We all understand the term ‘antivirus software’ but it no longer tells the whole story. Viruses are only one type of danger you need to protect your computers from and they are no longer even the most common threat. In the IT industry, we more commonly talk about ‘malware’, a generic term for viruses, trojans, spyware, worms and other threats, although the security products still refer to themselves as ‘antivirus software’.
Viruses are usually spread by email but the other threats are more commonly acquired by web browsing, and some get into systems on the back of freeware software, installed to help with a legitimate task. It’s a proverbial minefield for users who want software to do something outside their norm.
You can download free audio/graphic/video manipulation software, for example, from a plethora of sources, but most of this free software has a business model behind it. If it’s not obvious how they are making money out of you, there’s a chance there is more going on, on your PC, than you know about.
There are tell-tale signs. When we see a multitude of toolbars installed on a browser we know to look for spyware which can steal all types of information from your PC. If your browser search engine has changed without your knowledge, stop what you’re doing and raise the alarm.
Confirming what is and is not malware is not always straightforward. If you spend a few minutes searching for information on a product it’s likely that you’ll see it advertised on a legitimate website the next time you visit, as one MP recently discovered after complaining about an ‘inappropriate’ advert appearing on his screen. Determining if this is benign, or intrusive, is a matter of interpretation, but it is an indication of how easy your online activity can be monitored.
Like all software, anti-malware programs can fail to update, or even fail to operate. Having two layers of protection, one on the computer and one on the firewall, which sits at the perimeter of the network and can interrogate incoming traffic, is advisable, as are integrated management tools. Vipre, for example, alerts our Support Helpdesk if a PC has failed to adopt a recent signature update, allowing us to react and force the update. This feature alone has cut network infections by 50%.
Malware attacks are increasingly sophisticated, some don’t even use the internet, depending instead on propagation through memory sticks. Taking work off-network on a memory stick allows people to get things done out of hours, but if there is little PC security at home, where browsing habits can be more varied, the memory stick could return to your network with more than a few documents.
No matter what protection you have in place users need to remain vigilant. Alert them to the dangers and, if you don’t have one already, established an Acceptable Use of IT policy. Better still, impose controls on what staff can browse at the firewall.
