Www.personal.psu.edu



COMPSEC

Dr. Gerry Santoro – Founding Associate Professor

Topic 1 – Anti-Malware Software

Introduction

Would you ever ride a motorcycle with your eyes closed? Would you ever stick a piece of metal into a live electric socket? Why, then, would you even consider, running your computer without any anti-malware protection? Any computer running today without good anti-malware protection is a disaster waiting to happen. Luckily, many excellent anti-malware programs and services exist on the market today. Some are free, while some require the purchase of a subscription. When considering protection, do not instantly go the cheap route. You’ve heard the saying, “You get what you pay for.” Considering we live most of our lives on our computers, protecting them should be priority. That said—however—depending on the level of your IT skills and knowledge, you may be able to get with free anti-malware options.

Malware

Malware is short for malicious (or malevolent) software. According to Microsoft Technet, it is “a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network, whether it's a virus, spyware, et al.” Actions performed by malware can range from simply being annoying (the early Cascade virus), to deleting files (the Melissa virus), and to stealing information and communications (Flame). Some malware, such as Stuxnet and Flame, are actually targeted cyber-weapons. Malware authors can range from individual hackers to groups representing specific nations.

The earliest forms of malware included computer viruses and worms. A virus is a computer program or script that attempts to spread from one file to another on a single computer and/or from one computer to another. It can spread through a variety of methods, without the knowledge and consent of the computer user. Similar to the common cold virus, the key quality of the computer virus is that it replicates and spreads itself. A worm is a specific type of virus that propagates itself across many computers by creating copies of itself in each computer’s memory. The key difference between a virus and a worm is that the worm does not need to be attached to a piece an existing program; a virus does.

Trojan horses arrived on the scene later. So—virus, worm, Trojan—are the distinctions important? Not really. They all describe various malware properties. Any given instance of malware may have many similar or differing properties.

With the advancement of technology, computer operating systems and application environments have become more sophisticated. Malware has followed suit. Hundreds of thousands of instances of malware for virtually all operating systems and application environments exist today, with the number increasing exponentially. The only truly safe computer is one that is unplugged, turned off, and locked in a closet.

Infection

How does your computer get infected by malware? The various infection methods are called vectors. In the late 1980s, the most common vector was the floppy disk and execution of an infected program. Today the Internet is by far the most common vector. Malware can come in the form of a file download, an e-mail attachment, a document extension, or a malformed Web interaction. Even the most vigilant user cannot determine if there is malware without the assistance of a good and current malware detection program.

Many instances of malware have two stages of activation. In the first stage the malware tries to spread itself by infecting other files, copying itself to attached devices through network connections, or mailing copies of itself to a user’s contacts. The second stage, where it causes damage, may be triggered by a date (such as April 1) or some other event. This is similar to the behavior of biological viruses, which go through a stage of infectious spread before making the human host really sick.

More recent forms of malware, those intended for data theft, espionage, or system hijacking, may not give any sign to the user of their presence. Their power comes in their ability to elude detection by the unsuspecting user while doing their dirty work. As an example, a Bot is a form of malware that can infect your computer and stay hidden. The Bot will communicate through your network connection to a command server and can be used to participate in a Denial of Service attack against another system on the Internet. All this can happen without the user having clue that their computer is infected.

How Malware Can be Prevented

The easiest, and surest, way to avoid malware infection is to employ a good anti-malware program. There are dozens of excellent programs available (see references below).Take some time to look at program reviews before making a choice. The software should be updated frequently, at least weekly.

Anti-malware programs have a number of modes of operation. The most common mode is for the anti-malware to scan through every file on the target device to find unique binary strings that identify specific malware. Some programs employ heuristics to detect encrypted or polymorphic malware. Some programs scan system areas and processes. A good anti-malware provider constantly updates their program databases which the anti-malware software leverages to identify threats.

Another method of combatting malware is real-time scanning. This allows the anti-malware program to scan every file you attempt to open or download to your computer. Other programs perform real-time scanning of Web sites, which is a very valuable feature. Most Web sites are not single pages, but rather a combination of subsidiary links to graphics, advertisements, files, and more. Although the primary Web site you are visiting may be legitimate, it is possible that a subsidiary link could deliver malware. If this option is available, you should definitely employ it.

An important caveat is this: anti-malware needs to be updated and run frequently. New variants or forms of malware are released every day and anti-malware companies are updating their databases and code to address these issues daily. Many programs allow you to schedule updates and system scans. During the scans, your system memory and files are checked for the identifying marks of known malware. At a minimum, you should scan your system twice weekly, performing an update before every scan.

Software

When you purchase a new computer, most all are bundled with complimentary anti-malware and a subscription to the service, such as McAfee, Norton, or Symantec. The subscription typically expires 60 to 90 days after you enroll, and you are prompted to renew the subscription for a fee. This is relatively simple and painless, if you can afford it. Additionally, many organizations and service providers also provide free anti-malware to their customers. Penn State, for example, provides free anti-malware for faculty, staff, and students. Comcast’s Xfinity home broadband service provides the Norton Security Suite, as well as other security software, free of charge to their subscribers.

Installation and Maintenance

In most cases, you will have to install and configure the hardware yourself. For those who are uncertain on how to install the software, most packages offer a standard install package. Make use of the online documentation, customer support, and public forums if you need help. Some anti-malware software automatically updates its data files for you. Review your program documentation for more information.

When Malware is Found

Depending on the specific instance of malware, the program you are running, and your settings for the program, the program or data file may be either deleted or isolated. Many of the most dangerous instances of malware install themselves as processes. These can simply be deleted. In some cases the infected file or program can be repaired. Consult the instructions for your anti-malware protection to see how to handle confirmed intrusions.

Small Businesses [Sidebar]

Small businesses need to ensure that all computers connected to their networks or used by their employees have adequate anti-malware protection. Most often, the installation and configuration of the software is handled by the IT Department. Periodic audits may be performed to ensure that all anti-malware protection is up-to-date.

A small business may also want to consider purchasing a license for a good, commercial, anti-malware suite such as Norton or Kaspersky. These software suites offer additional protection and incorporate features to protect against spyware, adware and disreputable Web sites.

Operating Systems

Everything said up to this point applies to all three of the major operating systems: Windows, Macintosh and Linux. To be fair, there are many more instances of malware under Windows, but this is simply because there are more computers running versions of Windows than the other operating systems combined. Macintosh-based malware has become increasingly popular in the past few years. Linux is fairly immune to OS-specific malware, but this is not cause for relief. Much malware today avoids the operating system and runs in runtime systems such as that for Adobe products or Oracle java.

This becomes an issue because the malware may simply be an initial stage for a multi-level network attack against an organization. We will discuss this in a later topic.

Best Practices

Run the software. After you install the software, you have to remember to run it—often. Many programs allow for automated scheduling of scans while others require you do it manually. It is recommended you perform a full scan twice a week as well as leave real-time scanning on at all times.

When a computer is left off for a long time, you should update the anti-malware when you first access it to stay ahead of any viruses. Make sure you allow enough time for this process.

You can run more than one anti-malware program at a time; however, it may be unnecessary. At times one anti-malware program may detect the other anti-malware program and get a false positive or encounter a software conflict, but this is not a major problem.

Conclusion

Anti-malware software is extremely important, but not sufficient for the greatest level of security on the Internet. When used in conjunction with the other solutions described in this course you will achieve the greatest level of security possible.

Resources

Note: these resources are not an exhaustive list. They are simply provided for the convenience of the student. A product or article listed here does not indicate endorsement by Penn State University, the College of IST or the authors.

downloads.its.psu.edu – Location for Penn State faculty, staff and students to get free anti-malware and other software under site license. Requires login with PSU Access credentials.

-- Avast anti-virus, comes in free, professional and Internet security versions (windows)

-- Avast for Macintosh

-- Test results for 18 different anti-malware products

-- 2013 Best anti-malware software comparisons and reviews (Windows)

-- 2013 Best anti-malware software comparisons and reviews (Mac)

-- 7 of the best anti-virus apps for Linux

-- Comodo Antivirus for Linux

-- Timeline of computer viruses and worms

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download