Many of us are concerned about the ever increasing threat to information security and business continuity posed by malicious software. Before delving into ways to deal with malicious software it’s important to ensure that we are all familiar with the commonly used terminology. Note: I wrote the following definitions myself.
Malware / Malicious Software = Software that is used by a third party to perpetrate acts against the owner of the target system/data
Virus = When used in relation to computer software the term “Virus” is used to refer to malware that replicates itself to adjacent systems following user interaction. Viruses typically carry a malicious payload that can cause disruption to the target system.
Worm = A class of Virus that automatically replicates itself to adjacent systems without user interaction – in other words they spread in an automated fashion
Rootkit = Software that can be used to hide (cloak) the presence of malware from the user. Sophisticated rootkits can hide themselves from both the Administrator and even the operating system. Personally my greatest security oriented concern for end user systems is the rapid spread of powerful rootkits as they invalidate all security mechanisms and can be very difficult to find. Many of the most powerful rootkits are freely available from public websites (including full source code) therefore the barrier to entry for those with malicious intent are incredibly low. There are even books detailing how to write your own rootkit.
Spyware = Software that hides itself on the target machine (often using a rootkit) to gather information about the interaction between the user and the system. Spyware commonly records every key press the user makes - this is known as “key logging”. Once spyware invades a system it can observe all system interaction even with encrypted website connections (HTTPS / SSL) and encrypted files.
The more I study malicious software the more I believe that as an industry we need to focus our efforts upon preventing malware getting onto our systems in the first place. One of the most effective ways to reduce the risk of malware compromising your systems is to sign onto computer systems using accounts that have the minimum amount of privilege. Least User Access (LUA) is a widely used term to describe the use of least privilege. Adopting the principle of LUA means that many people use two computer accounts – one with privilege and one without.
The privileged account can be used when the system administrator consciously wants to change the system configuration. Such a change could be to install additional software or hardware or perhaps to repurpose the system for a different scenario.
The least privileged account can be used for day to day activities such as browsing the Internet, accessing email, operating line of business applications and manipulating documents.
In a business environment there are likely to be people who are tasked with administering systems on behalf of users and therefore such people will of course have access to privileged accounts. In such an environment it may not be necessary for individuals to have access to accounts with administrative privileges. If people are mobile and therefore outside the timely reach of administrative assistance then there may be a case for them knowing the credentials of a privileged account for their system in addition to their normal credentials. Active Directory is a feature of Microsoft Windows that enables administrators to control the configuration of all Microsoft Windows computer systems in the environment from central point.
In a home environment of course all administrative tasks are likely to be carried out by the owner of the system. I encourage home users to take advantage of both a privileged (administrative) account AND a non-privileged account. I “sell” friends and family on the premise that their system is less likely to “break” (become infected with malicious software) if they use the non-privileged account for day to day activities.
Emerging services such as Microsoft’s OneCare offering can be used to take care of security updates and anti-virus / malware.
Dealing with Malware through proactive measures such as adopting the principle of least privilege is a classic case where changing your process can enable you to continue enjoying the benefits of technology without suffering the pain of security compromise and down time.
Your blog is the closest I can come to virus etc. information. I have a 'jumping curser' that has killed two computers and is now on this computer, it takes a year or two depending on use to stop the comp. which becomes slower and slower till it one day does not startup. I picked it up with Win 95, used a disk and took it to Win 98, norton did not locate the problem, now XP has it. as AVG virus checker did not locate it. I have manuscripts I am working on and need to use the disks. This computer has started to develop death roll symptoms such not shutting down, Word flashing from blue to green and not responding, very slow operation. initially it jumps when I type a 'y' or 'b' and up to 10 dif. letters. please help me or find someone who can. thanks *EMAIL ADDRESS REMOVED FROM THIS COMMENT TO PROTECT THE INDIVIDUAL FROM ANYONE WHO MAY ATTEMPT TO EXPLOIT THE PROBLEM*
I just don't have much to say these days, but so it goes. Today was a total loss. I guess it doesn't bother me.
Basically nothing noteworthy happening right now, but eh. Today was a complete loss. I haven't been up to much recently. I've pretty much been doing nothing worth mentioning.
I can't be bothered with anything these days, but such is life. I don't care. So it goes. More or less nothing seems worth thinking about. I've just been hanging out waiting for something to happen, but that's how it is.
My life's been basically bland today. More or less nothing seems worth thinking about. My mind is like an empty room. I've more or less been doing nothing to speak of. Not much on my mind recently.
I've just been staying at home waiting for something to happen. Whatever. Not much on my mind lately. I guess it doesn't bother me.
This is the second&nbsp;part of a three part response to a comment made by Matt&nbsp;in his comment regarding...