Windows Secrets Newsletter • Issue 109 • 2007-05-24 • Circulation: over 400,000

By Scott Dunn WindowsSecrets.com maintains a WSN Security Baseline page to keep you current on the bare minimum you need to protect your home or small-business systems against malware. This list is based on our analysis of the reviews and editor’s choices from leading PC publications and Web sites, including PC Magazine, PC World, CNET, and others.

The basic tools you need

You need at least three categories of tools to secure your system:

• A hardware firewall, usually in the form of a router;
  
• A software security suite (a separate antispyware app is no longer needed, as I explain below); and
  
• A patch-management system for staying current with the latest updates.
  

Routers: the story doesn’t ‘n’ here

The most economical way to get a hardware firewall is to get an Internet router with built-in firewall features — preferably one that includes wireless capability.

Most wireless routers in use today follow the 802.11b or 802.11g standard, which specifies the speed and range of data transfers. The newest draft specification is 802.11n, whose multiple data streams promise faster transfers and longer range than before. It’s also intended to eliminate the problems of interference and spotty coverage that sometimes occur with the current standard. A number of "n"-based routers are already available.

Unfortunately for consumers, the "n" standard is still in draft stage and is not expected to be ratified by the Institute of Electrical and Electronics Engineers (IEEE) until 2009. An unratified status means the specification could change, leaving consumers stranded with an incompatible product that may or may not be easy to upgrade. For this reason, a number of reviewers shied away in 2006 from recommending "n"-based products.

Now the climate seems to be changing. Manufacturers have worked together over the last year to create "n"-based routers that work well and work together. A number of commentators and reviewers, including PC Magazine and the computing column of the Houston Chronicle, have begun to recommend these products.

Here’s my advice: If you aren’t suffering from the problems that the "n" standard is meant to solve — slow speeds and inadequate range — there’s little reason to risk isolating yourself with a product that may be outdated soon by a changing standard. I suspect that most home and small-business users are not likely to need the new technology in the near term.

Netgear is the hardware firewall of choice

There’s no clear winner in the latest batch of router reviews, but Netgear’s RangeMax 240 WPNT834 has garnered an Editor’s Choice from PC Magazine and got high marks from other publications as well. This pre-"n" router includes the WPA2 encryption standard (which is the current leader and one I recommend) and includes four LAN ports, in addition to wireless capabilities. Its price online ranges from US$50 to US$120. The separate NetGear WPNT511 notebook adapter card is not required, but is likely to improve speed and compatibility. It sells for US$85 (street).

ZoneAlarm remains the top-rated suite

Long a favorite among testers, ZoneAlarm Internet Security Suite ($50 street) is still the preferred security suite among respected reviewers. Like other products in this category, this suite includes software firewall, antivirus, and antispyware as well as other OS and privacy-protection features. It recently received an Editor’s Choice from CNET, which cited its "perfect balance between best-of-breed security protection and ease of use."

In previous editions of the WSN Security Baseline, we’ve recommended a separate antispyware utility because the tools in the security suites weren’t yet up to snuff. That no longer appears to be the case. CNET notes that the antispyware tools in ZoneAlarm Internet Security Suite continue to improve, and the Apr. 10, 2007, PC Magazine goes so far as to say that the ZoneAlarm suite "blocked and removed spyware better than the best standalone antispyware products (and better than NIS 2007)."

NIS 2007, known formally as Norton Internet Security 2007, is a major alternative to ZoneAlarm and received an Editor’s Choice designation in the Apr. 10 PC Magazine.

MS Update and PatchLink for patch management

For novices, we continue to recommend the free Microsoft Update (which requires Internet Explorer) to update Microsoft Office and a few other Microsoft products as well as Windows itself. As before, we advise users to configure Microsoft Update to Notify me but don’t automatically download and install. Then, keep reading Windows Secrets to learn which updates might be risky or undesirable to install.

For businesses with solid IT experience, it’s useful to have an independent tool for downloading and installing Windows patches and upgrades. Windows IT Pro Magazine recently gave its Editor’s Choice to PatchLink Update, which costs $1,495 for a network server plus $18 annually per Windows machine. The same product received a Best Patch Management award from SC Magazine during its 2006 SC Awards Europe. The product gets especially high marks for networks that support a mixture of operating systems.

For larger networks, the Window Security site gives its recently updated gold rating to GFI LANguard Network Security Scanner ($575 for 32 machines).

The WSN Security Baseline as it stands

To see a summary of the end-user security products that are currently top-rated by test labs, visit the WSN Security Baseline page. As changes occur in the ratings, we’ll give you updates here in the newsletter.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant.