Threat Protection – Tools and Best Practices ‐ Objectives 

1. Threat Types – Express familiarity with different threat types such as Virus, Malware, Trojan, 

Spyware, and Downloaders. 

 

2. Threat Vectors – Be familiar with common threat vectors (sources) like websites, Scare Tactics, 

social networking, email, and media. 

 

3. Virus Protection ‐ Show knowledge of the following:  Real time protection, standalone 

protection, and the recommended frequency of scheduled scans  

 

4. The Unknown – Understand the concept of the “Unknown” malware. 

 

5. Reporting – Know what events should be reported/ recorded. 

 

6. Windows Updates – Express understanding of “2 forms and 2 flavors” as well as proper timing of 

updates installation. 

 

Threat Protection – Tools and Best Practices 

The greatest threat to our security is assuming the following: 

“Someone” is looking out for us. 

“They” have our best interests in mind. 

“They” do not have ulterior motives. 

“No one” would do that, it’s unethical. 

Threat Types 

Virus –  

A virus is a piece of code that is capable of copying itself and typically has a detrimental effect, 

such as corrupting the system or destroying data. 

Malware – 

Malware is software designed to infiltrate or damage a computer system without the owner's 

informed consent. It includes Trojans, viruses, worms, and downloaders. 

A Trojan horse, or Trojan – 

A Trojan is a hacking program that is a non‐self‐replicating type of malware which gains 

privileged access to the operating system while appearing to perform a desirable function but 

instead drops a malicious payload, often including a backdoor allowing unauthorized access. 

This can allow the Trojan creator an opportunity to utilize your computer. 

Spyware –  

Spyware enables a hacker to obtain information about another person’s computer activities. It 

does this by by transmitting data covertly from their hard drive thru the internet. 

Downloaders and Droppers –  

Downloaders continually downloads “all of the above” to keep the computer infected even after 

removal of the offending program. Once inside your computer they can be used to bypass 

antivirus programs by concealing malware payloads within a container/program or downloading 

them directly.  

 

 

 

Threat Vectors 

Internet ‐ 

Bait ‐ We are Fish. Game and screen saver websites, and Internet Explorer add‐ons.  

Screensavers are programs. Any program can be poorly written. 

Avoid game and screensavers sites – Many game sites will require you to install an add‐on to 

internet explorer. Some of these add‐ons can be harmful to your computer and others can take 

your internet over completely. Screensaver websites are a known source of viruses and 

malware. As well, poorly written screen savers can cause performance problems with your 

computer. They may not unload from memory fully or can cause memory faults because they 

are trying to use memory already being used by windows or other programs.  

Social Networking –  

Social networking applications like “Facebook” and others allow you to pass files (programs, 

pictures, and documents between users. Just because they are your friend on Facebook it does 

not mean they are safe with their files or computer/device. 

Scare Tactics –   

Don’t fall for Scare Tactics. Analyze everything…. Scare tactics come from many sources, Email 

warnings, website pop‐up ads, etc., warning you that your computer is infected. They are 

designed to convince you to take some action that will ultimately be harmful to your computer 

or your identity. The safest way to close a popup webpage or rogue program is to hit CTRL‐ALT‐

DEL and click on Task Manager. Select the internet explorer instance or program that you think 

is the proper one and click on end task. Alternately you can log out of any software package that 

you are connected to shut down your computer normally without clicking on anything else. 

Email – 

Don’t give out your work email address online unless it is for official business. The best way to 

reduce junk mail is by not giving out your address unless it is necessary in the performance of 

your job duties.  Do not participate in joke/junk mail circles. Your address gets forwarded on to 

everyone else who ever reads it in the future. 

Preview pane in Outlook or other email clients. 

Turn off the preview pane (reading pane) in your email client – With the preview pane on, you 

can’t select an email to delete it without opening it in the viewer. Turning off this preview will 

allow you to select and delete without ever opening the mail. Disable for inbox, junk, and 

deleted items. 

 

 

Personal emails –  

Don’t check your personal email while at work. Doing so subjects your office computers to un‐

necessary risk. If you must check personal email at work please get authorization from your 

supervisor.  Utilizing your personal email for work related activities can subject your email 

account to investigation and possible search now and into the future due to unforeseeable 

litigation that may be put upon your office/department. 

Media –  

Any tape, CD, DVD, floppy, flash, or other “Input/Output” device can carry malware and can 

infect your computer/device.  

 

Virus Protection –  

Free Antivirus – 

  Free antivirus products rarely provides as much protection and support as a paid for antivirus. 

Review the EULA of any “Free” products that you use to be sure that “Use on Government computers” is 

allowed. 

Real‐Time Protection – 

Real‐time protection resides between you and your computer and the internet. It monitors 

incoming/outgoing data and blocks its entry into the computer if the data matches a known 

malware pattern. 

Never install more than one antivirus program that provides “Real Time” protection on your 

computer. They will fight for ultimate control and your computer can suffer from poor 

performance as a result. 

Standalone Protection –  

Get a second opinion ‐ Freestanding programs (not to be confused with free programs) are 

available that can provide you with a second opinion of your malware status. Online scanning 

for malicious software can also be done at several antivirus vendor sites.  

Scheduled Scans –  

The most overlooked protection step is not scanning your hard drive. Just having an antivirus 

installed and updated is not enough. Weekly/monthly scheduled scanning of your drive should 

also be taking place. As your antivirus learns of new threats (updates), it may detect a malware 

that has been living in your computer without your knowledge. 

The Unknown… 

New or unknown viruses and malware – All malware spends some time as an unknown. There is always 

some time lag between when a virus or malware gets created and when you are protected from it. 

Someone has to get it. It has to be identified as a virus. Antivirus vendors have to update their detection 

schemes to detect it and you have to download the update. This can take weeks during which time you 

are vulnerable to the new attack. The only 100% protection for a computer is not to have it connected 

to any network or internet at all. Even then, CD’s or flash drives that are infected can be inserted 

infecting even the invulnerable.  

Reporting ‐ Need for Reporting, virus, odd behavior, and compromise. 

Report any suspicious activity or unexpected computer events to your supervisor – If your antivirus 

reports a virus or your homepage suddenly changes you should report this to your supervisor. Odd 

behavior can be your warning that something is about to go wrong. It may be that your computer and or 

data have been compromised and this should be investigated further.  

Windows Updates ‐   

Windows updates provide security patches and performance fixes as well as “bug” fixes and “Service 

Packs”.  

Service packs (come from windows update) are MAJOR operating system upgrades and should 

only be done after backing up your data and when you have plenty of time for it to finish. 

A cautionary note about timing and workload ‐ Do not perform windows updates just prior to any major 

work project like payroll, year‐end processes, or budget. 

Windows Updates – Windows updates comes in 2 forms, Automatic and Manual and 2 flavors, 

Windows updates and Microsoft Updates. Most users will install automatic updates routinely 

because they get reminded by the balloon popup every time they log on or shutdown. Users 

should periodically perform a manual update by clicking on the windows update link.  

 The first time there you should sign up for “Microsoft Updates” This will allow updates for other 

Microsoft products (Word, Excel, etc) to be installed as well. After signing up for “Microsoft 

updates”, you should repeatedly come back to this link until it shows 0 (zero) critical updates 

available. Manual updating should be done every 6 months. 

 

LGC recommendations/offerings –  

Your office may purchase AVG antivirus from LGC. After the initial sale, we can include the AVG product 

renewal in with your annual hardware support costs on contracted computers. For non‐contracted 

computers we can provide renewals on demand at a cost. 

LGC also offers “Malwarebytes Antimalware”. It comes quoted automatically with any new PC and we 

can sell a copy to any existing user. MWB is a onetime purchase per computer and is not transferrable. 

 

Discussion 

Testing  

Closing 

 

3/6/2014

1

Tools and Best Practices

INTRODUCTION

The greatest threat to our digital security is assuming the following:

• “Someone” else is looking out for me.

• “They” have my best interests in mind.

• “No one” would do that, it’s unethical.

• It won’t happen to me, I have nothing of value on my computer.

• It won’t matter if I get a virus because all I do is surf the internet.

OBJECTIVES

To gain a basic understanding of the following topics:

Threat Types

Threat Vectors (sources)

Virus Protection

The Unknown Malware

Reporting

Windows Updates

3/6/2014

2

THREAT TYPESMalware

Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It includes Trojans, viruses, worms, and downloaders.

Virus

A virus is a piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.

Trojan

A Trojan is a hacking program that is a non-self-replicating type of malware which gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload, often including a backdoor allowing unauthorized access. This can allow the Trojan creator an opportunity to utilize your computer.

Spyware

Spyware enables a hacker to obtain information about another person’s computer activities. It does this by transmitting data covertly from their hard drive thru the internet.

Downloaders and Droppers

Downloaders continually downloads “all of the above” to keep the computer infected even after removal of the offending program. Once inside your computer they can be used to bypass antivirus programs by concealing malware payloads within a container/program or downloading them directly.

MALWARE – TROJANS, VIRUSES, WORMS, AND DOWNLOADERS.

Trojans allow the enemy inside your computer by opening a backdoor.

Viruses are self replicating and spread throughout your files.

Worms propagate themselves thru your local area network

Downloaders Invite all their buddies into your computer

Malware

THREAT VECTORS• Internet - Avoid game and screensavers sites – Many game sites will require you to install an

add-on to internet explorer. Some of these add-ons can be harmful to your computer and others can take your internet over completely. Screensaver websites are a known source of viruses and malware. As well, poorly written screen savers can cause performance problems with your computer.

• Social Networking – Social networking applications like “Facebook” and others allow you to pass files (programs, pictures, and documents) between users. Just because they are your friend on Facebook it does not mean they are safe with their files or computer/device.

• Scare Tactics – Don’t fall for Scare Tactics. Analyze everything…. Scare tactics come from many sources, Email warnings, website pop-up ads, etc., warning you that your computer is infected. They are designed to convince you to take some action that will ultimately be harmful to your computer or your identity. The safest way to close a popup webpage or rogue program is to hit CTRL-ALT-DEL and click on Task Manager. Select the internet explorer instance or program that you think is the proper one and click on end task. Alternately you can log out of any software package that you are connected to shut down your computer normally without clicking on anything else.

3/6/2014

3

WE ARE ALL FISH

Screen Savers, Desktop images, and Games are the bait.

THREAT VECTORS - CONTINUED• Email – Don’t give out your work email address online unless it is for official business. The best

way to reduce junk mail is by not giving out your address unless it is necessary in the performance of your job duties. Do not participate in joke/junk mail circles. Your address gets forwarded on to everyone else who ever reads it in the future.

• Turn off the preview pane (reading pane) in your email client – With the preview pane on, you can’t select an email to delete it without opening it in the viewer. Turning off this preview will allow you to select and delete without ever opening the mail. Disable for inbox, junk, and deleted items.

• Personal emails – Don’t check your personal email while at work. Doing so subjects your office computers to un-necessary risk. If you must check personal email at work please get authorization from your supervisor. Utilizing your personal email for work related activities can subject your email account to investigation and possible search now and into the future due to unforeseeable litigation that may be put upon your office/department.

• Media – Any tape, CD, DVD, floppy, flash, or other “Input/Output” device can carry malware and can infect your computer/device.

EMAIL - KEEP SOME THINGS VERY PRIVATE

• Don’t give out your email address.

• Use a bogus account or fictitious information first.

• Create a 2nd Junk account for your junk correspondence that must have a valid address.

• Don’t check your personal email at work.

• Don’t check your work email at home.

3/6/2014

4

TURN OFF THE PREVIEW PANE

Turn off the reading pane for Inbox, Deleted items, and Junk Mail

VIRUS PROTECTION• Free antivirus products rarely provides as much protection and support as a paid for antivirus.

Review the EULA of any “Free” products that you use to be sure that “Use on Government computers” is allowed.

• Real-time protection resides between you, your computer, and the internet. It monitors incoming/outgoing data and blocks its entry into the computer if the data matches a known malware pattern.

• Never install more than one antivirus program that provides “Real Time” protection on your computer. They will fight for ultimate control and your computer can suffer from poor performance as a result.

• Standalone Protection – Get a second opinion - Freestanding programs (not to be confused with free programs) are available that can provide you with a second opinion of your malware status. Online scanning for malicious software can also be done at several antivirus vendor sites.

• Scheduled Scans – The most overlooked protection step is not scanning your hard drive. Just having an antivirus installed and updated is not enough. Weekly/monthly scheduled scanning of your drive should also be taking place. As your antivirus learns of new threats (updates), it may detect a malware that has been living in your computer without your knowledge.

FREE IS NOT REALLY FREE

• What does “Free” mean?

• Cost is not measured in pure dollars anymore.

• What is your privacy worth?

• What is access to your PC worth?

• Free versions are obviously something less than “Paid For” versions!

• Read the EULA

3/6/2014

5

THE UNKNOWN MALWARE

All malware spends some time as an unknown.

There is always some time lag between when a virus or malware gets created and when you are protected from it.

Someone has to get it. It has to be identified as a virus. Antivirus vendors have to update their detection schemes to detect it and you have to download the update.

This can take weeks during which time you are vulnerable to the new attack.

The only 100% protection for a computer is not to have it connected to any network or internet at all. Even then, CD’s or flash drives that are infected can be inserted infecting even the invulnerable.

REPORTING RESPONSIBILITIES

• Individual office personnel must report suspicious activity or they put the whole office at risk.

• It’s everyone’s responsibility to insure the security and integrity of office data.

• Government and Corporate offices are incorporating network monitoring systems to track data transfers and internet usage.

WINDOWS UPDATES

Windows updates provide security patches and performance fixes as well as “bug” fixes and “Service Packs”.

Service packs (come from windows update) are MAJOR operating system upgrades and should only be done after backing up your data and when you have plenty of time for it to finish.

Do not perform windows updates just prior to any major work project like payroll, year-end processes, or budget.

Windows Updates – Windows updates comes in 2 forms, Automatic and Manual and 2 flavors, Windows updates and Microsoft Updates. Most users will install automatic updates routinely because they get reminded by the balloon popup every time they log on or shutdown. Users should periodically perform a manual update by clicking on the windows update link.

The first time there you should sign up for “Microsoft Updates” This will allow updates for other Microsoft products (Word, Excel, etc.) to be installed as well. After signing up for “Microsoft updates”, you should repeatedly come back to this link until it shows 0 (zero) critical updates available. Manual updating should be done every 6 months.

3/6/2014

6

WINDOWS UPDATES VS. MICROSOFT UPDATES

LGC RECOMMENDATIONS AND OFFERINGS

• Your office may purchase AVG antivirus from LGC. After the initial sale, we can include the AVG product renewal in with your annual hardware support costs on contracted computers. For non-contracted computers we can provide renewals on demand at a cost.

• LGC also offers “Malwarebytes Antimalware”. It comes quoted automatically with any new PC and we can sell a copy to any existing user. MWB is a onetime purchase per computer and is not transferrable.

REVIEW QUESTIONS

1. True / False – Installing more than 1 antivirus at a time is recommended.

2. Pick the correct statement

a: Weekly/Monthly antivirus scan is recommended.

b: You never need to scan your hard drive.

c: Scanning annually is the only requirement.

3. The common threat types include:

a: bogus, hoax, malware, Trojans, and spyware

b. rogue, malware, virus, spyware and downloaders

c: malware, viruses, Trojans, spyware, and downloaders

3/6/2014

7

REVIEW QUESTIONS CONTINUED4. Common places to acquire a malware include:

a. subways, coffee shops, email, and internet cafes.

b. internet, social networking, scare tactics, email, and media

c. jail, prison, detention, my neighbors house, and the hospital

5. True / False . Unknown malware can’t hurt your computer because your antivirus does not recognize it.

6. Who should report unusual computer behavior?

7. Operating system updates comes in 2 forms and 2 flavors. What are they?

a. Reverse, forward, Chocolate, and Vanilla.

b. Automatic, manual, windows updates, and Microsoft updates.

c. Update, uninstall, windows updates, Microsoft updates.

LOCAL GOVERNMENT CORPORATION

Thank You for Attending

Threat Protectionat Resource 2014