A Simple Approach to Managing Malware

Malware is “Malicious Software”.

Malware reflects a range of software programs like viruses, trojans, spyware, active content, and attacks. Its purpose is to cause harm to a computer system.

Numerous Malware scanners on the market; some are free, some are conducted via the web, some are downloaded and installed on your computer. Scanners identify potential threats and attempt to eliminate them after the malware has been installed. More proactive tools attempt to create a real-time barrier between your computer and the malware itself – a tool that runs, stays resident in the computer’s memory, and prevents attack or infection like a shield.

Scanners detect infection and attack; agents prevent infection and attack.

What’s unfortunate, of course, is the imagination of the hacker to create what would appear to be a free malware scanner on the web only to have it be a piece of malware itself, or a launch mechanism to introduce new malware into your system.

There are plenty of debates about which scanner is most effective at detecting threats and preventing threats. To the lay-user, these arguments may sound a bit meaningless: this, that, or the other thing – who cares! Just protect my computer system. I’d like to speak to that audience right now. For a no-hassel approach for the small business or personal computer owner running WindowsXP Service Pack 2, here are my recommendations to address Malware.

1. Make sure WindowsXP SP2 is installed. To verify this, right-click on your MyComputer icon and select Properties from the context menu. On the General Tab of System Properties, the System section will display the license for Windows. Service Pack 2 should be under the System Section. If it isn’t, download it now through running http://update.microsoft.com.

2. Make sure the Windows Firewall is enabled. Under the Control Panel, double-click the Windows Firewall icon. Make sure the option is turned on. You can leave the “Don’t Allow Exceptions” checkbox to remain blank.

3. Download Windows Defender Beta 2 (http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en). Run and install this update.

4. Verify that Automatic Updates are turned on and scheduled. Under the Control Panel, find AutoMatic Updates. Enter the applette. Put the setting to automatic and the time to around 1am-4am, your choice.

What this will do is create a full-time barrier of security around the computer that runs transparently to you with services that are native to Windows. Your system will run a personal firewall to protect your system from attacks, intrusion, and worms like Blaster that took advantage of open NetBIOS ports (135-139). Further, with Defender – a running agent – the Windows system will run an active agent to prevent you from accidentally installing malware classified as adware and spyware, and will detect and eliminate these things from your system. Finally, the system will self-update without you having to do anything about it.

To further protect your system from malicious threats, I would also recommend:

1. Uninstall any 3rd party toolbars. Yahoo!, Google – anybody that offers you a toolbar is attempting to give you features in exchange for tracking information about you. Less reputable companies and software (Gator, Morpheus, etc.) will also install toolbars that actually become launchpads for malware. Uninstall these things and don’t look back – they’re conveniences that bypass traditional controls that can harm your computing experience.

2. Uninstall any 3rd party spyware and malware application. Yes, those who appreciate Spybot and others will probably take offense to this, but 3rd party tools are simply not as effective as native operating system services. Third party products may be useful to the techhead to explore granularities in their malware defense, but for an average PC user, my assumption is less-touch, more-transparency. These tools, in my opinion, only compound threats and may be portals for malware to be introduced to your system.

3. Uninstall any 3rd party TSR’s (Terminate and Stay Resident). These are applications that may provide you weather on your system tray, or, rotate your desktop wallpaper, or, adds a bit of flavor to your email messages. Each of these pretty conveniences and features come at a price: your privacy, and again, may even be launch vehicles for worse behavior.

4. Uninstall any 3rd party music (P2P – Peer to Peer) applciation. Kazaa, Morpheus – get rid of them. These applications allow others to access sections of your computer to participate in P2P networks, and install applications like Gator to send you advertising. If you must have a music application, try reputable brands like Apple’s iTunes or Rhapsody from Real Audio.

5. Turn off 3rd party personal firewalls. I recommend this even for my Norton Internet Security users. Why? Because it’s almost too complicated and restrictive for a lay-user – these products can actually accidentally inhibit the user’s online experience and are redundant to native services now offered by Windows. Again, the techhead may be interested in a granular approach to personal firewall security, but in my opinion, the lay user doesn’t require this – a simple transparent filter works fine. Coupled with a network firewall on the router/connection to the Internet, the PC is reasonably protected and at the benefit of less processing power – some people run a 3rd party personal firewall, Windows’ native personal firewall, and a network firewall on their router – overkill, and a recipe for frustration.

6. Do run antivirus software. Particularly software that scans email. Try to find a package that can both examine email and examine spyware threats within the browser, and, instant messaging environments. Stay current on this kind of package.

7. Do enable Pop-up blocking on your browser and keep it activated.

Again, this strategy is for the common user who uses their computer but doesn’t want to get involved with the intricacies of maintaining their computer. The approach is reasonable: software will work, the services will be transparent, updates are automatic, and the PC will be protected against common microcomputer security threats. In my opinion, this is a decent strategy for small businesses who are not using Group Policies from Small Business Server to control many of these aspects of their computing environment from a centralized perspective; if you do use Small Business Server, you can influence all of these configurations more efficiently through Group Policies that push these configurations onto your client computers.

In my opinion, the best strategy for the lay user is a common-sense strategy of leveraging operating system components. This fall, look for Microsoft to release the next version of its Internet Explorer browser (version 7) which will also offer another layer of protection from scams, attacks, and phishing. And in the next year, look for Microsoft to get into the anti-virus business – embedding an antivirus package into Vista so you don’t need to invest in 3rd party malware scanners and sweepers.

Microsoft’s long-term strategy is similar to my thoughts: regular end-users should not be bothered with security settings, threats, and countermeasures; the security system should be transparent to their experience online. Try these tricks out if you believe the same.

Good luck!
R
CISSP MCSE
www.micklerandassociates.com

Name (required)

Mail (will not be published) (required)

Website