Anti-Virus, EDR, Firewalls, and VPNs

Discussing Anti-Virus Options

Windows 11 Security includes standard anti-virus and anti-malware called Windows Defender. It's a reasonably capable traditional anti-virus feature for no added cost. For many that is good enough, especially if you are careful to NOT click on links in emails and ignore things like fake virus alerts that have become so popular recently.

Some people want something extra, or something more, or something made by a different company. In that case, you can choose either a different anti-virus product (BitDefender, Norton, McAfee, MalwareBytes, etc.) or you can choose an upgrade to EDR (Endpoint Detection and Response). Each is described below.

Traditional Anti-Virus

Anti-Virus (AV) watches for bad identities and tries to block them. It keeps a list of bad items (files, viruses, trojans, worms, etc.), which always needs to be updated, and then watches your system for any sign of such bad items. We’ve been doing AV this way since the 80’s. If we made an analogy of how this works using a home security system, it would be like keeping a list of all the known bad people, and their pictures, so that when any one comes to the door, you could check if they matched the list or the picture, and decide whether to let me them in or keep them outside. Keeping that list accurate and up-to-date (timely updates) is critically important.

Upgrading to EDR

EndPoint Detection and Response (EDR) watches for bad behaviour. If something on your computer suddenly tries to delete or encrypt every file in your documents folder, EDR would say “this doesn’t look like any reasonable behaviour” and would block it. There are many more examples. And EDR software is particularly adept at un-doing any actions that a virus or trojan might have tried to start. In our home security analogy, it wouldn’t matter what the person looks like, if they are walking around the back yard in the dark with a crowbar, it would already turn on the yard light and lock the doors and windows. Bad actors could still be identified, but typically the behaviour has been blocked before any identity is even revealed. EDR also has more tools available to undo and repair damage that it finds.

You can use Windows Defender for free, or buy AV or EDR software from online vendors. Prices vary, and often have great introductory pricing for the first months or year, and deals on multiple computers. Check online for current pricing and offers.

Bitlink also offers both AV and EDR security as a service, meaning you subscribe to the service, and then I actively monitor it. If there are issues with AV updates, or a virus is encountered, or if EDR has a problem or has blocked some threat, I am alerted to it, and may even be able to address the issue or fix the problem automatically or remotely. For personal computers, Monitored Anti-Virus is $60/year per computer (billed $15 quarterly) and Monitored EDR is $84/year per computer (billed $21 quarterly). These are available for Windows and Mac computers.
For business users, please ask about pricing, and about complete security and continuity (backup) packages.

People also ask about firewalls and VPNs, as they are sometimes included in Security Suites or bundles.

Firewalls & VPNs

I find that the firewall included by default with Windows 11 is sufficient for almost all home and most business users. Added firewalls (like Nortons) for home users most often lead to extra, confusing popup questions, add very little extra value in security, and sometimes break network printing or other normal activity. VPNs may have value for some people who are want to ensure an extra level of anonymity online, perhaps add some extra privacy, or need to fake their location when online. But good privacy is often more about careful behaviour than added features.


The Single Most Important Security Choice (it's free)

Your email password should be complex and be different from every other password you have.

Many people think that their email doesn't have anything private or important in it. But consider this.
If I have access to your email, I can go to any other account you have and pretend I forgot your password, ask for it to be reset, and take over that account, from Netflix to your cell phone provider to your bank. I could re-direct your email to my own address, set up new accounts, maybe even request online banking or credit card changes, all in your name.

So SECURE EMAIL is extremely important.
If you choose to do only one single thing about your security, protect your email.

Two things matter. Your email password must be complex and unique.

Complex - any dictionary word or combination of them can be found by hacker programs in seconds. This includes swapping 0 for O and 1 for l and 3 for e and so on. Those make no difference any more. Your password should be long and random.

Sorry, I know that's tough, but it's super important.

You might try an acronym, using each word of a sentence. For instance, you could use something like "IrhtLmmualp2day", which uses the first letters from from the sentence "I really hate that Les made me use a long password today", with a little twist at the end to add a digit. 😊

Unique - You shouldn't use your email account password on any other service or account!
Why? This is the easiest and most common kind of "hack". When hackers got into Facebook a few years ago (learning 500 million facebook logins and passwords), or LinkedIn (164 million logins and password), or the Starwood/Marriott hotel chain (500 million logins and passwords), they stole lists of millions of people's passwords to those services. Then the hackers simply tried that same password and email address to see if they could get into the email account - so anyone who used the same password in both places just gave away their email password! Once they have that, the rest is easy (re-read the first paragraph above).

So one single request. Please make your email password complex and unique.

Was that too simple? Do you want to excel at password security? Ask me about MFA (multi-factor authentication), so that even people who know your password can't access your account, or ask me about using a Password Manager, to make all your passwords complex and unique, without having to remember any of them.

Real Backups

Quick reminder - BACKUP means COPIES of your data.

I sometimes see people move a large collection of photos or documents to an external drive to make space on their computer, and then call that a backup.
It is not.
Any drive or device or service can fail, and will some day, and if you have something important that is only in one place, it will be lost when that thing fails. To qualify as a backup, it must exist in more than one place.

Ideally, it should be more than that, and a common phrase to summarize a great backup strategy is the 3-2-1 rule.

3-2-1 Backups

The 3-2-1 backup rule basically means this:

  • 3 Copies of Data – Maintain three copies of data — the original, and at least two copies.
  • 2 Different Media – Use two different media types for storage - external hard drive, USB memory stick, cloud backup, NAS, etc.. It’s your decision as to which storage medium will contain the original data and which will contain any of the additional copies.
  • 1 Copy Offsite – Keep one copy offsite to prevent the possibility of data loss due to a site-specific failure. If your two copies are on external drive or USB stick, keep one of them elsewhere. If one or more of your backups are to the cloud (online), that counts as offsite.

Additionally, it can be very valuable for at least one of the backups to be versioned. That basically means that you can go back to a file or folder the way it was 2 days ago, or 2 weeks ago, not just the latest version you backed up. This is critical to prevent loss due to ransomware, so that if all your data has been changed to lock you out (pending your payment to the hacker), that you can go back to a backup from an earlier date and retrieve all your data.

Admittedly backup can be a complex subject, but let's start simple.
If anything important is in only one place, it's at risk. Please make a copy of it somewhere else, as the most basic starting point! You can follow up with fancy backup strategies later, but lets start with just making sure you have at least one simple backup.

JoomShaper