Module 3. Malware and Antivirus

   

Malware and Antivirus






DEFINITION

Malware, short for malicious software, is created to damage, control, or steal information from computers. It includes various types of harmful software that can infect a system through web page components, pop-up ads, toolbars, or downloaded applications. Once inside, malware can steal sensitive information like passwords and bank details. Examples include Backoff, Dyreza, and BlackEnergy. Like a shell game where the pea is hidden, malware uses deception and stealth to infect systems, persist undetected, and communicate with external sources. Understanding and countering malware requires focusing on both the malware itself and the methods used to deploy it.

TYPES
  • Virus: A computer virus spreads like a biological virus by attaching to programs and files, relying on human actions to replicate and potentially harm systems by stealing data or creating botnets.
  • Trojan: A Trojan disguises itself as legitimate software to deceive users, allowing attackers to steal sensitive data, inject malware, or take control of infected systems remotely.
  • Worm: A worm is a self-replicating malware that spreads independently, consuming bandwidth, deleting files, and sometimes sending documents via email.
  • Spyware: Spyware secretly monitors user activity, stealing personal and financial information while also weakening browser security.
  • Ransomware: Ransomware locks users out of their systems by encrypting files and demands a ransom for decryption, though paying does not guarantee data recovery.
  • Rootkit: A rootkit is a stealthy malware that enables remote access to a system, making detection and removal difficult while allowing attackers to manipulate files and settings.

THE SYMPTOMS
  • Slow system: Malware can cause a system to slow down when there are no other apparent reasons like low RAM or disk space.
  • Pop-ups: Unwanted pop-ups indicate spyware infection and can introduce more malware if clicked.
  • Unexpected system crashes: Frequent crashes or the Blue Screen of Death (BSOD) may signal malware or hardware issues.
  • Excessive hard drive activity: Continuous hard disk activity without user action often points to malware infection.
  • Antivirus disabling: Malware is designed to disable antivirus software, preventing detection and removal.
  • New browser homepage or toolbar: Unwanted browser changes result from malware infection, often due to clicking malicious links.
  • Peculiar program activity: Programs opening or closing unexpectedly and strange boot-up behavior indicate malware presence.
  • Random network activity: High router activity without heavy data use suggests malware is operating in the background.
  • Blacklisted IP address: Receiving a notification of a blacklisted IP confirms that the system is compromised by malware.
HOW DOES ANTIVIRUS WORK
  • Scanning: Antivirus software detects malware by scanning files in memory and on disk, using on-access (real-time) or on-demand (manual) scanning methods.
  • Integrity checking: This method detects malware by comparing a program's current state with a previously recorded safe version but does not prevent infections.

LIMITATIONS OF ANTIVIRUS SOFTWARE
  • Limited detection techniques: Antivirus programs often rely on scanning, which may not detect all malware and can cause false alarms.
  • Does not offer full protection: Additional security measures like firewalls and routers are necessary to complement antivirus software.
  • Slows down PC or network: Running antivirus software consumes RAM, potentially reducing system performance.
  • Conflicts: Antivirus software may be incompatible with other programs or conflict with multiple antivirus installations, weakening security.

CHOOSING THE RIGHT ANTIVIRUS SOFTWARE
  • Compatibility: Antivirus software must work well with other programs to prevent security vulnerabilities.
  • Usability: It should be easy to use and understand for effective protection.
  • Comprehensive protection: The software must provide continuous security for files, networks, and system entry points.
  • Quality of protection: Effective antivirus software should detect, update regularly, remove infections, and maintain security without slowing performance.

Comments

Post a Comment

Popular posts from this blog

Module 4. Internet Security

Image
    INTERNET SECURITY DEFINITION Internet security is essential for both home and office users, protecting against fraud, theft , and property damage . It encompasses browser, network, and online data security, relying on encryption tools like PGP, firewalls, and antivirus programs . IMPORTANCES Privacy and confidentiality : Without protection, personal data can be intercepted and misused, leading to identity theft or scams. Identity theft : Hackers can exploit weak security to access financial or personal information, enabling fraud, unauthorized transactions, and loan applications. Data theft : Sensitive information such as photos, documents, and emails can be stolen, resold, or used for blackmail, damaging reputations and relationships. INSTANT MESSAGING Instant Messaging (IM) is a real-time communication method that allows users to exchange text messages, share files, and conduct video or voice chats through applications like Skype, WhatsApp, and Signal. IM provides featu...
Read more

Module 2. Securing Operating System

Image
    Securing Operating System WORKS OF OS Works with the processor to manage tasks Handles input from devices like keyboards Manages files, directories, and data storage Controls peripheral devices (printers, scanners, etc.) Displays output on the screen Allocates system resources (memory, CPU time) Ensures device and data security SECURING WINDOWS Lock Out Unwanted Guests Rename the Administrator Account Enable software & Windows update Enable Windows Firewall and Add the apps into it Raise the UAC Slider Bar Lock the System When Not in Use Prevent the Automatic Login Create a User Account Password in Windows Disable the Guest Account Turn on Windows Security Enable BitLocker Use EFS (Encrypting File System) Disable Unnecessary Services & unwanted processes Hide files and folders Disable Simple File Sharing SECURING MAC OS Lock the System When Not in Use Prevent the Automatic Login Enable Auto Software Update Disable the Guest Account Enable FileVault & Firewall...
Read more

Module 1. Introduction to Data Security

Image
    Introduction to Data Security DATA VS INFORMATION Information is processed data that carries meaning and value The difference is subjective , what is data for one person may be information for another SECURITY ELEMENTS Confidentiality Authenticity Integrity Availability Nonrepudiation POTENTIAL LOSS Final loss Unavailability of Resources Identity theft and fraud Loss of trust Data loss/theft Misuse of Computer Resources IMPLEMENTING SECURITY Precaution Precautionary measures protect systems from threats and minimize damage . Key steps include installing and maintaining antivirus and firewall programs, using strong passwords, downloading files only from trusted sources, performing regular virus scans, and keeping the system updated. Maintenance System maintenance supports precautionary measures by ensuring security and efficiency . It involves creating data backups, updating antivirus and firewall programs, maintaining sufficient storage, preventing CPU overheating, and c...
Read more