Preventing Malware | CompTIA A+ 220-1002 | 2.4

In this video you will learn about various types of malware and various tools & methods to remove & prevent malware.

Malware

Malware (malicious software) is any software or code intentionally designed to cause damage to a computer, server, client, or to gain unauthorized access to a computer network. A wide variety of malware types exist, such as:

  • Ransomware: Type of malware that threatens to publish a victim’s data or perpetually encrypt access to it unless a ransom is paid to decrypt it within a specified amount of time (also known as cryptoviral extortion). The most famous ransomware attack was the WannaCry virus in 2017, which spread all over the world impacting mostly Windows machines that had not been updated with security patches.
  • Trojan: A Trojan horse is any type of malware which misleads users of its true intent. Trojans are generally spread by some form of social engineering, such as, executing an email attachment disguised to not appear suspicious, or by clicking on fake advertisements on social media or anywhere else. Trojan payloads can be anything, but modern forms act as a backdoor to contact a controller which can then have unauthorized access to the affected computer.
  • Keylogger: Keystroke logging is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can be retrieved by the person operating the logging program. Keylogger viruses can be delivered by way of a Trojan, phishing, or a fake email attachment. Applying multifactor authentication is one way to prevent a software keylogger attack. Keyloggers can be either software or hardware.
  • Rootkit: A collection of computer hacking software designed to enable access to a computer or an area of its software that is not otherwise allowed & often masks its existence or the existence of other software. Some rootkits can perform keylogging while other rootkits just simply take over the entire computer. Ridding a computer of a rootkit usually involves wiping the drive and reinstalling the operating system of the computer.
  • Virus: A type of program when executed replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be “infected” with a computer virus. Computer viruses generally require a host program. The virus writes its own code into the host program. When the program runs, the written virus program is executed first, causing infection and damage. Most virus attacks are spread with human assistance  when users carelessly open attachments in their email. With the installation of antivirus from a reputable vendor, most computer virus attacks can be prevented.
  • Botnet: A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform DDoS (distributed denial of service) attacks, steal data, send spam, & allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. Keeping a computer’s antivirus updated can help prevent a botnet attack.
  • Worm: A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behavior will continue. Phishing and other human errors are not required for worms to thrive.
  • Spyware: Describes software with malicious behavior that aims to gather information about a person or organization and send such information to another entity in a way that harms the user; for example, by violating their privacy or endangering their device’s security. This behavior may be present in malware as well as in legitimate software. Multiple unwanted pop-up windows when surfing the Internet may be an indicator of spyware on your system.

Tools & Methods

The following are some of the tools & methods used to thwart malware, virus, & hacking attacks.

Antivirus/Anti-Malware

Antivirus/anti-malware is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. Antivirus/anti-malware can offer protections for users and systems such as:

  • Blocking infections in real-time
  • Running periodic scans for known & suspected threats
  • Running automatic system updates (typically daily)
  • Automatically renewing antivirus subscriptions to get access to updated threat signatures
  • Offers links to virus & threat encyclopedias
  • System file inoculation
  • Establishing permission-based access to the Internet
  • Scanning of sent/received emails & downloaded files

Recovery Console

The Recovery Console is a feature that provides the means for administration to perform a limited range of tasks using a command-line interface. Its primary function is to enable administrators to recover from situations where Windows does not boot as far as presenting its graphical user interface. If resetting the PC is not sufficient, you can boot from a recovery disk to remove some infected files and restore your original files. To access the Recovery Console in Windows 10: Settings > Update & Security > Recovery.

Windows 10 Recovery Options

Backup/Restore

Infected computers can be troubleshooted from the recovery drive as well. This is a drive that is created and put aside in case it is needed. The recovery drive allows users to boot into Safe mode without installing all applications and services. Once there, a user can remove infected files & reboot the computer to normal condition. To access the Windows 10 Backup options: Settings > Update & Security > Backup.

Windows 10 Backup & Recovery

End User Education

An acceptable use policy (AUP) is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guidelines as to how it should be used. AUP documents are written for corporations, businesses, universities, schools, internet service providers, and website owners, often to reduce the potential for legal action that may be taken by a user, and often with little prospect of enforcement.

A few ways to bring about end user education to increase computer/network security are:

  • Not clicking on random links just because a link is there to click.
  • Using two-factor or multi-factor authentication.
  • Being aware of phishing scams.
  • Monitoring your accounts to be on the lookout for suspicious activities.
  • Keeping your computer systems updated with the latest software patches.
  • Only connecting to secure networks.
  • Securing mobile devices.
  • Being aware of social engineering practices.
  • Backing up your data.

Software Firewall

Software firewalls are installed on individual computers on a network. Unlike hardware firewalls, software firewalls can easily distinguish between programs on a computer. This lets them allow data to one program while blocking another. Software firewalls can also filter outgoing data, as well as remote responses to outgoing requests. Windows 10 has incorporated Windows Defender Firewall into the OS which prevents most common types of malicious traffic into a computer, and the user can customize Windows Defender Firewall settings as needed.

DNS Configuration

The Domain Name System (or Service) is a hierarchical & decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates more readily memorized domain names into numerical IP addresses to locate web pages & websites. Domain name server functions are included in SOHO routers, and in larger networks, a separate domain name server can be used. Hackers can use DNS records to create false DNS information that can redirect victims to fake websites to get them download malware and/or viruses. Vendors offering third-party software can provide DNS security to secure a systems DNS.