Comprehensive Security Strategies for Software Management
An important aspect of securing any system is the concept of “defense-in-depth,” or having multiple layers of security and not depending on any one approach or technology to block all attacks. Here are some links to tools and approaches that have been found useful in stopping malware from invading a PC.
Learn, Memorize, Practice the 3 Rules
Follow Krebs’s 3 Basic Rules for online safety, and you will drastically reduce the chances of handing control over your computer to the bad guys. In short, 1) If you didn’t go looking for it, don’t install it; 2) If you installed, update it. 3) If you no longer need it, get rid of it!
Keep Up-to-Date with Updates!
It shouldn’t be this way, but the truth is that most software needs regular updating. As a result, staying on top of the latest security updates can sometimes feel like a nagging chore. Not all software includes auto-update features that let you know about new patches, or if they do, many of these take their sweet time let you know.
Fortunately, there are some tools that make it easier to learn when security updates are available. Secunia’s Personal Software Inspector is popular option. Another is File Hippo’s Update Checker. Both are free.
Put a Leash on Javascript
Most Web sites use JavaScript, a powerful scripting language that helps make sites interactive. Unfortunately, a huge percentage of Web-based attacks use JavaScript tricks to foist malicious software and exploits onto site visitors. To protect yourself, it is critically important to have an easy method of selecting which sites should be allowed to run JavaScript in the browser.
Firefox has many extensions and add-ons that make surfing the Web a safer experience. One extension that I have found indispensable is NoScript. This extension lets the user decide which sites should be allowed to run JavaScript, including Flash Player content. Chrome also includes similar script- and Flash blocking functionality that seems designed to minimize some of these challenges by providing fewer options. In addition, there is a very handy add-on for Chrome called ScriptSafe that works very much like Noscript.
Security Tools Overview
| Tool Name | Platform | Key Benefit |
| NoScript | Firefox | Lets the user decide which sites should be allowed to run JavaScript and Flash. |
| ScriptSafe | Chrome | Handy add-on that works very much like Noscript for script blocking. |
| Secunia PSI | PC / Windows | A popular option to stay on top of the latest security updates. |
| Microsoft EMET | Windows | Beefs up the security of commonly used applications through DEP and ASLR. |
Microsoft EMET
EMET, short for the Enhanced Mitigation Experience Toolkit, is a free tool from Microsoft that can help Windows users beef up the security of commonly used applications, whether they are made by a third-party vendor or by Microsoft. EMET allows users to force applications to use one or both of two key security defenses built into Windows Vista and Windows 7 — Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP).
Please note that Java and Javascript are two very different things. Java is a widely-installed and quite powerful software package that requires frequent and attentive security patching. It plugs straight into the browser and is a favorite target for malware and miscreants alike. NotScripts and NoScript will both block Java applets from running by default. However, if you have Java installed, you’re best off either unplugging it from the browser, or uninstalling it.