Problem solve Get help with specific problems with your technologies, process and projects.

How to stop keylogging malware with more than basic antivirus software, firewalls

Nick Lewis reviews two main desktop-oriented defenses that could be used to stop more sophisticated code like keylogging malware.

With the number of password-stealing and keylogging malware increasing by nearly 400% between 2007 and 2008, what defenses should be used to stop the more sophisticated code, aside from the basic antivirus software and firewalls?
There are two main desktop-oriented defenses that could be used to stop more sophisticated code like keylogging malware, aside from the basic antivirus software and firewalls. Basic firewalls and antivirus have served the security community well, but they are showing their age as more sophisticated code and new advanced threats are developed. For example, the rapid spread of new, undetected malicious code and targeted attacks has illustrated how releasing detection definitions after an attack does little to prevent it. The improvements recently made to combat malware are still just advances in the existing antimalware protections, but there are developing improvements in operating systems security and secure applications that may be valuable in the long run.

The first defense involves new developments in basic antivirus software. Some antivirus products have new functionality for rootkit and spyware detection, outbound attack detection, and real-time checking against the cloud. Some of these advances have been included with basic antivirus for many years, but their effectiveness has been improving. The traditional signature-based antivirus detection has been bypassed by new and improved capabilities. One of the recent improvements is real-time checking against the cloud to determine if code about to execute is malware. This can be done by creating a hash of the file, sending the hash to the cloud, checking to see if the hash is known malicious code, suspicious code, or known good code, and then either blocking, asking the user, or allowing it to execute. The user responses are collected to score the file as malicious code or known good code. These features are now starting to gain more widespread acceptance by the security community and end users.

The other main defense that could be used to stop more sophisticated code is whitelisting. More advanced users or enterprises can use whitelists to limit only approved executables from running. While this tactic has potentially significant start-up costs and requires ongoing management to approve new software, it can stop malware from infecting a computer. Some new whitelisting software is like the previously mentioned software that checks malware against the cloud; new whilelisting software verifies in the cloud if executable code is approved and then lets it execute.

This was last published in December 2009

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.