Securing computers against malware isn’t that hard, at least in theory. It does require basic understanding of how computer works and using common sense approach.
The security protection for computers outlined below:
- Use non-privileged user account (no admin) for day-to-day tasks such as email and web browsing
- Apply system security and other patches as they become available
- Keep application software, such as Adobe PDF and Flash, JAVA, MS Office Suite, etc. up to date with patches
- Disable system services that are not required
- Uninstall software that is not used
- Keep antivirus software definition files up to date
- Exercise caution in browsing the web and reading email
This protection can be effective against known malware, that targets system/application vulnerabilities for simple reason. The system has been patched, the antivirus knows about the malware, and the end user is cautious in his/her internet access. Understanding how the malware can get on to his/her system is half of the battle against malware.
Most, if not all, malware uses email, web pages, or combination of both to exploit unsuspecting users:
Email email/web based exploits:
- The user receives an email with attachment that exploits and application vulnerability, such as Adobe PDF Reader, MS Office Word and/or Excel, Winzip, etc. The attachment has most of the malicious code; however, it certainly can download additional malware, once it takes a hold of the system
- The user receives an email that while it does not have attachment, it contains links to the malware. The link is represented as a “legitimate” website; however, the HTML code under the name of the website redirects the user to a site where the malware resides (also called “spear fishing” read more about it here…)
Web page exploits:
- Legitimate websites are hacked and the malware is uploaded to the sites
- People visiting the hacked website(s) download and install malware without the user knowledge on his/her system (also called “watering hole” attack)
That’s all good and seems easy to follow, but why so many computers are hacked? The answer is two fold…
The most common answer is likely that the end user did not follow the basic security steps outlined above. After all, we can always point fingers at the end user, right or wrong…
The other answer is zero-day exploits…
The zero-day attacks are based on unknown system and/or application vulnerabilities that yet to be discovered and fixed by software companies. The antivirus software does not protect against these type of attacks, neither do system and application security patches since the vulnerability is unknown. In another word, the computer with latest antivirus and security patches can easily fall victim to zero-day attacks.
“That’s not good, even if I follow these steps, I can still “easily fall victim”. Why should I follow the common sense based security practice? What difference does it make, if I am hacked by known or unknown malware?”
The frustration is understandable, but the common sense based protection does have benefits. A large number of the malware is known and this approach will stop them infecting your system.
Exercising caution in browsing the web and reading emails (#7) can prevent the smaller number of zero-day malware infecting your system. In addition, augmenting the antivirus protection of the system with software that protects against zero-day malware is another option, that can overcome carelessness in browsing the web.
The software that can target protection against zero-day malware is available; however, writing about them will be in another blog…