Methods of protection against malware. Ways to protect yourself from malware

Unfortunately, any computer user has encountered viruses and malware. What this threatens is not worth mentioning - at a minimum, all data will be lost and you will have to spend time formatting the disk and reinstalling the system. So, to avoid unnecessary hassle, it would be better to prevent it. As they say, prevention is better than cure.

1. Be careful when opening messages on social networks

2. Current antivirus

3. Scan your computer daily

Despite installing antivirus and anti-malware programs, it is still best to perform a daily scan of your hard drive to make sure that no virus has made its way into the system. In fact, you can catch a whole bunch of viruses every day, so the only way to reduce the damage is to scan your files daily.

4. Free antivirus Avast

The creators of Avast antivirus have simplified working with this program to the maximum. All it takes is just pressing a couple of buttons. At the same time, Avast provides sufficient protection against viruses - both Trojans and worms.

5. SUPERAntiSpyware

SUPERAntiSpyware is an all-inclusive antivirus. It can be used to combat spyware, adware, trojans, worms, keyloggers, rootkits, etc. However, it will not slow down your computer.

6. Firewall

This is a basic rule that all computer users should understand. Although using a firewall is not effective at catching Internet worms, it is still very important to combat potential infections from a user's internal network (for example, an office network).

7. AVG Internet Security

This protection is ideal for home and commercial use, and is notable for the fact that it includes assistance from Internet security experts. It is constantly updated and has advanced features. AVG Internet Security can be used to combat viruses, spyware and Trojans, and can also help prevent identity theft and other web exploits.

8. Avira AntiVir

Avira offers an improved way to remove malware, including virus residuals. However, users should be careful as a fake version of the program is being circulated on the Internet. Avira also features a simplified, intuitive user interface.

9. Kaspersky Internet Security

This antivirus essentially contains everything that a computer user must have to work safely and reliably on the Internet. It can be used to secure transactions while working, processing banking transactions, including online purchases and online games.

10. Ad-Aware and Avast-Free

Ad-Aware provides free antivirus protection. It was created specifically to install side-by-side with Google Chrome, but can also work with any other browser. It is effective in preventing malware from running automatically on Windows and cleaning up your computer.

11. ESET Online Scanner

For an effective anti-malware solution, ESET Online Scanner offers a premium security package that literally has everything included. It also knows how to clean already infected machines and use an online firewall.

Everyone knows that to protect against malware you need to use antivirus software. But at the same time, you can often hear about cases of viruses penetrating computers protected by antivirus. In each specific case, the reasons why the antivirus did not cope with its task may be different, for example:

• The antivirus has been disabled by the user
• Antivirus databases were too old
• Weak security settings were set
• The virus used an infection technology against which the antivirus had no means of protection
• The virus got onto the computer before the antivirus was installed and was able to neutralize the antivirus tool
• This was a new virus for which anti-virus databases had not yet been released

But in general, we can conclude that simply having an installed antivirus may not be enough for complete protection, and that additional methods need to be used. Well, if an antivirus is not installed on your computer, then you cannot do without additional protection methods.

If you look at the reasons given for example for an antivirus to miss a virus, you can see that the first three reasons are related to the incorrect use of the antivirus, the next three are related to the shortcomings of the antivirus itself and the work of the antivirus manufacturer. Accordingly, protection methods are divided into two types - organizational and technical.

Organizational methods are aimed primarily at the computer user. Their goal is to change the user's behavior, because it is no secret that malware often gets onto the computer due to the user's rash actions. The simplest example of an organizational method is the development of computer rules that all users must follow.

Technical methods, on the contrary, are aimed at changes in the computer system. Most technical methods consist of using additional protection tools that expand and complement the capabilities of antivirus programs. Such protection measures may be:

• Firewalls are programs that protect against attacks over the network.
• Anti-spam tools
• Fixes that eliminate holes in the operating system through which viruses can enter

All of the methods listed below are discussed in more detail.

Organizational methods

Rules for working with a computer

As already mentioned, the simplest example of organizational methods of protection against viruses is the development and adherence to certain rules for processing information. Moreover, the rules can also be divided into two categories:

• Information processing rules
• Rules for using programs

The first group of rules may include, for example, the following:

• Do not open email messages from unknown senders
• Check removable storage devices (floppy disks, CDs, flash drives) for viruses before use
• Scan files downloaded from the Internet for viruses
• When working on the Internet, do not agree to unsolicited offers to download a file or install a program.

The common place of all such rules are two principles:

• Use only those programs and files that you trust and whose origin is known
• All data coming from external sources - from external media or over the network - should be carefully checked

The second group of rules usually includes the following characteristic points:

• Ensure that security programs are always running and that security functions are activated
• Regularly update anti-virus databases
• Regularly patch your operating system and frequently used programs
• Do not change the default settings of programs that provide protection unless necessary and fully understand the nature of the changes

Two general principles can also be traced here:

• Use the most current versions of security software - since the methods of penetration and activation of malware are constantly improving, security software developers are constantly adding new protection technologies and expanding the database of known malware and attacks. Therefore, for best protection, it is recommended to use the latest versions
• Do not interfere with anti-virus and other security programs to perform their functions - very often users believe that security programs unnecessarily slow down the computer, and seek to increase productivity through security. As a result, the chances of your computer becoming infected with a virus significantly increase.

Security Policy

On a home computer, the user sets the rules for himself that he considers necessary to follow. As he accumulates knowledge about the operation of a computer and about malware, he can consciously change protection settings or make decisions about the danger of certain files and programs.

In a large organization everything is more complicated. When a team includes a large number of employees performing different functions and having different specializations, it is difficult to expect reasonable behavior from everyone from a safety point of view. Therefore, in every organization, the rules for working with a computer must be common to all employees and officially approved. Typically, the document containing these rules is called a user manual. In addition to the basic rules listed above, it must necessarily include information about where the user should turn if a situation arises that requires the intervention of a specialist.

At the same time user manual in most cases it contains only rules limiting its actions. Rules for using programs may be included in the instructions only in the most limited form. Since most users are not sufficiently competent in security issues, they should not, and often cannot, change the settings of security tools and somehow influence their operation.

But if not the users, then someone else must still be responsible for setting up security tools and managing them. Typically, this is a specially designated employee or group of employees who are focused on performing one task - ensuring the secure operation of the network.

Security employees have to install and configure security programs on a large number of computers. If you decide anew on each computer what security settings should be installed, it is easy to assume that different employees at different times and on different computers will install similar, but slightly different settings. In such a situation, it will be very difficult to assess how protected the organization as a whole is, since no one knows all the established protection parameters.

To avoid the described situation in organizations, the choice of protection parameters is carried out not at the discretion of responsible employees, but in accordance with a special document - the security policy. This document describes the dangers of malware and how to protect yourself from them. In particular, the security policy should provide answers to the following questions:

• Which computers should be protected by antiviruses and other programs
• What objects should be scanned by the antivirus - should it scan archived files, network drives, incoming and outgoing email messages, etc.
• What actions should the antivirus perform when it detects an infected object - since ordinary users cannot always correctly decide what to do with an infected file, the antivirus should perform actions automatically, without asking the user

How to properly organize the defense of computer networks against malware.

The article is addressed to novice system administrators.

By anti-virus protection I mean protection against any malware: viruses, Trojans, root kits, backdoors,...

Step 1 for anti-virus protection - install anti-virus software on each computer on the network and update it at least daily. The correct scheme for updating anti-virus databases: 1-2 servers go for updates and distribute updates to all computers on the network. Be sure to set a password to disable protection.

Antivirus software has many disadvantages. The main drawback is that they do not catch custom-written viruses that are not widely used. The second drawback is that they load the processor and take up memory on computers, some more (Kaspersky), some less (Eset Nod32), this must be taken into account.

Installing anti-virus software is a mandatory, but insufficient way to protect against virus epidemics; often the virus signature appears in anti-virus databases the next day after it spreads; in 1 day, a virus can paralyze the operation of any computer network.

Typically, system administrators stop at step 1, worse, do not complete it or do not follow updates, and sooner or later infection still occurs. Below I will list other important steps to strengthen antivirus protection.

Step 2 Password Policy. Viruses (Trojans) can infect computers on a network by guessing passwords for standard accounts: root, admin, Administrator, Administrator. Always use strong passwords! For accounts without passwords or with simple passwords, the system administrator must be fired with a corresponding entry in the work book. After 10 attempts to enter an incorrect password, the account should be locked for 5 minutes to protect against brute force (brute-force password guessing). It is highly advisable to rename and block built-in administrator accounts. Passwords need to be changed periodically.

3 Step. Restriction of user rights. A virus (Trojan) spreads across the network on behalf of the user who launched it. If the user has limited rights: no access to other computers, no administrative rights to his computer, then even a running virus will not be able to infect anything. There are often cases when system administrators themselves become responsible for the spread of a virus: they launched the admin key gene and the virus began to infect all computers on the network...

4 Step. Regular installation of security updates. This is difficult work, but it must be done. It is not only the OS that needs to be updated, but also all applications: DBMS, mail servers.

5 Step. Limiting the entry routes of viruses. Viruses enter an enterprise’s local network in two ways: through removable media and through other networks (the Internet). By denying access to USB, CD-DVD, you completely block 1 path. By limiting access to the Internet, you are blocking path 2. This method is very effective, but difficult to implement.

6 Step. Firewalls (Firewalls), also known as firewalls, also known as firewalls. They must be installed at the edges of the network. If your computer is connected directly to the Internet, then the firewall must be turned on. If the computer is connected only to a local area network (LAN) and accesses the Internet and other networks through servers, then it is not necessary to enable the firewall on this computer.

7 Step. Division of an enterprise network into subnets. It is convenient to divide the network according to the principle: one department in one subnet, another department in another. Subnets can be divided at the physical level (SCS), at the data link level (VLAN), at the network level (subnets not intersected by IP addresses).

8 Step. Windows has a wonderful tool for managing the security of large groups of computers - Group Policies (GPO). Through GPO, you can configure computers and servers so that infection and distribution of malware becomes almost impossible.

9 Step. Terminal access. Raise 1-2 terminal servers on the network through which users will access the Internet and the likelihood of infecting their personal computers will drop to zero.

10 Step. Monitoring all processes and services running on computers and servers. You can make sure that when an unknown process (service) starts, the system administrator receives a notification. Commercial software that can do this costs a lot, but in some cases the cost is justified.

Description of the presentation by individual slides:

1 slide

Slide description:

A malicious program (literal translation of the English term Malware, malicious - malicious and software - software, slang name - “malware”, “malovar”, “soap maker” and even “soap maker”) - a malicious program, that is, a program created with malicious intent and/or evil intentions. Anti-malware protection

2 slide

3 slide

Slide description:

Anti-virus programs Modern anti-virus programs provide comprehensive protection of programs and data on the computer from all types of malicious programs and methods of their penetration into the computer: Internet, local network, e-mail, removable storage media. To protect against each type of malware, the antivirus has separate components. The operating principle of antivirus programs is based on scanning files, boot sectors of disks and RAM and searching for known and new malicious programs in them.

4 slide

Slide description:

Antivirus programs Signatures are used to search for known malware. A signature is some constant sequence of program code specific to a particular malicious program. If an antivirus program detects such a sequence in any file, the file is considered infected with a virus and must be treated or deleted. To search for new viruses, heuristic scanning algorithms are used, i.e., analyzing the sequence of commands in the scanned object. If a “suspicious” sequence of commands is detected, the antivirus program displays a message about the possible infection of the object.

5 slide

Slide description:

Most antivirus programs combine real-time protection (anti-virus monitor) and on-demand protection (anti-virus scanner). The anti-virus monitor starts automatically when the operating system starts and works as a background system process, checking for malicious actions performed by other programs. The main task of an anti-virus monitor is to provide maximum protection against malware with minimal slowdown of the computer. The anti-virus scanner is launched according to a pre-selected schedule or at any time by the user. The anti-virus scanner searches for malware in RAM, as well as on computer hard drives and network drives.

6 slide

Slide description:

Signs of computer infection: Unexpected messages or images appear on the screen; giving unexpected sound signals; unexpected opening and closing of the CD/DVD drive tray; arbitrary launch of any programs on the computer; frequent freezes and crashes in the computer; Slow operation of the computer when starting programs; disappearance or change of files and folders; frequent access to the hard drive (the light on the system unit blinks frequently); Browser freezes or unexpected behavior (for example, the program window cannot be closed). Some characteristic signs of being infected by a network virus via email: friends or acquaintances talk about messages they received from you that you did not send; There are a large number of messages in your mailbox without a return address or header.

7 slide

Slide description:

Actions if there are signs of computer infection Before taking any action, you must save the results of your work on external media (floppy disk, CD or DVD disk, flash card, etc.). Next you need to: disconnect the computer from the local network and the Internet, if it was connected to them; if the symptom of infection is that it is impossible to boot from the computer’s hard drive (the computer gives an error when you turn it on), try booting into crash protection mode or from the Windows emergency boot disk; run an antivirus program.

8 slide

Slide description:

Computer viruses and protection against them Computer viruses are malicious programs that can “multiply” (self-copy) and secretly inject copies of themselves into files, disk boot sectors and documents. Activation of a computer virus can cause the destruction of programs and data. The name “virus” in relation to computer programs comes from biology precisely on the basis of its ability to self-reproduce. Based on their “habitat”, viruses can be divided into boot, file and macro viruses.

Slide 9

Slide description:

Boot viruses Boot viruses infect the boot sector of a floppy or hard disk. The operating principle of boot viruses is based on algorithms for starting the operating system when the computer is turned on or rebooted. When infecting disks, boot viruses “substitute” their code instead of the program that receives control when the system boots, and give control not to the original boot loader code, but to the virus code. When a disk is infected, the virus in most cases transfers the original boot sector to some other sector of the disk. Preventive protection against boot viruses consists of not loading the operating system from floppy disks and setting your computer's BIOS to protect the boot sector from changes.

10 slide

Slide description:

File viruses File viruses are embedded in executable files in various ways and are usually activated when they are launched. After running an infected file, the virus resides in the computer’s RAM and is active (that is, it can infect other files) until the computer is turned off or the operating system is restarted. Almost all boot and file viruses are resident (they erase data on disks, change the names and other attributes of files, etc.). Treatment for resident viruses is difficult, since even after deleting infected files from disks, the virus remains in RAM and the files can be re-infected. Preventive protection against file viruses consists in the fact that it is not recommended to execute files obtained from dubious sources and not previously scanned by anti-virus programs.

11 slide

Slide description:

Macro viruses There are macro viruses for the integrated office application Microsoft Office. Macro viruses are actually macros (macros), in the built-in programming language Visual Basic for Applications, which are placed in a document. Macro viruses contain standard macros, are called instead of them, and infect every document that is opened or saved. Macroviruses are limited resident. Preventative protection against macroviruses consists of preventing the virus from starting. When you open a document in Microsoft Office applications, you are notified of the presence of macros (potential viruses) in them and are asked to block their downloading. Choosing to block loading macros will reliably protect your computer from infection by macro viruses, but will also disable useful macros contained in the document.

12 slide

Slide description:

Network worms and protection against them Network worms are malicious programs that penetrate a computer using computer network services. Activation of a network worm can cause the destruction of programs and data, as well as the theft of user personal data. To spread, network worms use a variety of services of global and local computer networks: the World Wide Web, email, etc. The main feature by which the types of worms differ from each other is the method of propagation of the worm - how it transmits its copy to remote computers. However, many network worms use more than one way to distribute copies of themselves across computers on local and global networks.

Slide 13

Slide description:

Web worms A separate category consists of worms that use web servers to spread. Infection occurs in two stages. First, the worm penetrates the server computer and modifies the server's web pages. The worm then waits for visitors who request information from the infected server (for example, open an infected web page in a browser), and thus penetrates other computers on the network. A type of Web worms are scripts - active elements (programs) written in JavaScript or VBScript. Preventative protection against web worms consists in preventing the browser from receiving active elements on the local computer. Even more effective are Web-based antivirus programs that include a firewall and a script checking module in JavaScript or VBScript.

Slide 14

Slide description:

Firewall A firewall (firewall) is software or hardware that inspects information entering a computer from a local network or the Internet and then either rejects it or allows it into the computer, depending on the firewall settings. The firewall ensures that all web pages entering the user's computer are scanned. Each web page is intercepted and analyzed by the firewall for the presence of malicious code. Malicious programs are recognized based on the databases used in the firewall and using a heuristic algorithm. The databases contain a description of all currently known malware and methods for neutralizing them. The heuristic algorithm allows you to detect new viruses that have not yet been described in the databases.

15 slide

Slide description:

Mail worms Mail worms use email to spread. The worm either sends a copy of itself as an attachment to an email, or sends a link to its file located on some network resource. In the first case, the worm code is activated when an infected attachment is opened (launched), in the second - when a link to an infected file is opened. In both cases, the effect is the same - the worm code is activated. After infecting a computer, the worm begins to send itself to all email addresses that are in the user's address book. Preventive protection against email worms consists of not opening files attached to email messages that are received from dubious sources. It is recommended to promptly download and install security updates for the operating system and applications from the Internet.

16 slide

Slide description:

Trojan programs and protection against them A Trojan program, Trojan (from the English trojan) is a malicious program that performs an unauthorized user transfer of computer control to a remote user, as well as actions to delete, modify, collect and forward information to third parties.

Slide 17

Slide description:

Trojan remote administration utilities Trojan programs of this class are utilities for remote administration of computers on a network. Hidden control utilities allow you to receive or send files, run and destroy them, display messages, erase information, restart the computer, etc. When launched, the Trojan installs itself in the system and then monitors it, while the user is not given any messages about the actions of the Trojan programs in the system. As a result, the “user” of this Trojan program may not be aware of its presence on the system, while his computer is open to remote control. They are one of the most dangerous types of malware.

18 slide

Slide description:

Trojan spyware Trojan spyware performs electronic spying on the user of an infected computer: information entered from the keyboard, screenshots, a list of active applications and the user's actions with them are saved in a file on the disk and periodically sent to the attacker. This type of Trojan is often used to steal information from users of various online payment and banking systems.

Slide 19

20 slide

Slide description:

Hacker utilities and protection against them Network attacks on remote servers are carried out using special programs that send numerous requests to them. This leads to a denial of service (server hang) if the resources of the attacked server are insufficient to process all incoming requests. Some hacking tools implement fatal network attacks. Such utilities exploit vulnerabilities in operating systems and applications and send specially crafted requests to attacked computers on the network. As a result, a special type of network request causes a critical error in the attacked application, and the system stops working. Network attacks

21 slides

Slide description:

Remote computer hacking utilities are designed to penetrate remote computers for the purpose of further controlling them (using Trojan programs such as remote administration utilities) or to introduce other malicious programs into the hacked system. Remote computer hacking tools typically exploit vulnerabilities in operating systems or applications installed on the target computer. Preventive protection against such hacker utilities consists of timely downloading security updates for the operating system and applications from the Internet. Tools for hacking remote computers

22 slide

Slide description:

A rootkit (from the English root kit - “a set for obtaining root rights”) is a program or set of programs for covertly taking control of a hacked system. These are utilities used to hide malicious activity. They disguise malware to avoid detection by antivirus programs. Rootkits modify the operating system on a computer and replace its basic functions in order to hide their own presence and the actions that the attacker takes on the infected computer. Rootkits

Slide 23

Slide description:

Protection against hacker attacks, network worms and Trojans. Protecting computer networks or individual computers from unauthorized access can be done using a firewall. The firewall allows you to: block hacker DoS attacks by preventing network packets from certain servers (certain IP addresses or domain names) from entering the protected computer; prevent network worms (mail, Web, etc.) from penetrating the protected computer; prevent Trojan programs from sending sensitive information about the user and computer.

Types and methods of information protection From deliberate distortion, vandalism (computer viruses) General methods of information protection; preventive measures; use of anti-virus programs From unauthorized (illegal) access to information (its use, modification, distribution) Encryption; password protection; "electronic locks"; a set of administrative and law enforcement measures Type of protection Method of protection

28 slide

Slide description:

To summarize, it should be mentioned that there are many cases where companies (not only foreign ones) wage real “spy wars” among themselves, recruiting a competitor’s employees in order to gain access through them to information that constitutes a trade secret. Regulation of issues related to trade secrets has not yet received sufficient development in Russia. The existing legislation still does not provide regulation of certain issues, including trade secrets, that corresponds to modern realities. At the same time, we must be aware that the damage caused by the disclosure of trade secrets is often quite significant (if it can be estimated at all). The presence of standards on liability, including criminal liability, can serve as a warning to employees against violations in this area, so it is advisable to inform all employees in detail about the consequences of violations. I would like to hope that the information security system being created in the country and the formation of a set of measures for its implementation will not lead to irreversible consequences on the path of the information and intellectual unification that is emerging in Russia with the whole world. Conclusion