McAfee Secure

Security - Malicious Software Protection

Exam: CompTIA 220-701 - CompTIA A+ Essentials 700 series

Security. Summarize the following security features

Malicious software protection

Malicious software, or malware , is software that is designed to infiltrate a computer system and possibly damage it without the user's knowledge or consent. Malware is an umbrella term that covers a variety of computer viruses, Trojans, spyware, and generally, any type of unwanted software.

Of course, we don't want malware to infect our computer system, but to defend against it we first need to define it and categorize it. Then we can put preventative measures into place. It's also important to locate and remove or quarantine malware from a computer system.

Types of Malware

There are several types of malware that you need to know for the exam. For the past several years there has been an emphasis shift from viruses to spyware. Most people know about viruses and have some kind of antivirus software running. Yet, many are still unclear as to where spyware comes from, how it penetrates the system, and how this can be prevented. As a result, IT professionals are forced to combat a number of spyware-caused issues, as well as conduct trainings to raise user's literacy regarding the issue. However, viruses are still a valid foe.

Viruses

A virus is code that runs on a computer without the user's knowledge; it infects the computer when the code is accessed and executed. It also has reproductive capability and can spread copies of itself throughout the computer. By infecting files that are accessed by other computers, the virus can spread to those other systems as well.

One well-known example of a virus is the "Love Bug." Originating in 2000, this virus would arrive by an email titled "I love you" with an attachment named love-letter-for-you.txt.vbs, or one of several other permutations of this fictitious love. Some users would be tricked into thinking this was a text file, but the extension was actually .vbs, short for Visual Basic script. This virus deleted files, sent usernames and passwords to its creator, infected 15 million computers, and supposedly caused $5 billion in damage. Educate your users on how to screen their email!

There are several different types of viruses that you might encounter:

  • Boot Sector: Initially loads into the first sector of the hard drive; when the computer boots, the virus then loads into memory.
  • Macro: Usually placed in office documents and emailed to users in the hopes that the user will open the document, thus executing the virus.
  • Program: This type of virus infects executable files.
  • Polymorphic: Can change every time is it executed, in an attempt to avoid antivirus detection.
  • Stealth: Uses various techniques to go unnoticed by antivirus programs.
  • Multipartite: This is a hybrid of boot and program viruses. It attacks the boot sector or system files first and then attacks the other.

Worms

Worms are much like viruses except that they self-replicate whereas a virus does not.

Worms take advantage of backdoors and security holes in operating systems and applications. They look for other systems on the network or through the Internet that are running the same applications and replicate to those other systems. When it comes to worms, there is no need for the user to access and execute the malware. A well-known example of a worm is Nimda (admin backward) which spread online automatically in a matter of 22 minutes back in 2001, causing widespread damage. It propagated through network shares, mass emailing, and operating system vulnerabilities.

Trojan Horses

Trojan Horses, or simply trojans, are malicious files which, although look like they perform what's expected of them, actually hurt the system. These are not technically viruses and can easily be downloaded without noticing them. Remote access trojans (RATs) are the most common type of Trojan, for example Back Orifice or NetBus; which can provide an attacker with superior administration rights than the owner, which makes these tojans dangerous as well.

Spyware

Spyware is a widely spread type of malware that can be either accidentally downloaded online or installed along with other software. Usually, this malware collects information about the user without the user's consent. It could be as simple as a piece of code that logs what websites you access, to a program that records your keystrokes. Spyware is also associated with advertising (those pop-ups that just won't go away!) and could possibly change the computer configuration without any user interaction, for example redirecting a browser to access websites other than those desired. Adware usually falls into the realm of spyware because it pops up advertisements based on what it has learned from spying on the user. Grayware is another general term used to describe applications that are behaving improperly, but without serious consequences.