What users should know about viruses, malware and other risks

Viruses, malware and other risks are a fact of life with respect to the Internet. It has, and will continue to be the proverbial “cat and mouse” game between those who create these sorts of risks and those who build the solutions to help protect against them. Unfortunately, even when users and companies are responsible and deploy protective solutions, it does not mean 100% prevention of infection. While implementing risk preventative solutions is a crucial component to Network and system security, no solution is 100% effective and ultimately, the last line of defence is the end user. Whether you are an IT Professional, consider yourself “technically savvy,” or believe yourself to be a non-technical person, it is important (more likely imperative) to understand the types of risks, how they are transmitted, what solutions are available to protect against these risks, how these solutions work, and what else can be done beyond implementing preventative solutions.

What are the various types of viruses and malware?

There are several types of computer viruses and malware and each type serves a specific purpose. Some of the purposes may include, but are not limited to:

Affect the way a computer starts up to make it more vulnerable to other infections
Hijack an Internet browser to redirect users to specific sites either for marketing purposes or to infect
further
Provide the attacker with the ability to take control of your computer or to use it combined with other
infected computers on the Internet to serve other purposes (like Spamming, consolidated attacks on other
computers, etc…)
Encrypt common file types on a computer (making them inaccessible) and only allow the user to obtain access to
the files if they pay a ransom
Send information (generally personal or private) to the attacker over the Internet
Deliver unwanted pop-up messages advertising products or services (generally referred to as Adware)

Are there other risks?

Yes. Other risks may not target a computer, but, target the user. Phishing attacks occur when a user receives a link in an email that appears to have come from a trusted organization, like a bank or government institution, requesting the user to confirm personal information. When the user enters personal details (bank accounts, social insurance number, birth date, phone numbers, etc…) the information is sent to the attacker. This information is either sold or used to steal identities and/or commit fraud which can affect the end user for months or years before the damage is rectified.

How are viruses and malware transmitted?

The most common methods of receiving a virus or malware on your computer are:

Web browsing (clicking a link on a website)
Email (clicking a link or opening an attachment received in an email)
External devices (infected laptop is connected to a network, USB drives, personal CDs, etc…)

How are computers and networks protected?

Some of the most common solutions deployed to protect computers from viruses and malware are:

Anti-virus software – software is installed on workstations and servers that monitor files being accessed and
also perform regular system scans to locate potential risks
Web filters – software or devices that review each website being accessed and filter out websites that are
either known to be a source of risks or sometimes detect a risk at the link being accessed
Email/SPAM filters – software or appliance that monitors email being received and sent from known risks or
blocks email coming from known sources of risks

How does the protection work?

Each solution listed above works in the same manner. They will have a “description” of each known risk called a signature. The signature tells the solution what to look for to identify the risk. When the risk is identified based on the signature, an action is taken to mitigate or clean the risk. The action could be to delete the risk, quarantine the risk in a protected area, block the email, or block access to a website.

It is important to understand that all of these solutions can only protect against “known” risks. If the risk is new, it may be a day or more before the solution providers develop a signature for the new risk and provide that update to the solution. This creates a window of opportunity for the risk to be effective until it is discovered. Similar to regular vaccinations that are able to protect people against infections, until the vaccination is created and made available, the patient is exposed to the risk of infection if they come in contact with the virus.

What else can be done?

Obviously, it is strongly recommended that each of the solutions outlined above are put into effect. Unfortunately, no solution, or combination thereof, are ever going to be 100% effective in protecting against an attack or infection. These solutions are intended to help mitigate against infections or attacks. The effectiveness of these solutions are only going to be as strong as the practices and strategies communicated to and employed by the end user.

Users must still be vigilant when receiving emails, browsing websites and/or opening files from external USB drives. It is also prudent for users to be aware of suspicious activity on their computer or symptoms of a potential infection and not be afraid to report it to prevent potential spread to other areas of the network and resolve the infection. In the example related to vaccinations, even after vaccination, people are advised to exercise additional preventative measures like proper hygiene, avoiding known risks of exposure (other infected people, locations, etc…), covering your mouth when coughing/sneezing, or simply being aware of the symptoms of an infection in order to take reactive steps to prevent the spread or resolve the infection.

Below are things to consider before clicking a link, opening an email attachment, or downloading a file:

Email:

Read the email: it seems intuitive, but read the email carefully…does it read like the sender
would write (if you know them)? Are you expecting the email with an attachment or link? If you are suspicious at
all, it does not hurt to phone the sender to confirm.
Do you know the sender? Is this somebody that you would expect to receive an email from?
Banks and government institutions will NEVER ask you to confirm any private details via email or on a website.
If you are suspicious, contact your bank or institution to confirm.
When you hover the mouse pointer over the link in an email, either next to the mouse pointer or at the bottom
of the screen, you will see a preview of the link. Does the link appear legitimate? If it came from an
organization, but the link is pointed to something else or does not contain the name of the organization in the
link itself, be suspicious.

Browsing:

Be vigilant on websites you are unfamiliar with or you have never visited before
Is the site relevant to what you are looking for? If not, leave the site
Again, hover the mouse pointer on a link to see at the bottom of the screen where it points…it will help you
determine if you are being redirected or downloading a risky file

External Storage Devices:

Do not use USB Drives that have been given to you without verifying that they are clean
Use your Anti-virus software to scan the drive for risks before using – right mouse click on the file, folder
or drive letter and click “Scan for viruses”

Last Line of Defence

When appropriate and effective risk prevention solutions are put in place, the last and final line of defence is the end user. Armed with an understanding of the types of risks, how they are transmitted, what solutions exist to help prevent their infection, how they work, and what end users can do beyond all of this to prevent falling victim to an infection, the end user can ultimately become the best line of defence. An ounce of prevention is worth a pound of cure…truer words were never spoken when it comes to protecting an organization’s technology.