Five Anti-Malware Recommendations That Could Save Your Network

Malicious code comes hard and fast, so it helps to take some extra precautions when securing your network.

by / October 2, 2009

Viruses and other malicious worms come so hard and fast nowadays that it can be easy to have a fatalistic attitude toward IT security. Outsider threats are everywhere, and cyber-criminals develop new code so fast that the good guys can't move fast enough to stop the latest digital diseases coming their way.

Many anti-virus programs search for known signatures, or established behavior, from existing viruses that already are out there. Once the programs identify these signatures, they get to work eliminating them. But oftentimes attacks come that no one's seen before, so there's no known signature to search for.

This means that security-minded pros have to get crafty. Below are five recommendations and links to advice that might provide some comfort to those looking for answers.

o Consider a least privilege security model: The SANS Institute, an organization that trains and certifies people in IT security, recommends a least privilege security model, or one where people are only given access to the systems and resources they need to perform their duties, and no more. That way, if something is infected, an "outbreak" is more contained because the privileges are more contained.

o Automate anti-malware updates: The Center for Strategic and International Studies, a nonprofit think tank that researches government and social issues, published the report, Twenty Important Controls for Effective Cyber Defense and FISMA Compliance, in August 2009 to let governments know what they should do to keep data under lock and key. Critical Control No. 12 suggests automating anti-malware updates because relying on users and policy to handle it manually isn't reliable enough.

o Install application software security: Critical Control No. 7 recommends installing tools, including Web application security scanning tools, source code testing tools and Web application firewalls, to safeguard against compromised Web applications that are floating around on the Internet.

o Write stronger Web site code to make sites more resistant to infiltration: "There is a real need for some scrutiny of the Web site code," said Roel Schouwenberg, a senior anti-virus researcher with Kaspersky Lab. If important Web sites were written with better quality code, it would be harder for cyber criminals to corrupt them. If organizations don't have the in-house expertise to build stronger code, they can seek help from consultants.

o Implement different types of white lists and black lists: A white list is a list of entities, whether they are applications, users, e-mail senders, etc., that can interact with or operate within your network. Conversely a black list is a list of entities that are denied access on a system.


Hilton Collins

Hilton Collins is a former staff writer for Government Technology and Emergency Management magazines.

Platforms & Programs