Академический Документы
Профессиональный Документы
Культура Документы
LP1
Lecture 2.2 : Malware Protection and
Prevention
Learning Objectives
• Malware Protection
• Malware Prevention
Malware Protection
• Anti-virus Software
• Personal Software Firewall
• Pop-up Blockers
• Windows Defender
• Anti-spam Software
3
Anti-virus Software
• The purpose of anti-virus software is to detect and
eliminate malware.
• Most anti-virus software combine the following
approaches when scanning for malware:
Signature-based Scanning
Heuristic Scanning
Signature-based Scanning
• Anti-virus software contains a virus dictionary with
thousands of known virus signatures.
• Virus signatures in the dictionary must be frequently
updated, as new viruses are discovered daily.
• This approach will catch known viruses but is limited
by the virus dictionary. It cannot catch what it does
not know.
5
Heuristic Scanning
• Heuristic scanning is a method of detecting
potentially malicious behavior by examining what a
program or section of a code does.
• Anything that is “suspicious” or potentially
“malicious” is closely examined to determine whether
or not it is a threat to the system.
6
Capabilities of Anti-Virus Software
• Automated Updates
• Automated Scanning
• Media Scanning
• Manual Scanning
• Email Scanning
• Resolution
7
Personal Software Firewalls
• Personal firewalls monitor and control traffic passing
into and out of a single system.
• It can be use to determine what traffic is ‘good’ and
allowed to pass and what traffic is ‘bad’ and is
blocked.
8
Personal Software Firewalls
• Most operating systems come with some type of
personal firewall included.
9
Pop-up Blocker
• Pop-up blocker is a functionality
in may web browser to prevent
pop-ups.
10
Windows Defender
• Purpose is to protect computer from spyware and
other unwanted software.
Spyware Detection and Removal
Scheduled Scanning
Automatic Updates
Real-time Protection
Software Explorer
Configurable Responses
11
Windows Defender
• Below shows confirmation message after turning off
the Windows defender in Windows 8
13
Malware Prevention
Education
Be careful when you install or run software
Ensure download is from reliable sources
Disable autorun
for removable media such as thumb drive
Security software
Personal Software Firewall (block unwanted traffic)
Anti-virus (get virus dictionary updated)
Malware Prevention
Operating System updates
Windows Update to get the latest bugs fixes that are
potentially exploitable
Same with other OS (Linux, Mac OS X, etc)
Application updates
Application bugs are potentially exploitable
May not be part of the Operating System updates – must be
updated separately
16
Quiz
• Which of the following methods is most suitable to
prevent adware?
A. Anti-virus Software with heuristic scanning
B. Personal Software Firewall
C. Pop-up Blockers
D. Anti-spam Software
17
Quiz
• It is important to update the virus dictionary of an
anti-virus software because
A. heuristic scanning may not work if virus dictionary is
not updated.
B. the anti-virus software will not reflect the latest
version
C. the virus dictionary will capture signatures of all new
malware.
D. the anti-virus software will be slow in detecting
malware.
18
Quiz
• Antivirus software cannot detect this type of
malware. Which type?
A. Ransomware.
B. Virus because it attached to executable files.
C. Worm because it can replicate independently.
D. Zero-day because it is a new malware.
19
At the end of this lesson, you should be able to