A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Malware

Programs that are designed to harm your computer

Malware (short for "malicious software") is a general term for software such as viruses, worms, Trojan horses and rootkits that are designed to harm your computer.

  • A computer virus is a program that attaches itself to an application or "host file" and then spreads by making copies of itself. Some type of human action (e.g. opening an attachment) is always required for a virus to take effect. Once a virus gets onto your computer it might modify, delete, or steal your files, make your system crash, or take over your machine.

  • A computer worm is like a virus, but it infects other computers all by itself, without human action and without a host file. It usually infects other computers by sending emails to all the names in your email address book.

  • A Trojan horse is a program that tricks you into running it by appearing useful or harmless. However, once it is run it damages your computer, usually by providing "back door" access to the computer. This allows hackers to control or use your computer, destroy or steal files, install viruses or spyware, or run arbitrary programs.

  • A rootkit is a program that allows an intruder to gain access to your system without your knowledge by hiding what it is doing on the system. The intruder can then install difficult-to-detect back doors into your system to seize control.

When you browse the Web, you open yourself up to possible infection by malware. The main danger is the non-browser programs that are required to view certain "active content" online, such as Internet polls, animations, stock tickers and streaming audio or video. If these programs are used correctly by Web content providers, they improve your online experience. But if used maliciously by attackers, they can infect your computer with malware.

These programs, which can be plug-ins or scripting languages, are run without explicit user permission. Plug-ins temporarily assume control of the Web browser, which could allow somebody to exploit a security gap in the plug-in. Scripting allows the automatic issuing of commands to the web browser, including possibly harmful commands.

Protective Measures

Practices

  • Update your browser with the latest software updates and security patches: New security problems are constantly being found in browser software that has already been released. Software vendors therefore make updates or security patches available from time to time that fix these problems. A patch is a downloadable piece of software that repairs a security problem or other "hole" in the software. Since most intruders exploit these known weaknesses, failing to download a patch creates an unnecessary risk. The unpatched hole could serve as an entry point for hackers who want to examine, damage, or exploit the information and services on your computer. It is also important to use the latest version of your browser since newer versions will have stricter security standards and fewer vulnerabilities.

    Unfortunately, Internet Explorer does not have an automatic update feature. The Microsoft  Web site has a "Scan for updates" feature that scans your computer to determine which updates you need, including any for Internet Explorer. The Web site can be reached through the link above, or by the Tools > Windows Update option in Internet Explorer.

  • Perform frequent backups: Save your important data on a regular basis so that you can recover from a malware attack or intrusion. Thumb drives, CDs, and DVDs are good storage and transport media for large amounts of data. If possible, store your backup media in different location from the computer itself to keep them from both being destroyed in a fire or other disaster.

Settings

  • Set your web browser security level to Medium or High: Your browser's security level setting determines how much active content it allows. Internet Explorer has pre-defined "Default Level" security levels to choose from. You may also customize these Default Level security settings, which is more involved than simply selecting a Default Level.

    To set a pre-defined Default Level:

    1. In Internet Explorer, click on Tools > Internet Options.
    2. Select the Security tab and click the Default Level button.
    3. Make sure the Internet zone (globe icon) is selected in the window, and move the slider to Medium-High or High. Click Apply.

    Note the differences between the settings:

    • The Medium security setting generally allows active content. The browser will run programs, sometimes only after prompting you, that perform animations, allow the browser to read documents in various formats, and otherwise improve your browsing experience. However, this also allows these programs to possibly introduce malicious or unwanted code or files to your computer.
    • The High security setting prevents active content entirely. While this gives your computer better protection from malware, it may prevent you from viewing content on many Web sites.

Tools

  • Anti-virus software: The popularity of the Microsoft Windows operating system makes it a prime target for hackers and other virus writers, so anti-virus software is crucial for users of this system. Anti-virus software works by identifying files that match definitions of known viruses and keeping them from infecting the system. Make sure that your virus definitions are kept up to date by automatically or manually downloading them from your software manufacturer's Web site. Do not install more than one anti-virus program because incompatibility issues between the programs may end up leaving your system unprotected.

    Two popular anti-virus packages are Symantec’s Norton AntiVirus  and McAfee AntiVirus . AVG , AntiVir  and ClamWin  are free alternatives. The major anti-virus programs, such as Symantec and McAfee, can protect against worms and Trojan horses as well as viruses.

    PDA and mobile phone anti-virus applications normally interact with the full version on a PC and hold fewer virus definitions. New virus updates are automatically transferred from your desktop computer each time you synchronize your PDA. Therefore it is important to keep your desktop computer's anti-virus software updated and synchronize your PDA regularly. Some commonly used anti-virus packages are Trend Micro's PC-cillin for Wireless  and Symantec AntiVirus for Windows Mobile .

  • Firewall: A firewall is like a security guard for your computer that monitors the traffic into and out of your computer. A firewall is your first line of defense against intrusions, especially Trojan horses. One popular firewall is Symantec's Norton Personal Firewall . The Windows operating systems such as Windows XP and Windows Vista  include a firewall that is turned on automatically. This built-in firewall is described in more detail on the Microsoft site .

  • Rootkit detection software: Rootkits cannot be detected by ordinary anti-virus programs because they are very good at hiding themselves. You need special software to detect rootkits, such as RootkitRevealer  by SysInternals and F-Secure Blacklight .

Connect Safely from Different Places

Office

Individuals are not the only targets of viruses; in fact, the majority of malicious coding is aimed at large organizations. Hackers and virus programmers take even more satisfaction in their work when they can spread malware through a large company. It is also much easier for a virus to spread within an organization, as most computers are linked on a network and address books of individuals contain many addresses of colleagues. Check with your company's systems administrator or other IT personnel to make sure the measures below conform to company policies and that you are doing all you can to prevent your Web browser from introducing malware to your company's network.

On the road

With the spread of Internet access in hotels, coffee houses, bookstores, and airports, many travelers now use laptops away from home. However, the risks to your computer are high when you connect to the Internet in these public places.

Unfortunately, while a public network may have a router and firewall, you are sharing that network with many other people, and are thus vulnerable to malware attacks. You should take the same measures to protect yourself from malware on the road as you do at home. If you are using a computer that is not your own, you may not be able to use all these measures, so you should be especially cautious with what you do on such computers.

Ethical Issues

The intentional distribution of malware is clearly unethical, since it disrupts and sometimes disables computers and can cause financial and productivity losses. Accessing hacker sites and trying out their tools is at best unwise, and using these tools against computers other than your own without permission is likely to be unethical or illegal, depending on the nature of the tools.

Legal Issues

The intentional distribution of malware is clearly unethical, since it disrupts and sometimes disables computers and can cause financial and productivity losses. Accessing hacker sites and trying out their tools is at best unwise, and using these tools against computers other than your own without permission is likely to be unethical or illegal, depending on the nature of the tools.

My home page