+44(0)1633 276003 [email protected]

Anti-malware solutions“Mal­ware” cov­ers a huge range of threats includ­ing vir­uses, spy­ware, ransom­ware and more. So, anti-mal­ware solu­tions must defend on sev­er­al fronts. Many include anti-spam and fire­wall solu­tions too, as these block com­mon mal­ware sources.

Some oper­at­ing sys­tems are more secure than oth­ers, but noth­ing can be 100% secure. Mal­ware is built to work around any pre­dict­able default pro­tec­tions. So, whilst it’s worth keep­ing built-in anti-mal­ware up to date, you’ll need more.

Essential Anti-Malware Components

So, what fea­tures should you look for in your anti-mal­ware solu­tion? Well, there are five that no sys­tem should be without.

1. Anti-Virus

The most obvi­ous require­ment is an effect­ive, up-to-date anti-vir­us sys­tem. These mainly handle:

  • Vir­uses – which need human inter­ac­tion to spread
  • Worms – which self-rep­lic­ate. These can take down an entire net­work of com­puters without much human involve­ment
  • Tro­jans – which hide mal­ware inside files and pro­grams that look poten­tially use­ful

These clas­si­fic­a­tions mostly refer to the deliv­ery meth­od. Their mal­ware pay­loads may do all kinds of harm. These threats evolve so rap­idly that anti-vir­us rules need fre­quent updates. Ideally, these occur every hour, but should be checked at least daily.

Vir­uses can spread through many media. Email attach­ments and links put infec­tion only a single, absent-minded click away. Just plug­ging in an infec­ted USB stick can install a key-log­ger to steal pass­words — or worse. Nat­ur­ally, vir­uses can be hid­den in down­loads, too. So, good anti-vir­us pro­grams integ­rate with email pro­grams and browsers. This lets them provide “on-access” scan­ning of all drives, down­loads and attach­ments.

Hacked web­sites can also be invis­ibly infec­ted to install mal­ware on vis­it­ors’ com­puters. Scan­ning links and web pages slows them down too much for most users. Still, some anti-mal­ware solu­tions track known prob­lem sites and can block some risky actions.

2. Firewall

A fire­wall is a vital com­pon­ent of any anti-mal­ware sys­tem. Its job is to exam­ine the source, des­tin­a­tion and type of data enter­ing and leav­ing your machine. They block poten­tially dan­ger­ous data trans­fers by break­ing the con­nec­tions they’re using. Applic­a­tion con­trol options extend this to lim­it­ing which pro­grams can send and receive data.

Finally, Win­dows allows oth­er com­puters to con­nect through sev­er­al “ports” (data chan­nels) by default. These “open” ports make Win­dows machines easy to find — and attack — across net­works. You can read more about how to block open ports here, but a good fire­wall can fix this auto­mat­ic­ally.

3. Anti-Spyware

No defence is per­fect, so it’s wise to pro­tect against the things mal­ware does if it gets through. Unfor­tu­nately, this could include any­thing a hack­er could do from your key­board. How­ever, typ­ic­al ‘spy­ware’ beha­viour includes log­ging key­strokes and iden­tity theft.

So, an anti-key­log­ger helps to pro­tect pass­words and sens­it­ive data. Sim­il­arly, iden­tity pro­tec­tion sys­tems track requests for sens­it­ive data like pass­words and bank details. This ensures such details aren’t sent to untrus­ted sites without your per­mis­sion.

4. Anti-Ransomware

Ransomware illustrationRansom­ware hit the news big-time in 2017. It encrypts your data and offers to decrypt it for a ransom. Decryp­tion requires a key that only the attack­er has. So, please don’t ask oth­er tech­ies to “crack the code” — we don’t like hav­ing to dis­ap­point you.

If you’re lucky, pay­ing the ransom will recov­er your files. Crim­in­al hack­ers do this often enough to keep people pay­ing — but not always. Also, ransoms often use anonym­ous “crypto­cur­ren­cies” like Bit­Coin. These can be hard to get if you haven’t bought them in advance and can’t access your com­puter.

In late 2016, mal­ware hit an indi­vidu­al every 10 seconds and a busi­ness every 40 seconds. In early 2017, 60% of mal­ware car­ried ransom­ware. If you need more stats to get your col­leagues to take ransom­ware ser­i­ously, check out this post.

So, there are sev­er­al ways to mit­ig­ate ransom­ware attacks. Some just stock­pile Bit­Coin and expect to pay up. How­ever, aver­age ransoms now exceed $1000. So, with no guar­an­tee of get­ting files back, that’s a last resort. A safer option is to keep fre­quent, con­stant backups. I’ll cov­er that in more detail later in this cyber­se­cur­ity series.

Still, even backups often lose the most recent file changes. So, a new type of anti-mal­ware pro­gram has ris­en to meet the ransom­ware chal­lenge. Anti-ransom­ware attempts to detect when and how files are being encryp­ted. It learns the encryp­tion pat­tern, blocks the pro­cess and attempts to restore the files.

5. Anti-Rootkit

Mal­ware often defends itself. Some dis­able known anti-mal­ware solu­tions, so your defences must be able to defend them­selves. Oth­er mal­ware sets up re-install­a­tion trig­gers in case any­thing dis­ables it. Anti-mal­ware solu­tions can defend against that too, so some mal­ware goes a step fur­ther.

A rootkit effect­ively sits out­side your oper­at­ing sys­tem. When you turn the com­puter on, it activ­ates first. This lets the rootkit con­trol how the oper­at­ing sys­tem starts up and lim­its any defences. As a res­ult, deal­ing with a rootkit may need spe­cial­ist help. So, any anti-rootkit fea­tures your secur­ity solu­tion can offer are a plus.

Free vs Paid Anti-Malware Solutions

Price may not be a tech­nic­al fea­ture as such, but it’s often the main con­sid­er­a­tion. This is a mis­take. Even the best free anti-mal­ware solu­tions are lim­ited in scope.

On the oth­er hand, how much would it cost to recov­er if all your com­puters were wiped tomor­row? Now add in the cost of the dis­rup­tion to your busi­ness. That’s what it would be worth spend­ing to pre­vent such a dis­aster. Thank­fully, the cost of good anti-mal­ware solu­tions is tiny by com­par­is­on. So, they should be a no-brain­er for any small busi­ness.

How­ever, some solu­tions are more effect­ive than oth­ers. Also, they all work at low levels in the oper­at­ing sys­tem to block unex­pec­ted beha­viour. This often makes com­bin­ing solu­tions from dif­fer­ent vendors unre­li­able — and it can be cata­stroph­ic.

Conclusion

So, it’s worth look­ing for a fully-integ­rated secur­ity suite. Sev­er­al cyber­se­cur­ity com­pan­ies offer good, full-fea­tured solu­tions. Per­son­ally, I’ve found ZoneAlarm’s solu­tions reli­able. ZoneAl­arm was the first pop­u­lar, port-clos­ing fire­wall for Win­dows. It now includes best-of-breed com­pon­ents like Kasper­sky anti­vir­us, too. PC Mag also recently rated ZoneAl­arm Anti-ransom­ware as “the most effect­ive ransom­ware-spe­cif­ic secur­ity tool”.

This art­icle is part of a cyber­se­cur­ity series that began here. Don’t miss the next part! Use the form in the side­bar to sub­scribe to email alerts for new art­icles