1 00:00:00,900 --> 00:00:03,540 In this lesson, I'm going to give you a couple of tips 2 00:00:03,540 --> 00:00:06,820 on how to prevent malware from infecting your system. 3 00:00:06,820 --> 00:00:10,590 This includes malware like viruses, worms, Trojans, 4 00:00:10,590 --> 00:00:14,140 ransomware, spyware, rootkits, and spam. 5 00:00:14,140 --> 00:00:16,980 Let's talk about viruses first. Viruses are most 6 00:00:16,980 --> 00:00:20,160 commonly detected using a good antivirus software. 7 00:00:20,160 --> 00:00:22,550 These can be either third-party solutions like Norton 8 00:00:22,550 --> 00:00:25,450 or McAfee, or using the included Windows Defender 9 00:00:25,450 --> 00:00:27,210 from your operating system. 10 00:00:27,210 --> 00:00:29,090 In addition to antivirus software, 11 00:00:29,090 --> 00:00:30,200 you'll also want to make sure that you're 12 00:00:30,200 --> 00:00:32,210 continually doing your service packs 13 00:00:32,210 --> 00:00:34,250 and updates for your operating system. 14 00:00:34,250 --> 00:00:37,140 Most viruses are going to infect you by taking advantage 15 00:00:37,140 --> 00:00:40,290 of some known exploit, and if it's a known exploit, 16 00:00:40,290 --> 00:00:42,590 your operating system vendor, like Microsoft, 17 00:00:42,590 --> 00:00:45,400 is probably going to already have a patch ready for you. 18 00:00:45,400 --> 00:00:46,610 If you don't patch your system, 19 00:00:46,610 --> 00:00:48,760 or update it and use those service packs, 20 00:00:48,760 --> 00:00:51,350 you're basically asking yourself to get infected. 21 00:00:51,350 --> 00:00:53,660 In addition to having a good antivirus software 22 00:00:53,660 --> 00:00:55,410 that's continually being updated, 23 00:00:55,410 --> 00:00:58,330 you also want to have a good host-based firewall 24 00:00:58,330 --> 00:00:59,990 that will help prevent outside people 25 00:00:59,990 --> 00:01:01,900 from connecting to your machine. 26 00:01:01,900 --> 00:01:04,300 Additionally, whenever you're surfing the Internet, 27 00:01:04,300 --> 00:01:07,110 try to use encrypted websites. This will ensure 28 00:01:07,110 --> 00:01:09,470 that there's no man-in-the-middle connection between you 29 00:01:09,470 --> 00:01:12,620 and the destination that you're trying to get data from. 30 00:01:12,620 --> 00:01:14,670 When we talk about worms, Trojans, 31 00:01:14,670 --> 00:01:17,040 and ransomware, much like viruses, 32 00:01:17,040 --> 00:01:20,260 these are best detected using anti-malware solutions. 33 00:01:20,260 --> 00:01:22,900 Now, ransomware is usually going to be detected, 34 00:01:22,900 --> 00:01:26,100 not in its fully ransomware form, but instead, 35 00:01:26,100 --> 00:01:27,760 through its delivery mechanism, 36 00:01:27,760 --> 00:01:30,450 which is most commonly a Trojan horse. 37 00:01:30,450 --> 00:01:32,550 Remember, it's always important to ensure 38 00:01:32,550 --> 00:01:35,710 that your anti-malware solution is current and up-to-date, 39 00:01:35,710 --> 00:01:38,783 both for its definitions and for its scanning engine. 40 00:01:39,710 --> 00:01:41,630 Spyware is software that's installed 41 00:01:41,630 --> 00:01:43,560 on your machine that snoops on you. 42 00:01:43,560 --> 00:01:46,420 It collects data and sends it back to its owners. 43 00:01:46,420 --> 00:01:48,460 Well, if you want to stop spyware, 44 00:01:48,460 --> 00:01:50,800 you need a good anti-spyware product. 45 00:01:50,800 --> 00:01:52,920 There are third-party ones available out there, 46 00:01:52,920 --> 00:01:56,520 but again, Windows Defender has this capability built in. 47 00:01:56,520 --> 00:01:59,350 Just like anti-malware solutions, you need to ensure 48 00:01:59,350 --> 00:02:02,110 that your definitions are up-to-date so it can scan 49 00:02:02,110 --> 00:02:04,780 and detect most types of spyware out there. 50 00:02:04,780 --> 00:02:06,830 Also, when you're browsing the Internet, 51 00:02:06,830 --> 00:02:08,450 you want to make sure that your web browser's 52 00:02:08,450 --> 00:02:12,040 security settings are set to a non-trusted method, 53 00:02:12,040 --> 00:02:13,790 meaning that you have a very low level 54 00:02:13,790 --> 00:02:16,080 of trust for the sites on the Internet. 55 00:02:16,080 --> 00:02:18,360 This will ensure that you don't accept cookies, 56 00:02:18,360 --> 00:02:20,570 that you don't allow pop-ups and other things 57 00:02:20,570 --> 00:02:24,290 that may get you more spyware installed onto your system. 58 00:02:24,290 --> 00:02:27,270 Now, how do you know if you've been infected with spyware? 59 00:02:27,270 --> 00:02:30,130 Well, there's a couple of common giveaways. 60 00:02:30,130 --> 00:02:33,000 The first one is if you see a lot of pop-up ads. 61 00:02:33,000 --> 00:02:34,960 If you're getting a lot of advertisements based 62 00:02:34,960 --> 00:02:36,720 on traffic that you've done in the past, 63 00:02:36,720 --> 00:02:39,600 someone is looking at your information somehow. 64 00:02:39,600 --> 00:02:42,430 That could be through spyware, it could be through cookies, 65 00:02:42,430 --> 00:02:44,480 or it could be through database retention settings 66 00:02:44,480 --> 00:02:46,570 on their side of the server. 67 00:02:46,570 --> 00:02:49,250 Additionally, another dead giveaway that you've gotten 68 00:02:49,250 --> 00:02:52,260 some adware or some spyware installed on your machine is 69 00:02:52,260 --> 00:02:54,300 when you go to your home page of your browser 70 00:02:54,300 --> 00:02:56,210 and it's no longer your home page. 71 00:02:56,210 --> 00:02:59,200 For example, if whenever you open up your web browser 72 00:02:59,200 --> 00:03:01,770 you default to Google.com, and now, 73 00:03:01,770 --> 00:03:03,100 when you open up your web browser, 74 00:03:03,100 --> 00:03:04,640 you're seeing some other page, 75 00:03:04,640 --> 00:03:06,150 that means somebody has adjusted 76 00:03:06,150 --> 00:03:08,860 your web browser settings, and that could be a sign 77 00:03:08,860 --> 00:03:11,650 that you've been infected with some kind of spyware. 78 00:03:11,650 --> 00:03:13,952 Next, let's talk about rootkits. 79 00:03:13,952 --> 00:03:16,610 Rootkits are a type of malware that installs itself 80 00:03:16,610 --> 00:03:19,370 and tries to bypass the operating system functions, 81 00:03:19,370 --> 00:03:21,070 and it acts as a go-between 82 00:03:21,070 --> 00:03:23,620 between the operating system and the kernel. 83 00:03:23,620 --> 00:03:26,680 Now, this makes them very, very difficult to detect. 84 00:03:26,680 --> 00:03:28,410 In fact, if you're inside Windows 85 00:03:28,410 --> 00:03:30,400 and you're already infected with a rootkit, 86 00:03:30,400 --> 00:03:32,010 it has the ability to tell Windows 87 00:03:32,010 --> 00:03:34,440 that you're not infected, when you really are. 88 00:03:34,440 --> 00:03:36,760 Scanners can detect a file containing a rootkit 89 00:03:36,760 --> 00:03:38,730 before it's installed quite easily, 90 00:03:38,730 --> 00:03:40,230 but once it's been installed, 91 00:03:40,230 --> 00:03:42,760 it becomes very difficult to detect. 92 00:03:42,760 --> 00:03:44,590 To scan your system for rootkit, 93 00:03:44,590 --> 00:03:46,520 you need to boot from an external device. 94 00:03:46,520 --> 00:03:48,340 And that way, you can scan the drive 95 00:03:48,340 --> 00:03:50,310 without it having been loaded up. 96 00:03:50,310 --> 00:03:52,980 Removal of a rootkit is much more difficult, 97 00:03:52,980 --> 00:03:55,970 and the best plan is to simply reimage your machine 98 00:03:55,970 --> 00:03:57,470 from a known good baseline. 99 00:03:57,470 --> 00:03:59,210 Because if you think there's a rootkit, 100 00:03:59,210 --> 00:04:02,430 the chances are, it's going to be really hard to root it out. 101 00:04:02,430 --> 00:04:04,760 And so, instead, just reinstalling the machine 102 00:04:04,760 --> 00:04:07,100 from a known good baseline is a much safer 103 00:04:07,100 --> 00:04:09,480 and better way to go. That way, you know you're 104 00:04:09,480 --> 00:04:12,040 in a good place before you move forward. 105 00:04:12,040 --> 00:04:15,290 Next, let's talk about spam, which is that annoying email 106 00:04:15,290 --> 00:04:16,930 that just clutters up your inbox. 107 00:04:16,930 --> 00:04:19,370 You can use all sorts of things like spam filters 108 00:04:19,370 --> 00:04:22,200 and Outlook security settings to minimize spam. 109 00:04:22,200 --> 00:04:24,700 Really, the spam itself isn't really the big issue 110 00:04:24,700 --> 00:04:27,420 for the end user, though. It's just more of annoyance. 111 00:04:27,420 --> 00:04:29,320 But where it really becomes an issue is 112 00:04:29,320 --> 00:04:30,730 if the spammer is starting to use 113 00:04:30,730 --> 00:04:33,310 your mail servers to send their spam. 114 00:04:33,310 --> 00:04:34,810 Therefore, you need to verify 115 00:04:34,810 --> 00:04:36,670 that your email servers aren't configured 116 00:04:36,670 --> 00:04:40,500 as an open mail relay or as an SMTP open relay, 117 00:04:40,500 --> 00:04:41,670 because you don't want to be sending 118 00:04:41,670 --> 00:04:44,000 out spam on behalf of the spammers. 119 00:04:44,000 --> 00:04:45,230 If you want to prevent spam 120 00:04:45,230 --> 00:04:46,950 from getting into your organization, 121 00:04:46,950 --> 00:04:49,320 there are three main tips you need to follow. 122 00:04:49,320 --> 00:04:52,380 First, you need to remove email addresses from your website, 123 00:04:52,380 --> 00:04:53,600 because there are bots out there 124 00:04:53,600 --> 00:04:54,960 that are crawling the Internet, 125 00:04:54,960 --> 00:04:58,470 gathering up email addresses, just to send spam out to them. 126 00:04:58,470 --> 00:04:59,890 Second, you want to make sure 127 00:04:59,890 --> 00:05:02,060 that you're using whitelists and blacklists. 128 00:05:02,060 --> 00:05:04,060 This is going to say who can send you information, 129 00:05:04,060 --> 00:05:06,040 if they're on the whitelist, and who cannot send 130 00:05:06,040 --> 00:05:08,150 you information, if they're on the blacklist. 131 00:05:08,150 --> 00:05:11,020 And third, you want to train and educate your users, 132 00:05:11,020 --> 00:05:12,760 because as we talked about before, 133 00:05:12,760 --> 00:05:15,200 our users are one of our biggest vulnerabilities. 134 00:05:15,200 --> 00:05:17,410 And so, always training them and educating them 135 00:05:17,410 --> 00:05:19,400 on where to submit their emails to, 136 00:05:19,400 --> 00:05:21,490 which type of websites they should be visiting, 137 00:05:21,490 --> 00:05:23,730 and other things, can help prevent spam 138 00:05:23,730 --> 00:05:26,500 from overtaking your organization. 139 00:05:26,500 --> 00:05:28,210 Now, I know we've talked about a lot 140 00:05:28,210 --> 00:05:29,750 of things in this lesson, but I want 141 00:05:29,750 --> 00:05:32,470 to bring it back down to just three main points. 142 00:05:32,470 --> 00:05:35,280 First, always update your anti-malware solution 143 00:05:35,280 --> 00:05:36,950 automatically, ensure it's scanning 144 00:05:36,950 --> 00:05:39,020 your computer at least weekly. 145 00:05:39,020 --> 00:05:42,030 Second, always update and patch your operating system 146 00:05:42,030 --> 00:05:43,760 and your applications regularly. 147 00:05:43,760 --> 00:05:45,150 If there's a patch out there, 148 00:05:45,150 --> 00:05:47,750 that means there's probably an exploit for it, too. 149 00:05:47,750 --> 00:05:49,960 Third, educate and train your users 150 00:05:49,960 --> 00:05:51,950 on safe Internet surfing practices, 151 00:05:51,950 --> 00:05:53,680 because they are the biggest vulnerability 152 00:05:53,680 --> 00:05:56,930 that you have inside your organization.