Defensive computing

Last updated January 26, 2024

Defensive computing is a form of practice for computer users to help reduce the risk of computing problems, by avoiding dangerous computing practices. The primary goal of this method of computing is to be able to anticipate and prepare for potentially problematic situations prior to their occurrence, despite any adverse conditions of a computer system or any mistakes made by other users. This can be achieved through adherence to a variety of general guidelines, as well as the practice of specific computing techniques.

Network security

Users put their computers at risk when accessing the Internet and other networks. The use of either of these allows others to gain access to a user's system and important information. By implementing certain strategies, defensive users aim to reduce the risk associated with network access.

Firewall

A firewall is a collection of security measures that protects a computer from harmful inbound and outbound traffic on the Internet and prevents the unauthorized access of computer systems.^[1] These security measures are integrated into the form of special software that runs autonomously either on individual computer systems, or externally through built in software within routers and modems.

Not all firewall software will protect computers from sending unauthorized or harmful outbound traffic. An important defensive computing strategy is to seek and implement quality firewall software that filters both inbound and outbound traffic.^[2]

Anti-malware software

A basic strategy for all defensive computer users is to install and use anti-malware software. Firewalls may not completely protect a computer. Malicious software may be able to get through a firewall and onto a system. Anti-Malware such as anti-virus, anti-phishing and email filtering software offer some protection against harmful software that reside within a computer. The amount of malicious software available over the Internet is steadily increasing.^[3] It is important for defensive users to use to anti-malware that is both effective and easily updated in order to combat new strains of malicious software that are developed.^[2]

The other side of anti malware is that it contains serious vulnerabilities itself.^[4] A malware could use vulnerabilities of anti-malware to launch malicious code.

Anti-malware works by scanning files a network connections for known signatures. Those signatures can never be up to date. To be able to scan network connections, encryptions (SSL/TLS) need to be bypassed or even broken by anti-malware software. When monitoring emails anti-malware opens all attachments for analysis, a bug in this scanner can be used as a starting point for malware. Attackers just need to send malware to a mailbox that is scanned automatically.

It is questionable if malware scanners are even useful at all. Ex Mozilla developer Rober O'Callahan writes in his blog that anti malware software should be disabled (except windows defender)^[5]

Skepticism

An important aspect of defensive computing is for users to be skeptical of the data to which they have access via the Internet.^[6] Malicious software can exist in a multitude of different forms and many are misleading to general computer users and even some anti-malware software. Defensive users think critically about the information they can access, to reduce their chances of downloading and spreading malicious software. Strategies include scanning email attachments prior to opening them and manually filtering suspicious emails from inboxes. Users should be aware of persuasive subject lines and headings in emails from any address, as they may actually contain malicious software or spam, which can mislead users into false advertisement resulting in identity theft.^[2] Defensive users can scan files they download prior to opening them and can also configure their computers to show file extensions, revealing potentially dangerous files that appear harmless.^[6] Skepticism can also be applied to the websites visited by users. As with emails, users can be led to false advertisements. Also, malicious software can unknowingly be downloaded and infect a computer, just by visiting a certain website.

Backup and recovery procedures

Despite the efforts of a defensive computer user, the loss of important data can occur due to malware, power outages, equipment failure and general misuse. Although the loss of data cannot be completely prevented, defensive users can take steps to minimize the amount of data lost and restore systems to their previous state.

Backup of files

A defensive strategy against unintentional data loss is the regular backup of important files. Users can make multiple copies of important data and store them either on the same computer or on another device such as a compact disc or an external hard drive.^[7] Users can also upload important files to the Internet, provided they have access to Internet storage services.

Restoration

Some operating systems give users the option of performing a procedure that restores a computer to a predetermined state. If no option is available, a user can obtain the appropriate restoration software for their system. In the event of a system failure or a serious case of data loss, a user can restore any lost or changed files and remove any malicious files that did not previously exist.^[7]

Good practices for protecting data

Regularly backup important files, documents and emails.
Do not use the administrator account for day-to-day activities.
Keep software up-to-date with the latest versions.
Keep antivirus and antispyware up-to-date with latest versions.
Use different passwords
Disable auto run feature from USB flash drives. Some viruses, specially worms, spread automatically through USB flash drives ^[8]
Always connect to the Internet behind a firewall
When in doubt, throw it out

Related Research Articles

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on exploiting the advantages of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Typically it works as an application layer firewall.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antivirus software to remove it. Usually the virus is fictional and the software is non-functional or malware itself. According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008. In the first half of 2009, the APWG identified a 585% increase in scareware programs.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the Norton 360 security suite.

Outpost Firewall Pro is a discontinued personal firewall developed by Agnitum.

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

Kaspersky Anti-Virus is a proprietary antivirus program developed by Kaspersky Lab. It is designed to protect users from malware and is primarily designed for computers running Microsoft Windows and macOS, although a version for Linux is available for business consumers.

Kaspersky Internet Security was an internet security suite developed by Kaspersky Lab compatible with Microsoft Windows and Mac OS X. Kaspersky Internet Security offers protection from malware, as well as email spam, phishing and hacking attempts, and data leaks. Kaspersky Lab Diagnostics results are distributed to relevant developers through the MIT License.

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

Alureon is a trojan and rootkit created to steal data by intercepting a system's network traffic and searching for banking usernames and passwords, credit card data, PayPal information, social security numbers, and other sensitive user data. Following a series of customer complaints, Microsoft determined that Alureon caused a wave of BSoDs on some 32-bit Microsoft Windows systems. The update, MS10-015, triggered these crashes by breaking assumptions made by the malware author(s).

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

Trend Micro Internet Security is an antivirus and online security program developed by Trend Micro for the consumer market. According to NSS Lab comparative analysis of software products for this market in 2014, Trend Micro Internet Security was fastest in responding to new internet threats.

Sality is the classification for a family of malicious software (malware), which infects Microsoft Windows systems files. Sality was first discovered in 2003 and has advanced to become a dynamic, enduring and full-featured form of malicious code. Systems infected with Sality may communicate over a peer-to-peer (P2P) network to form a botnet to relay spam, proxying of communications, exfiltrating sensitive data, compromising web servers and/or coordinating distributed computing tasks to process intensive tasks. Since 2010, certain variants of Sality have also incorporated rootkit functions as part of an ongoing evolution of the malware family. Because of its continued development and capabilities, Sality is considered one of the most complex and formidable forms of malware to date.

Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of endpoint devices such as laptops, tablets, mobile phones, Internet-of-things devices, and other wireless devices to corporate networks creates attack paths for security threats. Endpoint security attempts to ensure that such devices follow a definite level of compliance to standards.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

References

↑ http://www.cs.unm.edu/~treport/tr/02-12/firewall.pdf, A History and Survey of Network Firewalls
1 2 3 http://news.cnet.com/8301-13554_3-9923976-33.html, The Pillars of Defensive Computing
↑ Krebs, Brian (2008-03-19). "Anti-Virus Firms Scrambling to Keep Up". ISSN 0190-8286 . Retrieved 2023-04-26.
↑ Taviso (2016-06-28). "Project Zero: How to Compromise the Enterprise Endpoint". Project Zero. Retrieved 2023-04-26.
↑ Robert. "Disable Your Antivirus Software (Except Microsoft's)" . Retrieved 2023-04-26.
1 2 http://www.melbpc.org.au/pcupdate/2206/2206article6.htm Archived 2006-07-24 at the Wayback Machine , How To Protect Yourself From Virus Infection
1 2 http://www.microsoft.com/protect/yourself/data/what.mspx, How to Decide what Data to Back Up
↑ http://news.cnet.com/8301-13554_3-10027754-33.html, Be safer than NASA: Disable autorun

External links

Defensive computing priorities by Michael Horowitz December 2009

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[one-1] ttp://www.cs.unm.edu/~treport/tr/02-12/firewall.pdf, A History and Survey of Network Firewalls

[two-2] 1 2 3 http://news.cnet.com/8301-13554_3-9923976-33.html, The Pillars of Defensive Computing

[three-3] Krebs, Brian (2008-03-19). "Anti-Virus Firms Scrambling to Keep Up". ISSN 0190-8286 . Retrieved 2023-04-26.

[eight-4] Taviso (2016-06-28). "Project Zero: How to Compromise the Enterprise Endpoint". Project Zero. Retrieved 2023-04-26.

[nine-5] Robert. "Disable Your Antivirus Software (Except Microsoft's)" . Retrieved 2023-04-26.

[four-6] 1 2 http://www.melbpc.org.au/pcupdate/2206/2206article6.htm Archived 2006-07-24 at the Wayback Machine , How To Protect Yourself From Virus Infection

[five-7] 1 2 http://www.microsoft.com/protect/yourself/data/what.mspx, How to Decide what Data to Back Up

[seven-8] ttp://news.cnet.com/8301-13554_3-10027754-33.html, Be safer than NASA: Disable autorun

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

v t e Malware topics
Infectious malware	Comparison of computer viruses Computer virus Computer worm List of computer worms Timeline of computer viruses and worms
Concealment	Backdoor Clickjacking Man-in-the-browser Man-in-the-middle Rootkit Trojan horse Zombie computer
Malware for profit	Adware Botnet Crimeware Fleeceware Form grabbing Fraudulent dialer Malbot Keystroke logging Privacy-invasive software Ransomware Rogue security software Scareware Spyware Web threats
By operating system	Android malware Classic Mac OS viruses iOS malware Linux malware MacOS malware Macro virus Mobile malware Palm OS viruses HyperCard viruses
Protection	Anti-keylogger Antivirus software Browser security Data loss prevention software Defensive computing Firewall Internet security Intrusion detection system Mobile security Network security
Countermeasures	Computer and network surveillance Honeypot Operation: Bot Roast