WEBVTT 00:00.000 --> 00:04.335 >> Hello. Okay, how do we defend against malware? 00:04.335 --> 00:05.700 The best way to deal with 00:05.700 --> 00:07.814 >> malware is to just not get it. 00:07.814 --> 00:09.330 >> You do this by having 00:09.330 --> 00:11.700 good anti-malware software installed. 00:11.700 --> 00:14.145 It should include antivirus scanning 00:14.145 --> 00:16.065 and some behavior-based scans. 00:16.065 --> 00:17.550 That is kept up-to-date with 00:17.550 --> 00:19.604 >> the virus definition files. 00:19.604 --> 00:23.145 >> It should include anti-spyware and anti adware, 00:23.145 --> 00:24.510 and you need to make sure that 00:24.510 --> 00:25.650 >> you have your system scan 00:25.650 --> 00:27.660 >> regularly and make sure 00:27.660 --> 00:30.210 you keep the definition files up-to-date. 00:30.210 --> 00:33.300 The threat landscape is changing all the time, 00:33.300 --> 00:35.545 so it's important to stay up-to-date. 00:35.545 --> 00:37.310 Usually this is something that 00:37.310 --> 00:40.030 network administrators will take care of. 00:40.030 --> 00:41.560 You also need to make sure you 00:41.560 --> 00:43.770 are patching systems that need it. 00:43.770 --> 00:47.045 Often when news of malware makes it into the media, 00:47.045 --> 00:49.525 a remedy for it will already be available. 00:49.525 --> 00:52.065 But it's hard to keep up with all the patches, 00:52.065 --> 00:53.570 so you need to have a system that 00:53.570 --> 00:55.505 makes it easy to stay up to date. 00:55.505 --> 00:57.050 If you are not familiar with 00:57.050 --> 00:59.605 Microsoft Patch Tuesday, you will be. 00:59.605 --> 01:02.790 Microsoft dumps tons of updates out regularly, 01:02.790 --> 01:04.459 and you need a way to prioritize 01:04.459 --> 01:06.440 the patches to keep up with. 01:06.440 --> 01:08.360 Another good defense against 01:08.360 --> 01:10.160 malware is make sure you have 01:10.160 --> 01:11.945 good clean baseline images 01:11.945 --> 01:14.335 that you can revert back to you if you need to. 01:14.335 --> 01:16.430 Then also change management 01:16.430 --> 01:18.119 >> and configuration management. 01:18.119 --> 01:20.630 >> System should be locked down so that users 01:20.630 --> 01:23.285 can't install any piece of software that they want. 01:23.285 --> 01:26.270 Especially users who are guest to the network. 01:26.270 --> 01:28.400 Everyday users should not be making 01:28.400 --> 01:31.190 changes to the baseline images of the systems. 01:31.190 --> 01:34.940 If you allow users to make changes, they will. 01:34.940 --> 01:36.770 When I got started as 01:36.770 --> 01:39.050 a help desk technician in the mid-1990s, 01:39.050 --> 01:41.480 I remember getting a call from an end-user. 01:41.480 --> 01:44.315 The persons of their system was performing solely, 01:44.315 --> 01:46.040 so I got there and I took a look at 01:46.040 --> 01:47.600 the system and the person 01:47.600 --> 01:49.730 had bands I buddy running on it. 01:49.730 --> 01:51.770 I don't know if you're familiar with this, 01:51.770 --> 01:53.390 but it was a purple gorilla 01:53.390 --> 01:55.505 that would follow your mouse all over the screen, 01:55.505 --> 01:58.790 and back then with one megabyte of memory on machines, 01:58.790 --> 02:01.040 something like that would take up a lot of 02:01.040 --> 02:03.790 resources and make things perform solely. 02:03.790 --> 02:05.900 Today change management would 02:05.900 --> 02:08.225 prevent a user from downloading something like that, 02:08.225 --> 02:11.970 potentially introducing malware onto the system. 02:12.770 --> 02:16.310 Your big takeaways in the world of malware, 02:16.310 --> 02:19.695 malware can get distributed in a lot of different ways, 02:19.695 --> 02:22.265 it can take on a lot of different forms. 02:22.265 --> 02:25.325 Be particularly careful for Trojans. 02:25.325 --> 02:27.110 These are things that people download 02:27.110 --> 02:29.090 because they seem like they would be helpful, 02:29.090 --> 02:31.760 but they're actually infected with malicious software. 02:31.760 --> 02:34.470 You can have viruses and worms. 02:34.470 --> 02:35.960 The big difference between 02:35.960 --> 02:37.460 >> the two is that a virus needs 02:37.460 --> 02:38.960 >> a user action and it needs 02:38.960 --> 02:41.090 a host to live on like an application. 02:41.090 --> 02:45.535 Whereas a worm spreads from system to system to system. 02:45.535 --> 02:48.920 The best way to deal with malware is just don't get it. 02:48.920 --> 02:51.410 Use good anti-malware software. 02:51.410 --> 02:54.665 Update your systems, run your scans regularly, 02:54.665 --> 02:56.990 lock your users down with good policies, 02:56.990 --> 03:00.960 so they don't install garbage on your systems.