Anti-Malware – CompTIA Security+ SY0-401: 4.3

| September 15, 2014 | 0 Comments


How can you keep the bad guys from infecting your computer? In this video, you’ll learn about anti-virus, anti-spyware, anti-spam, pop-up blockers, and host-based firewalls.

<< Previous Video: Operating System Security and SettingsNext: Patch Management >>


When we think about malware and all of those different things out there that get onto our computers and create problems for us, certainly viruses is one that’s very top of mind. There are so many viruses out there. There are literally thousands and thousands of new viruses every week. There’s single viruses and variants of those viruses. It’s really just a matter of time until you download a file that happens to have a virus inside of it.

To look at some of these statistics– these are from May 2011– these are computers that were running Kaspersky Lab products. They collect statistics from all of the systems out there that have opted into this. They found that there were over 242 million network attacks blocked for the month.

There were 71 million plus attempted web-born infections prevented, where somebody was downloading an infection from the web. There was 213 million plus malicious programs detected and neutralized on the computer itself. And there were heuristically 84 plus million heuristic verdicts register, which means the heuristic engine found something that it didn’t immediately identify as a virus. It found some application acting like a virus and stopped it.

If you want to see all these statistics, they’re right here at this link. But it’s certainly speaks to how prevalent viruses are in our environment today. You always want to have an antivirus application installed on your computer. There are plenty of very efficient and easy to install and run applications out there.

There are still people that will come up to me and say, I don’t need an antivirus application. I know what to click on. And I know what not to click on.

And unfortunately, it doesn’t matter anymore. The bad guys have realized there are ways to get around you clicking on things to have viruses downloaded into your computer. Make sure you install an antivirus app. Make sure those applications are current, that the signatures for that application is current.

And make sure that you still stay on top of this. No single antivirus program can stop 100% of all viruses that are out there in the wild. These things happen just so quickly.

So make sure you keep an eye on what’s happening with your computer. If anything looks out of the ordinary, it probably is. And you want to perhaps have more than one antivirus application or at least scanning program on your computer to double check what’s out there. It’s a very important aspect of making sure that when we download files from somewhere else that they’re going to be as safe as possible on our system.

One way to double check viruses on a file you may have downloaded is to use a service like VirusTotal. You can find this at virustotal.com. And what it will do is take a file that you’ve uploaded. And it will send it through a number of antivirus scanning engines to see if it happens to get a hit on any one of those.

So I’ve chosen a file on my hard drive called not a bad application dot exe. And I asked to send that file up to VirusTotal. It’s going to take the file, upload it to VirusTotal. In fact, it says that this file has already been submitted by someone else in the past.

It has an MD 5 hash that matches exactly for this file. It was first seen in 2008 and last seen in 2011. So this gives me an idea of what’s there.

But maybe I’d like to reanalyze. Maybe I don’t trust what somebody else may have uploaded. Or I’m not completely sure. Or I would like to update this with the latest engines to see what they show.

So I’m going to choose to reanalyze that. VirusTotal will look at that. It will queue this particular app. As you can imagine, there are a number of people using this service. And it will show you where you are in the queue. And then it will start going through its virus signatures.

Another thing I like about VirusTotal is you can leave messages in here about what other people have seen with this particular application or with this particular signature of a virus that has been seen. And as it goes through the antivirus, it looks that Bitdefender found a worm. McAfee found Conficker. G Data, Kaspersky– there are all these different antivirus engines, and they’re all finding Conficker inside of this executable that I’ve uploaded.

So I know that if I’m looking for an application that would have done bad things on my computer, this is it. And VirusTotal was able to qualify that for me and see that practically everyone out there is able to identify this worm and this virus. And now I can keep it off of my system.

In the world of malware, we also have to think about spyware. And spyware is generally something that is already installed on your computer that’s now watching things that you are doing. And it may be watching you to provide information back to a mothership.

And that information is probably anything from how we’re browsing the net. It could also watch for usernames and passwords. It can contain a lot of details about where you might be logging in or even everything you type in with the key logger, and send all that information to a third party. Obviously spyware, a big problem, because we don’t want our private information getting out to other people.

So we want to be able to have an anti-spyware application on our computer to watch for anything strange that might be going on. This is very often integrated into your antivirus engine. And that makes sense, because our antivirus engines are already looking for everything that’s running on our computer.

Why not also have it look for spyware that might be on our system as well? There are also standalone anti-spyware applications you can get. And some of those are very, very good that go even a little bit beyond what traditional antivirus programs have been able to do for us.

These pieces of spyware are on our computer to watch what we’re doing. So we want to have our applications and our anti-spyware technologies also watching what these apps are doing. There’s an application it doesn’t recognize in our computer. And yet that app keeps talking out to the same URL over and over and over again and maybe sending some information out to URL. It would be nice to have an anti-spyware program identify that, show you that this odd activity is occurring, and make you wonder exactly what that might be. So that might give you a little bit of a heads up whenever you’re looking for spyware on your computer and something might be there that normally is not seen by other applications.

If you have email, then you certainly have spam. It’s a normal part of doing email on the internet is you’re going to get people sending mail to you that you did not ask for. Sometimes this email that comes to you is for you to buy things. And they wouldn’t be sending all of this email if somebody along the line didn’t click on it.

It’s so inexpensive to send an email. It costs practically nothing, so why not send out a billion email messages? And if 0.001% of those people actually click and buy something, it’s worthwhile to the spammers. So they don’t mind blasting all of these messages out there.

What you really have to watch for are these messages coming through that look like they’re from somewhere legitimate. They look like they’re from YouTube. It looks like it’s from your bank. And it’s asking you to click that information.

That’s a phishing attempt to try to get you to give up a username and password. You click the link. It looks like you’re going to your bank. It looks like you’re going to YouTube. But the reality is it’s a fake website that has nothing to do with your bank and nothing to do with YouTube.

Many of your email clients that you’re using these days have the anti-spam capabilities built into them. If you’re using a web-based service from Yahoo or you’re from Google, it’s already looking for spam. You have a separate folder that has already been set up for spam.

I use Thunderbird on one of my computers. And Thunderbird also has anti-spam technology built into it. Creates some spam folders, looks for that, so anything coming in gets automatically moved off to the spam folder itself.

If you’re in a larger organization and all of your email is coming inbound, you may have a third party in the cloud scanning the details for you for the spam. So that before it even gets into your building, it’s already been scanned by a third party. Some of those services can really, really help keep down the amount of spam you might get in your environment.

When JavaScript became popular in our browsers, the advertisers figured out that they could create new windows. They could have those windows a certain size. And they could put whatever they wanted inside of those browser windows. And it would pop up right on the top of everything else.

And what advertiser doesn’t want to get their message right there in front of you on your eyeballs? The problem is that pop-up messages are horribly annoying and very quickly that type of advertising fell out of favor. The bad guys, and in some cases the not so nice advertisers, are still trying to use pop up though.

So many of our browsers have an anti pop-up or a pop-up blocker built into the functionality of the browser. And that way you can turn it on or turn it off as you’d like. These can really take over the screen.

The malware developers have realized that they can pop up a message that says, we’ve identified a virus on your computer, and it pops right to the top. It makes you think your computer is the one that’s identified this. And they get to download code that way. So pop-ups are generally not a great thing.

However, of course, some pop-ups might be completely legitimate. You might have a banking website that tracks your time online. And when you’re going to time out, it’s going to log you out automatically. And pops up a message, a pop-up window, that says it’s going to do this in the next 60 seconds. And it will tell you when you’re logging in, make sure you turn your pop-up blockers off.

And fortunately, our browsers are configured in a way that we could turn it off for our banking website, but leave the pop-up blocker on for everything else. That way the applications that need it can absolutely present pop-up messages to us. And we can block all of the advertising and malware from other sites automatically.

These days every operating system comes with its own host-based firewall. And generally, these firewalls are turned on by default. This is a software-based firewall. It’s a personal firewall that runs on our computer that is going to protect us from other people that might be on the network. So your personal computer is now its own self-contained system that is checking every bit of network traffic that’s going in or going out.

So this is really nice when you have a laptop. You’re going to a coffee shop. You’re going to a hotel. Those are usually very open wireless networks. There’s not a lot of encryption included by default and information could be going back and forth. People you don’t know in another hotel room may unintentionally or intentionally have access into your computer.

But with the host-based firewall there, you’re preventing anybody from gaining access to your computer without you specifically allowing it. And if you’re traveling a lot, that’s definitely what you want. You can usually restrict this activity by port number– traditional firewalls work with port numbers, TCP and UDP based port numbers.

But the host-based firewalls know what applications you are running, because they’re running right there on the same operating system. And that gives them a little bit more flexibility, because you could say, allow this FTP application to talk out, but don’t allow anybody to connect to me using this FTP application as the service.

That gives you a lot of security. And by customizing these firewall rules that you might have in your system, you can really create a very, very secure system, no matter where you might go.

Tags: , , , , , , , ,

Category: CompTIA Security+ SY0-401

X