A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Malware

Programs that are designed to harm your computer

Malware (short for “malicious software”) is any software designed to harm your computer, such as viruses, worms, Trojan horses, and rootkits.

  • A computer virus is a program that attaches itself to an application or "host file" and then spreads by making copies of itself. Some type of human action (e.g. opening an attachment) is always required for a virus to take effect. Once a virus gets onto your computer it might modify, delete, or steal your files, make your system crash, or take over your machine.

  • A computer worm is like a virus, but it infects other computers all by itself, without human action and without a host file. It usually infects other computers by sending emails to all the names in your email address book.

  • A Trojan horse is a program that tricks you into running it by appearing useful or harmless. However, once it is run it damages your computer, usually by providing "back door" access to the computer. This allows hackers to control or use your computer, destroy or steal files, install viruses or spyware, or run arbitrary programs.

  • A rootkit is a program that allows an intruder to gain access to your system without your knowledge by hiding what it is doing on the system. The intruder can then install difficult-to-detect back doors into your system to seize control.

Protective Measures

Practices

  • Only perform file transfers from trusted sources: This reduces your risk of downloading files infected with malware and introduces accountability, so that you have a better chance of getting a response if you do have a problem.

  • Scan all files that you receive through file transfer: It is a good idea to scan the files that you receive from P2P networks with your anti-virus software to detect malware. This may slow down the transfer, but it will help keep your computer safe.

  • Check a corporate wireless network's security level before connecting: Many corporate networks allow users to connect their wireless devices to the network. However, not all of these networks are secured. In fact, it is quite easy for a user to connect his/her wireless device to a corporate network without getting permission first. When this happens, the user may intentionally or unintentionally transfer viruses onto the company network, putting everybody on the network at risk. You should make sure your corporate network is secure before connecting your own device. If users can connect to your company’s network without getting permission or a password, it’s probably not a good idea to connect to that network at all.

  • Make sure the public network you connect to is secure: Many public networks are not secure and do not even require you to identify yourself with a password. Not only do you run the risk of being infected by malware from other users on such a network, you may unintentionally transmit malware to them as well. Make sure you only connect to secured networks that ask users for a password.

    Unfortunately, wireless cards and operating systems are set up to automatically connect to any network in range. Disabling or modifying this setting requires a thorough understanding of your operating system, so you should generally leave this setting alone. Your best option is to check the network every time you connect and manually disconnect if the network is not secure.

Settings

Reveal the full names of your files: By default, Windows operating system hides the full names of files; however, it's a good idea to display the full names of all your files so you know exactly what files you are opening. To set this in Windows XP or Windows Vista:

  1. Open any folder.
  2. In the menu bar, select Tools > Folder Options > View.
  3. Under Files and Folders, uncheck the "Hide extensions for known file types" option.
View tab

Tools

  • Anti-virus software: The popularity of the Microsoft Windows operating system makes it a prime target for hackers and other virus writers, so anti-virus software is crucial for users of this system. Anti-virus software works by identifying files that match definitions of known viruses and keeping them from infecting the system. Make sure that your virus definitions are kept up to date by automatically or manually downloading them from your software manufacturer's Web site. Do not install more than one anti-virus program because incompatibility issues between the programs may end up leaving your system unprotected.

    Two popular anti-virus packages are Symantec’s Norton AntiVirus  and McAfee AntiVirus . AVG , AntiVir  and ClamWin  are free alternatives. The major anti-virus programs, such as Symantec and McAfee, can protect against worms and Trojan horses as well as viruses.

    PDA and mobile phone anti-virus applications normally interact with the full version on a PC and hold fewer virus definitions. New virus updates are automatically transferred from your desktop computer each time you synchronize your PDA. Therefore it is important to keep your desktop computer's anti-virus software updated and synchronize your PDA regularly. Some commonly used anti-virus packages are Trend Micro's PC-cillin for Wireless  and Symantec AntiVirus for Windows Mobile .

  • Firewall: A firewall is like a security guard for your computer that monitors the traffic into and out of your computer. A firewall is your first line of defense against intrusions, especially Trojan horses. One popular firewall is Symantec's Norton Personal Firewall . The Windows operating systems such as Windows XP and Windows Vista  include a firewall that is turned on automatically. This built-in firewall is described in more detail on the Microsoft site .

  • Rootkit detection software: Rootkits cannot be detected by ordinary anti-virus programs because they are very good at hiding themselves. You need special software to detect rootkits, such as RootkitRevealer  by SysInternals and F-Secure Blacklight .

Connect Safely from Different Places

Mobile

Mobile device attacks have been pretty mild so far, but the growing complexity and memory of these devices and the establishment of new standards for mobile devices make the appearance of a devastating virus more likely. To date, viruses are the only type of malware seen on mobile devices, but there is nothing to prevent worms and Trojan horses from appearing in the future.

Be careful of how much personal information you store on your mobile device. If malware is able to access that data, you may not be able to recover it or stop the malware from sharing that information.

On the road

Many coffee shops, bookstores, hotels, and airports have public networks that you can connect your wireless device to. However, you should be especially careful to protect yourself from malware when you use your laptop to transfer data on a public network, because these networks are often not secure.

Ethical Issues

The intentional distribution of malware is clearly unethical, since it disrupts and sometimes disables computers and can cause financial and productivity losses. Accessing hacker sites and trying out their tools is at best unwise, and using these tools against computers other than your own without permission is likely to be unethical or illegal, depending on the nature of the tools.

Legal Issues

Intentional distribution of malware is considered illegal worldwide. Famous malware programs like Code Red and the Melissa virus caused several million dollars in losses, and each started in a simple malware application. The creator of the Melissa virus was prosecuted under Title 18, United States Code, Section 1030  and sentenced to 20 months in prison and a $5,000 fine.

Privacy Issues

Be careful of how much personal information you store on your computer. If malware is able to access that data, you may not be able to recover it or stop the malware from sharing that information.

My home page