Welcome to number two in our series of articles discussing Information Security. In the last article, we provided a foundation to help you understand the different aspects of Information Security and how they relate to you.
You may have noticed that this article is not called anti-malware. That’s a very deliberate choice, because malware protection is much more than just installing an anti-malware product. But before we get into details, it’s worth taking the time to define what malware is – and what it isn’t.
What is Malware?
Malware is a broad category of Malicious Software that includes Viruses, Trojans, Botnets, Root Kits, and all types of software that may be running on your system that you might not know about. Spam is not Malware, although Malware may be distributed through spam (just like a piece of fruit is not a worm, but a worm may be hiding in fruit so you don’t know it’s there until too late). Website Pop-Ups (or Pop-Unders) are also not Malware – they’re just annoying methods for delivering advertisements.
And while Malware can exist on servers, the focus of this series of articles is “endpoints” (desktops, laptops, tablets and smartphones). Also, every person you talk to will have his or her own opinion about which product is the best or easiest to use based on individual experience. In this series, we will not make any specific product recommendation – rather, we will advise what type of products or product features you should be looking for.
What can you do to protect your computers from Malware?
It’s not just one thing. Rather, it’s a lot of little things that add up to a well-protected system. We’ll start with your network and work our way down to the computer and software. (And for those Mac users out there, most of these apply to you was well – especially if you’re running Fusion, Parallels, or Boot Camp.) And don’t panic. If some of this is too geeky for you, it provides you with a good foundation for a discussion with your technology person.
Network Firewall / Router
Before getting into protection, it’s important to note a few things about Malware. First, Panda Labs (a security research company) reports that there are now over 70,000 new pieces of malware released every day. Also, it’s not just sociopathic teenagers doing this for fun. Malware is big business for organized crime. In fact, in 2010 it’s estimated that Cybercrime (which includes Malware) generated over $600 billion – compared to the illegal drug trade which was estimated at only $400 billion.
One of the first lines of defense against malware is to install a hardware firewall/router on your network. This is not the modem that you may have received from your DSL or Cable provider – it’s another piece of hardware that sits between that modem and your computer(s). What these devices do is prevent someone from remotely accessing computers on your network without your knowledge. If you use Skype, it’s even more imperative that you have a hardware firewall/router installed to prevent your computer from being used by Skype as a call-interchange hub (also called a Super Node). The major manufacturers in this space are Belkin, D-Link, Linksys and Netgear, and the keyword you should search for is router.
Software or Personal Firewall
In addition to the hardware firewall, you should strongly consider a software firewall (also called a personal firewall). A software firewall will serve two functions. First, it will still protect your computer from malicious attacks when connected somewhere other than your main office. Second, it will let you know if an application on your system is trying to communicate to the Internet without your knowledge. There are rudimentary software firewalls built into Windows (since XP SP1) and Mac OS X, but they are limited in their capabilities. All of the major anti-malware software vendors (Kaspersky, McAfee, Norton and ZoneAlarm) have software firewall products available, either stand-alone or as part of their Internet Protection products.
The next layer of protection for endpoints is the anti-malware software I mentioned above. These started off as “anti-virus” products when viruses were our only concern, but have evolved to keep up with the ever-increasing threats. All of the vendors mentioned above have competing products that essentially perform the same functions, although they all have some features that they consider to be unique. At the very least, you should look for a product that has firewall, anti-virus, anti-spyware, wireless and spam protection. If you need something more than this for your own personal needs, then make sure that you add that requirement to the list.
Updates and Patches
Another component to malware protection is actually the simplest – and it’s free. Make certain that you have all of your products setup so they check for (and where possible, automatically download and install) patches and updates. The number of people who do not patch their system, even though there is no additional cost for this service, is surprising. Microsoft generally releases patches the second Tuesday of every month (which we refer to in the industry as patch Tuesday), and it includes not only the operating system, but also any Microsoft applications like Office. Other vendors are not on a set schedule, but still release patches as needed to protect against potential threats. And just because you may be running the Mac OS or Linux does not mean you can ignore patches. In 2008, an unpatched version of Mac OS X (Leopard) was hacked in less than 10 minutes during a security conference. And in 2009 there were actually more vulnerabilities found in the various versions of Linux than there were in Windows.
Upgrading Applications and Operating Systems
And last, but certainly not least, is to make sure that your operating system or applications are still supported and patched by the manufacturer. Windows 95, Windows 98, Windows Me and Windows 2000 have not been supported for many years and Microsoft stopped providing support for any version of Windows XP except Service Pack 3 in 2009. Without support, there will not be any patches. Cyber criminals know that a lot of people still run older operating systems, and there are numerous vulnerabilities that they can exploit. And once they have control of your systems, they can steal any valuable information they find and then use the machine in order to attack other systems.
If you don’t take precautions against Malware, your computer and your client’s data may be at risk. And if your client data is compromised, it could mean a huge impact to your business. We’ll discuss Personally Identifiable Information (PII) next time, and encrypting your sensitive information after that.
John Schaefer is an information security expert with over 20 years of experience in Global 100 corporations. His experience includes application development, network operating systems, network hardware, and security architecture. He is the Chief Technology Officer for Eastvale Consulting Services, Inc.
Susan Schaefer is the owner of Ships ‘N’ Trips Travel (www.shipsntripstravel.com) located in Brentwood, Tennessee and specializes in leisure travel with a focus on group travel and charity fundraisers. Through their division Kick Butt Vacations (www.kickbuttvaations.com) she focuses on travel for young adults under 35. Susan can be reached by email at firstname.lastname@example.org or by phone at (888) 221-1209).