Problem solve Get help with specific problems with your technologies, process and projects.

How to prevent rogue antivirus programs in the enterprise

Rogue antivirus programs have preyed on users' fears for several years now, and their presence has increased. Learn how to keep them out of the enterprise.

Rogue antivirus programs have been one of the most successful attacker schemes, according to SANS. Why do you think so many people have fallen for these scams, and what are some best practices that can prevent my employees from downloading rogue antivirus software on enterprise machines?
Rogue antivirus programs have preyed on users' fears for several years now, and their presence has increased. As the mass media used scare tactics and warned of dangerous computer attacks, many have sought out cheap and easy ways to try to defend against threats. However, there are legitimate ways for employees to protect themselves.

Users should pause before clicking on a window and not install software download links from emails or websites that offer them something that's too good to be true. Unfortunately, this relies on your employees having "common sense," which is not a given. Users should make sure that they run up-to-date antimalware software, a personal firewall and an updated Web browser with antiphishing features. It is also important to have patched applications and a patched OS. All auto-update features should be enabled as well. Users could also ask their ISPs to provide them with a service (for free or a minimal cost) that filters out known malware. There are several best practices enterprises can use to prevent employees from downloading rogue AV on enterprise machines. First is to provide basic security awareness training about the risks involved with installing questionable software.

From a technical perspective, your enterprise should try to address the issues with filtering malware, but malicious code will find its way through these filters or other layers of protection. Users should run as limited users with least permissions and user rights (not as administrators or power users) and follow the best practices mentioned above. Without the user permissions or rights, malicious code usually is unable to effectively infect the system. For example, many rogue antivirus programs require users install software on their computers, and without this type of access, users can avoid getting infected. Not all rogue antivirus programs require users to install software and some exploit vulnerabilities on the computer.

Ultimately though, security education training and awareness among employees is the first and last line of defense against rogue antimalware software, but not the only one, since proper policy and technical controls can also serve to reduce the threat.

This was last published in December 2009

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.