Protection against the malwares , spywares , trojans and virus
There are a number of ways that you can detect, remove and prevent malware. Some of
these are common sense, others are technological alternatives. The following section
highlights some of these, with a brief explanation and examples.
Anti-Virus-software is available in many commercial and Open Source versions. These all work
following the same method. They each have a database of known viruses and they will
match the signatures of these against the files on the system to see if there are any infections.
Often though, with modern viruses, these signatures are very small, and there can often be
false positives - things that appear to be viruses that are not. Some virus scanners employ a
technique known as heuristics, which means that they have a concept of what a virus “looks
like” and can determine if an unknown application matches these criteria. Recently AntiVirus
software has also crossed the boundary into Host Based Intrusion Detection, by keeping a list
of files and checksums in order to increase the speed of scanning.
behavior from a worm or virus. It can then either alert the user, or automatically stop the
network traffic carrying the malware.
Host based Intrusion Detection systems, such as Tripwire, are capable of detecting changes
made to files. It is reasonable to expect that an application, once it is compiled, should not
need to change, so watching various aspects of it, such as its size, last modification date and
checksum, make it instantly obvious that something is wrong.
Worms propagate across the network by connecting to vulnerable services on each host.
Apart from ensuring that none of these vulnerable services are running, the next best thing is
to ensure that your firewall does not allow connections to these services. Many modern
firewalls will provide some form of packet filtering similar to a NIDS which will rule out packets
matching a certain signature. (Firewalls are discussed in more detail in section 7.1.2).
The concept of a sandbox is simple. Your application has its own little world to play in and
can't do anything to the rest of your computer. This is implemented as standard in the Java
programming language, and can also be implemented through other utilities such as chroot
in Linux. This restricts the damage that any malware can do to the host operating system by
simply denying it the access required. Another option is to run a full machine inside a machine
using a virtual machine product such as VMWare. This isolates the virtual machine from the
host operating system, only allowing access as defined by the user.
Good Safety AdviceThere are a number of simple things that you can do in order to minimize your risk to Malware.
• Only download from reputable sources ( that means no W4R3Z, please. )
• Don't open e-mail attachments from people you don't know.
• Don't leave macros enabled by default in your applications.
• Keep your OS and applications up to date with patches.
• If downloading and installing software with a checksum – check the checksum