Protecting your enterprise network from malware. Factors that determine the quality of antivirus programs

· use operating systems that do not allow changing important files without the user’s knowledge;

· install updates in a timely manner;

· if there is an automatic update mode, enable it;

· for proprietary software: use licensed copies. Binary updates sometimes conflict with crackers;

· in addition to anti-virus products that use signature-based methods to search for malware, use software that provides proactive protection against threats (the need to use proactive protection is determined by the fact that a signature-based anti-virus does not notice new threats that have not yet been included in the anti-virus databases). However, its use requires a lot of experience and knowledge from the user;

· constantly work on a personal computer exclusively under user rights, and not as an administrator, which will not allow most malicious programs to be installed on a personal computer and change system settings. But this will not protect personal data from malicious ones (Trojan-Clicker, Trojan-DDoS, Trojan-Downloader, Trojan-Ransom (file encrypting), Trojan-Spy, Trojan.Keylogger) and potentially unwanted programs (Adware, Hoax) that have access to user files to which a limited account has write and read permissions (for example, the home directory - /home subdirectories in GNU/Linux, Documentsandsettings in Windows XP, the Users folder in Windows 7), to any folders in which files can be written and read, or to the user interface (such as programs for taking screenshots or changing the keyboard layout);

· restrict physical access to the computer by unauthorized persons;

· use external storage media only from trusted sources on your work computer;

· do not open computer files received from unreliable sources on your work computer;

· use a firewall (hardware or software) that controls access to the Internet from a personal computer based on policies that are set by the user;

· Use a second computer (not for work) to run programs from unreliable sources that do not contain valuable information of interest to third parties;

· backup important information to external media and disconnect them from the computer.

5. Characteristics and purpose of the main anti-virus programs (Norton, Kaspersky)

Kaspersky Antivirus (AntivirusKaspersky) - antivirus developed by Kaspersky Lab. Kaspersky Lab is the most famous manufacturer of protection systems against viruses, spam and hacker attacks in Russia. Operating in the security systems market for more than 10 years. A very reliable and effective anti-malware program.

Kaspersky Anti-Virus (AntivirusKaspersky) consists of the following components:

1. File Anti-Virus is a component that controls the computer’s file system. It checks all opened, launched and saved files on the computer.

2. Mail Anti-Virus - a component that scans all incoming and outgoing mail messages on your computer.

3. Web Anti-Virus is a component that intercepts and blocks the execution of a script located on a website if it poses a threat.

4. Proactive protection - a component that allows you to detect a new malicious program before it has time to cause harm. Thus, the computer is protected not only from already known viruses, but also from new ones that have not yet been studied.

Main functions of Kaspersky Anti-Virus:

– has three levels of protection against known and new Internet threats: scanning against signature databases, a heuristic analyzer and a behavioral blocker;

– protection against viruses, Trojans and worms;

– checking files, mail and Internet traffic in real time;

– protection against viruses when working with ICQ and other IM clients;

– protection against all types of keyloggers;

– detection of all types of rootkits;

– automatic database update.

SymantecNortonAntiVirus is a product of the American company Symantec. Symantec is a global leader in applications, appliances and services that help end users ensure the security, availability and integrity of their most important asset - information. Repeatedly won prizes in the largest international antivirus tests. Norton Antivirus has a nice interface and convenient settings.

NortonAntiVirus consists of a single module that resides permanently in the computer's memory and performs tasks such as monitoring memory and scanning files on disk. Access to the program's controls and settings is done using the corresponding tabs and buttons.

Auto-Protect should always be turned on to protect your PC from viruses. Auto-Protect works in the background without interrupting your PC.

Key features of NortonAntiVirus:

– finds and removes viruses and spyware;

– automatically blocks spyware;

– does not allow sending infected emails;

– recognizes and blocks viruses, spyware and Trojans;

– detects Rootkit-type threats and eliminates threats hidden in the operating system;

– Internet worm protection function: scanning function for email and instant messages;

– a full system scan allows you to conduct a thorough analysis and remove detected viruses, spyware and other threats

CONCLUSION

This work outlines the main part of malware, discusses the classification and identifies ways to combat various threats.

Using anti-virus programs, creating a secure local network, installing filters on prohibited sites from which viruses can penetrate, is suitable for protecting against malicious software in a computer class.

REFERENCES

Anti-virus protection for PC. From the “teapot” to the user: Alexander Zhadayev - St. Petersburg, BHV-Petersburg, 2010 - 224 p.

Antiviruses: P. P. Alekseev, A. P. Korsh, R. G. Prokdi - St. Petersburg, Science and Technology, 2010 - 80 p.

How to protect your computer (+ CD-ROM): Vasily Leonov - St. Petersburg, Eksmo, 2010 - 240 p.

100% computer protection. Failures, errors and viruses: Petr Tashkov - Moscow, St. Petersburg, 2011 - 288 p.

Computer viruses and the fight against them: A. V. Mikhailov - St. Petersburg, Dialog-MEPhI, 2011 - 104 p.

Technologies for combating computer viruses: S. V. Goshko - St. Petersburg, Solon-Press, 2011 - 352 p.

Description of the presentation by individual slides:

1 slide

Slide description:

A malicious program (literal translation of the English term Malware, malicious - malicious and software - software, slang name - “malware”, “malovar”, “soap maker” and even “soap maker”) - a malicious program, that is, a program created with malicious intent and/or evil intentions. Anti-malware protection

2 slide

3 slide

Slide description:

Anti-virus programs Modern anti-virus programs provide comprehensive protection of programs and data on the computer from all types of malicious programs and methods of their penetration into the computer: Internet, local network, e-mail, removable storage media. To protect against each type of malware, the antivirus has separate components. The operating principle of antivirus programs is based on scanning files, boot sectors of disks and RAM and searching for known and new malicious programs in them.

4 slide

Slide description:

Antivirus programs Signatures are used to search for known malware. A signature is some constant sequence of program code specific to a particular malicious program. If an antivirus program detects such a sequence in any file, the file is considered infected with a virus and must be treated or deleted. To search for new viruses, heuristic scanning algorithms are used, i.e., analyzing the sequence of commands in the scanned object. If a “suspicious” sequence of commands is detected, the antivirus program displays a message about the possible infection of the object.

5 slide

Slide description:

Most antivirus programs combine real-time protection (anti-virus monitor) and on-demand protection (anti-virus scanner). The anti-virus monitor starts automatically when the operating system starts and works as a background system process, checking for malicious actions performed by other programs. The main task of an anti-virus monitor is to provide maximum protection against malware with minimal slowdown of the computer. The anti-virus scanner is launched according to a pre-selected schedule or at any time by the user. The anti-virus scanner searches for malware in RAM, as well as on computer hard drives and network drives.

6 slide

Slide description:

Signs of computer infection: Unexpected messages or images appear on the screen; giving unexpected sound signals; unexpected opening and closing of the CD/DVD drive tray; arbitrary launch of any programs on the computer; frequent freezes and crashes in the computer; Slow operation of the computer when starting programs; disappearance or change of files and folders; frequent access to the hard drive (the light on the system unit blinks frequently); Browser freezes or unexpected behavior (for example, the program window cannot be closed). Some characteristic signs of being infected by a network virus via email: friends or acquaintances talk about messages they received from you that you did not send; There are a large number of messages in your mailbox without a return address or header.

7 slide

Slide description:

Actions if there are signs of computer infection Before taking any action, you must save the results of your work on external media (floppy disk, CD or DVD disk, flash card, etc.). Next you need to: disconnect the computer from the local network and the Internet, if it was connected to them; if the symptom of infection is that it is impossible to boot from the computer’s hard drive (the computer gives an error when you turn it on), try booting into crash protection mode or from the Windows emergency boot disk; run an antivirus program.

8 slide

Slide description:

Computer viruses and protection against them Computer viruses are malicious programs that can “multiply” (self-copy) and secretly inject copies of themselves into files, disk boot sectors and documents. Activation of a computer virus can cause the destruction of programs and data. The name “virus” in relation to computer programs comes from biology precisely on the basis of its ability to self-reproduce. Based on their “habitat”, viruses can be divided into boot, file and macro viruses.

Slide 9

Slide description:

Boot viruses Boot viruses infect the boot sector of a floppy or hard disk. The operating principle of boot viruses is based on algorithms for starting the operating system when the computer is turned on or rebooted. When infecting disks, boot viruses “substitute” their code instead of the program that receives control when the system boots, and give control not to the original boot loader code, but to the virus code. When a disk is infected, the virus in most cases transfers the original boot sector to some other sector of the disk. Preventive protection against boot viruses consists of not loading the operating system from floppy disks and setting your computer's BIOS to protect the boot sector from changes.

10 slide

Slide description:

File viruses File viruses are embedded in executable files in various ways and are usually activated when they are launched. After running an infected file, the virus resides in the computer’s RAM and is active (that is, it can infect other files) until the computer is turned off or the operating system is restarted. Almost all boot and file viruses are resident (they erase data on disks, change the names and other attributes of files, etc.). Treatment for resident viruses is difficult, since even after deleting infected files from disks, the virus remains in RAM and the files can be re-infected. Preventive protection against file viruses consists in the fact that it is not recommended to execute files obtained from dubious sources and not previously scanned by anti-virus programs.

11 slide

Slide description:

Macro viruses There are macro viruses for the integrated office application Microsoft Office. Macro viruses are actually macros (macros), in the built-in programming language Visual Basic for Applications, which are placed in a document. Macro viruses contain standard macros, are called instead of them, and infect every document that is opened or saved. Macroviruses are limited resident. Preventative protection against macroviruses consists of preventing the virus from starting. When you open a document in Microsoft Office applications, you are notified of the presence of macros (potential viruses) in them and are asked to block their downloading. Choosing to block loading macros will reliably protect your computer from infection by macro viruses, but will also disable useful macros contained in the document.

12 slide

Slide description:

Network worms and protection against them Network worms are malicious programs that penetrate a computer using computer network services. Activation of a network worm can cause the destruction of programs and data, as well as the theft of user personal data. To spread, network worms use a variety of services of global and local computer networks: the World Wide Web, email, etc. The main feature by which the types of worms differ from each other is the method of propagation of the worm - how it transmits its copy to remote computers. However, many network worms use more than one way to distribute copies of themselves across computers on local and global networks.

Slide 13

Slide description:

Web worms A separate category consists of worms that use web servers to spread. Infection occurs in two stages. First, the worm penetrates the server computer and modifies the server's web pages. The worm then waits for visitors who request information from the infected server (for example, open an infected web page in a browser), and thus penetrates other computers on the network. A type of Web worms are scripts - active elements (programs) written in JavaScript or VBScript. Preventive protection against web worms consists in preventing the browser from receiving active elements on the local computer. Even more effective are Web-based antivirus programs that include a firewall and a script checking module in JavaScript or VBScript.

Slide 14

Slide description:

Firewall A firewall (firewall) is software or hardware that inspects information entering a computer from a local network or the Internet and then either rejects it or allows it into the computer, depending on the firewall settings. The firewall ensures that all web pages entering the user's computer are scanned. Each web page is intercepted and analyzed by the firewall for the presence of malicious code. Malicious programs are recognized based on the databases used in the firewall and using a heuristic algorithm. The databases contain a description of all currently known malware and methods for neutralizing them. The heuristic algorithm allows you to detect new viruses that have not yet been described in the databases.

15 slide

Slide description:

Mail worms Mail worms use email to spread. The worm either sends a copy of itself as an attachment to an email, or sends a link to its file located on some network resource. In the first case, the worm code is activated when an infected attachment is opened (launched), in the second - when a link to an infected file is opened. In both cases, the effect is the same - the worm code is activated. After infecting a computer, the worm begins to send itself to all email addresses that are in the user's address book. Preventative protection against email worms consists of not opening files attached to email messages that are received from dubious sources. It is recommended to promptly download and install security updates for the operating system and applications from the Internet.

16 slide

Slide description:

Trojan programs and protection against them A Trojan program, Trojan (from the English trojan) is a malicious program that performs an unauthorized user transfer of computer control to a remote user, as well as actions to delete, modify, collect and forward information to third parties.

Slide 17

Slide description:

Trojan remote administration utilities Trojan programs of this class are utilities for remote administration of computers on a network. Hidden control utilities allow you to receive or send files, run and destroy them, display messages, erase information, restart the computer, etc. When launched, the Trojan installs itself in the system and then monitors it, while the user is not given any messages about the actions of the Trojan programs in the system. As a result, the “user” of this Trojan program may not be aware of its presence on the system, while his computer is open to remote control. They are one of the most dangerous types of malware.

18 slide

Slide description:

Trojan spyware Trojan spyware performs electronic spying on the user of an infected computer: information entered from the keyboard, screenshots, a list of active applications and the user's actions with them are saved in a file on the disk and periodically sent to the attacker. This type of Trojan is often used to steal information from users of various online payment systems and banking systems.

Slide 19

20 slide

Slide description:

Hacker utilities and protection against them Network attacks on remote servers are carried out using special programs that send numerous requests to them. This leads to a denial of service (server hang) if the resources of the attacked server are insufficient to process all incoming requests. Some hacking tools implement fatal network attacks. Such utilities exploit vulnerabilities in operating systems and applications and send specially crafted requests to attacked computers on the network. As a result, a special type of network request causes a critical error in the attacked application, and the system stops working. Network attacks

21 slides

Slide description:

Remote computer hacking utilities are designed to penetrate remote computers for the purpose of further controlling them (using Trojan programs such as remote administration utilities) or to introduce other malicious programs into the hacked system. Remote computer hacking tools typically exploit vulnerabilities in operating systems or applications installed on the target computer. Preventive protection against such hacker utilities consists of timely downloading security updates for the operating system and applications from the Internet. Tools for hacking remote computers

22 slide

Slide description:

A rootkit (from the English root kit - “a set for obtaining root rights”) is a program or set of programs for covertly taking control of a hacked system. These are utilities used to hide malicious activity. They disguise malware to avoid detection by antivirus programs. Rootkits modify the operating system on a computer and replace its basic functions in order to hide their own presence and the actions that the attacker takes on the infected computer. Rootkits

Slide 23

Slide description:

Protection against hacker attacks, network worms and Trojans. Protecting computer networks or individual computers from unauthorized access can be done using a firewall. The firewall allows you to: block hacker DoS attacks by preventing network packets from certain servers (certain IP addresses or domain names) from entering the protected computer; prevent network worms (mail, Web, etc.) from penetrating the protected computer; prevent Trojan programs from sending sensitive information about the user and computer.

Types and methods of information protection From deliberate distortion, vandalism (computer viruses) General methods of information protection; preventive measures; use of anti-virus programs From unauthorized (illegal) access to information (its use, modification, distribution) Encryption; password protection; "electronic locks"; a set of administrative and law enforcement measures Type of protection Method of protection

28 slide

Slide description:

To summarize, it should be mentioned that there are many cases where companies (not only foreign ones) wage real “spy wars” among themselves, recruiting competitor employees in order to gain access through them to information that constitutes a trade secret. Regulation of issues related to trade secrets has not yet received sufficient development in Russia. The existing legislation still does not provide regulation of certain issues, including trade secrets, that corresponds to modern realities. At the same time, we must be aware that the damage caused by the disclosure of trade secrets is often quite significant (if it can be estimated at all). The presence of standards on liability, including criminal liability, can serve as a warning to employees against violations in this area, so it is advisable to inform all employees in detail about the consequences of violations. I would like to hope that the information security system being created in the country and the formation of a set of measures for its implementation will not lead to irreversible consequences on the path of the information and intellectual unification that is emerging in Russia with the whole world. Conclusion

There is no 100% protection against all malware: no one is immune from exploits like Sasser or Conficker. To reduce the risk of losses from malware, we recommend:

use modern operating systems that have a serious level of protection against malware;

install patches in a timely manner; if there is an automatic update mode, enable it;

constantly work on a personal computer exclusively under user rights, and not as an administrator, which will not allow most malicious programs to be installed on a personal computer;

use specialized software products that use so-called heuristic (behavioral) analyzers to counter malware, that is, those that do not require a signature base;

use anti-virus software products from well-known manufacturers, with automatic updating of signature databases;

use a personal Firewall that controls access to the Internet from a personal computer based on policies set by the user;

restrict physical access to the computer by unauthorized persons;

use external media only from trusted sources;

do not open computer files received from unreliable sources;

disable autorun from removable media, which will not allow codes that are on it to run without the user's knowledge (for Windows you need gpedit. msc->Administrative Templates (User Configuration) ->System->Disable Autorun->Enabled "on all drives") .

Modern defenses against various forms of malware include a variety of software components and methods for detecting "good" and "bad" applications. Today, antivirus vendors build scanners into their programs to detect spyware and other malicious code, so everything is done to protect the end user. However, no anti-spyware package is perfect. One product may be too close to programs, blocking them at the slightest suspicion, including “cleaning out” useful utilities that you regularly use. Another product is more software-friendly, but may allow some spyware to pass through. So, unfortunately, there is no panacea.

Unlike antivirus packages, which regularly score 100% effective at detecting viruses in professional testing conducted by experts such as Virus Bulletin, no anti-adware package scores above 90%, and many other products are measured between 70% effective. and 80%.

This explains why using, for example, an antivirus and an antispyware program simultaneously is the best way to fully protect your system from dangers that may come unexpectedly. Practice shows that one package should be used as a permanent "blocker" that is loaded every time the computer is turned on (for example, AVP 6.0), while another package (or more) should be run at least once a week to provide additional scanning (eg Ad-Aware). Thus, what one packet misses, another can detect.

Unfortunately, any computer user has encountered viruses and malware. What this threatens is not worth mentioning - at a minimum, all data will be lost and you will have to spend time formatting the disk and reinstalling the system. So, to avoid unnecessary hassle, it would be better to prevent it. As they say, prevention is better than cure.

1. Be careful when opening messages on social networks

One rule to remember is that you can greatly improve your chances of avoiding viruses by reviewing your messages before opening them. If something looks suspicious and there are strange files attached to the message, you should not open them at all (or at least scan them with an antivirus).

2. Current antivirus

Antiviruses offered by Internet service providers are not enough to protect your entire computer system from viruses and spyware. For this reason, it is better to install additional protection against malware.

3. Scan your computer daily

Despite installing antivirus and anti-malware programs, it is still best to perform a daily scan of your hard drive to make sure that no virus has made its way into the system. In fact, you can catch a whole bunch of viruses every day, so the only way to reduce the damage is to scan your files daily.

4. Free antivirus Avast

The creators of Avast antivirus have simplified working with this program to the maximum. All it takes is just pressing a couple of buttons. At the same time, Avast provides sufficient protection against viruses - both Trojans and worms.

5. SUPERAntiSpyware

SUPERAntiSpyware is an all-inclusive antivirus. It can be used to combat spyware, adware, trojans, worms, keyloggers, rootkits, etc. However, it will not slow down your computer.

6. Firewall

This is a basic rule that all computer users should understand. Although using a firewall is not effective at catching Internet worms, it is still very important to combat potential infections from a user's internal network (for example, an office network).

7. AVG Internet Security

This protection is ideal for home and commercial use, and is notable for the fact that it includes assistance from Internet security experts. It is constantly updated and has advanced features. AVG Internet Security can be used to combat viruses, spyware and Trojans, and can also help prevent identity theft and other web exploits.

8. Avira AntiVir

Avira offers an improved way to remove malware, including virus residuals. However, users should be careful as a fake version of the program is being circulated on the Internet. Avira also features a simplified, intuitive user interface.

9. Kaspersky Internet Security

This antivirus essentially contains everything that a computer user must have to work safely and reliably on the Internet. It can be used to secure transactions while working, processing banking transactions, including online purchases and online games.

10. Ad-Aware and Avast-Free

Ad-Aware provides free antivirus protection. It was created specifically to install side-by-side with Google Chrome, but can also work with any other browser. It is effective in preventing malware from automatically running on Windows and cleaning up your computer.

11. ESET Online Scanner

For an effective anti-malware solution, ESET Online Scanner offers a premium security package that literally has everything included. It also knows how to clean already infected machines and use an online firewall.

Malware is a program designed to harm a computer and/or its owner. Obtaining and installing such programs is called infecting the computer. To avoid infection, you need to know the types of malware and methods of protection against them. I will tell you about this in the article.

For what Do they still create malware? There are many options. Here are the most common ones:

Just for fun
- self-affirmation in the face of peers
- theft of personal information (passwords, credit card codes, etc.)
- extortion of money
- distribution of spam through zombie computers that unite into a botnet
- revenge

Classification of malware

The most popular types of malware are:

- computer virus
- Trojan program
- network worm
- rootkit

Computer virus – a type of malware whose purpose is to carry out actions that harm the PC owner without his knowledge. A distinctive feature of viruses is their ability to reproduce. You can catch a virus via the Internet or from removable storage media: flash drives, floppy disks, disks. Viruses usually inject themselves into the body of programs or replace programs.

Trojan horse (you can also hear such names as Trojan, Trojan, Trojan horse) - a malicious program that penetrates the victim’s computer under the guise of a harmless one (for example, a codec, system update, screensaver, driver, etc.). Unlike a virus, Trojans do not have their own method of spreading. You can receive them by email, from a removable drive, or from an Internet site.

Network worm – an independent malicious program that penetrates a victim’s computer using vulnerabilities in operating system software.

Rootkit – a program designed to hide traces of an attacker’s malicious actions in the system. Not always harmful. For example, rootkits are systems used to protect licensed discs that publishers use. Also, an example of a rootkit that does not harm the user are programs for emulating virtual drives: Daemon Tools, Alcohol 120%.

Symptoms of a computer infection:

Blocking access to antivirus developer sites
- appearance of new applications in autostart
- launching new processes previously unknown
- random opening of windows, images, videos, sounds
- spontaneous shutdown or reboot of the computer
- decreased computer performance
- unexpected opening of the drive tray
- disappearance or change of files and folders
- reduced download speed from the Internet
- active operation of hard drives in the absence of tasks set by the user. Identified by the blinking light on the system unit.

How protect yourself from malware? There are several ways:

Install a good antivirus (Kaspersky, NOD32, Dr. Web, Avast, AntiVir and others)
- install Firewall to protect against network attacks
- install recommended updates from Microsoft
- do not open files received from unreliable sources

Thus, knowing the main types of malicious software, how to protect against them and the symptoms of infection, you will protect your data as much as possible.

P.S. The article is relevant only for Windows users, since Mac OS and Linux users do not have the luxury of viruses. There are several reasons for this:
- writing viruses on these operating systems is extremely difficult
- there are very few vulnerabilities in these operating systems, and if any are found, they are corrected in a timely manner
- all modifications of system files of Unix-like OS require confirmation from the user
Still, owners of these OSes can catch a virus, but it will not be able to run and harm a computer running Ubuntu or Leopard.

Discussion of the article

In this article we answered the following questions:

- What is malware?
- How can you avoid getting your computer infected?
- Why is malware created?
- What is a computer virus?
- What is a Trojan program?
- What is a network worm?
- What is a rootkit?
- What is a botnet?
- How do you know if your computer is infected with a virus?
- What are the symptoms of a computer being infected with malware?
- How to protect yourself from malicious software?
- Why are there no viruses on Mac (Leopard)?
- Why are there no viruses on Linux?


Your questions:

No questions yet. You can ask your question in the comments.

This article was written specifically for