Five Types of Malware and Five Ways to Defend Against Them


Malware is a generic term used to describe any malicious software. Most people recognize the term “virus,” but in reality, malware varies in prevention, symptoms, and treatment. Ultimately, they’re all designed to harm your computer and/or steal your information. The key to dealing with virtual villains is to be able to identify their differences.  Here’s how:

A virus replicates and spreads. 

Just as a human virus multiplies and spreads from person to person, a computer virus does the same. Clicking on a prompt without reading it is the most common way a computer can become infected, and accidentally installing a virus is the equivalent of feeding Mogwai after midnight. It seems innocent enough, but basically wreaks gremlin-like havoc, multiplying and terrorizing your files, sometimes rendering your machine completely useless. Some viruses will corrupt or delete arbitrary files, while others are capable of targeting the important stuff, such as autorun scripts and MS Office macros. 

Spyware steals your information.

Spyware is pretty much what it sounds like. It’s designed to collect information about you to be used in various fiendish ways, like stealing your passwords and sensitive information, adding annoying toolbars, etc. Spyware is harder to detect because it doesn’t usually halt processes, but rather just slows them down. Many people don’t even realize they’re infected, and more often than not, they’re infected by more than one. It’s a slippery villain, and not all antivirus software is capable of detecting it. 

Ransomware holds your files hostage. 

Ransomware comes in many forms, often posing as alarmist antivirus software, or a sketchy email file that essentially invades your machine, locks up your files, and holds them hostage for a ransom. In most cases paying the ransom does nothing and you won’t be able to uninstall the ransomware, or even use your machine. 

Trojans install back doors. 

Trojans are also appropriately named malware, because like the legend of the Trojan Horse, they install a “back door,” which will allow your machine to be controlled from a remote location. They won’t replicate like a virus, and must be installed, but otherwise work similarly. They can also use your machine as a proxy server for concealing attacks against other machines, or sending ridiculous amounts of spam. Not cool. 

Worms infiltrate your network. 

A worm, commonly mistaken as a virus, can destroy files on your machine by multiplying and sending copies of itself through a network, without any user interaction. They take advantage of network vulnerabilities and can be somewhat prevented through a well-built firewall. 

Virtual villains evolve constantly. Take precautions and be sure to keep your antivirus software updated; in general, don’t install suspicious looking files (an mp3 should not end in exe, and so on). And when in doubt, contact an IT professional. 


Precautions you can take BEFORE an attack occurs:

Get in the Cloud. 

Cloud services allow your business to run applications through the internet, rather than having to download software on a physical computer. It’s more flexible, particularly when you are scaling your business. Cloud-based backup and recovery is easy to manage. It’s easier to share and store files. Updates and security are automatic. Simply put, no fuss, no muss. It’s out of your hands.

Staaahhhp ignoring updates. 

Seriously, not cool, guys. We get it. Updates are inconvenient. Sometimes they add unwanted features. Sometimes you just feel safe and sound in the known. But more often than not, updates are fixing cyber bugs that you may not even know you have. They prevent software errors and unexpected behaviors. But most importantly, they patch security vulnerabilities that leave you looking like prey to hackers, malware, and ransomware. Take the time to update. Just do it.

Up-to-date data security policies are not optional anymore.

Create order! One click on the wrong kind of attachment in an email can leave your entire company network at risk. It’s important to implement training and policies to protect your business. Keep employees aware of scams and ensure that employees are updating their software. The internet is not a fad. It’s here to stay, so this is something that all companies should get used to keeping updated. 

Think of IT professionals as ethical hackers. 

Unless you’re an IT professional, odds are, you don’t spend a lot of time looking for vulnerabilities in your own data security. But the harsh reality is that there are many people who do just that. And they do it well. Unfortunately, not all of them are trying to do you a favor. Hiring a security expert or an IT company to keep tabs on your network is just good sense these days. Cyber villains are only getting smarter. IT professionals know how their minds work. So let the experts worry about your data, and you focus on your core competencies…like making money.

Be paranoid about your passwords. 

Sometimes an attack is as simple as getting a password that somebody used for all of their accounts. Not a smart move. It’s best to create a handful of diverse passwords with numbers, letters, and symbols, and change them up every few months. We know, it’s a pain. But identity theft or data theft is much more inconvenient than having to remember a few new passwords. We promise.  

Repeat this in your head until it sticks: Creating strong passwords is no longer a choice.

Many of you are doing the same thing with the passwords to your favorite website and mobile app accounts.  You know you should be creating strong, complex passwords, and changing them regularly, but it just never gets done.

Here’s the bad news:  You have to have strong passwords.  Cyber-criminals and their tools are constantly getting better, and failing to keep pace with your passwords makes you a sitting duck.  Sorry, your dog’s name followed by the current year will no longer cut it. 

Here’s the good news:  You don’t have to agonize about complex passwords.  There are lots of great methods for not only creating strong, hack-resistant passwords, but also keeping them straight in your mind.  

Tips and tricks for creating (and REMEMBERING) your passwords:

METHOD 1: ONLINE PASSWORD MANAGER

Without question, using an online password manager is the best way to go.  These are web-based tools for creating and managing strong passwords.  While they tend to cost a bit of money, they make creating and changing passwords a breeze.  They also allow you to easily enter your complex passwords into login fields for websites, and in some cases, mobile applications.  

PCmag.com has a nice roundup of password managers here: http://www.pcmag.com/article2/0,2817,2407168,00.asp

If you’re really serious about upping your password game, you’ll want to go this route.

METHOD 2: THE DIY APPROACH

However, if Method 1 is beyond the scope of your budget and/or level of savvy, you can take a more DIY approach. Here’s an easy method you can use to come up with solid passwords you might have a prayer of recalling:

Pick a phrase or quote you like. Literary or movie quotes work well.  The more obscure it is, the better. For example, we’ll use the opening line from “Roadhouse Blues” by The Doors.

Keep your eyes on the road, your hands upon the wheel.

Take the first letter of each of those words and put them together:

kyeotryhutw

Good passwords should always have capital letters, so capitalize some of them:

KyeoTRyHutw

You don’t always have to have digits in a password, but you should add some anyway. Try to avoid using birth years or other dates that might be easily found by searching social media profiles, or elsewhere online.

KyeoTRyHutw976

You definitely want some special characters in there, even if the site doesn’t require it.  

KyeoTRyHutw976!*

There. That’s a decent password that should fulfill the requirements of any policy you apply to it.  “But that’s pretty complicated,” you say, “How am I supposed to remember all that?” One thing you can do is shorten the letter portion. 

KyeoTR976!*$” is still a pretty good password. It’s certainly better than “Muffie2016.”  

Store abbreviated versions of your passwords in a text file for safekeeping. 

The point of using a movie quote or song lyric is that it’s easy to remember.  But if after all of this you still have problems pulling up your passwords from memory, there is one more direction you can take: You can store your passwords in a text file on your computer.  This is typically a definite no-no, but if it’s either this or falling back to “child’s name plus year you were born,” at least make it hard for the bad guys to get you. Do this by abbreviating your passwords when you write them down or store them as text files. 

Take our example password from above, remove the lowercase letters, and you get this: 

KTRH976!

Now you have a nice abbreviation of your lengthy password.  You know what the full password is, but anyone finding this abbreviation would be missing pieces to the puzzle.  Using the capitals as your “reminder letters” will help you keep those straight from the lowercase ones.    

By switching up your capital letters, numbers, or characters, you could make variants on your main passwords and use them for other websites or accounts.

Here’s one possible variation…

KyEOtryhuTW976&#

…that you could then write down like this:

KEOTW&#

If you choose to go down this path, we advise you to only do this for your personal passwords.  Even if they’re truncated, your company IT department will probably still take issue with you writing down or storing passwords on your computer, in any form.   

Granted, this method doesn’t allow for the complexity and flexibility of a password manager tool, but it’s free, secure, and pretty easy. Most importantly, it’s a convenient exit ramp off of the weak password highway, and onto the road of better account security.  It might even make passwords fun.  Just remember to KYeoTRyhUtw!    

 

 

Leave a comment

Search:

10 Signs Your IT Support
is Reactive, Not Proactive

Download our exclusive eBook to learn how your business can benefit from proactive IT support.