Malware can be fought using antivirus software, which is specifically designed to detect and remove malicious code, or, better yet, prevent it from being installed on your computer in the first place. Antivirus software first became available in the mid-1980s, when virus creation became a problem. The name is a bit misleading in that modern antivirus software protects you from many kinds of malware, not just viruses.

There are dozens of competing developers of antivirus software: Norton, McAfee, and Symantec are three of the most popular brands. If you haven’t done so already, you should research your antivirus software options carefully, then install and use your favorite.

Some antivirus software works using signature detection. This approach generally works only when a known malware program has been identified and analyzed. Signature detection software looks for recognizable patterns of particular malware within executable code. That is, once a piece of malware is identified, key patterns in the executable version are noted. Then, when you do a scan of your hard drive or try to install a new piece of software, the antivirus software attempts to find those patterns. If a match is found, an alarm is raised.

An extension of the signature detection approach to antivirus software uses heuristics to identify potentially malicious code. The trouble with some malware is that it might deliberately mutate to make itself less recognizable. A heuristic approach looks for more general patterns than the strict signature detection approach, so that it hopefully can detect an entire family of similar malware.

It’s important that you keep your antivirus software up to date. The companies that make antivirus software are constantly updating their database of signatures and heuristics to detect new malware.

A computer system can be attacked in many different ways. Some attacks attempt to gain inappropriate access, whereas others exploit development flaws. Still others rely on the vulnerabilities of digital communication. Let’s examine the general characteristics of each type.

Earlier in this chapter we discussed the importance of picking good passwords and keeping them well guarded. Some attacks perform password guessing by repeatedly trying to log in to a system or application using different passwords. It might be impractical for a human to try many passwords individually, but a computer program can attempt thousands of potential passwords each second in a “brute force” fashion. These programs will often try every word in an online dictionary, combinations of words, and various other character combinations, to see whether they can eventually find your password. To partially address this problem, some authentication systems will allow a user to attempt to enter a password only a few times without success, and then will terminate the session.

Instead of guessing a password, other attacks will attempt to trick you into divulging that information willingly. Phishing is a technique that uses a web page that looks like an official part of some trusted environment, but is actually a page designed to collect key information such as user-names and passwords. For example, you might receive an email, supposedly from eBay, suggesting that there is business you need to take care of and presenting a link for you to follow. The resulting web page would ask you to log in, but instead of giving you access to your eBay account, the page simply transmits that information to a malicious user who will use it to gain inappropriate access to your account.

Some phishing schemes are very clever and look very official. Beware of any situation in which you are contacted (instead of you initiating the contact) and requested to provide security information. That will almost never happen with a reputable company. And if you are ever sent an email containing a link they encourage you to follow, scrutinize the link’s true destination (the URL) carefully. (You can usually hover the mouse pointer over the link to show the URL.) That often gives away the fact that you would not be sent to a valid site.

Both password guessing and phishing are ways for a hacker to “spoof” a computer system. Spoofing, in general, is an attack that allows one user to masquerade as another.

A back door is a feature of a program that allows special access to a computer system or application, usually granting high levels of functional privileges. A programmer explicitly puts a back door into a system, perhaps for benign testing purposes, or perhaps for the unscrupulous intent to bypass the system security at a later point. In either case, a back door is a vulnerability that is deliberately integrated into a program and, therefore, might not raise any security flags. The key to protecting against back door attacks is a high-quality development process, in which careful code reviews by multiple participants minimize such abuses.

The development process can be the source of other security problems as well. A system defect, though unintentional, might allow a clever attacker to exploit the weakness. One such flaw allows a user to create a buffer overflow, which causes a program to crash and could leave the user in a state with increased authority levels—and thus with the ability to do things he or she couldn’t do otherwise. A buffer is simply an area of memory of a particular size. If a program attempts to store more information than a buffer can accommodate, a system crash could occur.

This problem is another issue related to the quality of the development process. Programmers should carefully guard against the potential for buffer overflows. As a user, you should also make a point of staying current with updates to your programs. Often these updates contain fixes that eliminate potential security risks that eluded the initial quality assurance process during development.

A denial of service (DoS) attack does not directly corrupt data or give inappropriate access. Instead, it renders a system essentially useless by keeping a valid user from being able to access the resource. Usually, a DoS attack is network based, caused by flooding a website or other network resource with communication packets that keep it so busy it cannot deal with authorized users. It may even cause the system itself to crash due to the sheer volume of requests for its attention.

Another network-based security problem is called the man-in-the-middle attack. Network communication goes through many locations and devices as it moves from its source to its destination. Usually, such communication is passed along as appropriate without a problem. A manin-the-middle attack occurs when someone has access to the communication path at some point in the network and “listens,” usually with the help of a program, to the traffic as it goes by. The goal is to intercept key information, such as a password being transmitted as part of an email message. The encryption methods discussed in the previous section can guard against these problems.