Effective malware defence can prevent malicious code from gaining a foothold on your PC or within your network.

Taking the following steps can help:

  • Keep all operating systems and applications up to date including updating patches & service packs.
  • Ensure your browser settings do not facilitate or enable malware. The types of sites accessed and the types of Internet activities allowed have a direct impact on your organization's malware vulnerability. Web filtering software and pop-up blockers are a good place to start. A good web filtering solution:
    • Allows IT departments to determine the types of sites employees are allowed to browse.
    • Is automatically updated, at least daily, with lists of sites that are known to spread malware. Blocking this web site category alone can significantly reduce business risk.
  • Use firewalls. Personal firewalls form an effective last line of defence at the host level.
  • Implement strict acceptable use policies and user awareness processes that cover:
    • Downloading files from the Internet.
    • The importance of reading all warnings and agreements before installing downloaded software.
    • The dangers of installing freeware and other non-approved software.
  • Educating users on the importance of anti-virus and anti-spyware software on PC’s along with the importance of keeping these updated.

Even with the above controls in place, malware may eventually find a way onto your PC network. Signs of infection can include:

  • The appearance of unexpected messages.
  • The appearance of new tool bars or plug-ins.
  • Programs starting by themselves.
  • Systems running slower than normal.
  • Browser settings changing automatically.
  • Systems suddenly rebooting for no reason or after unusual warning messages are displayed.
  • Any strange, unexplainable system activity.

Updated anti-malware software should detect and remove all non-hidden malware. Corporate defence strategies should also include personal firewall or HIPS solutions. These solutions may not remove the threat, however they can prevent or delay activities initiated by the threat until IT departments intervene to contain and eradicate.

IT departments who have well thought-out and effective configuration management typically have strong intrusion defences, i.e. hardening workstations and servers with secure operating system and application settings, together with effective patch management, minimizes the impact of attacks that make it through all other layers of a security infrastructure

Malware is a significant threat to organizations. Implementing protection against the prevalence of spyware attacks is a critical step IT departments should take when considering malware defence strategies.