What you need to know about free web protection products
There are plenty of free web protection products on the market. Your challenge is to choose the good from the bad and the ugly. You also need to accept that some free web protection products may be fine for consumers but not suitable for use in businesses. Here is a quick guide to what you need to know.
The common forms of free web protection products
At the consumer side, there is a decent range of free anti-malware solutions and free, ad hoc website vulnerability scanners. Technically businesses can generally use either if they wish (although each product will have its own licensing terms), but realistically they are unlikely to cope with business-grade use. It can, however, still be useful for businesses to know about them so they can educate their employees and/or their customers. Also, free versions of software can sometimes be useful as a way of testing a service.
Where businesses are most likely to get best use out of free web protection products is with the open-source plugins for the various mainstream content management systems. These products can be a major boost to your website’s security (although they can also be a major drag on it), but you need to understand their implications.
Free anti-malware products
At present, the free anti-malware products all seem to be pitched at the consumer market. This may change in future, but it’s probably unlikely, at least any time soon. At the end of the day, modern businesses need consumers to be comfortable using the internet. That means all consumers need some level of protection from cyberthreats. Realistically, therefore, it’s in everyone’s best interests to make it easy for them to get a basic level of protection for free. Customers who need more can use the paid-for products.
Free website vulnerability scanners
Website vulnerability scanners generally work on a freemium model. Basically this means that you can use the free scans on an ad hoc basis to check for malware. If, however, you want automated scans then you have to pay. Paying also generally gets you access to other services such as a web applications firewall.
The free website vulnerability scanners are fine for hobby websites. At the end of the day, if you’re not using your website to make money (either directly or indirectly), then it doesn’t really matter if it goes down temporarily. Similarly, if you’re not actually running any applications on your website (basically if it’s essentially an old-school, “read-only” website), then you don’t need a web applications firewall and can probably make do with your host’s firewall.
If, however, you’re running a business, then you definitely need to have your site scanned regularly for malware and you also need a web applications firewall. This means that, for practical purposes, you need to sign up for one of the paid website vulnerability scanning services.
Free website extensions
One of the major draws of the mainstream content management systems is that they offer a high level of customizability. In principle, you can make your own changes to it, but in practice, many companies, especially SMBs, are happy to stick to the third-party add-ons which are available on the internet. These serve various purposes, but quite a few of them have security features, or, at least purport to.
The first point to note is that your website’s security starts with your CMS itself. In particular, there are two key areas you must address. Firstly, you have to inform yourself of the default settings and change them before you put your website online. Secondly, you absolutely must keep your CMS updated. If you fail to address either of these points, then your overall security will be severely impacted.
When looking at free website extensions, the key point to note is that the onus is on you to do your research thoroughly. There are some excellent free extensions out there. There is, however, also a lot of blatant malware disguised as security extensions. There is also quite a bit of software which is not malicious in its intent but is so badly written that it can end up causing a lot more harm than good. Try not to rely on user reviews (though they can be useful), test thoroughly before you decide whether or not to deploy them in production at all.
If you do choose to deploy them, then keep monitoring them to ensure both that they are still performing as expected and that they are still necessary (or at least wanted). As with your CRM itself, you absolutely must keep these extensions up-to-date otherwise they can become major security vulnerabilities.
Please click here now to have your website scanned, for free, by cWatch from Comodo.
