Multi-layered defenses

I’ve been reading a couple of long discussions about antispyware software lately, and one piece of advice that comes up a lot is the need for a multi-layered defense. I agree that multi-layered defenses are essential, but I’ve seen advice from too many people who are unclear on the concept. More than a few people think that they’ve achieved the goal of having multiple layers of protection if they install a whole bunch of security software. Sorry, that’s not correct.

A true multi-layer defense includes effective protection at different sequential points along the route to you. It deliberately does not duplicate protective software at a single layer. So, to take spam as an example, this would constitute an effective multi-layer protection strategy:

• Filtering at your e-mail server.
• Filtering at your e-mail client.
• Technical measures to hide your e-mail address on Web pages and online forums.
• Use of temporary e-mail addresses for correspondence with untrusted people or firms.

See how that’s different from just loading up on two or three different anti-spam programs? Likewise, a proper multi-layered defense against spyware consists of at least the following measures:

• Measures to completely block unauthorized software.
• Measures to prevent social engineering attacks.
• Restrictions to limit the ability of untrained or unsophisticated users to make damaging changes to the system.
• Effective measures to undo system changes and completely remove installed software.
• Periodic scanning routine to verify that all layers are working.

Notice that I didn’t say “Scan your system weekly with three different antispyware programs”?