Zombie computers – this is what security experts call computers infected with malware. The industry has always had a difficult time keeping up with the new types of malware, ensuring the threats are kept down. However, there’s now a new approach that looks promising in controlling a zombie outbreak for good. It’s called containerization.
There are certain kinds of malware that make your computer an unwilling slave to its commands. It produces a zombie-like machine that runs without your knowledge and allows cyber-attackers to use your computer to send out viruses, spam, and spyware to anywhere in the world.
This means that your computer, at this moment, could be a part of a botnet that steals private information, sends out email spam, or spreads malware.
How do computers become zombies? There are many ways it can be done, but the most common is a trojan virus that has been installed through a malicious email attachment or drive-by downloads from an infected website.
For example, should you download and open a deceptively harmless email attachment, the trojan will get set up in the background and give the attacker complete access to your computer. When computer has no anti-malware software to protect it, or if it isn’t constantly updated, users put themselves at a risk of zombie outbreak.
If you want to safeguard your computer from a zombie infection – online and offline – then you need to implement a four-layer approach.
Firewalls and filters
About 80 percent of corporate infections come from webpage links in emails or email attachments. This means you should have an email filter to establish your pre-perimeter defenses.
Be sure that your software is updated automatically to ensure real-time updates of virus patterns. Use both a webpage and a spam filter, so that access to known infected pages is limited or rejected.
When you have pre-perimeter defenses set up, make sure you properly configure the network’s firewall or the unified threat management tool. Firewall rules shouldn’t allow for unsolicited inbound or outbound traffic.
Unified threat management tools with anti-virus gateway will help recognize infected attachments that the anti-spam filter can overlook. You should also set up an intrusion detection system that monitors network access or has deep packet inspection (DPI).
It’s time to pay attention to the internal defenses. Although your antivirus plays an important role in protecting the system, it may not be enough as it is. In the event of malware reaching your PC, it’s vital to stop the infection at its source – the infected webpage, email attachment, or USB stick.
What you need is a tool that will blacklist files known to be malicious. It also must possess a whitelist to recognize the harmless files and not hinder processes associated with them. But this is not yet a bulletproof defense.
Here we introduce automatic containment. It’s one of the most important weapons in your arsenal because it’ll quarantine and contains files.
Containerization will change the default method of dealing with unknown files. Rather than letting them operate as they please, it’ll automatically quarantine them into a virtualized area of your computer, where these files can be analyzed and flagged as safe or malicious.
Containerization is actually a security mechanism that will isolate a running program in an environment with tight control. It’s similar to whitelisting as it uses a default-deny tactic that limits access of unknown apps to key folders, files, and settings.
When you contain a program, it keeps the malware from installing any zombie utilities onto the system. While blacklists are unable to protect against new zombie threats because they’re not yet recognized, containerization can stop them. Should malicious software be downloaded, it’ll be quarantined and unable to go any further.
The default-deny approach for containers is to refuse all zombie-containing files to install or execute outside the container, unless the user gives permission to do so, or when the file has binaries that are deemed safe.
Backing up your data
Your final defense layer is to back up your system’s critical information. Therefore, if zombies manage to get through, you can “nuke the site from orbit” and start from scratch. Sure, you probably don’t want to do this, but sometimes there is no other choice.
The idea is to keep computers from being a part of the zombieland of malware, botnets, and other malicious programs that can devastate them. With this new four-layer containment approach, you can save yourself a lot of headache.
Using the containerization method along with conventional anti-virus tools, whitelists, and backups gives users the ability to access and work with files in virtual environment. It all boils down to total protection – no loss in money, productivity, or time.
[Featured image credit: Manifest Destiny Vol. 3 Artists]