Many anti-virus programs search for known signatures, or established behavior, from existing viruses that already are out there. Once the programs identify these signatures, they get to work eliminating them. But oftentimes attacks come that no one's seen before, so there's no known signature to search for.
This means that security-minded pros have to get crafty. Below are five recommendations and links to advice that might provide some comfort to those looking for answers.
o Consider a least privilege security model: The SANS Institute, an organization that trains and certifies people in IT security, recommends a least privilege security model, or one where people are only given access to the systems and resources they need to perform their duties, and no more. That way, if something is infected, an "outbreak" is more contained because the privileges are more contained.
o Automate anti-malware updates: The Center for Strategic and International Studies, a nonprofit think tank that researches government and social issues, published the report, Twenty Important Controls for Effective Cyber Defense and FISMA Compliance, in August 2009 to let governments know what they should do to keep data under lock and key. Critical Control No. 12 suggests automating anti-malware updates because relying on users and policy to handle it manually isn't reliable enough.
o Install application software security: Critical Control No. 7 recommends installing tools, including Web application security scanning tools, source code testing tools and Web application firewalls, to safeguard against compromised Web applications that are floating around on the Internet.
o Write stronger Web site code to make sites more resistant to infiltration: "There is a real need for some scrutiny of the Web site code," said Roel Schouwenberg, a senior anti-virus researcher with Kaspersky Lab. If important Web sites were written with better quality code, it would be harder for cyber criminals to corrupt them. If organizations don't have the in-house expertise to build stronger code, they can seek help from consultants.
o Implement different types of white lists and black lists: A white list is a list of entities, whether they are applications, users, e-mail senders, etc., that can interact with or operate within your network. Conversely a black list is a list of entities that are denied access on a system.