Malware and its prevention technology Nowadays, malware has become a serious network problem. As the saying goes, where there is a network, there is malware. The appearance of malicious software is like a lingering ghost, which seriously hinders the normal development of the network society. However, since it has already appeared, we should take a more proactive attitude to deal with it. Know yourself and yourself. Below we will introduce the types of malware and related prevention technologies in detail. 1. What is malware? Malware is a kind of network program that is secretly implanted into the user's system, steals the user's confidential information, destroys the user's software and operating system, or causes other harm. For most systems, malware has become the biggest external threat, bringing huge losses to enterprises and individuals. Take spyware in malware as an example. Spyware infringes on users' privacy and becomes the focus of enterprise users' attention. Although spyware has appeared for some time, in recent years, the phenomenon of using spyware to invade the system to monitor user behavior has become more rampant. Enterprises also face some non-malware threats related to malware. Among them, phishing is more common, that is, using computer-based deception to obtain sensitive information of users. There is also virus spoofing, that is, false alarms about new malware threats. 2. Classification of Malware It is generally believed that malware includes viruses, worms, Trojans, malicious mobile codes and their combinations, also known as mixed attacks. Malware also includes attacker tools, such as backdoor programs, rookits, keyloggers and tracking cookie records. The contents discussed in this paper include: how malicious software enters and infects the system and its spread; How to work; Targeted goals; How to affect the system. Viruses are divided into compilable viruses [including the following three types: file infection program boot sector (multi-part)] to deduce the technology of virus and virus confusion. Malware has become the biggest external threat to most systems, bringing huge losses to enterprises and individuals. Be careful. 3. Malware incident prevention The four components of malware prevention are strategy, vigilance, vulnerability handling and threat handling. Ensuring the policy of dealing with risks is the basis of implementing preventive control. Establishing and managing users' vigilance plan against malicious software and strengthening the vigilance training for IT personnel who directly deal with malicious software are all important factors to reduce human errors. Spending time on vulnerability handling is an important factor to reduce attacks. Deploying threat handling technologies and tools, such as anti-virus software and firewalls, can successfully prevent attacks on systems and networks. Once the malware prevention methods are planned, enterprises should understand the current and future attack factors. They should know the control performance of the system, because it has a great correlation with the effectiveness of preventive methods. In addition, enterprises should also combine the current preventive measures, such as anti-virus software deployment and patch management, with the preventive measures for malicious software. Nevertheless, enterprises should realize that no matter how much efforts are made to prevent malware, things will eventually happen. As the saying goes, a hundred secrets are sparse. 3. 1 security policy enterprises need to have corresponding policies to prevent malware incidents. These policies should serve as the basis for additional malware prevention measures (vigilance, vulnerability handling and risk handling). If the enterprise can't clearly express the matters that need to be considered in the security strategy, then it is empty talk to realize the consistency and effectiveness of malware prevention. Strategies related to malware defense should be flexible to reduce the need for revision, but at the same time, key measures should be detailed enough. Although some enterprises have separate policies related to malware, many of them are included in other measures, so some existing security policies can borrow relevant contents. Malware prevention should also consider employees who work remotely. The factors considered in the general malware prevention strategy include the following aspects: ■ The email attachment contains compressed files, and anti-virus scanning should be carried out before opening; ■ It is forbidden to send and receive certain documents by e-mail; ■ It is forbidden to use unnecessary software, such as those applications that often spread malicious software (instant messaging software, desktop search engine, peer-to-peer file sharing software), and it is forbidden to use similar software other than the services provided by the company, such as email function. ■ Restrict users' administrator rights to prevent users from spreading malicious software by using administrator rights ■ Update operating systems and applications in real time and download patches ■ Restrict the use of mobile media, floppy disks, compact discs and USB interface flash memory ■ Give the right medicine. Different systems (file server, electronic oil price server, proxy server, host, PDA) use different protection software (antivirus software, spyware detection and removal tools). Ensure the real-time update of software. ■ Use the security mechanism allowed by the enterprise to access the external network ■ Modifying firewall settings requires formal procedures ■ Restrict the use of mobile devices on trusted networks. 3.2 An effective vigilance plan stipulates the code of conduct for users to use enterprise IT systems and information. Therefore, the alert plan should include guidance on preventing malware incidents, which can reduce the frequency and harm of malware incidents. All users in the enterprise should be aware of the intrusion, infection and transmission channels of malicious software in the system; Risks caused by malicious software; Malware is based on the shortcomings of prevention technology; Importance of users in malware defense. Vigilance education should consider the different characteristics of different system environments, such as those employees who are on business trips. In addition, the alert education plan should also be infiltrated into some of the security strategies discussed above. Here are a few examples to consider: ■ Don't download suspicious email attachments at will ■ Don't click on the floating map of suspicious websites ■ Don't click on the links of websites that may contain malicious content ■ Don't open the extension such as. Bats. com，。 exe，。 pif，。 Vbs, etc. Because they are usually related to malware ■ Do not ban additional security control mechanisms ■ Do not use administrator accounts in daily system operations ■ Do not download or execute programs from untrusted websites. In short, enterprises should ensure that users understand the policies and procedures for dealing with malicious software, including how to confirm that the system has been infected, how to report suspicious infections, and what users can do in risk management (upgrading anti-virus software and scanning malicious software in the system). Users should know how to report risks through trusted channels after they occur. Users should also know some simple ways to deal with risks, such as disconnecting the network of infected systems and blocking some email attachments as part of vigilance education. Enterprises should let users know the deception methods commonly used by criminals. There are also some common suggestions to deal with phishing attacks: ■ Do not reply to emails asking for financial information and personal information. It is best for enterprises not to use e-mail to obtain this information, because e-mail is likely to be monitored by unauthorized third parties. You can call the company or visit its official website. Never use the contact information provided in the email. ■ Do not reply passwords, PIN codes or other codes in emails. Be sure to visit the company in official website. ■ Do not open suspicious email attachments. If you receive such an attachment, please contact the sender for confirmation. ■ Don't reply to any suspicious emails. Move directly to the blacklist. Although user vigilance education will reduce the frequency and harmfulness of malware incidents, it has little effect compared with the technical control and risk disposal of vulnerabilities. Enterprises can't just use this to prevent malicious software, it can only be used as a supplement to technical means. In any case, enterprise IT personnel should have some basic knowledge of malware prevention, and educate other employees to let them know their responsibilities and what they should do in malware prevention. In addition, enterprise IT managers need to check new security threats, evaluate possible risks and take preventive measures. 3.3 Vulnerability Disposal Generally speaking, the routine for malware to attack operating systems, services and applications is to exploit its vulnerabilities. Therefore, the handling of vulnerabilities has become a key link to prevent malicious software accidents, especially after new vulnerabilities are discovered and even before the vulnerabilities are widely known. By taking comprehensive prevention and control measures, such as upgrading software buttons or reconfiguring software (prohibiting vulnerable services, etc.), vulnerabilities can be effectively dealt with. ). Due to some challenges faced by current vulnerability handling, including dealing with new vulnerabilities that are constantly discovered, enterprises should have written policies and procedures for dealing with risks and establish new vulnerability management procedures. There is also a need to continuously assess vulnerability in order to prioritize risk management. Enterprises should collect information about new vulnerabilities and major malware through various channels, such as the announcement of accident response teams, security vendors and malware consultation of antivirus software vendors. Enterprises also need to establish a mechanism to evaluate new vulnerabilities and threats, so as to determine appropriate disposal methods and distribute information to different departments. Enterprises also need to track the process of risk disposal. 3.4 Threat Disposal We mainly discuss several common security tools to deal with malware risks: antivirus software, spyware detection and deletion tools, intrusion prevention system (IPS), firewalls and routers. 3.5 Enterprises should formulate their own methods to prevent malware incidents according to the attack factors. When choosing a malware prevention product, you should choose the one that is most suitable for the enterprise, only buy the right one, not the expensive one. As the cornerstone of malware prevention, enterprises should ensure that security policies support the prevention of malware incidents. The common strategies related to malware prevention are as follows: ■ Rational use of the system ■ Handling vulnerabilities ■ Handling risks. The strategies related to malware prevention should consider remote workers inside and outside the enterprise. Educate employees so that they can understand the spread of malware, the risks caused, the limitations of technical measures, and the vital position of users in preventing malware. Vigilance education should let users know the policies and processes of malware treatment. Managers who deal directly with malware should also receive regular education. Enterprises also need to document the policies and processes for vulnerability handling. Because there are various ways to deal with vulnerabilities, it is necessary to deal with vulnerabilities in various ways, such as patch management and simultaneous use of minimum permissions. In addition, you can also use host reinforcement measures. In addition to vulnerability handling, enterprises also need to use risk handling to detect and stop malware. The following technologies are very effective: ■ Antivirus software ■ IPS firewall based on network ■ Changing application configuration The future development of malicious software will bring more and more challenges. We always believe that as long as we keep working hard, malware incidents can be suppressed.