Protecting against Malware

DO'S

Do install an anti-malware program to protect your computer and make sure that an up-to-date definition file as well as the detection and repair engines have been applied. There are security products that can provide anti-malware abilities, while at the same time provide other security features such as a personal , anti-, and anti-phishing features etc. These products are sometimes branded and packaged under different names such as an Internet security package. You should select an anti-malware software package which fits your needs.

Do install and enable a personal firewall.

Do enable and properly configure real-time detection to scan your machine for .

Do ensure your computer has the latest security to reduce the chance of being affected by emails or websites that ride on software . This also helps to protect your computer from other security or malware attacks. Many software packages and operating systems now have an auto-update feature. You may consider having this feature enabled to ensure your system is kept up-to-date automatically.

Do schedule a daily full scan to check for malwares. The scheduled scan could be done during non-peak hours, such as during lunch-break.

Do check all removable disks and files downloaded from the Internet (especially those from an unknown origin) with anti-malware software before using them.

Do stop all activities on a computer if it becomes infected by malware. Continuing to use an infected computer may help further spread the malware.

Before installing any software, do verify its (e.g. by comparing values) and ensure that it is free of any malware.

Do backup your programs and data regularly and keep the backup copies disconnected from the computer. Recovery from a clean backup is the most secure way to restore the files after a malware attack.

Do learn about Internet fraud. The Hong Kong Police also provides advices on preventing technology crime.

Do learn to protect yourself from visual spoofing. Some criminals try to use visual spoofing techniques to collect personal information or make you believe you are installing and accepting software / plug-ins / active content from a safe source.

Be constantly aware of any suspicious activities. For instance, check if there are any abnormal activities on your computer, such as abnormal hard disk usage, abnormal Internet traffic etc. Abnormal activities may be a symptom of a malware infection.

Do enable security protection of your applications and software. Many software packages, such as browsers, email applications, spreadsheets, and word processors come with security features. You should make sure they are properly configured.

DON'TS

Don't use software from a dubious source under any circumstances.

Don't visit suspicious websites.

Don't execute any attachment in an email or instant messaging client unless you are sure what it will do. Beware of malwares that come as email or instant message attachments from unknown sources. Some malwares will disguise themselves as a greeting card or message.

Don't release your file access permissions or personal when you are connecting to the Internet from public computers or Wi-Fi, unless absolutely necessary.

Further Tips for Network Administrators

DO'S

Put in place a robust IT or framework with reference to some internationally recognised information security standards, guidelines and effective security practices.

Ensure that the IT Security Policy, particularly the use of freeware and/or shareware, is properly communicated to all users.

Monitor and regularly review for suspicious activities such as a sudden surge in network traffic.

Put in place security protection at the Internet gateway. For example, install anti-malware and content filtering controls for all incoming and outgoing messages and files to guard against malicious content. The gateway should be configured to stop, quarantine or drop messages or files with malicious content. There should also be proper logging for subsequent reference purposes.

Put in place security measures against zero-day malware attacks where corresponding definition may not yet be available. Automatic or manual filtering mechanisms should be established to identify and block suspicious traffic from malware.

Ensure all workstations have anti-malware software installed with the up-to-date definition and detection and repair engines. Definition file should be updated automatically and the update frequency should be at least daily. If automatic updating is not possible, manual updates executed at least once a week and whenever necessary should be performed.

Perform a full system scan on all new computers before they are allowed to connect to your corporate network.

Apply, as far as practical, the same information security requirements and procedures on systems under development or being used for testing purposes.

While managing servers, LAN/System Administrators should observe the following security guidelines:

DO'S

Always boot the server from the primary hard drive. If a machine needs to be booted from removable storage media such as floppy diskettes, USB thumb-drives, USB hard drives, CDs or DVDs, it must be scanned for malware before booting. This can eliminate the chance of boot sector malwares from infecting the server.

Protect application programs running on the server by using an access control facility, e.g. directories containing applications should be set to 'read only'. In addition, access rights, especially the rights to 'Write' and 'Modify', should only be granted on a need-to-have basis.

Consider using a document management solution to share common documents so as to minimise the propagation of infected files in an uncontrolled manner.

Scan all newly installed software packages before they are released for public use.

Preferably, schedule a full-system scan to run immediately after a file server has started-up.

Perform regular data backup and recovery.

Check all backups regularly to ensure they can be restored when needed.

In addition, LAN/System Administrators should keep abreast of the latest security advisories and educate users on the best practices to protect against malwares:

DO'S

Subscribe to notifications / advisories to receive critical malware alerts at the earliest possible opportunity.

Promptly disseminate all malware alerts to every end-user and take necessary action to mitigate the problem.

Educate users on understanding the impact of a massive malware attack, recognising ways computers can become infected with malwares in order to prevent malware infections, (e.g. educate users that a sender of an email containing a malware could have forged their identity as a friend or colleague).

Detection of Malware

The following symptoms may indicate a computer is infected with a malware:

A program takes longer time than usual to execute.

A sudden reduction in system memory or available disk space.

A number of unknown or new files, programs or processes on the computer.

Popping up of new windows or browser advertisements abnormally.

Abnormal restarts or shutdowns of the computer.

An increase in network usage.

Recovery from a Suspicious Malware Infection

If a computer is suspected to have been infected by malware, users should stop all activities. Continue using an infected computer may help spread the malware further. Users should report the incident to the management and LAN/System Administrator immediately. Users should also try to use trusted anti-malware software to clean the computer on their own. Clearing a malware does not necessarily imply that contaminated or deleted files can be recovered or retrieved.

The most effective way to recover corrupted files is to replace them with original copies. Therefore, regular backups should be done and sufficient backup copies should be kept to facilitate file recovery whenever necessary. After clearing a malware from a computer, users should perform a complete scan on the computer and removable storage media to ensure that everything is malware-free. Failure to do this may lead to a resurgence of the malware.