Anti-virus and anti-malware software are things that most everyone is probably familiar with. However, what might not be so apparent are some of the techniques these products use in order to offer a comprehensive approach to combat threats.
Before we get into how we leverage these tools at Hudson Valley, it is critical to keep your home computer patched with the latest operating system patches (Windows, Mac, etc.) but is also crucial to maintain either a commercially licensed or free subscription to reputable anti-virus and anti-malware products. Some products are listed below:
Paid subscription:
- McAfee
- Symantec
- Kaspersky
Free:
- Malwarebytes (subscription also available)
- Microsoft Essentials
- Sophos
- ClamAV
What follows is a very brief overview of what we use at Hudson Valley.
The McAfee anti-virus software installed on endpoint systems (PCs and servers) here on campus implements several methods to protect against malware. It is able to actively scan for known viruses, worms and Trojans, and remediate threats when detected. It is also able to proactively protect against malicious software that might not initially be identified as malware through the use of something known as access protection. This is a method of blocking the typical attack vectors that such software uses when attempting to gain a foothold on a system, thus preventing it from being installed in the first place.
In addition, a service known as Global Threat Intelligence (GTI) is integrated into the McAfee software. This is a cloud-based, real-time method of protecting against new and emerging threats. If a suspicious file or program is found on an endpoint that is not recognized by the scanning software, a look up is performed against a centralized database in the cloud that is kept continually updated. If the object in question is determined to be a potential threat, appropriate action is taken by the scanning software. All new confirmed threats are immediately added to the GTI database and made available for the protection of endpoints. In this way, GTI serves to identify suspicious objects before they are confirmed to be carrying a malicious payload.
Finally, all of these resources are centrally managed through the use of a dedicated management interface, which affords us the ability to deploy and customize policies, fine-tune scans for threats, run scheduled tasks, and update the antivirus software itself.
Stay safe.
Published: Wed, 08 Oct 2014 12:25:10 +0000 by w.jojo