Use an anti-malware application and keep it up to date
Once you've ensured that there are no gaping holes in your machine's defenses, it's time to think about taking action against anything malicious that might slip through.
Viruses or worms can exploit previously unknown (or "zero-day") security holes and set up shop on your machine, using it as a launching pad for attacks other systems. This kind of software is known as "malware" and is often created for financial gain. A computer can become infected with malware when an infected application is downloaded and run, either by an unsuspecting user, a compromised website, or a network worm.
Authors and distributors of malware can monetize an infection by:
- Getting paid for every advertisement the program can pop up or email the program can send from the infected desktop
- Stealing private information, like credit card numbers, from infected computers and reselling it to third parties
- Acquiring sufficient information from a computer to assume the identity of the computer user and making purchases
- Encrypting the contents of the drive and ransoming your own data back to you
Most viruses and malware can be prevented by anti-malware software.
Columbia students, faculty, and staff are provided with a free license for Symantec Endpoint Protection. This software can be installed both at home and in the office.
Tips about anti-malware scanners
While scanning a machine with an anti-malware application is a good measure, it does not need to be done every day. The realtime protection functionality is much more immediately helpful. This functionality will attempt to stop and quarantine malware as it attempts to execute.
Keep in mind that an anti-malware application cannot defeat viruses or spyware that it does not know about, so it's very important that it be kept up to date. Symantec and Norton products use LiveUpdate to update themselves with new malware definitions and signatures. LiveUpdate can be configured easily to update daily or weekly, but be sure not to set it to a time when the machine will be turned off.
If your office workstation is administered for you, is part of a LAN, or you use the CUIT Central server please contact your system administrator before using Symantec Endpoint Protection.
If you currently have other anti-malware software on your computer, but you would prefer to use Symantec Endpoint Protection, you will need to un-install your existing software before installing Symantec Endpoint Protection.
Another approach to stopping malware is through the use of application whitelisting software. Whitelisting software will only run applications that you have explicitly allowed, and stop any other code from running on your computer. It can involve some training and trial-and-error, but it's one of the safest methods of stopping unknown or unwanted malware from getting a foothold on your system. Columbia University offers the Digital Guardian Application Whitelist Software for certain members of the University community.
Digital Guardian Application Whitelist Software
- Digital Guardian website
- Use: Prevents unauthorized programs from running on your computer
- Cost: Columbia University has limited licensed copies, may require cost for usage
- Requests: Please contact the CUIT Security Office at firstname.lastname@example.org to see if you are eligible for this software
The Digital Guardian approach to whitelisting enables the device to control the execution of applications by establishing a unique key, or signature, for each application and device. Applications requiring the use of the CPU must present the unique pre-approved key to gain access to resources. If the key is not presented, the application cannot execute, and in the case of malware, it will be contained and cannot spread.