C235 IT Security and Management

LP1
Lecture 2.2 : Malware Protection and
Prevention
 Learning Objectives

• Malware Protection

• Malware Prevention
 Malware Protection
• Anti-virus Software
• Personal Software Firewall
• Pop-up Blockers
• Windows Defender
• Anti-spam Software

3
 Anti-virus Software
• The purpose of anti-virus software is to detect and
eliminate malware.
• Most anti-virus software combine the following
approaches when scanning for malware:
 Signature-based Scanning
 Heuristic Scanning
 Signature-based Scanning
• Anti-virus software contains a virus dictionary with
thousands of known virus signatures.
• Virus signatures in the dictionary must be frequently
updated, as new viruses are discovered daily.
• This approach will catch known viruses but is limited
by the virus dictionary. It cannot catch what it does
not know.

5
 Heuristic Scanning
• Heuristic scanning is a method of detecting
potentially malicious behavior by examining what a
program or section of a code does.
• Anything that is “suspicious” or potentially
“malicious” is closely examined to determine whether
or not it is a threat to the system.

6
 Capabilities of Anti-Virus Software
• Automated Updates
• Automated Scanning
• Media Scanning
• Manual Scanning
• Email Scanning
• Resolution

7
 Personal Software Firewalls
• Personal firewalls monitor and control traffic passing
into and out of a single system.
• It can be use to determine what traffic is ‘good’ and
allowed to pass and what traffic is ‘bad’ and is
blocked.

8
 Personal Software Firewalls
• Most operating systems come with some type of
personal firewall included.

9
 Pop-up Blocker
• Pop-up blocker is a functionality
in may web browser to prevent
pop-ups.

10
 Windows Defender
• Purpose is to protect computer from spyware and
other unwanted software.
 Spyware Detection and Removal
 Scheduled Scanning
 Automatic Updates
 Real-time Protection
 Software Explorer
 Configurable Responses

11
 Windows Defender
• Below shows confirmation message after turning off
the Windows defender in Windows 8

Copyright © 2009 by Republic Polytechnic,

12
Singapore. All rights reserved.
 Antispam Product
• Attempt to filter out that endless stream of junk
email so you don’t have to.
• Some products operate at the corporate level,
filtering messages as they enter or leave designated
mail server.
• Other products operated at the host level, filtering
messages as they come into your personal inbox.

13
 Malware Prevention
 Education
 Be careful when you install or run software
 Ensure download is from reliable sources
 Disable autorun
 for removable media such as thumb drive
 Security software
 Personal Software Firewall (block unwanted traffic)
 Anti-virus (get virus dictionary updated)
 Malware Prevention
 Operating System updates
 Windows Update to get the latest bugs fixes that are
potentially exploitable
 Same with other OS (Linux, Mac OS X, etc)

 Application updates
 Application bugs are potentially exploitable
 May not be part of the Operating System updates – must be
updated separately

 Advisories circulation by the IT Department

 Updates of new malicious threats
 All users should take note and be vigilant
 Watch video on ‘Malware Prevention’
• https://www.youtube.com/watch?v=W80-xoZg2pY
(Time: 0.00-1.59)

16
 Quiz
• Which of the following methods is most suitable to
prevent adware?
A. Anti-virus Software with heuristic scanning
B. Personal Software Firewall
C. Pop-up Blockers
D. Anti-spam Software

17
 Quiz
• It is important to update the virus dictionary of an
anti-virus software because
A. heuristic scanning may not work if virus dictionary is
not updated.
B. the anti-virus software will not reflect the latest
version
C. the virus dictionary will capture signatures of all new
malware.
D. the anti-virus software will be slow in detecting
malware.

18
 Quiz
• Antivirus software cannot detect this type of
malware. Which type?
A. Ransomware.
B. Virus because it attached to executable files.
C. Worm because it can replicate independently.
D. Zero-day because it is a new malware.

19
At the end of this lesson, you should be able to

• Describe the various malware protection methods.

• Explain the various measures taken to prevent

malware.