Users should pause before clicking on a window and not install software download links from emails or websites that offer them something that's too good to be true. Unfortunately, this relies on your employees having "common sense," which is not a given. Users should make sure that they run up-to-date antimalware software, a personal firewall and an updated Web browser with antiphishing features. It is also important to have patched applications and a patched OS. All auto-update features should be enabled as well. Users could also ask their ISPs to provide them with a service (for free or a minimal cost) that filters out known malware. There are several best practices enterprises can use to prevent employees from downloading rogue AV on enterprise machines. First is to provide basic security awareness training about the risks involved with installing questionable software.
From a technical perspective, your enterprise should try to address the issues with filtering malware, but malicious code will find its way through these filters or other layers of protection. Users should run as limited users with least permissions and user rights (not as administrators or power users) and follow the best practices mentioned above. Without the user permissions or rights, malicious code usually is unable to effectively infect the system. For example, many rogue antivirus programs require users install software on their computers, and without this type of access, users can avoid getting infected. Not all rogue antivirus programs require users to install software and some exploit vulnerabilities on the computer.
Ultimately though, security education training and awareness among employees is the first and last line of defense against rogue antimalware software, but not the only one, since proper policy and technical controls can also serve to reduce the threat.
This was first published in December 2009