One of the most common methods that a threat actor uses to gain access to hosts or networks is through software vulnerabilities. It is important to keep software applications up to date with the latest security patches and updates to help deter threats. A patch is a small piece of code that fixes a specific problem. An update, on the other hand, may include additional functionality to the software package as well as patches for specific issues.
OS and application vendors continuously provide updates and security patches that can correct known vulnerabilities in the software. In addition, vendors often release collections of patches and updates called service packs. Fortunately, many operating systems offer an automatic update feature that allows OS and application updates to be automatically downloaded and installed on a host, as shown for the Windows OS in Figure 15-10.
Figure 15-10 Windows 10 Update Settings
Antimalware Software (15.6)
As mentioned previously, malware attacks include viruses, worms, and Trojan horses. It is important to be able to detect, eliminate, and if possible, prevent these attacks from occurring.
Signs of Infections (15.6.1)
Even when the OS and applications have all the current patches and updates, they may still be susceptible to attack. Any device that is connected to a network is susceptible to viruses, worms, and Trojan horses. They may be used to corrupt OS code, affect computer performance, alter applications, and destroy data. So how do you know if your computer has been infected?
Some of the signs that a virus, worm, or Trojan horse may be present include the following:
- The computer starts acting abnormally.
- A program does not respond to the mouse and keystrokes.
- Programs start or shut down on their own.
- An email program begins sending out large quantities of email.
- CPU usage is very high.
- There are unidentifiable processes or a large number of processes running.
- The computer slows down significantly or crashes, such as when the Windows blue screen of death (BSoD) appears, as shown Figure 15-11.
Figure 15-11 Windows BSoD
Antimalware includes a variety of software available to detect and prevent these types of intrusions and infections including antivirus software, antispam software, and antispyware software.
Antivirus Software (15.6.2)
Antivirus software can be used as both a preventive tool and as a reactive tool. It prevents infection. It detects and removes viruses, worms, and Trojan horses. Antivirus software should be installed on all computers connected to the network.
Antivirus software relies on known “virus signatures” to find and prevent new viruses from infecting the computer. Virus signatures are patterns within the programs that are common to other malicious programs that have already been identified as harmful. When new virus programs are found on the Internet, the signature files for the antivirus are updated with the new information. It is important to keep virus checker software updated with the latest signature files to protect the system from infection.
Following are some of the features that can be included in antivirus programs:
- Email checking—Scans incoming and outgoing emails, and identifies spam and suspicious attachments.
- Resident dynamic scanning—Checks program files and documents when they are accessed.
- Scheduled scans—Scans for viruses at regularly scheduled intervals and checks specific drives or the entire computer.
- Automatic updates—Checks for and downloads known virus characteristics and patterns. These features can be scheduled to check for updates on a regular basis.
Many antivirus programs are available. Some are free from the manufacturer, whereas others may charge a fee to download and use the program.
Antispam Software (15.6.3)
No one likes opening their email and being overwhelmed by unwanted messages. Spam is not only annoying; it can overload email servers and potentially carry viruses and other security threats. Additionally, people who send spam may use links within the emails to take control of a host by planting code on it in the form of a virus or a Trojan horse. The host is then used to send spam without the knowledge of the user, consuming the local bandwidth and processor resources.
Antispam software protects hosts by identifying spam and performing an action, such as placing it into a junk folder or deleting it. Spam filters can be loaded on individual devices but can also be loaded on email servers. In addition, many ISPs offer spam filters. Antispam software does not recognize all spam, so it is important to open email carefully. This software may also accidentally identify wanted email as spam and treat it as such.
Antispyware Software (15.6.4)
Antispyware is software that detects and removes unwanted spyware programs.
Antispyware and Adware
Spyware and adware can also cause virus-like symptoms. In addition to collecting unauthorized information, they can use important computer resources and affect performance. Antispyware software detects and deletes spyware applications, as well as prevents future installations from occurring. Many antispyware applications also include detection and deletion of cookies and adware. Some antivirus packages include antispyware functionality.
Popup Blockers
Popup blocking software can be installed to prevent popups and pop-unders. Many web browsers include a popup blocker feature by default. Note that some programs and web pages create necessary and desirable popups. Most popup blockers offer an override feature for this purpose.
