Malware is one of the gravest threats to the security of computers and mobile devices. Learn about the concept of malware management including antivirus, antispyware, pop-up blockers and spam filtering.
- [Instructor] Malware is one of the gravest threats to the security of computers, and mobile devices. Malware is short for malicious software, and consists of software designed for the sole purpose of disrupting the confidentiality, integrity, and availability of information, and systems. There are many different kinds of malware. But, let's talk about four types that you'll need to know, for the exam, viruses, worms, Trojan horses, and spyware. Viruses are malicious code objects, that spread from system to system, after some human action.
They might be transported on removable media, or spread via e mail attachments, for example. They carry a malicious payload, that carries out the virus author's intent, such as stealing data, or joining a system to a Botnet. Worms carry payloads similar to those carried by viruses, but have one important distinction. They spread on their own power, and, don't require user action, to move from system to system. Instead, they scan networks, seeking out vulnerable systems, to compromise.
Trojan horses pretend to be legitimate pieces of software, that a user might want to download, and install. When the user runs the program, the program does perform as expected, however, the Trojan horse also carries a malicious, hidden payload, that performs some unwanted action, behind the scenes. Spyware is malware that gathers information without the user's knowledge, or consent. It then reports that information back to the malware author, who can use it for any type of purpose. It might be identity theft, or gaining access to financial accounts, or, even, in some cases, espionage.
Spyware uses many different techniques. Keystroke loggers capture every key a user presses, and, then, might report everything back to the malware author, or, perhaps they wait, for visits to certain websites, and, capture the usernames, and passwords used to access banks, or other sensitive sites. You can use the same tools, to protect against all of these threats. Modern anti-malware software protects against viruses, worms, Trojan horses, and spyware. Anti-malware software uses two different mechanisms to protect systems, against malicious software.
Signature detection uses databases of known malware patterns, and scans the files, and memory of a system, for any data matching the pattern of known malicious software. If the antivirus software finds suspect file contents, it can, then, remove that content from the system, or quarantine it, for further analysis. When you're using signature detection, it's critical that you frequently update the virus definition file, to ensure that you have current signatures, for newly discovered malware.
Heuristic, or behavior detection, takes a different approach. Instead of using patterns of known malicious activity, these systems attempt to model normal activity, and, then, report when they discover anomalies, activity that deviates from the normal pattern. You might see people referring to anti-malware, and anti-spyware software separately, but, they're actually the same thing. This is an outdated concept, from the times when different packages protected against spyware, and other types of malware.
Keep this in mind when you're taking the exam, but, rest assured, that modern defenses will protect you against both malware, and spyware. Let's take a look at anti-malware in action, on a Windows system. Microsoft includes the Defender, anti-malware software, with Windows. Here's the main screen of Windows Defender. You can see it gives you a quick update on whether any unwanted, or harmful software was detected, during the last scan. Here it says nothing was detected, and the computer is running normally. It also provides some statistics about the most recent scan.
It was using the Quick scan format, it looks like it ran today, at 6:33 pm, it took about two minutes, and scanned about 62,000 files. And, there's just a little more repeating of that, down there. But, it also tells us when the last definitions were updated, the version number, and, these are definitions from January 7, 2016, at 1:41 pm. We can go ahead, and run a manual scan, here, by just clicking this Scan icon. And, you can see, the scan begins. We still have it set to do a Quick scan, so it's going pretty fast, just checking the most likely places where it might find some malicious software.
I'm going to go ahead, and cancel out this scan, since one ran just a little bit earlier, and we know it would be OK. Because, what I want to show you, now, is the Tools section, of Windows Defender. We can go in here, under Settings, and click Options, and start to configure a few things about the way Windows Defender works. First, and most importantly, we can set Windows Defender to automatically scan the computer. Here, we have it set to run automatic scans, every day at 2:00 am. We have the Quick scan set, right now, but, I could go ahead, and change this, if I want. Since it's happening at 2 o'clock in the morning, when I'm not likely to be using my computer, I might as well have it do the Full scan, just to be safe.
I also want to make sure we have real time protection enabled. This complements the scanning technique, by looking at every file that's opened. Every time a new file is downloaded, or a program runs on my computer, Windows Defender is set to check it, before it allows me to use it, to make sure it's safe. You can also configure the default option. You can see I have it set, here, to just take whatever action Microsoft recommends, depending upon the nature of the threat that it discovers. But, I could go in here, and tell it that I want to, actually, just automatically remove anything that's a severe alert.
And, maybe, if it's a low level alert, I might want to allow it. A medium alert, maybe I'll quarantine. And, I'll go ahead, and also remove high level alerts. You can set these however you like, depending upon your specific company's security action. But, let's go ahead, and save those settings, and, we're back at the main screen. So, Windows Defender is a really important way to protect against malware, on Windows systems. Let's take a quick look at how we do this, on a Mac. I'm here, on a Mac desktop, and I'm running the Sophos antivirus software.
And, very similar to Windows Defender, there's a button, here, that I can click, to start running a scan. You can see the last time there were no threats found. I'm going to go ahead, and just stop that, it would be a similar experience to what we saw, on Windows. Also, notice down here, there's a Quarantine Manager. I can click this, and see the files that Sophos has already discovered, and detected, as potentially malicious. It's found, here, the Aicraken tool, which is, actually, a security tool, that I use, but, you can see Sophos detected it as a potential hacking tool.
So, it placed it in this quarantine, to make sure it's something that I really want, on my computer. And I could remove it, by using this Cleanup button, down here, but I use this, so I'm going to leave it. The other thing you can do, here, in Sophos, is, if I go to the Preferences, I can set all of the different settings about scans, when it's going to auto update, when On-Access scans will take place, the same sort of settings that we already looked at, inside of Windows. Another type of unwanted activity, on your computer, might be advertising.
And, some of those ads come in the form of pop-up windows, in your web browser. Let's take a look at Chrome, because modern web browsers all have anti pop-up technology, built in. If I go up here, and pull down the Chrome menu, and click on Preferences, Chrome opens up a tab that allows me to change some settings. I'm going to scroll down, and click Show Advanced Settings. And, then, in the Privacy section, I'm going to click Content settings. Scroll down here, and see the section called Pop-ups? That allows me to tell Chrome how I want it to handle pop-ups.
I can either allow all sites to show pop-ups, I certainly don't want that to happen, or, I can click, do not allow any site to show pop-ups. That's the recommended setting, and that's how I have Chrome set, because I don't like seeing those pop-up ads. But, I could go here, and click Manage exceptions, and actually type in the names of websites, like, let's say I know that LinkedIn often shows pop-ups that are important. I could go in, and put an exception in, saying, for LinkedIn, I want you to allow pop-ups. It would still manage that Exception list appropriately, it would allow pop-ups from those sites that are on the list, and not allow them from any other site.
The final type of filtering, that most users have come to expect, is spam filtering, to remove unwanted e mails from their accounts. If you're using a managed e mail service, such as Google Apps, or Microsoft Office 365, you don't need to do anything. Spam filtering is built into those services. On the other hand, if you're running your own e mail server, be sure to configure spam filtering, to prevent unwanted messages from reaching user inboxes. Malware protection is an important part of the security administrator's responsibility.
Using modern filtering software, protects hosts against infection, and unwanted content.
Learn about communication and networking best practices, including TCP/IP networking, network security devices, and secure network design and management. Instructor and cybersecurity expert Mike Chapple also includes coverage of converged protocols, network encryption, and wireless networking. You can find Mike's companion study books for this series at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- IP addressing
- Switches and routers
- Content distribution networks
- Designing secure networks
- Specialized networking
- Managing secure networks
- Working with virtualized networks like SDNs
- Detecting and preventing network attaches
- Transport encryption
- Wireless networking
- Host security