What is Malicious Software ?

Malicious software, such as viruses, worms and Trojan horses, deliberately harm a computer and is sometimes referred to as malware. Spyware is a general term used to describe software that performs certain behaviors such as advertising, collecting personal information, or changing the configuration of the computer, generally without appropriately obtaining consent first. Other kinds of spyware make changes to the computer that are annoying and cause the computer to slow down or stop responding.

There are a number of ways spyware or other unwanted software appears on a computer, including software flaws and some Web browsers. A common method is to covertly install the software during the installation of other software that you want to install. Preventing the installation of malicious software requires that you understand the purpose of the software you intend to install, and you have agreed to install the software on the computer. When you install an application, read all disclosures, the license agreement, and the privacy statement. Sometimes the inclusion of unwanted software is documented, but it might appear at the end of a license agreement or privacy statement.

Consider the following scenario: You are deploying Windows 7 throughout the organization. To decide upon which operating system features to implement, you need to understand security risks that might be relevant to the organization. Take part in a class discussion about this scenario.

Question 1: What are common security risks that you must consider when deploying a new operating system?

Answer

During a desktop deployment, it is important to address any security risks that affect application compatibility, data loss, and user functionality. Some of the more common security risks are categorized as follows:

* Malware risks: Viruses, Trojan horses, spyware
* Data risks: Stolen laptops or removable universal serial bus (USB) hard drives
* Web browser risks: Malicious Web sites, phishing
* Network risks: Internal worm attacks, internal workstations that do not comply with organizational security policies

Question 2: How can you be sure that you have addressed the appropriate security risks before and after a desktop deployment?

Answer

Conduct a structured security risk management process that will help you to identify and assess risk, identify and evaluate control solutions, implement the controls, and then measure the effectiveness of the mitigation. Identifying security risks before a desktop deployment helps you to be proactive in mitigating and implementing solutions.