Free Web security for SMBs

Are you looking to cut expenses for your small business or organization? You can save some cash by replacing those annual antivirus subscriptions with free equivalents.

Though most free tools are restricted to home or personal use, a few are also available for businesses at no charge. We’ll look at what the various freebies offer, and explain how to get started using them.

Comodo Internet Security

Comodo Internet Security (CIS) provides a sturdy package for blocking viruses, spyware, rootkits, botnets, worms, and other malware.

CIS goes beyond the basic malware protection that you get with a lot of freebies, offering a built-in firewall to guard against hackers and intrusions. Windows comes with a free native firewall, but using CIS’s third-party alternative provides more-advanced configuration options. In addition its consistent interface is useful if different versions of Windows run on your network, since the native firewall differs from one Windows version to another.

When we reviewed Comodo’s free product in late 2010, we liked how well it blocked new malware, though we found that it had a few drawbacks in other respects. Still, it managed a an overall rating of 3.5 stars–a solid mark.
The program’s Defense+ feature analyzes and manages executable files to protect critical system files and to prevent malware from causing harm. It also has automatic sandbox functionality, which runs unknown files in an isolated environment so they can’t do any damage if they turn out to contain malware.

Comodo’s SecureDNS service conducts malicious-Web site filtering to block phishing, malware-carrying sites, and other known dangerous Web sites before they can infect you. This DNS-based service is similar to OpenDNS, which we’ll discuss later.

CIS lets you adjust an array of advanced settings governing heuristics levels and other general scanning settings, as well as customizable “scanning profiles.” The Firewall and Defense+ features are highly customizable, too. You can fine-tune the protection by using rules, policies, definitions of trusted files/networks, and other settings.

CIS’s configuration management is very convenient for running on multiple PCs. Just configure one PC, export the configuration file, and import it to the others. All settings are backed up, including scanning profiles, security policies, and password protection.

If you want to give CIS a try, download it from the Comodo site. Just prior to installing it, make sure that you have completely uninstalled any existing antivirus program and rebooted Windows to prevent any conflicts. You should also disable Windows Firewall if you choose to install Comodo Firewall when installing CIS. During the installation, the setup program will ask you whether you want to enable SecureDNS. If you plan on using OpenDNS (discussed later), don’t enable SecureDNS.

Once you’ve installed CIS, go through all of the screens and settings, and configure it to your liking. The default settings are best for most situations; for full protection, however, you may want to consider enabling cloud scanning and rootkit scanning in the Scanner Settings of the Antivirus component. Also, discover and configure the security policies settings of the Firewall and Defense+ components.

To reduce unnecessary Internet traffic when you use CIS on multiple PCs, install the Comodo Offline Updater (available at no charge from Comodo’s site) to one PC, so that it can download Comodo’s virus database updates. Then configure each of the other CIS installations on your network to check for updates from that PC instead of from the Comodo server.
To change the update server that CIS checks, select the More tab, click Preferences, and select the Update tab. Then add to the list the IP address or host name of the PC that you installed the Comodo Offline Updater on. Consider keeping the Comodo server enabled but in the number two position, in case you encounter a problem with your PC.

You should also consider setting a password for CIS and locking down the configuration so that other users can’t change any settings. To do this, open CIS, select the More tab, click Preferences, and select the Parental Control tab.

Microsoft Security Essentials

If all you need are the security basics, consider installing Microsoft Security Essentials (MSE), which protects Windows systems against viruses, spyware, and other forms of malicious software. It’s a free download for any PC that Microsoft confirms is running a verified genuine copy of Windows. Businesses, however, are not permitted to use it in conjunction with more than 10 computers–so larger businesses will have to use something else for their security software.

Microsoft Security Essentials is a much simpler program than Comodo Internet Security. When we tested it most recently, MSE did a reasonably good job of stopping malware. Nevertheless, businesses are well advised to seek something a little more advanced and feature-rich. On the other hand, if your small business lacks IT personnel who can understand and use a more complex product, MSE may serve as a viable alternative.

Beyond its basic real-time antivirus protection, Microsoft Security Essentials offers two significant features for safeguarding the PCs on your network. The first of these capabilities is Network Inspection System, which attempts to detect malware originating from the Internet or coming over your network before it reaches your computer. The second feature is Behavior Monitoring, which helps to identify and stop suspect activity or patterns that the monitoring software detects.

If you want to give MSE a try, download it from the Microsoft site. Just prior to installing, make sure that you have completely uninstalled any existing antivirus program and rebooted Windows to prevent any conflicts. MSE doesn’t include a firewall, so make sure that the Windows Firewall is turned on.

Security Essentials’ default settings provide adequate protection for most environments. But if you use removable storage devices such as USB flash drives, you may want to enable scanning of removable drives. To do so, select the Settings tab, click the Advanced menu, and enable Scan removable drives.

OpenDNS

OpenDNS is a DNS-based content filtering tool that helps block inappropriate, dangerous, or malware-infested sites. It offers additional DNS security, similar to the SecureDNS service optionally included with Comodo Internet Security. Using OpenDNS may also speed up your Web browsing because of its smart, enhanced functionality. The basic services of OpenDNS are free; premium subscriptions add extra features.

DNS stands for Domain Name System. It’s the background service that converts domain names into IP addresses, enabling users to enter human-friendly domain names into a Web browser instead of IP addresses. Typical DNS servers used by most Internet service providers (ISPs) provide only the basic domain name to IP address functionality. But because DNS operates in the browsing process, enhanced DNS servers can provide filtering and advanced functionality, as OpenDNS does.

Since it’s DNS-based, you don’t have to install any software to use OpenDNS. Instead, you just replace the DNS addresses on your router (to protect your entire network) or the addresses on specific computers (to protect those PCs only).

You can use OpenDNS in three ways, depending on what features or services you want.

The most basic option is to change the default DNS addresses on your router or computers to the main OpenDNS addressees: 208.67.222.222 and 208.67.220.220. Without an account, they provide phishing-site blocking to help protect your identity, and they include some additional DNS security features.

Another option is to change the default DNS servers on your router or computers to the FamilyShield OpenDNS addressees: 208.67.222.123 and 208.67.220.123. Even without an account, they automatically block adult Web sites, proxy, and anonymizer sites to prevent filter bypassing, phishing, and some virus-spreading Web sites.

The third option is to sign up for an OpenDNS account and use the main addresses: 208.67.222.222 and 208.67.220.220. Then you can define which site types to block, customize the guide and block pages, and monitor Internet usage. You may want to start with a free account and then upgrade to a premium account later if you require more features.
The OpenDNS sign-up process offers some help on configuring your network or router. After logging in to the Dashboard, you’ll need to add a network to your account. If you’re currently on the network that you want to protect, press the Add this Network button to save the public Internet IP address to the account.

Bear in mind that, if you use an OpenDNS account and your Internet connection uses a dynamic (changing) IP address–which most home and small business accounts do–rather than a static address, you’ll have to keep OpenDNS updated with IP changes.

You can either download a simple updater application to one of the computers or configure your router’s dynamic DNS settings and have it do the updating. If you want to work through your router, you may have to use the free DNS-O-Matic service if the integrated DDNS client doesn’t support HTTPS updates. You can use your OpenDNS username and password to log onto DNS-O-Matic, add OpenDNS as a service, and then configure your router to update your DNS-O-Matic account, which then updates OpenDNS.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs