I’ve been reading a couple of long discussions about antispyware software lately, and one piece of advice that comes up a lot is the need for a multi-layered defense. I agree that multi-layered defenses are essential, but I’ve seen advice from too many people who are unclear on the concept. More than a few people think that they’ve achieved the goal of having multiple layers of protection if they install a whole bunch of security software. Sorry, that’s not correct.
A true multi-layer defense includes effective protection at different sequential points along the route to you. It deliberately does not duplicate protective software at a single layer. So, to take spam as an example, this would constitute an effective multi-layer protection strategy:
- Filtering at your e-mail server.
- Filtering at your e-mail client.
- Technical measures to hide your e-mail address on Web pages and online forums.
- Use of temporary e-mail addresses for correspondence with untrusted people or firms.
See how that’s different from just loading up on two or three different anti-spam programs? Likewise, a proper multi-layered defense against spyware consists of at least the following measures:
- Measures to completely block unauthorized software.
- Measures to prevent social engineering attacks.
- Restrictions to limit the ability of untrained or unsophisticated users to make damaging changes to the system.
- Effective measures to undo system changes and completely remove installed software.
- Periodic scanning routine to verify that all layers are working.
Notice that I didn’t say “Scan your system weekly with three different antispyware programs”?