2.11 Protective Measures

This video belongs to the openHPI course Cyberthreats by Malware. Do you want to see more?

2.11 Protective Measures

Time effort: approx. 23 minutes

An error occurred while loading the video player, or it takes a long time to initialize. You can try clearing your browser cache. Please try again later and contact the helpdesk if the problem persists.

Scroll to current position

00:01At the end of our openHPI course about Cyber Threats by Malware,
00:05we have to discuss protective measures. We have seen that there are so many
00:12different types of malware, what can be done to protect
00:17one's own systems the laptop, smartphone or other devices from
00:24getting infected by malware.
00:26And let's start with the topic- Program Updates.
00:32Program updates, in general, are provided to close system vulnerabilities
00:39and to eliminate the security risk of a program or of an application
00:46of the operating system.
00:48So, if you use an old software which is not updated
00:53then this is a really big security risk.
00:58The risk comes from the point that typically the vulnerabilities
01:02that are closed by such updates are publicly known,
01:07so attackers know that those old systems have this vulnerability and then
01:12they can employ exploit them to infect the system with malware.
01:19So, the general advice is - install updates as soon as such updates are available.
01:29The reason why such updates are needed is that manufacturers do not find all errors
01:35of a software, of an application
01:38during the test phase
01:40and so many security gaps are
01:44only known when the program is in use, when many people are using it,
01:50and then all such vulnerabilities are detected.
01:54Also, if an attack is detected that exploits this vulnerability then
02:00the vendor immediately can try to close this security gap
02:07that results from that vulnerability and provide updates to help you
02:15to secure your system.
02:19So, known security vulnerabilities can usually be closed by
02:24smaller updates, by smaller update packages.
02:29If there's more, basically you have to step over to
02:35a new version of the program or install the program
02:40completely. So, currently
02:43in the recent time, most programs automatically provide
02:50information on available updates because it's really a serious thing.
02:55So, if your system shows that an update needs to be done
03:00then please try to do this update as soon as possible.
03:06There are also helper applications that automatically check
03:11for updates for the installed software on your computer.
03:19Also, anti-virus programs check if the installed software
03:25can be updated by new updates that are provided.
03:31So, information is available but you should follow the advice - as soon
03:37as the information available that the program needs to be updated then do that (update).
03:43But with all the updates you need to be careful, you need to be careful
03:49that it comes from a trustworthy source.
03:54Sometimes attackers claim their malware as an update for a system,
04:01so every time check is it really from the producer of the software,
04:06from a known company or from a trustworthy source
04:10where you take the update and from where you update your systems.
04:18Otherwise, I mentioned that attacker, that cybercriminals often
04:24claim their malware as updates
04:29and then it's very easy for them if you think you update your system
04:33but in reality, you install the malware then they can do
04:38their work on your computer.
04:40I already mentioned anti-virus software: anti-virus software
04:44is a very important type of program, it's a system
04:52that you need to install in your computer system and the use
04:59of the anti-virus software is it helps you to detect malware.
05:05It not only helps you to detect virus malware, but it is also the name for a software
05:12that detects,
05:15detects all malware which is installed on your computer system.
05:22So, it detects not only viruses but also worms, trojans, spyware, scareware,
05:28and all the other malware types we have discussed and have
05:34introduced in our openHPI course.
05:39Sometimes people say instead of anti-virus, they say
05:43anti-malware software, it's more correct but more popular
05:49usage is of anti-virus software.
05:52Yeah, it is also
05:55possible, it's also able to monitor internet connections and warn you
06:02when you try to access an unsafe website.
06:06This could happen when you try to follow a link address.
06:11So a good anti-virus software is not only to detect installed malware,
06:15it also helps you to prevent
06:19malware infections.
06:22So, the anti-virus software should be mandatory,
06:27a mandatory component of each system to ensure that the system
06:32runs as secure as possible. How this anti-virus software is working?
06:39We explain this in an additional excursus on anti-virus software.
06:45"Backups" - the next topic you should think of.
06:49Many malware attacks on the internet result in data loss or
06:55in data damage, for example, if you remember ransomware
06:59then they would render the data encrypted so that you no longer have access to your data.
07:06In case of data loss due to malware or due to damage to the operating system,
07:12the data can easily be restored using the previously created
07:18back up copy.
07:21It can be restored better
07:24if a more recent back-up was done.
07:31So, important data, important personal data must be backed-up regularly,
07:39not once a year but you have to do it, depending on the usage of your system,
07:46once a week or even more often and
07:52because it's so important, many systems offer automatic data back-up
07:58at pre-defined intervals.
08:02But you need to be careful that the stored back-up,
08:08possibly the encrypted backup
08:12should be stored on an external media
08:16or should be stored in the cloud
08:18because if the attacker managed to gain access to your computer then
08:25you can lose the data, you can even lose the backups.
08:31So it is important that you connect a special
08:37disk or you have to do this with the cloud, you
08:41have to create a backup and then you have to take care that
08:45this back up is no longer connected
08:48to your system.
08:51Another tool which provides protective measures against
08:57malware are Firewalls.
09:00What are Firewalls doing? The Firewalls monitor network connections
09:06and they monitor all the traffic
09:10over the internet. So, the Firewalls check all the incoming packets
09:18to your system and so it can prevent unauthorized connection attempts.
09:26If someone for example, from a known attacker site, wants to
09:30connect to your system, the Firewall can detect it.
09:35Additional protection is given by Firewalls against network attacks
09:42such as attacks from backdoors or botnets.
09:47So, if someone tries to connect to your computer because he/she
09:52was able to install a backdoor or he/she was able to install to
09:58make it a bot in a botnet then by means of Firewalls this can be detected.
10:05There are different types of firewalls, there are local Firewalls
10:08which are installed on your machine and only are able to check
10:15your traffic, traffic of your machine
10:19with the network. And the other type is a
10:24Network Firewall which checks all network traffic
10:29and is usually installed on connection nodes between the local
10:34network and the internet. So here, with a network firewall, all the traffic
10:39is considered. In the case of local firewalls exactly
10:44your systems' and how you need the system, all this information is taken
10:49to protect this special system.
10:52So, in enterprise software, enterprise networks you need both
10:58you need Firewalls on your system and you need network Firewalls.
11:03How does this technique work?
11:07How are Firewalls are able to monitor and detect different malicious
11:16attackers or people, that try to connect? This,
11:19we will also explain in an extra excursus on Firewalls.
11:26Perhaps the most protective measure against malware is
11:33a healthy suspicion. Always be careful
11:38because this is the most effective protection that could be done
11:44by yourself with your knowledge
11:48and you're at the end responsible
11:52to protect your system from malware attacks.
11:57So, it is the best protection mechanism
12:01but the best technical protection mechanisms are no longer active or effective,
12:07if you as a user open to non-trustworthy content. If you open
12:13an attachment and in this way
12:16upload malware to your computer or if you visit a malicious
12:21website and in this way open the door to upload a malware.
12:27So, you are the one, it is in your hands to avoid a lot of,
12:36a lot of possibilities for an attacker to bring their malware to your system.
12:43So, it starts when installing,
12:46when you install new software,
12:48check where the software comes from, who is the manufacturer, what is
12:53the origin of the software - is this a known trustworthy vendor
12:59or is this someone nobody heard about?
13:02Do not follow simple
13:05recommendation, for example in a spam mail or in a phishing
13:09mail which says here that wonderful
13:11functionalities that are provided by the software, you can download
13:15it here and if you download then of course
13:20you also download malware.
13:23Verify the signature of the software to be installed,
13:28verify all the signature of the updates that are
13:32coming from the vendor of
13:35the software. This can be done automatically, it's a question of configuration.
13:41Then, if a warning appears,
13:45a manual verification is necessary.
13:50Another very important hint is what kind of software you
13:55should install on your system and the advice is:
13:59only install that software which you really need.
14:04Why should you? If you install unnecessary applications
14:09then with the vulnerabilities of those unnecessary applications
14:13you open doors for attacks.
14:15So, additional feature or optional plug-ins,
14:20all they provide are possibilities for the attacker to
14:27get their malware to your system or to attack your system.
14:32If you install the software you needed, then it's
14:37justified because you need it.
14:39But the software that's installed and not needed
14:43which can be misused by the attacker to break into your system
14:47or to install malware then it is completely unnecessary
14:53and increases the risk without any
14:57improved usage and this is particularly true for your smartphone.
15:04Check which apps you have loaded from the app-store to your
15:09smartphone and which of these apps you really need
15:15and use, which you have used in the last two-three weeks
15:19and then think to uninstall
15:23applications you are not using.
15:26Then you should turn off active content
15:31like Flash, Java, Active X in the web browser.
15:36The reason you should turn these off by default is that these
15:42web programming tools
15:46open doors, provide possibilities for a number of different attacks
15:51and intrusion opportunities. Eventually, it does not look
15:57so nice and dynamic
16:01but you close doors for the attackers to attack your system, to install malware
16:08on your system.
16:11Then, we often already saw this when we discussed the different types of
16:15malware, you should not open an email attachment
16:22if you do not know the sender or if you do not expect that this sender
16:28sends you this kind of information.
16:31Open email attachments only if the sender is known and the
16:36text can be assigned to the sender and when an email
16:42with an attachment was expected, otherwise, it's an easy way for an attacker
16:47to infect your system by hiding a
16:52malware in that attachment.
16:56And then keep calm with often-
17:00faked online warnings.
17:02You remember, when we spoke about scareware,
17:05and the warning is shown to you: "your system is infected, please do this and this",
17:10this is often a malware attack, it's often not real and you should not
17:18immediately follow what they propose to you.
17:21So, keep calm with such online warnings and particularly
17:26in case of a request for payment and fines.
17:32And then check installed software and remove all unused programs.
17:39I already mentioned this as important advice, to make your system
17:45more secure.
17:48Let's mention some protective measures against malware for mobile devices.
17:54Mobile devices that become more and more common and also provide the possibility
18:00to connect to the internet and to run applications on the internet.
18:06So, get your apps, get your applications only from trusted sources. So,
18:14take the applications from official app stores
18:19from Play Store from Android or from Apple's App Store.
18:26Be careful when you install a new app which does not have ratings
18:34or has only a few ratings, be careful because this all provides an entrance
18:41to your system and installing such an app
18:45you also install,
18:49eventually, hidden malware inside the application.
18:54Keep apps and operating system of the mobile devices always up to date.
19:00This is the same as with your system, you should
19:03timely install available updates. One can see this, so regularly
19:09in a regular way, you should restart, completely restart your app
19:13because in that way all the operating systems,
19:17operating systems updates are installed.
19:21Then this is true for systems, for the computer systems, laptops, and
19:26also for mobile devices - create backups.
19:30The system can be restored from an old backup in case of an infection.
19:35So, it's not necessary to negotiate with the
19:40cybercriminals about paying something, about ransom, you can easily
19:47restore your system by taking the data out of the backup.
19:52Then this is in particular important for applications on mobile devices,
19:58grant apps only minimal permissions.
20:03It's possible to set up the
20:07permissions, to which sources a new application can have access.
20:13One can do this in the phase of the start-up of the initial
20:19installation and start-up of the settings or you can go into the settings
20:26of your system, they are available here.
20:32For all the applications they are available so that you can here
20:38decide whether you want to allow an app the access to another system or to another application.
20:47And you know what is the app for or the functionality of the app,
20:52so you can select what kind of permissions the app needs
20:57to do its work. For example, the Flashlight app does not require access
21:02to the contact list, so it is often if you check it on your
21:07on your device and it's completely unnecessary.
21:12And the question is where this Flashlight app comes from? So, a typical
21:18entrance, a typical way to attack your system, your mobile system
21:22by the attacker is to design apps with some functionality that
21:27needs to be nice to have but inside it is the malware. And
21:35if such a Flashlight app wants to have wants to access the contact list
21:40then this is a good reason not to trust in this application and
21:45to assume that it has malware hidden, and completely deactivate this
21:53Flashlight app or at least restrict the permissions.
21:58So, these are the main protective measures against malware.
22:03For everyone who is interested in the technical understanding of
22:07anti-virus programs and firewalls,
22:11there are some excursus. The goal of this course,
22:16this openHPI course about Cyber Threats by Malware was to
22:20sensitize you on the different types of malware and to help you
22:26to protect your system. Thank you for your attention.