blunt, I’m not a fan of their marketing tactics.)

Now, I understand and forgive you if you don’t want to spend $20 on a commercial antispyware program 😉 So here’s the low-down on the free ones: Microsoft’s free one is ok, but not great. The two other free ones are Spybot and Adaware. Spybot is behind in the spyware race and I’m not sure if Lavasoft is still the product it used to be. Things have changed — threats have gotten very hard to remove. The real scoop? The free Yahoo toolbar Norton Antispyware on-demand scanner is quite good, and it’s no longer using the old PestPatrol engine.

Patching: The final leg of the Four Pillars of Security is getting your security patches from Microsoft. You would be amazed at how many people haven’t updated to the latest patches.

That’s the list of the really important security programs. Here’s a host of other little tools you can get that will make your experience even safer:

Antiphishing. Microsoft and Firefox now have antiphishing in their latest versions, but you can also get the free Netcraft antiphishing toolbar.

Antispam. Some would argue that a spam filter is vital for security. Actually, it really isn’t if you’re relatively intelligent, since spam is more of a nuisance than anything else and if you can stand deleting messages, you don’t need one. But that being said, spam is a royal pain, and a good antispam tool is a lifesaver.

Here’s my advice: Use the Outlook 2003 junk mail filter. It’s mediocre but free if you have Outlook 2003. Other options: Find out if your internet service provider has spam protection (Earthlink’s is actually decent). Otherwise, I’m afraid you’ll have to shell out some bucks. I have one, iHateSpam for $20. Cloudmark (incidentally, a business partner of ours) also has a very good one. Shop around, but you’ll find there’s a lot of junk out there, believe me.

Misc. tools. Paranoid and want to check for rootkits? Download the incredibliy confusing but powerful SysInternal’s Rootkit Revealer. Or F-Secure Blacklight. Got a tough job cleaning spyware? Get HijackThis. Want to help protect against spyware? Download the free IE Spyad by Eric Howes (who incidentally does consulting work for us). Want to lock-down what sites your kids can visit? Get either CyberPatrol (a wee pricey) or CyberSitter (a good value). Or buy this bundle at Dell.

Also, Micheal Horowitz wrote to recommend Javacool’s SpywareBlaster (not to be confused with a rogue app of the same name. I would also add WinPatrol to the “Security on the Cheap” list.

And then, of course, there is your operating environment. If you can live with it, Linux or Macs are infinitely safer than PCs. Don’t want to migrate to another OS? Then at least get Firefox, which will add a lot of security to your browsing experience.

And a final miscellaneous tip: Primary users on their computers might think of setting up accounts with Restricted Access. You as an administrator can control what’s installed, but when someone else wants to use your PC, put them on a Restricted Account. Password protect your own Administrator account. However, in some cases, it can be a hassle, as Michael Horowitz points out here. Vista will offer improved functionality in this area.

That’s it for now. Feel free to comment if you have any other ideas or opinions.

Alex Eckelberry

Update: PC Mag publishes their list of free stuff.