DOCSLIB.ORG

Protecting Your Computer Antivirus Viruses How They Spread Virus

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Protecting your computer Antivirus Computer Security Personal firewall (Keeping bad guys out of your computer) Updates for vulnerabilities (security patches) Anti-spyware Chris Taylor, President Ottawa PC Users’ Group It is far easier to keep your computer free of security problems than fix it after it has security problems! Viruses “Malware” (virus, worm, Trojan) Antivirus – Virus spreads from one file to another – Worm spreads by itself from one computer to another – Trojan does some malicious action but does not spread itself – Other variants How they spread Virus scanner Removable media Real-time scanning (CD-R, USB memory sticks, …) – Watches as files are read/written Programs On-demand scanning Documents – Checks files already written to disk E-mail In-memory scanning Networks – Some worms are never written to disk (e.g. SQL Slammer) Drive-by downloads Signature vs. heuristics Keeping it effective Signature Law #8: “An out of date virus scanner – Looks for exact byte patterns is only marginally better than no virus – Can have false positives (rare) scanner at all.” * – Only as good as the last update New versions = new functionality Heuristics Keep it on unless an installation – Looks for “virus-like” activity requires it be disabled – Can catch some “unknown” malware On-access & in-memory scanning most – Can’t catch everything important * The Ten Immutable Laws of Security from Microsoft technet.microsoft.com/en-ca/library/cc722487.aspx Check suspicious files World is changing www.VirusTotal.com First half of 2011 – 150,000 new, unique malware per day! * – That’s one unique piece of malware every half second, 24 hours per day! (up from 95,000 in 2010, 50,000 in 2009) – Signatures can’t keep up – New techniques required – Reputation most promising * Sophos Security Threat Report Mid-Year 2011 Free On-demand Scanners Free Off-line Scanners Trend Micro - HouseCall - housecall.trendmicro.com/ Trend Micro - HouseCall - housecall.trendmicro.com/ Bootable optical disc or USB flash drive Bitdefender - www.bitdefender.com/scanner/online/free.html Kaspersky - www.kaspersky.com/virusscanner Scan system before Windows loads ESET - www.eset.com/us/online-scanner/ Microsoft Standalone System Sweeper F-Secure – www.f-secure.com/en/web/labs_global/removal/online- beta scanner Panda Activescan - – connect.microsoft.com/systemsweeper www.pandasecurity.com/homeusers/solutions/activescan/ Kasperski Rescue Disk 10 Microsoft Safety Scanner - www.microsoft.com/security/scanner/en-us/default.aspx – www.kaspersky.com/virusscanner (can be used on non-connected PCs) Inclusion here should not be taken as any sort of endorsement on the part of the Ottawa PC Users’ Group Other protection Free Antivirus Resources Don’t click on everything on Internet Free antivirus programs – Microsoft Security Essentials - Use a file viewer www.microsoft.com/security_essentials/ – Free Opener - www.freeopener.com – Avast Home Edition – www.avast.com/free-antivirus- download – FreeFileViewer - www.freefileviewer.com – AVG – free.avg.com/download-avg-anti-virus-free-edition Consider using a different PDF reader – Avira AntiVir – www.avira.com/en/avira-free-antivirus – Foxit Reader - www.foxitsoftware.com/Secure_PDF_Reader/ Free Offline Scanners – Microsoft Standalone System Sweeper beta - Be suspicious connect.microsoft.com/systemsweeper – Not always enough – Kasperski Rescue Disk 10 - Always show file extensions www.kaspersky.com/virusscanner – Control Panel | Folder Options | View tab Inclusion here should not be taken as any sort of endorsement on the part of the Ottawa PC Users’ Group Free Antivirus Resources Free file viewers – www.freeopener.com – www.freefileviewer.com Personal Firewalls – www.foxitsoftware.com/Secure_PDF_Reader/ Check suspicious files – VirusTotal – www.virustotal.com Inclusion here should not be taken as any sort of endorsement on the part of the Ottawa PC Users’ Group Personal firewall Computers on Internet A: Web server Checks traffic going in and Address: 69.196.181.75 Listening on port 80 TCP/IP is the protocol used on A (sometimes) out of your computer the Internet Every machine has a unique May check for applications accessing address To connect to another the Internet computer, you connect to a port May check for known attack patterns B B: Your computer Address: 65.48.198.200 Source port: 13248 Open ports What a firewall does Every computer has ports listening Watches traffic going in and out of your computer You don’t want people to initiate connections to your computer Can block or allow traffic based on; – Direction You don’t even want people to know – Protocol your computer is there – Source IP address – Source port – Destination IP address – Destination port Firewall rules Intrusion detection Rule 1 – direction outbound, protocol TCP, source port any, source address any, Not really a firewall technology destination port 80, destination address 69.196.181.75, allow Not really a firewall technology Rule 2 – direction outbound, protocol TCP, source port any, source address any, Examines traffic for known attack destination port 80, destination address any, deny patterns Rule 1 would allow web browser to – Ping can be useful access the OPCUG web server – Specially crafted ping packet (ping of Rule 2 would block all other normal death) can be harmful web browsing Application based rules Learning mode Rule 1 – iexplore.exe, direction outbound, protocol TCP, source address local Allows normal use machine, source port any, destination address any, destination port 80 or 443, Allows normal use time of day 16:00 to 22:00, allow Pops up when traffic detected Rule 2 – systrayicon.exe, direction outbound, protocol any, source address local machine, destination address any, destination port any, deny You can permit or deny traffic – Firewall creates a rule Rule 1 allows Internet Explorer to access any web site from 4-10pm You can edit or delete rules Rule 2 blocks the Sub7 Trojan program from accessing any external site Outbound Firewall – WTF? Outbound Firewall – WTF? Outbound Firewall – WTF? Outbound Firewall – WTF? Outbound Firewall – WTF? Outbound Firewall – WTF? Free Personal Firewalls Free Firewall software – Windows XP SP2/SP3, Windows Vista, Windows 7 Updates for – Zone Alarm www.zonealarm.com/security/en-us/zonealarm-pc- Vulnerabilities security-free-firewall.htm – Comodo - http://personalfirewall.comodo.com/ (security patches) Inclusion here should not be taken as any sort of endorsement on the part of the Ottawa PC Users’ Group Security vulnerabilities Automatic Updates All software may contain security Microsoft has a decent service known vulnerabilities as “Automatic Updates” – Allow a denial of service – Use at least in “notify” mode – Steal information/credentials – Would you rather have Microsoft – Allow a cracker to take over the computer automatically install software on your Most software does contain vulnerabilities computer or a cracker in eastern Europe The more popular the software, the more do it. likely vulnerabilities will be found Periodically do a manual check at Keep up to date on security patches Microsoft Update as a double-check Before updating Patching 3rd Party Apps Regular patches Major service packs A few vendors include auto-update – Race is on once – Don’t rush (24 month – If they have it, use it released window) – Apply within a few – Read documentation Get Secunia’s Personal Software days – Update drivers Inspector – Check for compatibility – Detects over 12,000 applications and – Backup system monitors for security vulnerabilities – Not while on battery – FREE – Reboot before and after – Use it! Free Vulnerability Management Update Microsoft software – Microsoft update www.microsoft.com/update Adware / Spyware Update third party software – Secunia Personal Software Inspector www.secunia.com/vulnerability_scanning/personal/ Inclusion here should not be taken as any sort of endorsement on the part of the Ottawa PC Users’ Group Adware Spyware Generally not malicious By definition, spyware is malicious – Shows ads while using your computer – Shows ads while using your computer Can “see” anything you can see and Often added as a companion to some transmit the information to a cracker “free” program you choose to install – Passwords Many useful programs use adware to – Credit card numbers pay for themselves – Bank account numbers Can cause stability problems Often causes instability May be difficult to remove Spyware (continued) Spyware (continued) By installing the Software, you understand and agree that the Software may, May be buried in an EULA without any further prior notice to you, automatically perform the following: display advertisements of advertisers who pay a fee to BetterInternet, in the form of pop-up ads, pop-under ads, interstitials ads Would you agree to allow someone to; and various other ad formats, display links to and advertisements of related websites based on the information you view and the websites you visit; store non-personally identifiable statistics of the websites you have visited; – Install anything they want without redirect certain URLs including your browser default 404-error page to or through the Software; provide advertisements, links or information in notification response to search terms you use at third-party websites; provide search functionality or capabilities; automatically update the Software and install added features or functionality or additional software, including search
Recommended publications
  • Hackers Hit Supermarket Self-Checkout Lanes, Steal Money

    Hackers Hit Supermarket Self-Checkout Lanes, Steal Money

    December 15, 2011 INSIDE THIS ISSUE Hackers Hit Supermarket Self-Checkout Lanes, Steal Hackers Hit Supermarket Self- Money from Shoppers Checkout Lanes, Steal Money Ars Technica from Shoppers Microsoft's New Windows Criminals have tampered with the credit and debit card readers at self-checkout Defender Tool Runs Outside lanes in more than 20 supermarkets operated by a [U.S.] California chain, Windows allowing them to steal money from shoppers who used the compromised machines. The chain, Lucky Supermarkets, which is owned by Save Mart, is now inspecting the rest of its 234 stores in northern California and northern Nevada MICROSOFT and urging customers who used self-checkout lanes to close their bank and credit RESOURCES card accounts. Microsoft Security Home Related reading: Magnetic Strip Technology in Our Credit Cards Facilitates Fraud. Microsoft Trustworthy Computing Analysis: Microsoft Security Sites It is the holiday season so it seemed appropriate to report on security stories Worldwide affecting shoppers. Stories about electronic skimmers and identity theft are definitely not something new in our world today — as a matter of fact they are a daily occurrence. The availability of credit card skimmers for a really cheap price and the profit made when an identity is sold make this a very lucrative business. In the current economy people seem to be using this business model to earn extra money as indicated by these stories on the FBI [U.S. Federal Bureau of Investigation] website. While it is important to be extra careful about packages being stolen from your doorstep during the holidays, it pays to be extra vigilant about your credit card information and identity as well.
  • Microsoft Security Intelligence Report

    Microsoft Security Intelligence Report

    Microsoft Security Intelligence Report Volume 20 | July through December, 2015 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. Copyright © 2016 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Authors Charlie Anthe Dana Kaufman Anthony Penta Cloud and Enterprise Security Azure Active Directory Team Safety Platform Nir Ben Zvi Nasos Kladakis Ina Ragragio Enterprise and Cloud Group Azure Active Directory Team Windows and Devices Group Patti Chrzan Daniel Kondratyuk Tim Rains Microsoft Digital Crimes Unit Azure Active Directory Team Commercial Communications Bulent Egilmez Andrea Lelli Paul Rebriy Office 365 - Information Windows Defender Labs Bing Protection Geoff McDonald Stefan Sellmer Elia Florio Windows Defender Labs Windows Defender Labs Windows Defender Labs Michael McLaughlin Mark Simos Chad Foster Identity Services Enterprise Cybersecurity Bing Group Nam Ng Roger Grimes Enterprise Cybersecurity Vikram Thakur Microsoft IT Group Windows Defender Labs Paul Henry Niall O'Sullivan Alex Weinert Wadeware LLC Microsoft Digital Crimes Unit Azure Active Directory Team Beth Jester Daryl Pecelj Terry Zink Windows Defender Microsoft IT Information
  • Microsoft Security Intelligence Report

    Microsoft Security Intelligence Report

    Microsoft Security Intelligence Report VOLUME 23 Table of Contents Foreword...............................................................................................III Section 3: Wrestling ransomware............................................29 Analysis and explanation................................................................................30 Executive Summary........................................................................IV Solutions and recommendations.................................................................34 Section 1: Breaking botnets.........................................................5 Additional noteworthy threat intelligence.........................36 Analysis and explanation.................................................................................6 Cloud threat intelligence................................................................................37 Solutions and recommendations...............................................................14 Endpoint threat intelligence..........................................................................41 Section 2: Hackers turning to easy marks..........................15 Conclusion............................................................................................52 Social engineering...........................................................................................16 Analysis and explanation...............................................................17 Authors and Contributors...........................................................53
  • Microsoft Security Intelligence Report

    Microsoft Security Intelligence Report

    Microsoft Security Intelligence Report Volume 12 July through December, 2011 www.microsoft.com/sir Microsoft Security Intelligence Report This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. Copyright © 2012 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. JULY–DECEMBER 2011 i Authors Dennis Batchelder David Felstead Ken Malcolmson Tim Rains Microsoft Protection Bing Microsoft Trustworthy Microsoft Trustworthy Technologies Computing Computing Paul Henry Shah Bawany Wadeware LLC Nam Ng Frank Simorjay Microsoft Windows Safety Microsoft Trustworthy Microsoft Trustworthy Platform Nitin Kumar Goel Computing Computing Microsoft Security Joe Blackbird Response Center Mark Oram Holly Stewart Microsoft Malware Microsoft Trustworthy Microsoft Malware Protection Center Jeff Jones Computing Protection Center Microsoft Trustworthy Eve Blakemore Computing Daryl Pecelj Matt Thomlinson Microsoft Trustworthy Microsoft IT Information Microsoft Trustworthy Computing Jimmy Kuo Security and Risk Computing Microsoft Malware Management Joe Faulhaber Protection Center Scott Wu Microsoft Malware Dave Probert Microsoft Malware Protection Center Marc Lauricella Microsoft
  • Computercorner

    Computercorner

    By Merle Windler, Thoroughbred Systems, Inc. CCoommppuutteerr CCoo rrnneerr computer is running slowly, it's because it has picked up one of the thousands of annoying, mischievous programs on the Internet. One doesn't have to do something wrong to get into trouble; sometimes just being in the wrong place at the wrong time allows trouble to come in. veryone would E likely agree that it would be foolish to have Being popular has a downside any computer on the Internet without Sometimes the problem is NOT these mischievous antivirus protection software installed. Hundreds of new programs we refer to as a virus, but rather the very viruses and malicious software programs are produced software installed on a computer to protect from them. everyday and are truly a threat to everyone who uses a The most popular and widely used antivirus programs computer, especially everyone tend to be a priority target for the using a computer on the Internet. many bad guys writing software But, sometimes the medicine is The most popular and intended to harm computer systems. worse than the ailment, when Symantec's Norton Antivirus is one of taking the wrong prescription for widely used antivirus these. In their case, to protect against one's needs. What does one do programs tend to be a this, their engineers have designed when the problem IS the antivirus their product to embed their software software or other protective priority target for the during the windows installation. The measures? many bad guys writing very complexity of this can make the Antivirus programs designed to software intended to Norton antivirus installation more help protect us from those who susceptible to corruption.
  • Microsoft Security Intelligence Report

    Microsoft Security Intelligence Report

    Microsoft Security Intelligence Report Volume 11 An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011 Microsoft Security Intelligence Report This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. Copyright © 2011 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. ii Authors Joe Faulhaber John Lambert Dave Probert Hemanth Srinivasan Microsoft Malware Protection Microsoft Security Microsoft Security Microsoft Malware Protection Center Engineering Center Engineering Center Center David Felstead Marc Lauricella Tim Rains Holly Stewart Bing Microsoft Trustworthy Microsoft Trustworthy Microsoft Malware Protection Computing Computing Center Paul Henry Wadeware LLC Aaron Margosis Mark E. Russinovich Matt Thomlinson Microsoft Public Sector Microsoft Technical Fellow Microsoft Security Response Jeff Jones Services Center Microsoft Trustworthy Weijuan Shi Computing Michelle Meyer Windows Business Group Jeff Williams Microsoft Trustworthy Microsoft Malware Protection Ellen Cram Kowalczyk Computing Adam Shostack Center Microsoft Trustworthy Microsoft Trustworthy
  • Microsoft Security Intelligence Report

    Microsoft Security Intelligence Report

    Microsoft Security Intelligence Report Volume 17 | January through June, 2014 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. Copyright © 2014 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Authors Dennis Batchelder Nam Ng Tim Rains Microsoft Malware Protection Microsoft Trustworthy Microsoft Trustworthy Center Computing Computing Joe Blackbird Niall O'Sullivan Jerome Stewart Microsoft Malware Protection Microsoft Digital Crimes Unit Microsoft Digital Crimes Unit Center Daryl Pecelj Holly Stewart Paul Henry Microsoft IT Information Microsoft Malware Protection Wadeware LLC Security and Risk Management Center Sriram Iyer Anthony Penta Todd Thompson Application and Services Group Windows Services Safety Microsoft IT Information Platform Security and Risk Management Jeff Jones Microsoft Trustworthy Simon Pope Terry Zink Computing Microsoft Trustworthy Exchange Online Protection Computing Aneesh Kulkarni Geoff McDonald Windows Services Safety Ina Ragragio Microsoft Malware Protection Platform Microsoft Malware Protection Center Center Marc Lauricella Microsoft Trustworthy Computing Contributors Tanmay Ganacharya Sean Krulewitch Takumi Onodera
  • The Wannacry Malware Attack

    The Wannacry Malware Attack

    The WannaCry Malware Attack Dear all, This alert is to provide guidance regarding malware variously named WannaCrypt, WannaCry, WannaCryptor, or Wcry. Please share this with your IT and Security teams to ensure they are fully aware, prepared and protecting your organization against the attack. On May 12, 2017, many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Microsoft is working to ensure we are taking all possible actions to protect our customers. Below we have given further details of the threat and steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today. In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Unfortunately, the malware appears to have affected computers that have not applied the patch for these vulnerabilities. While the attack is unfolding, we remind users to install MS17-010 if they have not already done so. Microsoft antimalware telemetry constantly monitors for such threats, and alerted us to this attack. These systems gave us the visibility and context around the attach, allowing Windows Defender Antivirus to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to protect many up-to-date systems against this malware. Steps to prevent and protect against this threat To get the latest protection from Microsoft, upgrade to Windows 10.
  • Microsoft Security Essentials

    Microsoft Security Essentials

    ::: E-NOVATIC - Le Blog ::: http://www.e-novatic.fr Le point sur l'offre sécurité gratuite de Microsoft et les nouveautés Depuis Windows Live OneCare, qui s'est avéré être un mauvais produit, Microsoft a parcouru bien du chemin pour arriver aujourd'hui à une gamme de produit de sécurité digne de ce nom: ForeFront (pour Exchange, ...) et Security Essentials, ... Aujourd'hui Microsoft a fait le choix d'offrir gratuitement à tous les possesseurs d'une licence légale (Windows Genuine Program) la possibilité de sécuriser son ordinateur personnel gratuitement. Tour d'horizon des solutions actuelles et des nouveautés.... Standalone System Sweeper Microsoft vient de mettre sur sa plateforme de test, une version BETA d'un Live-CD dédié à la détection de Rookits et de Malware (uniquement): Standalone System Sweeper. Je vais également profiter de ce billet pour faire un point sur la gamme "grand public" sécurité de Microsoft. Il est possible de créer des images ISO, des CD/DVD et des clés USB. La création du média engendre un téléchargement des dernières définitions de virus. Téléchargeable ici http://connect.microsoft.com/systemsweeper Microsoft Safety Scanner Cet outil est de type on-demand et permet donc manuellement et ponctuellement d'analyser votre ordinateur pour détecter d'éventuels viruses, spywares, et autres logiciels malicieux en complément d'un antivirus. L'expiration du produit est assez courte, 10 jours après son téléchargement, il ne sera plus possible de lancer le programme. Microsoft l'a décidé ainsi pour vous ayez toujours les
  • Microsoft Anti-Virus – Extortion, Expedience Or the Extinction of the Av Industry? Abrams

    Microsoft Anti-Virus – Extortion, Expedience Or the Extinction of the Av Industry? Abrams

    MICROSOFT ANTI-VIRUS – EXTORTION, EXPEDIENCE OR THE EXTINCTION OF THE AV INDUSTRY? ABRAMS MICROSOFT ANTI-VIRUS – any statistical information, anecdotally I have been told that there was a short-term impact on the sales of anti-virus software. EXTORTION, EXPEDIENCE OR Today, Microsoft is back in the anti-virus space. Any person THE EXTINCTION OF THE AV who believes that the new offering from Microsoft will be of the same quality as MSAV from DOS 6 is advised to leave the INDUSTRY? room now in order to acquire an aluminum (or aluminium) foil Randy Abrams hat. The foil hat may not help, but such people are bound to ESET LLC, USA believe it does! There is one interesting parallel between the old MSAV and the Email [email protected] new product offering; both are ‘bundled’ as utilities. MSAV was not available as a product separate from DOS 6, and as of this writing, the new Microsoft anti-virus is available only as a The views and opinions presented are strictly those of the suite – called Windows Live OneCare – which includes author and do not reflect the views and opinions of his anti-virus, anti-spyware, a firewall, backup, hard disk employer or Virus Bulletin. defragmentation, and also offers removal of ‘unnecessary files that can clog your PC’. ABSTRACT In 1993 Microsoft released MSDOS 6.0, which included EXTORTION Microsoft Anti-Virus, a re-branded and ill-conceived entry into Before continuing with my opinions of the product and the anti-virus industry. In 2003 Microsoft announced the predictions for the future, I would like to present the reason for acquisition of RAV anti-virus, and in late 2004 the acquisition the question ‘Is MSAV extortion?’, and the answer.
  • Microsoft Security Intelligence Report

    Microsoft Security Intelligence Report

    An in-depth perspective on software vulnerabilities and exploits, malware, potentially unwanted software, and malicious websites Microsoft Security Intelligence Report Volume 14 July through December, 2012 Microsoft Security Intelligence Report This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. Copyright © 2013 Microsoft Corporation. All rights reserved. Microsoft, the Microsoft logo, Active Directory, ActiveX, Bing, Forefront, Hotmail, Internet Explorer, MSDN, Outlook, the Security Shield logo, SmartScreen, System Center, Visual Basic, Win32, Windows, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. July–December 2012 i Authors Danielle Alyias Paul Henry Tim Rains Microsoft Trustworthy Computing Wadeware LLC Microsoft Trustworthy Computing Dennis Batchelder Jeff Jones Vidya Sekhar Microsoft Protection Technologies Microsoft Trustworthy Computing Microsoft Malware Protection Center Joe Blackbird Jimmy Kuo Holly Stewart Microsoft Malware Protection Center Microsoft Malware Protection Center Microsoft Malware Protection Center Joe Faulhaber Marc Lauricella Matt Thomlinson Microsoft Malware Protection
  • Untersuchung Der Erkennung Von Malware Auf Microsoft Systemen

    Untersuchung Der Erkennung Von Malware Auf Microsoft Systemen

    Bachelorarbeit Krisztina Ágota Gyarmati Untersuchung der Erkennung von Malware auf Microso Systemen Fakultät Technik und Informatik Faculty of Engineering and Computer Science Studiendepartment Informatik Department of Computer Science Krisztina Ágota Gyarmati Untersuchung der Erkennung von Malware auf Microsoft Systemen Bachelorarbeit eingereicht im Rahmen der Bachelorprüfung im Studiengang Angewandte Informatik am Department Informatik der Fakultät Technik und Informatik der Hochschule für Angewandte Wissenschaften Hamburg Betreuender Prüfer: Prof. Dr. Klaus-Peter Kossakowski Zweitgutachter: Prof. Dr.-Ing. Martin Hübner Eingereicht am: 31.05.2016 Krisztina Ágota Gyarmati Thema der Arbeit Untersuchung der Erkennung von Malware auf Microsoft Systemen Stichworte Malware, Malwareerkennung, Systemsicherheit, Microsoft, AV-Test, VirusTotal Kurzzusammenfassung Thema dieser Arbeit ist eine Analyse der Microsoft Malwareerkennung. Hierfür wird ein genauerer Blick auf die Microsoft Sicherheitstools geworfen. Microsoft hat oftmals bei den Sicherheitstests von AV-Test schlecht abgeschnitten. Diese Testverfahren verwenden Malware Samples. Eine Analyse dieser Samples soll zeigen, warum Microsoft eine schlechte Platzierung erreicht hat. Hierfür werden Malwareinformationen herangezogen, die von VirusTotal zur Verfügung gestellt werden. Daraufhin folgt eine Bewertung der Ergebnisse. Im Anschluss werden Lösungen für die Verbesserung der Malwareerkennung von Microsoft diskutiert. Krisztina Ágota Gyarmati Title of the paper A study about malware detection on Microsoft Systems Keywords Malware, malware detection, system security, Microsoft, AV-Test, VirusTotal Abstract The purpose of this work is an analysis of the Microsoft malware detection. Therefore a closer look at the Microsoft antimalware products is going to be taken. Microsoft often achieved poor results in security tests performed by AV-Test. These tests use malware samples. The analysis of those samples should indicate why Microsoft achieved a low ranking.