How businesses and home users can make improvements to protect themselves
The number of stories in the mainstream press about the devastation that hackers cause is proof enough as to who has the upper hand in the cyber war today. But there is still plenty that people can do to increase their protection by understanding the common failure points.
You need anti-virus and there is a load of advice online about which to buy. Who can you trust?
Some anti-virus reviewers know what they are talking about. Others don’t. Some are just in it for the money. How can you tell which reviews are worth your time?
How to choose anti-virus for your PC and your family
Most people believe that you should run anti-virus on your PC. Independent security experts, governments and every computer journalist on the planet promotes this advice. And they are not wrong. There is no doubt that installing anti-virus is one of the most important things you can do to keep your computer and its data safe.
At SE Labs we are often asked, “which is the best anti-virus for the Mac?” And, “do you need anti-malware for MacBooks?” For reasons we’ll explain, we’ve not published an endpoint security report for Mac-based products (yet).
But we do have an insight into how Mac threats work and how Apple tries to protect users. In this article we cover everything you need to know.
Security planning can make your life easier to manage. It’s easy to become paralysed when you consider all of the threats that exist and all of the possible solutions. You can’t buy every security product available and you certainly shouldn’t even try.
There are risks that we all face (let’s call those ‘general risks’) and risks that are quite specific to you (‘individual risks’).
Security planning for anyone, whether you are the CEO of a large enterprise or a retired amateur gardener, should take into account what risks you (specifically) face and the consequences of something bad actually happening.
General risks
In this article we’re going to focus on cybersecurity, but the principles apply to any area of your life. In the computing world there are three major threats that we all face:
Security solutions can stop you getting things done. They can make mistakes, interpreting your actions as malicious. And then block your work. But they can also blindly follow security policies set by the IT department. Sometimes they do both! How can you predict which products will be most accurate after you buy them?
Custom security policies
Your business most likely doesn’t rely entirely on the detections and protections offered by security solutions. IT usually needs to make a least some configuration changes. Default settings should be good, but businesses commonly make their own adjustments. Every company has its own characteristics and one size definitely does not fit all.
Is Microsoft’s anti-virus good enough? Are the ‘next-gen’ endpoint products as good as they claim? Is our combination of anti-malware and whitelisting giving us full threat coverage? Enterprises are asking themselves, and SE Labs, these questions all the time. The good news is, we can help provide an answer.
The reports below contain security testing results. You can compare the performance of a variety of products that claim to protect you against online threats. This, in theory, will help individuals and businesses choose the best security product.
Rules of engagement
But these are free reports. How can you trust that the high-scoring vendors didn’t just pay for their ranking? Do you suspect that some low-scoring vendors dropped out of the report? Or asked to be retested until they scored better?
What are the rules behind the scenes in security testing?
Everyone needs to protect themselves online. There is a lot of advice out there but much of it is confusing and contradictory. We’ll show you simple but effective steps you can take to put yourself in the top ranks. And you can help your friends and loved ones stay safe too.
Welcome to the Bluffer’s Guide to Home Cyber Security!
This article is going to tell you everything you need to know to stay safe online. It won’t baffle you with too much detail. But rest assured, although the steps are simple they are backed up by our thorough and unbiased understanding of how computer security works. We don’t have anything to sell you. This is all good, free advice.
Real-world security reports don’t always reflect your real world.
What makes a real-world security test useful? Does it need to provide a full assessment of a product or service? An assessment that is directly relevant for all potential customers? Or does it need to give just a taste of how effective a product can be?
The perfect security test
Tests can vary in how they are run and the level of information that they provide. Not all tests are equally reliable or even useful. But one thing they all have in common is that they aren’t perfect. Let’s look at how tests are limited, how you can interpret them and what the future holds.
False positives are not all equal. Or always real false positives!
Security tests ought to test for ‘false positives’. It’s important to see if a security product stops something good on a customer’s system, as well as the bad stuff.
Measuring the balance in security
Almost nothing in this world can be reduced to ‘good’ or ‘bad’ accurately. There is too much subtlety: what’s good for one person is bad for another. Someone else might feel neutral about it, or slightly positive or negative. The same applies when testing security products. It’s rare to get a straightforward good/ bad result.
An anti-malware product might block all threats but also all useful programs. It might ask the user frequent and unhelpful questions like, “Do you want to run this ‘unknown’ file?” Alternatively, it might let everything run quietly. Or prevent some things from running without warning or explanation. Maybe you want to see alerts, but maybe you don’t.
We look at how to put the nuance back into security testing.
Archive of security product and service test results
Cyber Security DE:CODED Podcast
All of our podcast episodes and related content
About
SE Labs Ltd is a private, independently-owned and run testing company that assesses security products and services. The main laboratory is located in Wimbledon, South London. It has excellent local and international travel connections. The lab is open for prearranged client visits.