Table of Contents=> Go Directly
Chapter 4-SECURITY TOOLS
“Patches and Cyber Hygiene are the two keys for Securing Cyberspace”
You can find a lot of security tools on the Internet. But it is hard to find the right tool for the right job.
Real-time protection, on-access scanning, background guard, resident shield, autoprotect, and other synonyms refer to the automatic protection provided by most antivirus, antispyware, and other antimalware programs, which is arguably their most important feature. This monitors computer systems for suspicious activity such as computer viruses , spyware, adware, and other malicious objects in ‘real-time’, in other words while data is coming into the computer (for example when inserting a CD, opening an email, or browsing the web) or when a file already on the computer is opened or executed, in other words loaded into the computer’s active memory. This means all data in files already on the computer is analysed each time that the user attempts to access the files. This can prevent infection by not yet activated malware that entered the computer unrecognised before the antivirus received an update. Real-time protection and its synonyms are used in contrast to the expression “on-demand scan” or similar expressions that mean a user-activated scan of part or all of a computer.
These are programs that help prevent spyware and other potentially unwanted software from running on your computer.
Alternatively referred to as antivirus software, AVS, antivir, or just AV. An antivirus program is a software utility designed to protect your computer or network against computer viruses. If and when a virus is detected, the computer displays a warning asking what action should be done, often giving the options to remove, ignore, or move the file to the vault. Most software described as antivirus also works against other types of malware.
If a virus infects a computer without an antivirus program, it may delete files, prevent access to files, send spam, spy on you, or perform other malicious actions. In some situations, a computer may not meet the requirements of a virus, and the computer is only used to help spread the virus to other computers that may meet the requirements.
Today, there are dozens of different companies and antivirus products available for computers, servers, and even phones. New versions of Microsoft Windows even include Windows Defender, which with the latest versions of Windows can defend against computer viruses. Other well-known antivirus programs are listed bellow…
ANTI-ROOT KIT SOFTWARE
An anti rootkit is a tool designed to identify various threats like rogue and suspicious processes, hooks or modules, registry keys, modified files, and known/unknown rootkits. This is usually achieved through techniques like identification of process hooks, examination of device drivers, digital signatures and network activity on the system under observation.
There exists much confusion between the terms malware and rootkit. In the context of malware, the rootkit is a part of the malware which ensures that a cyber miscreant maintains his access to the infected system. Even if the main malware engine is removed from the infected system, it can be reinfected using the rootkit.
A typical example of a kernel mode rootkit is a kernel device driver file, say rootkit.sys. This file uses the registry to load itself during system boot, and then monitors for events like registry changes, new processes, registry of new file systems, and removable media like USB drives. Historically, the term originated when miscreants started to use modified binaries to maintain superuser access “root” on Unix systems.
These are software’s that help detect Trojans that keep themselves, other files, registry keys and network connections hidden from detection.
Antimalware (anti-malware) is a type of software program designed to prevent, detect and remove malicious software (malware) on IT systems, as well as individual computing devices
Antimalware software protects against infections caused by many types of malware, including all types of viruses, as well as rootkits, ransomware and spyware. Antimalware software can be installed on an individual computing device, gateway server or dedicated network appliance. It can also be purchased as a cloud service — such as McAfee’s CloudAV product — or be embedded in a computing device’s firmware.
Antimalware software uses three strategies to protect systems from malicious software, including signature-based malware detection, behavior-based malware detection and sandboxing. These techniques protect against threats from malware in different ways.
Many antimalware tools depend on signature-based malware detection. Malicious software can be identified by comparing a hash of the suspicious code with a database of hashes of known malware. Signature-based detection uses a database of known malware definitions to scan for malware.
When the antimalware software detects a file that matches the malware signature, it flags it as potential malware. Malware detection based on signatures can only identify known malware.
Ransomware is created by scammers who are highly knowledgeable in computer programming. It can enter your PC through an email attachment or through your browser if you happen to visit a website that is infected with this type of malware. It can also access your PC via your network.
The most dangerous ransomware attacks are caused by WannaCry, Petya, Cerber, Locky and CryptoLocker ransomware.
It’s obvious when your device has been infected with ransomware, since you most likely won’t be able to access your computer.
Make use of your antivirus software’s ransomware removal tool, which should scan for and wipe out any ransomware attempts found on your computer.
You can download free anti-ransomware tools below. These tools will remove ransomware viruses from your computer and decrypt any files that have been encrypted in the attack. They’ll also inform you about the types of ransomware and show you what they look like.
If you want to monitor your environment you can use these monitor tools to find out what is happening in your environment.
Ethernet sniffer or wireless sniffer is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network.
In computing, firewall is software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on applied rule set.