Combating that malware

Controlling malware today is no easy chore. Anti-virus and anti-spyware programs play key roles directly on the system with firewalls and intrusion detection/prevention systems guarding access at the same or higher levels. These are industry-norm protections for known threats, but somewhat less-effective for zero-hour attacks; which are attacks based on new, just-discovered vulnerabilities without remedies.

So, what can be done? To name a few, experts in the field recommend things like heuristics, file integrity checking, and running some things in a sandbox.

Start by ensuring the anti-virus solution uses heuristics along with traditional signature-based techniques, which many of today's security applications do. In a basic sense, heuristics is similar to profiling by law enforcement where, if program A is attempting to do something that malware is commonly known to do, maybe program A is malware and warrants a closer look.

File integrity checking monitors installed software for changes. Recent, unaccounted for change may signal malware so constant monitoring offers some protection in both detection and in the way of an escape path by returning to a previous, before-the-change state. In theory, file integrity checking will discover things missed by the anti-virus.

In the computer field, the term sandbox is applied to a testing environment that isolates software. Developers use sandboxes when trying new software or changes to existing software. It is a controlled environment, one that could also be very useful in the fight against malware. That's the premise behind an application called Sandboxie, whose slogan is Trust No Program.

Sandboxie reduces the access level of applications and confines software to a separate area preventing it from performing permanent illegitimate actions. It is available in both free and paid versions with the free one regularly suggesting payment for the full version after 30 days. Visit sandboxie.com for more info.

Ron Poland is a professor in the Computer Information Systems AAS program at Clinton Community College. Poland is certified in computer repair and networking by the Computer Technology Industry Association (CompTIA). He is also a Cisco certified network assistant. Questions may be sent to him via e-mail at ron@ronpoland.com.

Vote on this Story by clicking on the Icon


Use the comment form below to begin a discussion about this content.

Sign in to comment