Antivirus software

How to Live With Malware Infections

Malware survival tip No. 3: Diversify your IT infrastructure to decrease reliance on one or two OSes or browsers It might make sense to move away from the Windows monoculture, which can be more quickly and easily attacked, and bring in other operating systems and devices so that you know a malware infection can never take down everyone in the organization. Maybe some people who handle critical systems or data can use a Linux PC or a Mac OS X PC so that they're not as likely to be hurt by a virus aimed specifically at a common Windows vulnerability.

browsers
Along these lines, consider avoiding a browser monoculture, because a lot of current malware invades systems via the browser. Evaluate browsers such as Internet Explorer, Firefox, Chrome, Safari, and Opera to see which fit best with your enterprise applications and user base.

"Diversity is always good to prevent your entire infrastructure from coming down," says B. Clifford Neuman, director of the University of Southern California's Center for Computer Systems Security. "But there is the flip side to this strategy in that it gives an intruder many different possible choices of attacked system in which to get a foothold into your organization." You trade potentially limiting infection for having more possible infection entry points.

Of course, whenever you make a move to switch operating systems, you might encounter resistance from some quarters. Tony Hildesheim, senior vice president of IT at financial services firm Redwood Credit Union, says his company is reviewing the use of alternative operating systems, browsers, and some business applications. But "none of these options appear to be all that popular with the business units," he notes.

Technology diversity is not always an effective defense per se. ICSA Labs' Hayter points out that malware infections are not limited to desktop PC environments. "There are many serious pieces of malware that can infect other [operating systems] and devices, be they desktop-based or mobile," he says. "Additionally, malware can cross platforms from one OS or device to another, further requiring a layered defense plan."

Malware survival tip No. 4: Be sensible about using consumer devices in the workplace If you believe in allowing lots of data access for everyone and from every conceivable type of device, it might be time to rethink your data management and access strategy. Limit network access via mobile devices to those users who really need this access, and put in place controls so that those who can get in to the network can only reach certain parts of it.

Personal portable devices such as tablets, laptops, and Wi-Fi-equipped smartphones are becoming ever more popular in the workplace, and users will want to be connected to the corporate network.

But using diligence when granting access -- considering that these devices might be sources of malware -- makes sense. "What we've noticed is that once devices reach a certain threshold of consumer acceptance, malware appears for those platforms," says SUNY Old Westbury's Seybold. "Witness [recent] iPhone and Android attacks."

According to the Ponemon study, the rise of mobile and remote workers, PC vulnerabilities, and the introduction of third-party applications onto the network are the greatest areas of endpoint security risk today. This is a shift from last year's survey, when endpoint security concerns were mainly focused on removable media and data center risks.

Even without the "bring your own device" and "use your own apps" trends to consider how to manage, IT could reduce the ability of malware to spread by rethinking how many apps it deploys for users. "In looking at our line staff, there is no reason they need all the tools loaded on all the systems," says Redwood Credit Union's Hildesheim.

facebook
A report released in April 2011 by PandaLabs, Panda Security's antimalware laboratory, showed that the first three months of the year have seen "particularly intense virus activity," including a major attack against Android smartphones and intensive use of Facebook to distribute malware.

The beginning of March saw the largest ever attack on Android to date, the PandaLabs report stated. The assault was launched from malicious applications on Android Market, the official Google app store for the mobile OS. In just four days, these Trojan applications racked up more than 50,000 downloads: "The Trojan in this case was highly sophisticated, not only stealing personal information from cellphones, but also downloading and installing other apps without the user's knowledge."

Malware survival tip No. 5: Build a solid security foundation to protect the organization, rather than to protect devices Sure, you need antimalware software on PCs and other devices to help prevent infections. But to create an environment where your company can continue to function without malware-related problems even with the existence of malware on some systems, you have to deploy a secure system architecture rather than a security architecture for a system, says USC's Neuman.

"You need to determine issues such as placement of data with an understanding of the application and the risks of compromise of the data, rather than just bolting security solutions onto an existing system," Neuman says. "Good architecture will define multiple protection domains, with successive layers of protection deployed, and fewer users legitimately able to access data as it becomes more and more sensitive."

Along these lines, processor manufacturer Intel has embarked on an ambitious multiyear effort to redesign its information security architecture, which the company hopes will allow it to better keep up with the rapid evolution of malware.

"We believe that compromise is inevitable, and in order to manage the risk, we need to improve survivability and increase our flexibility," says Malcolm Harkins, vice president of the IT group and chief information security officer at Intel.

The redesign is based on four pillars:

  • A "dynamic trust calculation" that adjusts users privileges as their level of risk changes
  • A segmentation of the IT environment into multiple "trust zones"
  • A rebalancing of prevention, detection, and response controls
  • A clear recognition that users and data must be treated as security perimeters and be protected as such
  • Living with infection is a fact of life Malware is pervasive and is getting increasingly sophisticated. For many organizations, living with viruses, worms, and other types of malware is becoming a fact of life. In a sense, computer technology is catching up to the reality that biological systems have long had to manage.

    As Intel's Harkins says, "I always assume that there is some level of compromise, [and] organizations who think they are malware-free -- or ever will be -- are not adequately understanding the true nature of information risk."

    That doesn't mean your systems and applications can't continue to function well and support the business. By taking the right steps, your organization can operate a generally healthy IT environment despite malware intrusions.

    This story, "How to live with malware infections," was originally published at InfoWorld.com. Follow the latest developments in computer security at InfoWorld.com. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

    Read more about security in InfoWorld's Security Channel.

    Subscribe to the Daily Downloads Newsletter

    Comments