Get a Quote

Are you doing everything that you should to protect yourself from malware? (or, How to catch a virus)

Submitted by Jim McGraw from CMIT Solutions of SW Rockland on Thursday, July 14, 2011

ShareThisiStock_000002553869XSmall-300x200Recently, it seems that there have been a lot of incidents in the news about major corporations who have been hacked into or exposed customer data to outsiders.  You might well ask “If Apple or Sony can’t keep their systems safe with all their resources, how can I protect my business?”  Fortunately, you probably don’t have elite hackers trying to break into your systems for the challenge, but the dangers are there, regardless.

Antivirus Programs

Everybody knows about antivirus programs.  Yet, astonishingly, I still run across business computers that do not have a valid up-to-date antivirus program installed.  Sometimes, it’s because the license expired and no one bothered to renew it.  Other times, the antivirus was turned off on purpose because it generated too many popups or interfered with computer performance.  This is always a mistake.  Even the worst AV program is better than the best one if it’s turned off.  Pick one that works the way you want and keep it turned on and up to date.

From Wikipedia: “A computer virus is a computer program that can copy itself and infect a computer. The term “virus” is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. “   So, it also pays to have Anti-Malware software installed as well as Antivirus software.  The line between the two is often blurred, but you don’t want to depend on the AV vendor’s view of where his job ends and someone else’s begins.  Both types of software can be configured to do regular scans and active protection.  My personal view is that you should only have one program with active protection turned on.  If my Anti-Malware software has active protection, I usually turn it off.

There are a variety of “second-opinion” malware scanners available on the internet.  You can use these if you believe you already have a problem.  My personal favorite is Hitman Pro.  It seems to scan quickly and remove problems that others miss.

Firewall

All of the above, address issues after they have already entered your computer.  So, the barbarians are already inside the gate.  However, it’s always better to keep the barbarians outside of the gate.

Most people also know about firewalls.  They control the network traffic at the “gate”.  They come in two flavors, software and hardware.  Software firewalls like Windows Firewall protect a single computer and should be used in most cases.  Hardware firewalls protect a network and are placed between the internet connection and any internal ethernet switches or hubs.  They control the network traffic between the internet and the internal network.  Business-class hardware firewalls usually include a scanner that detects malware before it reaches any computer on your internal network.  They require a subscription, just like most AV programs.  Many software firewalls also include some kind of user-control that requests confirmation after a program is initiated to ensure that the user really knows that it is running.  While very annoying, it does serve a legitimate purpose.

Web Proxy

A third type of protection keeps the barbarians from reaching the gate at all.  A web-proxy is a service that can prevent malicious internet traffic from ever reaching your network.  As with a hardware firewall, internet traffic can be restricted by port, but a proxy can also filter traffic based on its address.  If an internet site is blacklisted, no traffic from that site will reach your computer.  Even if an employee tries to access the site, the site will not be found.  A less expensive, but also less foolproof version of this idea also exists in OpenDNS.  Since 99% of user generated internet traffic is requested by URL rather than by IP address, that request must go to a name server to be translated into an IP address.  OpenDNS replaces your name server with one that filters requests against a list of dangerous URLs and blocks the ones that should be avoided.  Both approaches reduce your exposure to phishing attacks and botnet agents because the URL that is requested is filtered against their blacklists.

Education

A final layer of protection is employee education and your response to incidents.  If the user never clicks on a malicious link in an email and never connects an infected USB device to his computer, there will not be any barbarians to defend against, whether it be inside the gate, outside the gate, or at the gate.  Training should be re-enforced at regular intervals to ensure that employees will not be easily scammed into dangerous behavior.  It also helps if the tools you use make it easy for central management across all the computers on your network.  Employees might be embarrassed to come forward if they think they have a virus.  With central reporting, you will probably know about the attack before the employee does and be able to address the problem immediately.

Large corporations like Apple and Sony already know all these things and have large staffs to implement them.  So, nothing is foolproof.  Even if you do everything that I mentioned, you still might be a victim.   However, you will be secure in the knowledge that you certainly didn’t make it easy for the barbarians.

GOT QUESTIONS?

We can help. Whatever your technology problem is, chances are, we've seen it before.