Unless you built it yourself, your PC almost certainly came with a trial installation of an antivirus or security suite product. Did you renew your subscription when it expired, or maybe have other protections installed? Let’s hope so. Once you’ve passed the trial period, you theoretically don’t need to think about your security software unless it pops up to tell you it wiped out some malware. However, for best results, you should light it up from time to time to make sure everything is humming the way it should.
Here are a dozen simple steps you can take to make sure you’re getting the most out of your security system.
1. Keep your antivirus software up to date
In the early days of computer viruses, antivirus programs simply scanned files for signature patterns of known threats. Today, most malware coders make their code polymorphic, making it impossible to detect with simple pattern matching. Modern antivirus utilities use behavior-based detection systems, so they can block malware they haven’t seen before. That said, both simple malware signatures and behavioral detection patterns need to be updated frequently to keep up with evolving malware. Is your antivirus software up to date? Open it up and have a look. Did you see a message that the database needs to be updated? Even if you don’t, poke around and trigger a command that runs an on-demand check for updates. No problem!
Also check to see if there are any updates available for the program itself. In fact, check all security products for available updates. Typically, you’ll find the option to check for updates in the File or Help menu, or in the menu that appears when you right-click the product icon in the notification area. While doing this, you may find that your subscription has expired – renew now!
When renewing, please consider signing up for automatic renewal. Before renewing, you will receive a notification email, so you can still change your mind. Auto-renewing subscriptions get you some of the company’s virus protection promises, including Norton, McAfee, and ZoneAlarm. When you auto-renew, the company promises to track and terminate any malware that gets past basic antivirus protection.
2. Use the best security software
Look at each of your security products and consider how you chose it. Have you seen the commercials on TV? Was it suggested by a friend? Did it just come with the computer as a trial version and you signed up at the end of the trial period?
To make sure you have the best product, visit PCMag and read our review of the product. In addition to antivirus, we also review security suites, password managers, parental control software , VPNs, and more. If we found the product’s protection to be flawed, or just didn’t give it the top rating, check out our Editors’ Choice products. You might want to upgrade to something better.
3. Sanity Check Your Antivirus
If you want to check that your image recognition application can tell the difference between apples and oranges, you can put an apple (or orange) in front of it and see if it gets the correct result. If you’re wondering if your antivirus can tell the good from the bad, it’s not that easy. Most of us don’t (and shouldn’t) keep malware for this kind of sanity check.
This is where the EICAR test file comes in. Founded in 1991, EICAR used to stand for the European Institute for Computer Antivirus, but after a while the organization dropped the acronym in favor of plain EICAR. The test file is a tiny program that antivirus vendors around the world agree to detect, even if it’s not malicious. Just visit the EICAR websiteand try to download the file. Your antivirus software should block the download, and may recognize the “threat” as an EICAR test file.
4. Get help from experts
The Anti-Malware Testing Standards Organization (AMTSO) is an international organization whose goal is to improve web security testing. At a high level, this means creating standards and encouraging discussions between the companies that create antivirus tools and the companies that test those tools. However, AMTSO also maintains a library of functional tests that anyone can use to make sure their protection is working properly. Full disclosure – I am on the Advisory Board of this panel.
From the Security Feature Check page , you can initiate several different tests. Some of them exercise how different components detect EICAR files, for example, by manual download, drive-by download, or in compressed form. AMTSO created a standard (harmless) file to replace those less toxic but annoying potentially unwanted applications. You can check to see if your antivirus scans ten different types of compressed files.
Remember, all files involved in these tests are harmless. It’s just that many security companies have agreed to react as if they were harmful, creating a safe way to run such tests. When your antivirus software passes one of these tests, it’s an indication that it’s working. If it doesn’t pass, then the publisher probably didn’t choose to participate.
5. Verify your VPN
Your browser sends your IP address and requests information every time you visit a website. This is necessary because the site needs an address to send back the requested data. Your IP address can also physically locate you, although with less accuracy. You can check this right now by going to whatismyipaddress.com, whatismyip.com, or any one of dozens of such sites. Do it now, without an active VPN. You may find that it gets the correct city, but no more details.
When you run communications through a virtual private network, or VPN , the website never sees your IP address. Instead, it sees the IP address of the VPN server. So connect your VPN to a server far away and run that geolocation test again. Does that mean you are in Paris now? Then it started working!
6. Check your router security
Every wireless router is configured with a default username and password, which are the credentials you’ll need if you want to change important settings. Older routers in particular may come with simple values like “admin” for username and password, and you can be sure that all those defaults are known to hackers .
You may also find the default username and password on a sticker on the bottom or side of the router. This is more secure than using dumb default credentials, but anyone who enters your den or office can snap a photo of those credentials. If your router is visible in the background, you might even give away those credentials in a video conference .
If you don’t know if your router uses default credentials, check with your internet provider’s technical support. Once logged in, change your router password and record it in your password manager . Once logged into your router, check the type of encryption your Wi-Fi connection uses. WEP and WPA are old, insecure encryption methods; bad! You want WPA2 with AES. Chances are, you can simply select a new encryption method from the drop-down list. One caveat; some older devices such as the Nintendo DS and Sony PSP are not compatible with WPA2.
7. Check your mobile device
Apple has made iOS very airtight, but Android devices are not as secure. There are millions of malicious programs designed to wreak havoc on Android devices. If you don’t have a security program on your Android, you’re taking a risk.
Typical Android security tools offer both malware protection and anti-theft features. This is important because you’re just as likely to lose your Android or have it stolen as you are to encounter serious malware in the wild.
You probably already have Android Protection as part of your desktop security suite. Many modern suites cover multiple decks. Check out our roundup of the suites that offer the best Android protection .
8. Scan the Internet of Things
Your computer and mobile device aren’t the only devices communicating over your home network. Chances are you have a lot of other devices on that network like gaming consoles, video doorbells, baby monitors, whatever. The problem is, you can’t install security software on most of these devices, so you can’t be sure they’re safe.
or can you There are a growing number of free home security scanners, both standalone apps and suite components, that do two useful things. First, they let you know exactly which devices are on your network. You might be surprised by the length of the list. Second, they examine these devices for security issues.
9. Analyze your passwords
You’re using a password manager , right? very good! But what exactly is it managing? Entering all passwords into the system is only the first step. The second step is to replace any weak or repeated passwords with strong ones.
Most password managers include reports on password strength. The best ones give you a list that you can sort by intensity. If reports show a high number of weak and duplicate passwords, start fixing them. Do the worst five, or how much time you have. Fix some more tomorrow. Stick with it until the password manager gives you a gold star.
Of course, all this effort is wasted unless you protect those passwords behind a strong master password. The passwords saved by the password manager can be completely random, such as GYDH31A^u6h1! udK, but master is a password you have to remember yourself. Check out our advice on creating a super strong master password that no one else will guess .
10. See if you’ve been scammed
Data breaches happen every week, and personal information is being leaked onto the dark web all the time. Yours might be exposed, but how do you know?
Fortunately, the handy website Have I Been Tricked can help. Just enter your email and find out if that information is in a known breach, or in a data dump on sites like Pastebin. If you receive an “Oh no, pwned!” message, change the affected password immediately. Many password managers notice the password changing process and update their data automatically.
11. Review your social media security
It goes without saying that your social media accounts (except Twitter) should be set to private so only your friends can see your posts. However, do you check to make sure your configuration has optimal security? Sign in, navigate to Settings, and review anything related to security or privacy. For example, on Facebook, you want only friends to see your posts, and only friends of friends to send new friend requests. And you don’t want search engines linking to your profile.
Facebook also allows you to see all the devices logged into your account. Review the list, and if any of them look suspicious, log out remotely.
You may not realize it, but friends and apps can leak your data even if your own settings are strict. On Facebook, you can close that leak by disabling the sharing API. Doing so does mean you can’t play Farmville or other exciting Facebook games, but the sacrifice is worth it. You can also download and view data saved by Facebook and Google .
12. Check your credit
How would you feel if you opened your credit card statement and found a charge for a fancy workout system you didn’t order, sent to any strange place? Yes, that would be bad. However, you can get a head start by proactively checking your credit.
We like Credit Karma , a free website and mobile app that keeps tabs on your credit score. Yes, you can get a credit report from each of the big three agencies for free once a year, but Credit Karma works directly with TransUnion and Equifax to check your scores weekly. It can also automatically fetch full annual reports on a regular basis. If you see a new account that you didn’t open, or your score changes drastically, you can fix the problem before thieves start getting buffs on your dime.