Down with the Lingo:  Malicious Software

September 25 2009

Applying an old adage to business IT, you could say that “A man’s network is his castle” (same goes for a woman, presumably).

Once you have a castle, you have to worry about defending it against invaders who want to get in and plunder your riches. In network terminology, these hostile forces are known as “malware,” short for “malicious software.”

Hackers create malware both for the thrill of it and because they make money by conveying your private data to black-market buyers. Some leave destruction in their wake, while others work stealthily under the radar. Their strategies for breaching your defenses take several forms:

Viruses: These are rogue programs or scripts that can hitchhike a ride into your system with any executable file you bring in (an .exe or similar program file). When you run the file, the virus does its thing, which could involve trashing your computer, mining your data, or attacking other systems. The infectious nature of these rogue programs is what defines them as viruses, but the damage they leave behind is what you’ll remember most.

Certain viruses, known as worms, don’t need to cloak themselves inside executable files to spread— they can do it all on their own. Once a worm gets into a system, it looks for other systems on the network. If they are hospitable, it replicates itself there. Because of their autonomy, worms spread rapidly and can bring down entire networks in short order.

Trojan Horses (“Trojans”) are viruses masquerading as helpful accessory software (plug-ins or add-ons for programs on your system). Once through the gate, they download their malicious contents. They are a good reason not to download anything from the Web unless you are 100% confident of its source. If in doubt, it pays to double-check!

To protect against viruses, you must stay vigilant at all ports of entry. Executable files can come in as e-mail attachments, web downloads, new software, and shared files, among other forms. Running an unknown file attached to an e-mail or the Web is like letting down the drawbridge to an invading army. Don’t do it!

Multi-tier security systems are vital to securing your environment, but smart user choices remain a key component.