Malware Threats To The Work EnvironmentPosted in Functional Testing | March 29, 2011
Not thinking of malware threats when dealing with customer data is a mistake that many companies cannot afford to make. This should be priority one, right alongside network security. According to Symantec, "the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications."
Companies that handle sensitive customer data need to take extra precautions, as sometimes all it takes is one instance of malware infection to degrade customer's trust. According to Wikipedia, "Malware, short for malicious software, is software designed to secretly access a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, Trojan horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other malicious and unwanted software or programs."
Companies that handle customer's data over the internet are more likely to be exposed to malware by their very nature. It's one thing to have a private network with limited or no internet access, and quite another to be a business with a strong presence on the internet. So how does a company address these threats? While it is virtually impossible to completely safeguard from all threats, there are several methods for reducing the likelihood of infections.
Firewalls - These can help block attacks to your IP address from the internet. There are two main types of firewalls, software and hardware. Software firewalls come prepackaged in most modern operating systems, can be purchased as additional software, and are included with some antivirus programs. Hardware firewalls are network devices that are placed between the internet and the local area network, or LAN.
Antivirus/Anti-Spyware Programs - There are many well known antivirus programs on the market today, including; Symantec, Trend Micro, Norton, and Avast. These programs offer a certain level of protection from threats that may get by your firewall, and help protect computers from threats that come from internet usage and email.
Some antivirus programs, like Avast, offer a boot-time scan that will scan your computer for threats, and remove them before the operating system loads (which is when many malware programs become active).
Some antivirus programs also offer to back up your system data, so that in case of infection, files can be restored once the threat is eliminated.
It is important to note that there are many fake antivirus programs that can infect computers, and cause many problems for users and administrators, as they are often very hard to remove. Some of these include:
- Antivirus Pro 2010
- Smart Antivirus 2009
- Spyware Doctor
- XP Defender Pro
- Live Security Suite
Anti-Spyware programs are often beneficial as they can help remove some malware programs that a traditional antivirus cannot. There are many fake versions of these as well, but a few legitimate ones to consider are:
- Spybot - Search & Destroy
- SUPER AntiSpyware
In conclusion, businesses have several choices when it comes to protecting themselves and customers from malware. No matter the choice, it should always be kept in mind that employee actions on the internet, when at work, can potentially have a negative effect on the company. Internet usage should be kept to a minimum, unless necessary to do business, and email links should NEVER be clicked unless from a reliable and trusted source. With a strong firewall, an up-to-date antivirus program, and cautious employees, a safe and secure network is very possible!
Jason Lassetter is a software tester for DeRisk IT Inc. He has worked on numerous manual and automated platforms. His specialties include automated functional testing with SmartBear's TestComplete Suite.
Note: DeRisk IT is now known as DeRisk QA.