The Single Most Effective Way To Stop Malware

Mon, May 9, 2011 by

routerIn this article, I am going to tell you the single most effective thing you can do to keep your home computer free of viruses and other malware. Its very simple; something you only have to do once and never think of it again. Most likely you are already doing it.

So without any more suspense, the single most effective thing you can do to keep malware off of your computer is…use a router.

How Does Using A Router Keep Me Safe?

The explanation of how this a router keeps you safe gets a little technical, but I’ll try to make it as simple as I can.

To start, let me first explain what happens when you don’t have a router. This means whatever hardware is used to give you internet access (cable modem, dsl modem, etc) is plugged directly into your computer. When your computer connects to the internet (like when you initiate a dial-up connection for those who are still using dial-up, or just when your computer turns on for people with always on internet like cable and dsl), your Internet Service Provider (ISP) will give you an IP address. This IP address is like a house address for your computer. Any other computer on the internet can send packets of data to that address. Also, the format of an IP address is just 4 numbers between 0 and 255, so someone can easily guess a valid address, even if they don’t know who it belongs to.

The problem is that people commonly find flaws in the software running on computers. Once a flaw is found, unscrupulous people elsewhere on the internet will create software to exploit these flaws to allow them to infect the computer running it with malware. Once they have created this software, they turn it loose on the internet. It will then start exhaustively guessing IP addresses, and attempt to exploit whatever computer is at that IP address. So if one of these spreading programs guesses your IP address while you are running this flawed software, you are toast. The attackers now can do whatever they want with your computer. You didn’t even have to be using the computer. Just by turning your computer on you are exposing it to constant attacks.

How Does A Router Change Things?

Now, here is how the picture changes if you have a router. When you connect to the internet now, the IP address that your ISP gives you is taken by the router, not your computer. Instead, now the router will give your computer another IP address. However, the IP address given out by routers is in a range that is considered “unroutable”. It means the only computers that can send your computer information are other computers behind your router.

If an attackers malware spreading program tries to send you malware now, it goes to the router, and the router just ignores it.

If You Don’t Have A Router, Get One!

In the beginning of this article, I said you are probably already using a router. These days most people are. If you have Wi-Fi in your house, its from a router. If you have multiple computers in your home with internet, its probably from a router. I believe Verizon FIOS service comes with a router.

Sometimes You Can’t Use A Router

For people with dial-up, as far as I know, you can’t use a router. This connection is initiated directly from your computer, and I don’t know of a way to get a router to do this, but I haven’t really looked for it.

For people who are running servers on the internet, a router doesn’t really work. The point of a server is to accept connections from other computers, so a router would defeat the purpose. If you want to run a server in your home though, some routers will offer port forwarding capabilities. This lets you say that you allow some of this incoming traffic to be forwarded right to your computer. This can expose you to the some of the traffic you were trying to avoid in the first place, so be sure you know what you are doing if you do this.

This is what I think is the first step to computer security. Do you have something else that you consider more important/effective? Or do you agree with me? I welcome feedback in the comments.