In the early 1980s, Internet security was practically nonexistent. No large-scale attacks had ever been attempted, and network-based vulnerabilities were rarely, if ever, exploited. This changed in the late 1980s with the Morris Worm, the first known large-scale attack propagated via the Internet. Today, spyware, viruses, trojan attacks, worms, and malware are all common occurrences affecting nearly every computer user at least once.
Understanding the differences between firewalls, antivirus, antispyware, and various combination packages is essential to keeping a user’s computer safe with minimal interference into the user’s workflow. Antivirus and security software is sold everywhere, including big-box retailers, office supply stores, software stores, and at auction sites like eBay. Wherever antivirus and security software is purchased, it is one of the most essential safety components for an individual’s computer.
Firewall software analyzes incoming and outgoing data packets on a network; that is, all the information sent and received through the computer’s network connection. To accomplish its task, firewall software analyzes each piece of information sent and compares this against a set of predefined rules. These rules allow the firewall to determine if the packet of information should be allowed through the firewall into the computer, or blocked to prevent possible harm or infection. Over time, firewalls have grown more advanced in their ability to filter network traffic. Today, three varieties of firewalls exist for consumer use: network or packet layer filters, proxy servers, and application layer firewalls.
Network and Packet Layer Filters
Network layer firewalls are called packet filters. These firewalls are the simplest of firewalls, and only allow information packets to pass through the firewall if the packet matches a specific set of rules. A user can define his or her own rules, but these software packages often come with a list of default rules already provided. Within this type of firewall, there are stateless firewalls and stateful firewalls.
Stateful firewalls can identify an active connection that has been previously approved to speed up packet filtering. Any packets entering the firewall from outside an existing connection are evaluated per the rule set; packets entering within the active connection are processed with a reduced set of rules because the connection is already trusted. Stateful firewalls require more memory, while stateless firewalls can be faster at processing simple rule sets.
Proxy servers act as a firewall in that they inspect incoming packets for specific applications and block all other requests. They act as gateway monitors between the computer and the Internet connection and makes connection decisions for the user. This type of firewall can make accessing a computer more difficult from an external network, such as the Internet.
Application Layer Firewalls
Application layer firewalls are the most powerful firewalls, but add delay to network traffic. Additionally, nearly all modern firewalls are application layer firewalls. These firewalls inspect all packets for specific protocols, such as FTP and browser traffic. Each packet is deeply inspected for content that does not match the header information. Because of this, application layer firewalls are often effective at restricting or completely blocking the spread of worms and trojans.
Application layer firewalls work in a similar method as packet filters, except application layer firewalls inspect each socket layer of a connection while a packet filter inspects only the port layer of the connection. Additionally, application layer firewalls inspect the process IDs of incoming data packets against another set of rules to match the packet with a process in the local computer environment.
Antivirus software identifies, prevents, and removes malware from a computer system. Malware is any number of viruses and software bits that intend to harm the computer or steal information, such as viruses, adware, rootkits, backdoors, hijackers, keyloggers, spyware, trojans, and worms. Modern antivirus software employs several methods to detect and remove malware. However, no antivirus software can detect and prevent all possible malware.
Signature Based Detection
Nearly all antivirus software uses signature-based detection as part of its virus detection process. Each virus has a digital signature; a code that causes the virus to perform the functions it was designed to perform. On a regular schedule, or at the user’s instruction, antivirus software downloads an updated database of known virus signatures. The antivirus software can then scan each file on the computer’s hardware and memory and compare the entire file, as well as small sections of each file, against the virus signature database.
This method is very effective against preventing infection from known viruses. However, it cannot identify new viruses that are not located in its database. Additionally, virus authors have begun writing oligomorphic, polymorphic, and metamorphic viruses, which contain algorithms to randomly encrypt or alter part of their own code. This provides the virus an effective disguise by changing its virus signature.
To help protect computers against new and unknown malware, heuristic detection algorithms were created. Heuristic methods allow antivirus software to detect variants of existing malware and new, never before seen malware. Heuristics use virus signature databases to find viruses, but do not require an exact match to identify a virus. Heuristic detection algorithms scan files for random combinations of signatures to detect malware.
Rootkits are a particularly nasty form of malware. This type of malware is stealthy and evades standard signature-based and heuristic detection methods. Rootkits can alter the operating system of a computer to change how it works and even alter antivirus software itself to make it inoperable. In some extreme cases, rootkits can destroy an operating system, making it completely unrecoverable. This requires a complete system reinstallation and usually results in a total loss of data. Top of the line antivirus software often has the ability to scan for rootkits, but with limited success.
Real Time Protection
Most antivirus software provides real-time protection, often under any number of clever synonyms such as resident shield, background guard, autoprotect, and so on. The real-time protection feature of these antivirus programs monitors all activity in a computer for processes and activities that appear suspicious. This is done at all load and read times; any time a file is accessed, loaded, or downloaded. This feature helps protect against malware that has made it onto the computer system but has not yet been activated.
Antivirus Rating System
Rating an antivirus based on its components can be a bit confusing. Using a rating system that rates important features and allows the user to create an additive rating score is often beneficial in making the decision on what antivirus to purchase.
|Protection Type||Rating||Rating Reasoning|
|Signature-Based Detection||3||Effective against known malware|
|Heuristic Detection||3||Helpful against morphing and new malware|
|Rootkit Detection||1||Great when it works, but often fails to detect properly|
|Real-Time Monitoring||2||Effective in applying Signature-Based and Heuristic Detection in real time; slows down computer processes slightly|
Buyers can use the chart above to rate antivirus software based on commonly available components. Buyers should add the rating points together for each component that the antivirus has; antivirus software with a higher score is often better than antivirus with lower scores.
There are two kinds of spyware; those that are bundled with software the user intentionally installed, and those that are installed simply by visiting infected websites. Spyware is not inherently dangerous; most spyware logs a user’s computing or browsing habits and send the information back to a tracking program. This program can then sell this information to companies to better target the user for advertising. However, spyware can easily build up quickly. With each spyware robbing the computer of a small amount of processing power and network bandwidth, the cumulative effects can begin to slow down the computing experience for the user. Additionally, there is the issue of privacy, hence the term spyware. Most users are unaware they are installing bundled spyware when they install other software products, and often are not given a choice.
Antispyware software often provides real-time protection, just like most antivirus software does. Additionally, just like most antivirus software, antispyware software relies on up to date spyware signature definition files to work properly.
Most of the big-name antivirus software companies today offer combination packages, bundling together firewall software, antivirus software, and antispyware software in one, easy to use, convenient package. Typically, these packages consist of individual software components that work independently, and the user interacts with these components through a separate control panel program. This is the preferred scenario; if one component fails, the other components can still function properly.
Buying Antivirus and Security Software on eBay
Buying antivirus and security software on eBay is relatively easy. Users will want to navigate to the Antivirus & Security Software category in the Computers / Tablets & Networking portal. This is the hardest part of the search, as “Antivirus & Security Software” is somewhat hidden. Buyers should go to the “Computers/Tablets & Networking” category, and then choose the “All Categories” option in the navigation menu. Here, users can scroll down to the “Software” section and find the “Antivirus & Security Software” category. Next, the buyer should select his or her operating system from the “Platform” filter. Finally, buyers can choose the condition of the software from the “Condition” filter. Buyers can further narrow down their search by using any of the other useful filters.
Being Fully Informed
Sellers on eBay usually offer good descriptions of the products they sell. However, buyers often miss some pertinent information about the item prior to committing to a purchase. To prevent this, buyers are encouraged to read the entire description for a product in the “Description” tab. To be fully informed, buyers should also read everything in the “Shipping and Payments” tab. This tab shows shipping cost information, such as various shipping rates if available and where the item is shipping from. Additionally, the seller’s return policy is located here; a critically important piece of information. Lastly, the seller’s accepted payment methods are listed in this tab, which is important for buyers to know prior to initiating the purchase.