Technically speaking a worm is little more than a delivery mechanism, which may then deliver a trojan or, yes, a virus. Many times, however, the functionality is combined into a single package well enough that the technical distinctions are really not worth worrying about on your part. Worms spread without any action on anyone's part, other than the person that first releases it. They can spread over the internet on their own, through webpages, through email, peer-to-peer file-sharing networks, or other things that escape me at the moment. Some actually do require you to double click them, but will then take action and send themselves to other computers without further effort. Worms may carry trojans or any other kinds of malware. They can infect other files like a virus or not. They may place themselves in locations that they know they will be sent to another computer, such as a folder shared by a peer-to-peer file-sharing application or a folder shared across a local network.


Adware.
Adware is a low-risk threat, although usually undesirable for a variety of reasons. There are legitimate applications supported by advertisements, but that's not what we are referring to here. Adware may come bundled with free software. It will hide in the background and display advertising popups, redirect your web browser to specific webpages when you try to go to certain websites, install toolbars into your web browser, or other such activities. Adware does this under the premise that they will let you use other software for free in return for allowing statistical marketing related data to be sent, but usually buries all that it does under a mile-long explanation full of cryptic jargon that would take a lawyer a full week to decode, the patience of 5 saints to get to, and usually takes liberties that you would not agree to otherwise. Adware may be legal, but only barely so and is the subject of many debates. It's made by registered companies that utilize any and every legal loophole they can find, and usually turn a blind eye to partners or affiliates willing to stretch the laws even further, if not outright break them.

Adware doesn't usually hide the way that rootkits do, although occasionally they will actually use rootkits. Most of the time the worst that adware presents is a violation of your personal privacy (although not to a clearly criminal degree), but may also be created poorly in a way that slows your computer down and/or contains security vulnerabilities that may open you up to more serious attacks by others. There are tales of malicious employees utilizing a poorly coded adware infection to gain full control of his boss's computer to steal company secrets. The adware provided the doorway to do this, but only unintentionally. The adware's original purpose was to report the kinds of statistics that marketing people only wish they could get because people like us don't like having our every moved tracked and analyzed.

Adware is also quite often spread through trojans, making someone some money for every computer they install the adware on. Someone infected by adware through a trojan dropper, downloader, or bot may suddenly find their computer possessed by the gods of Las Vegas and Disney combined - gods that are only accessible by huffing vast amounts of chemicals with big red warning labels, which should give you an adequate representation of the minds behind such software.

Note: Some people believe that software wouldn't be free without adware, this is NOT TRUE! There is plenty of legitimate free software of superior quality available that does not bundle adware. For the best examples, look for OPEN SOURCE software, there's plenty of open source software out there, some are even better than commercial (paid) software!



As mentioned previously, there are no clear cut answers when it comes to the security of your personal computer. Solutions that may be ideal for one person may not work at all for another. What is most important is that you understand what the software can and can not do for you. Understanding how to use it is a must. That shouldn't be taken to mean that you need to become a security expert, only that you don't take on more than you can handle. Most security software out there is made to be easy to use. If you're not a techy security person and don't wish to become one, there are plenty of options available to you. My hope is that this outline will give you enough information to be able to consciously build your own defense and understand the limits of each layer.

Antivirus software.
We all know what this is, so I won't spend much time on it. What you might not know is it's weakness. The problem with antivirus software in recent years has been it's inability to catch the newest threats, and as such malware writers have used this as a window of opportunity to exploit as much as possible. Malware writers will distribute tremendous volumes of new malware every day. The antivirus vendors then need to hunt down each sample, analyze it, create a signature, put a bunch of signatures into updates, test the updates for quality assurance purposes, put the update on the server, and wait for you to download and install the update. That's a lengthy process, and multiply it by a few thousand times and antivirus vendors have a real problem on their hands. This also necessitates many vendors to prioritize analyzing the samples that they do get. Malware that presents a higher threat to a greater number of people will be analyzed first and foremost, which is part of the reason malware is distributed in such great quantities. If you have 1 trojan infecting 10,000 machines, it will likely have detection added sooner than later. If you have 1000 trojans infecting 100 machines each, the likelihood of all of them being detected is much much lower. This all presents a real problem. Antivirus is still the foundation of most security defenses today, but it should not be assumed that it is all you need. Antivirus software is often capable of catching most, if not all, kinds of threats, but they have varying degrees of effectiveness in preventing and removing infection.

Qualities to look for in an antivirus:

- Certifications/awards by ICSA, West Coast Labs, CheckMark, and/or VirusBulletin.
- On-access scanning. You don't want an antivirus that will only tell you your infected after you've been infected. By scanning as soon as a file is accessed (which usually includes when it's first written to your hard drive), this helps to ensure that known malware doesn't infect your system.
- Updates automatically, reliably, and often. Unless you can find user testimonials about these on internet forums, the best way to find this out is really to use the trial version of different antivirus software. If you have a computer you don't use often that you can use for testing, all the better.
- Pay attention to the qualities the antivirus focuses on most. Some focus on updating quickly, some focus on heuristics, and so on. Heuristics are great; it's a way for an antivirus to determine if a file is malicious without needing a file signature. Better heuristics are desirable as they can help to make up for detection it may lack otherwise, but rapid updates can also help as well.

Note that anti-spyware and anti-trojan software is, for all intents and purposes, the same in function with the same disadvantages. The advantage of anti-spyware and anti-trojan are that the team of analysts focus on a different classes of threats that antivirus vendors may not consider a high priority (or miss completely) and may be better suited to removing those threats. Unfortunately there are not the same awards and certifications for anti-spyware and anti-trojan software, so you will need to look elsewhere. I highly recommend Eric Howe's list of Rogue Anti-Spyware software for a list of scams, and avoid anything listed on that page as a scam. Anti-trojan software is not as common, but legitimate applications include BOClean, The Cleaner, Antiy-Ghostbusters, Trojan Hunter, and a-squared.


Firewall.
This is another staple item. A firewall is just as relevant today as it ever has been.  This will block many worms that spread over the internet, although it will not usually block worms that spread through email, websites, peer-to-peer, or any other specific software applications. The reason for this is because those applications are ones that you allow through your firewall in order to operate, and request the content that the malware is hiding in from the internet. Firewalls block illegitimate traffic, but firewalls do not distinguish the content of software that you download, even if your browser was tricked into downloading. The firewall simply doesn't have the ability to tell a good download from a bad one. You can, however, gain a significant amount of security by learning how to configure your firewall to restrict internet traffic to only expected traffic in a limited way. This can stop a lot of malware from operating, and stop quite a few data leaks, but requires a bit of technical knowledge and learning, and is outside the scope of this article. Simply put, however, you really only need to find out what ports and addresses your internet software should be using and configure the firewall to only allow those. Internet software with more specific purposes can be configured tighter than those that view a lot of different content. Your email program can be configured to communicate ONLY with your email servers, and only through the expected ports, but a web browser is more difficult to restrict without causing things to "break".

The only real solid advice I can give you about firewalls is to pick one that suits your level of knowledge and experience. If a firewall is asking you to make decisions about a lot of things that are confusing to you, and you don't have the time or desire to learn them, then choose another firewall that does make sense. More advanced options can give you greater security, but only if you know how to use them properly. If you don't want to make any decisions, the Windows Firewall (in Windows XP SP2) is perfectly acceptable, although it will not allow you to block data leaks if you should become infected. This can be partially made up for by making good choices with the rest of your defense.

When you install a new firewall, go to www.grc.com and run "ShieldsUp!". Don't worry too much about "stealth", just make sure there are no open ports. The advantage of being "stealthed" is really only if an attacker decides to single you out and attack you personally, which hardly ever happens to home users today. This usually doesn't happen unless you have very sensitive information on your computer or you have personally angered a black-hat hacker.


Acceptable Use Policies.
This is something that should be mandatory for all businesses AND FAMILIES, and is something that they should all be able to do regardless of skill level. All this really entails is sitting down and deciding what is acceptable and what is NOT acceptable to do on the computers in question. Of course the hard part can be enforcing it. The simple act of defining rules can do quite a bit, and keep many people out of trouble. To do this in a way that prevents 99% of intrusions is actually attainable by anyone, with a certain amount of research into where and how malware spreads. It can also keep kids out of too much trouble. I won't touch on business environments here, the IT department and management should be fully capable of building their own acceptable use policies, but here's my advice for families:

- Websites. Everyone knows that the legally or morally questionable sites are bad news, but that "everyone" includes the bad guys, too. While it's true that more people go to adult websites than many would like to admit, who DOESN'T look for desktop wallpaper at one point or another? Find a tool that tells you what sites are good and what sites are bad and do some research (do some searches, but also research articles on the subject). There are more sites for themes, wallpapers, skins, ringtones, and other such common items that malware spreads from. Any kind of website that all people with all interests and all lifestyles would visit are prime targets for distributors of malware. The more popular a website is, the more likely it will either have predators (of one sort or another) lurking in them (social networking or chat websites) or have entire fake websites (wallpapers, themes, ringtones, etc.). So how can you get around this? For things like wallpapers, ringtones, and so on, find large websites with strong communities that have been around for quite a while. There are a lot of dedicated art websites that have lots of great art that makes for superior wallpapers - basically art galleries. Tools like SiteAdvisor can help a lot in this pursuit, as it can tell you if a website is safe or not, and why (but it shouldn't be taken for granted that it's 100% correct, it can be wrong both ways). When it comes to ringtones, your cellular provider should have some resources for you - stick with them or get some software to make your own.

- Software. Decide what kind of software can and cannot be used, and do some research on their safety. Stick with reputable vendors and reputable download websites. Large download sites like download.com, snapfiles.com, majorgeeks.com, and softpedia.com can turn you on to almost all the legitimate software out there without leaving you wide open to malware or scams. Don't run software that was emailed to you or provided in a link by instant message or blogs, even if it's from a friend. Use software that's inherently safer, such as the Firefox or Opera web browser and their accompanying email programs and alternate media players. Look for "Open Source" software as much as possible; open source means that anyone can see the contents of the software and verify it's integrity, which also tends to make it more secure (security flaws are spotted by security researchers so they can be fixed - there are as many good hackers out there as bad). Open source software projects also have a reputation for fixing bugs quicker, as a matter of maintaining reputation. The most important thing is to keep your software up to date. Some software will auto-update. For other software you can either check for updates at the vendor websites or keep an eye on the list up updates from the download sites I mentioned above. Some of those download websites also have RSS or email alerts for software updates as well, as well as websites dedicated to informing you of software updates like versiontracker.com.  Stay away from peer-to-peer file sharing networks. A lot of the files that are passed around peer-to-peer file sharing networks are malware named as other things you might want. If you can't distinguish, then stay away. Music traded on these networks is also illegal. Most file sharing applications also bundle tremendous amounts of adware that can seriously impact your computer and present security vulnerabilities. If you have legitimate uses for these applications, or insist on using them, look for Open Source applications; they don't bundle adware. Also take advantage of any and all security features that they offer.

- For the parents: keep the kids' computer out in the open, not in their room. This is the single best thing you can do. You don't have to stare at the monitor for every second that it's on, but this will keep things more honest. Don't pry, don't dictate everything, be realistic, but also be there for them. Kids are going to want to talk to other kids, but those others may not all really be kids. Look up what the acronyms mean (here's a dictionary for you, did you know that POS can mean "parent over shoulder"?). The number one thing to remember with the kids is that any technological barrier you can put up, they can work around. Period. There are always ways around security measures; after all, that's why you're here. Otherwise we'd all just install what's necessary and that would be that. That shouldn't discourage you from using security measures, just don't take it for granted that they're foolproof, and absolutely do not rely on them alone. If you rely on technology to enforce rules, I can absolutely guarantee that you will be fighting a losing battle. The most important thing you can do is to engage the kids so that they trust you enough to come to you whenever there is doubt. That will be the most effective way of enforcing the values you feel most important in your family.

- Giving out personal info. You can stem a lot of spam and prevent a lot of problems by restricting who can have your name, address, email address, and so on. This is especially important for the kids, as studies have shown that most are more willing to give up their physical address than their email address, and that's an obvious problem. Come up with an internet nickname (or two, or more) that you can use that do not contain your personal information, except perhaps a common first or last name (but not both). For websites that insist on obtaining your personal info in return for something free, give them fake info. If they insist on a working email address, use a website that gives you temporary email forwarding addresses, such as spamgourmet.com, trashmail.net, or other. This can also be useful if an unknown person wants to email you something; acquaint yourself with those websites.

- Keeping personal information. If you need to keep personal information on your computer, consider encrypting it. Open source software, again, is the best. There are some great password managers like RoboForm and KeePass, and for things like documents TrueCrypt is great. Make sure to come up with good passwords, which brings me to the next one...

- Passwords. Consider using pass phrases instead. Think of a nonsense sentence with lots of words, capitalize each word and add some numbers and punctuation as well (but not spaces). A weak password, such as a single word that can be looked up in a dictionary, can be easily cracked. You want as long of a password as possible, with characters other than letters. A passphrase can make the best password you can get, and can actually be easier to remember! Just don't use personal names, dates, or numbers, since they can be easy to guess or give up too much if cracked.

Microsoft has a great article on passwords.

- Never click links in email from unknown senders. Spam email with "opt out" links don't work at best (even if they do remove your email you've validated your email address, which they then sell to others), and may infect your system at worst. Your bank, eBay, PayPal, or other websites will NEVER send you an email asking for your information, these are always scams. If you really think it's legitimate, call the institution by phone at the phone number you already have (such as on the back of your card). The latest has even been to send you an email telling you to call a certain phone number (which is fake), so it's important to call a phone number that you already knew to be legitimate before receiving the email.

- If there is a "family computer" that everyone uses, that is also used for processing sensitive information (taxes, banking, etc.), then I would very strongly advise that the computer be heavily restricted. It would be even better if you could get another computer for doing those things, and only those things.

Acceptable use policies can do more for you than any innovation of technology ever will. The human element plays a big part of any malware infection. If you won't install any other software other than an antivirus and the Windows Firewall, establish an acceptable use policy and stick to it. The internet holds tremendous freedom and potential, and must be approached with due caution, just as you would before driving a car. Do some research, lay down the ground rules, and you can save yourself a whole lot of trouble. Besides, by the time you read this you'll be half way there! Simply put, give security matters the same amount of consideration that you would give to any important decisions.

OnGuard Online is a tremendous resource for families (although individuals will benefit just as much). I cannot recommend this site enough for families wanting to inform themselves about such things as "Social Networking" sites (like MySpace), ID theft, P2P, and more.


Content filters.
There are lots of different content filters. Some filter advertisements on web pages, some filter undesirable components of emails, such as scripting. Some also selectively filter exploits from internet traffic. Some are stand-alone programs, others are integrated with other software, such as the program that displays the content or a personal firewall. I consider these to be of very high importance, because they can blanketly stop a lot of malware without having to specifically identify it. Malware distributors, especially adware distributors, can do things like take out an account through a legitimate advertising network that show banner-ads or popups on other legitimate websites. You can get infected from a legitimate and trusted website this way, simply because someone snuck under the radar and slipped in some malicious code in an advertising banner.

Here are some things to consider:
- Configure your email client to only display email in plain text, not HTML. If you must have HTML mail, try to configure it to discard scripts and image downloads. This can "sanitize" emails. If your email program won't do it on it's own, consider using another that will (such as Thunderbird or PocoMail) or using an additional third party application like Firetrust Benign or Email Sentinel Pro.
- Use an ad blocker. If you use Firefox, I highly recommend using AdBlock Plus with the Filterset.G Updater, which automatically updates the list of filters making it maintenance free and always effective. Otherwise you can always use a separate program like WebWasher or AdMuncher.
- Malicious script filtering. Proxomitron with Kye-U's filters is great but requires manual updates. Paid software like LinkScanner Pro are more comprehensive and automatic. Some will choose something like the Firefox extension NoScript, which filters out all javascripts (good or bad), but there are other kinds of malicious scripts that could still get through.
- Spam filters will also often catch email containing malware, since it's unsolicited email. It may not be 100%, but then nothing is. It can, however, prevent quite a bit from ever reaching your desktop, in addition to email scams and, of course, spam.

Business people have more opportunities, as there are more solutions available for filtering various kinds of content. Some network appliances and parental control software will filter certain types of websites, which can be valuable as well. If you have a large family with lots of computers, you might consider a network appliance; there are some made for home networks such as SpamCube, SecureSpot (by D-Link), and the new Secure Wireless Router Z100G (by ZoneAlarm). If you have a geek in the family, perhaps you can set up something more complex like IPCop, Gibraltar, or Astaro.


Limited User Accounts.
By default, Windows is configured to provide you with Administrative rights. This allows you to make any changes to the system that you want without restriction. That's convenient, but also potentially dangerous. By working under a limited user account you can heavily limit any potential damage, and even prevent quite a bit of malware from working at all. Limited user accounts will restrict changes to only things that would only affect the account you are in. This means that the worst case scenario (theoretically) is that you would have one user account infected, which you could then delete and create another account without formatting. That may be inconvenient, but it's easier than formatting the whole system. The disadvantage here is that you have to log out and log back in to an account with administrative rights in order to install software, especially drivers. One tremendous disadvantage is that there is a lot of software that is created under the assumption that you use an administrator account, and may not work right in a limited user account without some effort. If you don't do a lot more than general internet activities on a day to day basis, however, it is very very much worth considering using a limited user account, even if only for that set of activities. This provides one tremendous leap in security that is nearly unparalleled by any supplemental security software available. 

For more information on using a limited user account, visit Aaron Margosis' blog.  (See also Acceptable Use Policies.)

Also see the "Shared Computer Toolkit" by Microsoft to make this a little easier to manage and add some functionality.


HIPS (Host Intrusion Prevention System)
HIPS software can cover many different things these days, but generally refers to software that does not need to specifically identify malware to prevent it from infecting your system (preventing intrusion). Most commonly this refers to either network-based or behavior-based intrusion prevention. Network based IPS software, although not usually on the host (desktop computer), will utilize what has been termed "Deep Packet Inspection" to analyze the contents of internet traffic to block internet traffic or content that could potentially be or carry an exploit; that is internet content or traffic that could cause software to misbehave in ways that would allow malware into your system. These still require signatures for known exploits, but stopping the exploit can block ANY malware that the exploit is trying to foist onto your computer. Exploits are pieces of code that exploit bugs in software that have severe consequences (vulnerabilities). Such bugs are more rare than malware, which is made, but can be used by many different malware families and variants, and may be used for relatively long periods of time.

Behavior blocking HIPS is software that will act like a firewall for the operating system. It will guard certain areas or resources, blocking behaviors that software may take. Some HIPS will simply block the behavior, period. Others will suspend the event and ask you if you want to allow it to occur. Behavior blocking HIPS may prevent reading/writing/modifying files on your hard drive, reading/writing/modifying the Windows registry, in-memory events such as access to physical memory, buffer overflows, controlling software's ability to write to another program's space in memory, injecting foreign code into another program, and so on. Sound complex? It is, I absolutely do not recommend this kind of software as it requires a tremendous degree of expertise to use effectively against malware - at least on a home computer. This software is, however, quite appropriate in a business environment when configured by a knowledgeable administrator. Business computers are generally meant to perform a very limited set of tasks, and a knowledgeable administrator should be able to configure HIPS software to allow those limited tasks, and not much more, without too much trouble. This effectively lets the administrator restrict user accounts to their liking. 

The main disadvantage to both kinds of IPS software is a large amount of false positives. There's a lot of internet traffic that could potentially look malicious and can get blocked, creating problems. Behavior blocking HIPS will intercept all behaviors by all software, good or bad. Ones that ask you to make a decision require you to differentiate between legitimate applications and malicious ones, and there's a reason that Malware Research is a specialized job - it takes special skills. You can find lots of experiences on the internet about how difficult it can be to track down malware on one's system. Malicious files are made to blend in with legitimate ones. Blocking the wrong legitimate files can also lead to de-stabilizing your system or other problems. Most people end up allowing malware with these kinds of applications, even advanced users. This shouldn't be surprising, really. By the time something starts to look suspicious, the malware has already done most of it's dirty work. To keep the prompts to a "sane" level, they also have to restrict the amount of behaviors they can watch, which means that there are many many more behaviors that malware can take that you would not be alerted to. As an example, a HIPS may protect against keyloggers by blocking hooks, but there are many many other methods keyloggers can use to capture the desired information that no HIPS can block.

IPS software that does not prompt the user can, however, be just the thing a network/systems administrator might need in a business network, and deserves some research into the options available within the limits of what you can do.

There is one other kind of behavior blocking HIPS that does not prompt that is a little different, which is the sandbox. These will isolate certain programs from the rest of the system. You might sandbox your web browser so that anything that comes through unwittingly cannot access your files or infect your system, and would then become inactive upon reboot and deleted when the sandbox is flushed. There are a few different varieties with these, each with a slightly different approach. Some free, some not. Some suitable for corporate environments, some made more for home users. The important thing is to understand how they work and understand that they do have limitations. Most importantly, anything outside the sandbox will not be protected against, such as files you download and run on your own, files may still be able to do their dirty work inside the sandbox (such as capturing passwords from websites), and a new exploit may allow malware to break out of the sandbox in one way or another. Sandboxes can be great for some things, but I would not expect it to make up for an otherwise weak defense and an un-disciplined user. With proper use a sandbox may be a solid choice, however, as long as you are fully aware of how it works, both inside and outside the sandbox.

Some sandboxes also contain "Virtualization", which will make anything inside the sandbox think it is communicating with the operating system when it is not, and may provide a "virtual hard drive" that keep all files inside the sandbox. In such a case the worst case scenario would be that you flush the sandbox, losing things like bookmarks but leaving your personal information (outside the sandbox) untouched.

Some sandboxing/virtualization products may also not block behaviors, but keep the changes within the sandbox and discard them upon rebooting. This means that if you were to be infected, the infection would be gone upon reboot. This can be great, but only as long as you are aware of the infection, otherwise you may have leaked data without having any way of knowing it happened.

Note that none of these warnings should discourage you from exploring the technologies. I have simply observed a kind of hysteria about such technologies by enthusiasts without apparent regard for these disadvantages. As with all products, HIPS products are usually marketed with the utmost optimism. Without a good degree of technical savvy (or perhaps the correct level of critical thinking), one can too easily fall for such optimism when investigating something new. One must simply get past the subjective and emotive aspects of such a solution if one wishes to have an effective defense. Otherwise you can end up with a false sense of security, which leaves you far more vulnerable than someone employing due caution. HIPS vendors often give the impression that you will be 100% secure with their product, and that alone should raise every red flag there is - 100% security is not attainable, and any vendor claiming to sell you 100% security is misleading you at best. 


Software Restriction Policies.
This is similar to HIPS, in a way, but it is functionality that is provided by Windows XP SP2. This allows you to restrict what software can run on the computer, so that other software can not, including malicious software. In addition to a limited user account, this could potentially provide you with some serious Fort-Knox style security, but requires some knowledge to configure. If not configured properly, it could also leave you unable to change anything at all, so be sure to read up before using this. Read:
 Using Software Restriction Policies to Protect Against Unauthorized Software


Integrity Checking.
These utilities create a "hash" (or digital "fingerprint") of every file on your hard drive, then rescan the drive at scheduled intervals and compare, showing you a list of anything that has been added, removed, or changed. For systems administrators and those with advanced computer skills, this can be a truly powerful tool, but the disadvantage is that it will show you ALL changes regardless of whether they are legitimate or malicious. It will be up to you to determine whether the change should have occurred or not. I would, however, rate integrity checkers as easier and potentially more valuable than HIPS software because it can give you a more complete picture of what happened, which also gives you a good lead on undoing it. It may also detect changes that a HIPS would not alert you to, and gives you a chance to research all that happened without "breaking" things.


Application & System Patching and Hardening.
We're all aware of the need to keep up with patches, as tedious as it may be. Hardening, however, is something that's not well known outside of professional types that are familiar with running servers. Hardening is the act of disabling features that are un-used, that may be exploited to gain entry to a system. Put simply, if you don't use it, turn it off. This can be more complex than it sounds, however. Unfortunately some applications and operating systems come with everything enabled to make things easier for the most possible people. Unfortunately that leaves more room for malicious attackers to attack. You may hear this referred to as "attack vectors" or "attack surface", and hardening as "reducing" them. The more knowledgeable you are about computers the more you can do, and there are some tools out there to help. The neophyte should probably not attempt this, as disabling features may lead to problems they won't know how to diagnose. But if you're able and willing to invest some time into learning, this can be a great way to increase your security. Search through the Options or Preferences for applications that communicate with the internet and look for options you can disable. If you don't know what they are or can't imagine any examples, you should at least do some research before disabling them, but do disable what you can. For those with a decent knowledge of networking, I would recommend taking a look at the Group Policy Editor on your Windows systems; just run "gpedit.msc" and take a look, you might be surprised the first time you see it.

Those interested in system hardening can view my page on the subject HERE.


Intrusion Detection System (IDS).
IDS software is usually done by a dedicated computer or hardware firewall, but some firewalls will contain the functionality as well. An IDS uses the same technology as a network IPS, with the difference being that the IDS only alerts you to suspicious actives without blocking them. This allows you to receive more information since there's no chance of it blocking what might be good, but an IDS requires a high level of knowledge about networking and what kind of network traffic is normal. IDS simply gives you a report, blocking an attack in progress is up to you.



Conclusion.
There are other kinds of technologies out there, but most are a hybrid of the technologies outlined above. You can find behavioral anti-malware applications that use behavior blocking technologies for heuristic purposes, you can find firewalls that scan internet traffic with an antivirus or anti-spyware engine, firewalls with IDS or IPS in one form or another, and so on. Hopefully by this point you should have enough information to be able to break down a new technology's features into familiar pieces in a way that allows you to understand it's function and what it can and cannot do for you. Ultimately you will want to pay attention to any application's proclaimed strength. Understand what the concept of the application is what what problems it's meant to solve. Most importantly, understand the kinds of threats it can and cannot handle. If a vendor doesn't make this information clear on their website, write them and ask. Also look for a "business" or "corporate" section of the website, as these sections often give technical details that the rest will not. 

When choosing the components of your defense (or an all-in-one suite), it should be understood that nothing is 100%. Even with all the security software out there, it is still entirely possible that you could still end up with an infected machine from some newly created threat that the antivirus vendors don't yet know exists. It is important to realize that security is not a black or white state of being secure or insecure. Security is a process of evaluating the threats and mitigating them. It's just the same as locking the door to your house or car - you know that a determined criminal could simply break a window, but the chances of that happening are acceptably low to the degree that most won't bar their windows, even in relatively bad neighborhoods. Most of all, security is a perspective - knowing what to look for, what questions to ask, and keeping current. It's not about patching single vulnerabilities until there's none left because that's impossible. Instead, it's about setting things up in a way that minimizes the potential for intrusion by threats that are yet unknown (at least as much as you can).

You should always assume that every application you use can be bypassed, then look at what the application offers in such an event. If you percieve a large enough potential for being bypassed, then add another layer until you feel that you have taken care of as much as you reasonably can without burdening yourself or your activities on the computer. Unfortunately I can't tell you what threats are more likely to infect you, for that you will have to read up on some current reports and evaluate how you use your computer. The process of infection is also a complex one, and various security technologies tackle the problem at different stages. That doesn't necessarily make one more effective than another, it just means that some software will have advantages over others in certain areas, and possibly against certain kinds of threats. It also doesn't necessarily mean that just because one software solution doesn't cover something specific doesn't mean that it isn't effective in what it does. Pay attention to how the software is made to work and focus on what it does protect against.

My ultimate advice to you is to find a select group of security software that offers elegance to you, in accordance with how you use your computer and your skill level. In the end, your last measure of defense should be a good backup strategy. There are lots of great backup solutions out there, but going into them is a bit beyond the scope of this article. Just develop a good backup strategy in case the worst happens. After all, even if you don't get infected there WILL come a day that your hard drive ceases to function, and if you are unprepared then you will lose a lot of data. I hear far too many relatively new computer users say "Well I don't have to worry because I don't keep anything important on this computer", only to find them in a state of panic when something goes wrong. Emails, bookrmarks, personal documents, and other such information can pose a serious inconveneice  to lose.

One last observation that I will share is about people on the same quest to secure their machines going overboard with security software. Sometimes this is just due to the fun in finding and learning about new technologies, but other times it's due to paranoia. In the later case it is my observation that this usually begins with a malware infection. The person felt fully secure, only to find out that their computer had been compromised, and perhaps destroyed or stole something important. So they go searching for better security to quench this paranoia. They install some really good software to once again feel fully secure - which starts the cycle over again because they don't feel more secure than they did before they started. Keep in mind, too, that the more software you have installed (even if it's security software) the more potential vulnerabilities there are. There are indeed worms that propagate by exploiting vulnerabilities in security software. The only true solution to the vicious circle described is to educate yourself. Learn about computers, and especially security. My biggest suggestion to you, should you find yourself in that state, is to download Process Explorer from http://www.sysinternals.com/ , set it to replace your task manager, set it to show the "Comment" column, and then enter the description of every process running on your PC. You can right-click on any process and select "Google" if you're not sure. This way you will know what every listing in the process list is, and will be able to quickly and easily spot something that doesn't belong. Most importantly, you will learn how to find the relevant information. This won't give you 100% security, but it will get you started on the right track. Remember that there is no such thing as 100% security. True security is a process of learning and reducing the potential risks to a reasonable level, and then having a contingency plan in preparation for the worst. Maybe you don't want to become a security hobbiest, but educating yourself the best you can with the time and resources you have will do more good than any extraneous software will, and won't cause software conflicts! Ultimately security is a state of mind, not a software product nor a technological state of being.

I hope you found this of some use, and I hope it didn't put you to sleep in the process. If you find any glaring errors or blatant omissions then do feel free to write me and let me know. I would also be grateful for any and all feedback you might have, good or bad. Just make sure to read the whole article before notifying me of an omission, as some things are mixed in with others.  If this article leaves you with any major questions, please write me and let me know what they are so that I can include them in this article.

Be sure to visit my Links & Resources for additional information and links to lots of great software. I would strongly recommend reading some of the articles listed under "Essential Reading", as no one article can cover everything; not even mine.