Malware protection methods and techniques

Different judicial, educational and technical methods are used to protect computers from malicious programs and computer fraud.

All of the countries that can be considered as having joined the digital revolution have passed laws that forbid the writing and distribution of viruses and other types of malicious program. Very often cybercriminals are not directly charged with ‘digital crime’, but with offences that specifically relate to the cybercriminal’s misuse of digital technology, for example, fraud, blackmail, or unauthorized access to confidential data, etc. This is normal legal practice. In 2004-2006, several hundred people worldwide were arrested for crimes committed using digital technology. However such crime is very difficult to investigate as it is committed by highly qualified professionals. In addition, the majority of attacks go unnoticed by the authorities because they are not very significant. In other words, legal retribution will only ever reduce the level of computer crime, it will never eradicate it.

The second method for protecting users from malware is through education. Informing them of the necessity to adhere to strict rules of behavior whilst engaged in activities on the Internet. There are three main rules which both home and corporate users must follow:

1. Antivirus protection is strongly recommended. If you are not an expert in computer security, you should ensure that you employ proprietary antivirus protection and a firewall. The majority of the current antivirus programs provide protection against all types of computerized threats, including viruses, worms, Trojans and adware, etc. Integrated security solutions are also capable of filtering spam, preventing network attacks and restricting access to unwanted and dangerous Internet resources, etc.
2. Do not trust any information whose source cannot be guaranteed, whether in email, hyperlink, IM or other format. Do not open files and links from unknown sources. Even unexpected messages from friends or colleagues should be treated with caution as a sender’s address can easily be forged. The Internet can be a dangerous place and you need to remain constantly vigilant.

The risk of infection can also be reduced through what are termed ‘organizational measures’. This usually involves giving each user, whether on a home or corporate network, individual rights regarding what they can see and do whilst using the computer. For example:

• placing restrictions on the use of IM;
• restricting access to some websites;
• nominating only selected machines on the corporate network as being capable of accessing the internet, and so on.

Unfortunately, where a user’s intentions are honorable, such restrictions can sometimes negatively impact the company’s business processes. In this situation both sides must seek a balance and in each case this balance may be different.

3. Do not neglect information from antivirus companies and IT security experts. They usually provide an early warning about any new type of Internet fraud, virus threat or epidemic that may be circulating.

The story of the clones of the LoveLetter worm serves to illustrate how fraudulent attacks can be successfully defeated. Immediately after the initial worm epidemic struck, almost every antivirus company issued guidelines for the user on how to protect themselves from this type of worm. In this case, that involved not opening any attachments with a VBS extension as this was how the worm was distributed. As a result of the industry’s timely advice, none of the worm’s numerous clones were able to wreak the same sort of havoc as that caused by the original LoveLetter worm.

However, sometimes information about the potential for a new virus to do damage is grossly over-exaggerated. Quite often, simple worms hidden inside emails purporting to be about the latest hot topic, for example, a football championship or natural disaster, are presented as the next big thing by some antivirus companies. Subsequently, if there is nothing else around to consume the media’s interest, they may well seize upon the story and blow it out of all proportion too. What happened at the end of 1999 is an illustration of such an event. Unknown hackers announced that they intended to launch one hundred thousand new viruses on New Year’s Eve. Antivirus companies and industry experts had differing opinions on the situation, with some of them helping to feed the rumor mill, whilst others tried to reassure users that rumors of the impending digital catastrophe were baseless. The latter group were eventually proven to be correct.

In short, the three rules of “computer hygiene” are:

• Protection is a must
• Trust but verify
• Make sure you have the latest antivirus protection installed!