Defenses Against Malware

Defenses Against Malware
There are many defenses against malware exploitation, most of which are good against several other forms of hacking as well.

Fully Patched Software

A fully patched system is far more difficult for malware to exploit than one that is not. These days “exploit kits” are hosted on compromised web sites, and when a user visits, the exploit kit will look for one or more unpatched vulnerabilities before attempting to trick the user into running a Trojan horse program. If the system is unpatched, often the malicious program can be secretly executed without the user being aware of anything.


A fully patched system is difficult to for malware to compromise without involving the end-user. In cases where the malware or exploit kit doesn’t find an unpatched vulnerability, it will usually resort to some sort of social engineering trick. Usually it involves telling the end-user they need to run or
open something in order to satisfy some beneficial outcome. Training users about common social engineering techniques is a great way to reduce the success of malware.

Anti-Malware Software

Anti-malware (frequently referred to as antivirus) software is a necessity on almost every computer system. Even the best anti-malware software can miss a malware program, and no program is 100% perfect at blocking all malware, but running a computer system without such a program is like driving with leaky brakes. You may get away with it for a while, but eventually disaster will strike. At the same time, never believe any antivirus vendor’s claim of 100%
detection. That is always a lie.

Application Control Programs
Application control programs (also known as “whitelisting” or blacklisting” programs) are great at stopping malware when used in whitelisting mode. In whitelisting mode, only predefined and authorized programs are allowed to run. This stops most viruses, worms, and Trojans. Application control programs can be operationally difficult to implement because by their very nature, every program and executable must be pre-approved to run. And not every malware program type or hacker can be prevented, especially those that use built-in, legitimate programs and scripting tools. That said, application control programs are an effective tool and are getting better all the time. Personally, I think for any system to be considered “very secure,” it must have an active and defined whitelisting program.

Security Boundaries

Firewalls and other types of local and network security boundaries (such as VLANs, routers, and so on) are good at keeping malware away from even being able to exploit a computer device. Most operating systems come with built-in, local firewalls, but most are not configured and enabled by default. Implementing a firewall can significantly reduce malicious risk, especially if there is an unpatched vulnerability present. Firewalls are discussed in more  detail in Chapter 17, “Firewalls.”

Intrusion Detection

Network intrusion detection/prevention (NID/P) and host intrusion detection/prevention (HID/P) software and devices can be used to recognize and stop malware on the network or local host. But like traditional anti-malware programs, NIDs and HIDs are not 100% reliable and should not be trusted alone to detect and stop malware. Malware has long been a part of computer security threats and will always remain a top threat. Back in the late 1990s, with the increasing sophistication of antivirus scanners, I was confident that malware programs would be a thing of
the past by 2010. That was back when we had just hundreds of malware programs. Now, with hundreds of millions of distinct malware variants, I realize how overly hopeful (and innocent) I had been.


Computer Networking: The Complete Guide to Understanding Wireless Technology, Network Security, Computer Architecture and Communications Systems (Including Cisco, CCNA and CCENT) 
Are you pursuing a field that requires at least some knowledge of computer networking? Do you wish to learn about the future of networking and how electronics function? If this is true, then this is the guide for you.
While other shorter books do not include ALL concepts, this book dives deep into the subject matter so that nothing is left out.
Beginners, intermediate learners and advanced users have all learned from this guide. The book is designed to be an easy read that simplifies concepts as much as possible. By the end of this book, you will have learned the basics, as well as many advanced concepts.
  • Wireless Communication Technologies
  • Mobile Communication Systems
  • Wireless technology challenges and security
  • Network Protocols
  • Features of Secure Wireless Network Security
  • Security Issues in Wireless Networks
  • Wireless Network Computer Architecture
  • Cellular Wireless Networks
  • Communication Systems and Networks
  • Cisco Systems
  • Wireless Network Applications  
  • Wired && Wireless Network Components
  • Network Security

No comments

Powered by Blogger.