计算机英语（下篇共上中下3篇）

1BasicComponents2ThreatsandAttacks3SecurityStrategy4MeasurestoProtectComputerSecurity5MalwareLeadin

Thetermcomputersecurityisusedfrequently,butthecontentofacomputerisvulnerabletofewrisksunlessthecomputerisconnectedtoothercomputersonanetwork.Astheuseofcomputernetworks,especiallytheInternet,hasbecomepervasive,theconceptofcomputersecurityhasexpandedtodenoteissuespertainingtothenetworkeduseofcomputersandtheirresources.1BasicComponents

ThemajortechnicalareasofcomputersecurityareusuallyrepresentedbytheinitialsCIA:confidentiality,integrity,andavailability.BasicComponents1

Confidentialityistheconcealmentofinformationorresources.Theneedforkeepinginformationsecretarisesfromtheuseofcomputersinsensitivefieldssuchasgovernmentandindustry.Forexample,militaryandcivilianinstitutionsinthegovernmentoftenrestrictaccesstoinformationtothosewhoneedthatinformation.Asafurtherexample,alltypesofinstitutionskeeppersonnelrecordssecret.Accesscontrolmechanismssupportconfidentiality.Oneaccesscontrolmechanismforpreservingconfidentialityiscryptography,whichscramblesdatatomakeitincomprehensible.BasicComponents1Confidentiality

Integrityreferstothetrustworthinessofdataorresources,anditisusuallyphrasedintermsofpreventingimproperorunauthorizedchange.Integrityincludesdataintegrity(thecontentoftheinformation)andoriginintegrity(thesourceofthedata,oftencalledauthentication).Workingwithintegrityisverydifferentfromworkingwithconfidentiality.Withconfidentiality,thedataiseithercompromisedoritisnot,butintegrityincludesboththecorrectnessandthetrustworthinessofthedata.Theoriginofthedata(howandfromwhomitwasobtained),howwellthedatawasprotectedbeforeitarrivedatthecurrentmachine,andhowwellthedataisprotectedonthecurrentmachineallaffecttheintegrityofthedata.BasicComponents1Integrity

Availabilityreferstotheabilitytousetheinformationorresourcedesired.Availabilityisanimportantaspectofreliabilityaswellasofsystemdesignbecauseanunavailablesystemisatleastasbadasnosystematall.Theaspectofavailabilityrelevanttosecurityisthatsomeonemaydeliberatelyarrangetodenyaccesstodataortoaservicebymakingitunavailable.“Denialofservice(DoS)”attacksareattacksagainstavailability.BasicComponents1Availability2ThreatsandAttacks

Athreatisapotentialviolationofsecurity.Anattackisanyattempttodestroy,expose,alter,disable,stealorgainunauthorizedaccesstoormakeunauthorizeduseofanasset.Thosewhoexecuteattacks,orcausethemtobeexecuted,arecalledattackers.Passiveattackandactiveattackaretwotypesofattacks.Apassiveattackattemptstolearnormakeuseofinformationfromthesystembutdoesnotaffectsystemresourceswhereasanactiveattackattemptstoaltersystemresourcesoraffecttheiroperation.Thethreesecurityservicesconfidentiality,integrity,andavailabilitycounterthreatstothesecurityofasystem.Belowweintroducecommonthreats.ThreatsandAttacks2ThreatsandAttacks2Snooping01

Snoopingisanunauthorizedinterceptionofinformation.Itispassive,suggestingsimplythatsomeentityislisteningto(orreading)communicationsorbrowsingthroughfilesorsysteminformation.Wiretapping,orpassivewiretapping,isaformofsnoopinginwhichanetworkismonitored.(Itiscalled“wiretapping”becauseofthe“wires”thatcomposethenetwork,althoughthetermisusedevenifnophysicalwiringisinvolved.)Confidentialityservicescounterthisthreat.ThreatsandAttacks2

Modificationoralterationisanunauthorizedchangeofinformation.Unlikesnooping,modificationisactive;itresultsfromanentitychanginginformation.Activewiretappingisaformofmodificationinwhichdatamovingacrossanetworkisaltered;theterm“active”distinguishesitfromsnooping.Anexampleistheman-in-the-middle(MITM)attack,inwhichanintruderreadsmessagesfromthesenderandsends(possiblymodified)versionstotherecipient,inthehopethattherecipientandthesenderwillnotrealizethepresenceoftheintermediary.[1]Integrityservicescounterthisthreat.02ModificationThreatsandAttacks2

Masqueradingorspoofingisanimpersonationofoneentitybyanother.Itluresavictimintobelievingthattheentitywithwhichitiscommunicatingisadifferententity.Forexample,ifausertriestologintoacomputeracrosstheInternetbutinsteadreachesanothercomputerthatclaimstobethedesiredone,theuserhasbeenspoofed.Similarly,ifausertriestoreadafile,butanattackerhasarrangedfortheusertobegivenadifferentfile,anotherspoofhastakenplace.Thismaybeapassiveattack(inwhichtheuserdoesnotattempttoauthenticatetherecipient,butmerelyaccessesit),butitisusuallyanactiveattack(inwhichthemasqueraderissuesresponsestomisleadtheuseraboutitsidentity).Althoughprimarilydeception,itisoftenusedtousurpcontrolofasystembyanattackerimpersonatinganauthorizedmanager.[2]Integrityservicescounterthisthreat.03MasqueradingThreatsandAttacks2

Repudiationoforiginisafalsedenialthatanentitysent(orcreated)something.Forexample,supposeacustomersendsalettertoavendoragreeingtopayalargeamountofmoneyforaproduct.Thevendorshipstheproductandthendemandspayment.Thecustomerdenieshavingorderedtheproductandbylawisthereforeentitledtokeeptheunsolicitedshipmentwithoutpayment.Thecustomerhasrepudiatedtheoriginoftheletter.Ifthevendorcannotprovethatthelettercamefromthecustomer,theattacksucceeds.Avariantofthisisdenialbyauserthathecreatedspecificinformationorentitiessuchasfiles.Integritymechanismscopewiththisthreat.04RepudiationofOriginThreatsandAttacks2

Denialofservice(DoS)isalong-terminhibitionofservice.Theattackerpreventsaserverfromprovidingaservice.Thedenialmayoccuratthesource(bypreventingtheserverfromobtainingtheresourcesneededtoperformitsfunction),atthedestination(byblockingthecommunicationsfromtheserver),oralongtheintermediatepath(bydiscardingmessagesfromeithertheclientortheserver,orboth).Thisthreatisprobablythenastiest,andmostdifficulttoaddress.Itspremiseissimple:sendmorerequeststothemachinethanitcanhandle.Forexample,ifthehostisabletoanswer20requestspersecondandtheattackerissending50requestspersecond,obviouslythehostwillbeunabletoservealloftheattacker'srequests,muchlessanylegitimaterequests.Availabilitymechanismscounterthisthreat.05DenialofService3SecurityStrategySecurityStrategy3

Preventionmeansthatanattackwillfail.Forexample,ifoneattemptstobreakintoahostovertheInternetandthathostisnotconnectedtotheInternet,theattackhasbeenprevented.Typically,preventioninvolvesimplementationofmechanismsthatuserscannotoverrideandthataretrustedtobeimplementedinacorrect,unalterableway,sothattheattackercannotdefeatthemechanismbychangingit.Preventativemechanismsoftenareverycumbersomeandinterferewithsystemusetothepointthattheyhindernormaluseofthesystem.Butsomesimplepreventativemechanisms,suchaspasswords(whichaimtopreventunauthorizedusersfromaccessingthesystem),havebecomewidelyaccepted.Preventionmechanismscanpreventcompromiseofpartsofthesystem;onceinplace,theresourceprotectedbythemechanismneednotbemonitoredforsecurityproblems,atleastintheory.SecurityStrategy31Prevention

Detectionismostusefulwhenanattackcannotbeprevented,butitcanalsoindicatetheeffectivenessofpreventativemeasures.Detectionmechanismsacceptthatanattackwilloccur;thegoalistodeterminethatanattackisunderway,orhasoccurred,andreportit.Theattackmaybemonitored,however,toprovidedataaboutitsnature,severity,andresults.Typicaldetectionmechanismsmonitorvariousaspectsofthesystem,lookingforactionsorinformationindicatinganattack.Agoodexampleofsuchamechanismisonethatgivesawarningwhenauserentersanincorrectpasswordthreetimes.Theloginmaycontinue,butanerrormessageinasystemlogreportstheunusuallyhighnumberofmistypedpasswords.Detectionmechanismsdonotpreventcompromiseofpartsofthesystem,whichisaseriousdrawback.Theresourceprotectedbythedetectionmechanismiscontinuouslyorperiodicallymonitoredforsecurityproblems.SecurityStrategy32Detection

Recoveryhastwoforms.Thefirstistostopanattackandtoassessandrepairanydamagecausedbythatattack.Asanexample,iftheattackerdeletesafile,onerecoverymechanismwouldbetorestorethefilefrombackuptapes.Inpractice,recoveryisfarmorecomplex,becausethenatureofeachattackisunique.Thus,thetypeandextentofanydamagecanbedifficulttocharacterizecompletely.Moreover,theattackermayreturn,sorecoveryinvolvesidentificationandfixingofthevulnerabilitiesusedbytheattackertoenterthesystem.Insomecases,retaliation(byattackingtheattacker’ssystemortakinglegalstepstoholdtheattackeraccountable)ispartofrecovery.Inallthesecases,thesystem’sfunctioningisinhibitedbytheattack.Bydefinition,recoveryrequiresresumptionofcorrectoperation.SecurityStrategy33Recovery

Inthesecondformofrecovery,thesystemcontinuestofunctioncorrectlywhileanattackisunderway.Thistypeofrecoveryisquitedifficulttoimplementbecauseofthecomplexityofcomputersystems.Itdrawsontechniquesoffaulttoleranceaswellastechniquesofsecurityandistypicallyusedinsafety-criticalsystems.Itdiffersfromthefirstformofrecovery,becauseatnopointdoesthesystemfunctionincorrectly.However,thesystemmaydisablenonessentialfunctionality.Ofcourse,thistypeofrecoveryisoftenimplementedinaweakerformwherebythesystemdetectsincorrectfunctioningautomaticallyandthencorrects(orattemptstocorrect)theerror.[3]SecurityStrategy33Recovery4MeasurestoProtectComputerSecurityMeasurestoProtectComputerSecurity4

Securityisconcernedwithprotectinginformation,hardware,andsoftware.Securitymeasuresconsistofencryption,restrictingaccess,anticipatingdisasters,andmakingbackupcopies.MeasurestoProtectComputerSecurity401020304Encryption

Wheneverinformationissentoveranetwork,thepossibilityofunauthorizedaccessexists.Thelongerthedistancethemessagehastotravel,thehigherthesecurityriskis.Thus,itisofgreatnecessityforindividualsandorganizationstoencrypttheirdata.Encryption,thetranslationofdataintoasecretcode,isthemosteffectivewaytoachievedatasecurity.Toreadanencryptedfile,onemusthaveaccesstoasecretkeyorpasswordthatenableshim/hertodecryptit.Therearetwomaintypesofencryption:symmetricencryptionandasymmetricencryption(alsocalledpublic-keyencryption).MeasurestoProtectComputerSecurity401020304Encryption

Theadvantageofusingsymmetricencryptionliesinitsfastencryptionanddecryptionprocesses(whencomparedwithasymmetricencryptionatthesamesecuritylevel).Thedisadvantagesare,first,theencryptionkeymustbeexchangedbetweentwopartiesinasecurewaybeforesendingsecretmessages.Secondly,onemustusedifferentkeyswithdifferentparties.Forexample,ifAcommunicateswithB,C,DandE,Ashoulduse4differentkeys.Otherwise,BwillknowwhatAandCaswellasAandDhasbeentalkingabout.ThedrawbacksofsymmetrickeyencryptionmakeitunsuitabletobeusedintheInternet,becauseit’sdifficulttofindasecurewaytoexchangetheencryptionkey.MeasurestoProtectComputerSecurity401020304Encryption

Forasymmetricencryption,thereisapairofkeysforeachparty:apublickeyandaprivatekey.Thepublickeyisfreelyavailabletothepublic,butonlythekeyownergetsholdoftheprivatekey.Messagesencryptedbyapublickeycanonlybedecryptedbyitscorrespondingprivatekey,andviceversa.WhenAsendsmessagetoB,AfirstgetsB'spublickeytoencryptthemessageandsendsittoB.Afterreceivingthemessage,Buseshisprivatekeytodecryptthemessage.Theadvantagecomesinthepublickeyfreelyavailabletothepublic,hencefreefromanykeyexchangeproblem.

MeasurestoProtectComputerSecurity401020304Encryption

Thedisadvantageistheslowencryptionanddecryptionprocess.AlmostallencryptionschemesusedintheInternetusesasymmetricencryptionforexchangingthesymmetricencryptionkey,andsymmetricencryptionforbetterperformance.Businesseshavebeenencryptingmessagesforyears.Individualsarealsousingencryptingprogramstosafeguardtheirprivatecommunications.OneofthemostwidelyusedpersonalencryptionprogramsisPrettyGoodPrivacy(PGP).PGPisanE-mailencryptionscheme.Itprovidessecurityservicessuchasprivacy,senderauthentication,messageintegrityandnon-repudiation.Alongwiththesesecurityservices,italsoprovidesdatacompressionandkeymanagementsupport.MeasurestoProtectComputerSecurity4

Securityexpertsareconstantlydevisingwaystoprotectcomputersystemsfromaccessbyunauthorizedpersons.Sometimessecurityisamatterofputtingguardsoncompanycomputerroomsandcheckingtheidentificationofeveryoneadmitted.Oftentimesitisamatterofbeingcarefulaboutassigningpasswordstopeopleandofchangingthemwhenpeopleleaveacompany.Passwordsaresecretwordsornumbersthatmustbekeyedintoacomputersystemtogainaccess.Insome“dial-back”computersystems,theusertelephonesthecomputer,punchesinthecorrectpassword,andhangsup.Thecomputerthencallsbackatacertainpreauthorizednumber.01020304RestrictingAccessMeasurestoProtectComputerSecurity4

Mostmajorcorporationstodayusespecialhardwareandsoftwarecalledfirewallstocontrolaccesstotheirinternalcomputernetworks.Thesefirewallsactasasecuritybufferbetweenthecorporation'sprivatenetworkandallexternalnetworks,includingtheInternet.Alldatapacketsenteringorleavingtheinternalnetworkpassthroughthefirewall,whichexamineseachpacketandblocksthosethatdonotmeetthespecifiedsecuritycriteria.Firewalliscategorizedintothreebasictypes:packetfiltering,applicationgatewaysandcircuit-levelgateways.01020304RestrictingAccessMeasurestoProtectComputerSecurity4PacketfilteringisatechniquewherebyroutershaveACL(AccessControlLists,atableofpacketfilterrules).Bydefault,arouterwillpassalltrafficsenttoit,andwilldosowithoutanysortofrestrictions.EmployingACLsisamethodforenforcingasecuritypolicywithregardtowhatsortsofaccessusersallowtheoutsideworldtohavetousers'owninternalnetwork,andviceversa.[4]Packetsbelongingtoexistingconnectionsarecomparedtothefirewall'sstatetableofopenconnections,anddecisiontoalloworblockistaken.Thisprocesssavestimeandprovidesaddedsecurityaswell.Nopacketisallowedtotrespassthefirewallunlessitbelongstoalreadyestablishedconnection.01020304RestrictingAccessMeasurestoProtectComputerSecurity401020304RestrictingAccess

Anapplicationgateway(sometimesknownasaproxygateway),actsasarelaynodefortheapplication-leveltraffic,asshowninFigure9-1.Theyinterceptincomingandoutgoingpackets,runproxiesthatcopyandforwardinformationacrossthegateway,andfunctionasaproxyserver,preventinganydirectconnectionbetweenatrustedserverorclientandanuntrustedhost.

MeasurestoProtectComputerSecurity401020304RestrictingAccess

Theproxiesareapplicationspecific.TheycanfilterpacketsattheapplicationlayeroftheOSImodel.

Anapplication-specificproxyacceptspacketsgeneratedbyonlyspecifiedapplicationforwhichtheyaredesignedtocopy,forward,andfilter.Forexample,onlyaTelnetproxycancopy,forward,andfilterTelnettraffic.

Ifanetworkreliesonlyonanapplication-levelgateway,incomingandoutgoingpacketscannotaccessservicesthathavenoproxiesconfigured.Forexample,ifagatewayrunsFTPandTelnetproxies,onlypacketsgeneratedbytheseservicescanpassthroughthefirewall.Allotherservicesareblocked.Applicationgatewayscanrestrictspecificactionsfrombeingperformed.Forexample,thegatewaycouldbeconfiguredtopreventusersfromperformingthe“ftp_put”[5]command.Thiscanpreventmodificationoftheinformationstoredontheserverbyanattacker.MeasurestoProtectComputerSecurity401020304RestrictingAccess

Thecircuit-levelgatewayisanintermediatesolutionbetweenthepacketfilterandtheapplicationgateway.Itrunsatthetransportlayerandhencecanactasproxyforanyapplication.Similartoanapplicationgateway,thecircuit-levelgatewayalsodoesnotpermitanend-to-endTCPconnectionacrossthegateway.ItsetsuptwoTCPconnectionsandrelaystheTCPsegmentsfromonenetworktotheother,butitdoesnotexaminetheapplicationdatalikeapplicationgateway.MeasurestoProtectComputerSecurity401020304AnticipatingDisasters

Thedisadvantageistheslowencryptionanddecryptionprocess.AlmostallencryptionschemesusedintheInternetusesasymmetricencryptionforexchangingthesymmetricencryptionkey,andsymmetricencryptionforbetterperformance.Businesseshavebeenencryptingmessagesforyears.Individualsarealsousingencryptingprogramstosafeguardtheirprivatecommunications.OneofthemostwidelyusedpersonalencryptionprogramsisPrettyGoodPrivacy(PGP).PGPisanE-mailencryptionscheme.Itprovidessecurityservicessuchasprivacy,senderauthentication,messageintegrityandnon-repudiation.Alongwiththesesecurityservices,italsoprovidesdatacompressionandkeymanagementsupport.MeasurestoProtectComputerSecurity401020304Backup

Equipmentcanalwaysbereplaced.Data,however,maybeirreplaceable.Mostcompanieshavewaysoftryingtokeepsoftwareanddatafrombeingtamperedwithinthefirstplace.Theyincludecarefulscreeningofjobapplicants,guardingofpasswords,andauditingofdataandprogramsfromtimetotime.Thesafestprocedure,however,istomakefrequentbackupsofdataandtostoretheminremotelocations.5MalwareMalware5Malware,shortformalicioussoftware,isanysoftwareusedtodisruptcomputeroperations,gathersensitiveinformation,gainaccesstoprivatecomputersystems,ordisplayunwantedadvertising.Beforethetermmalwarewascoinedin1990,malicioussoftwarewasreferredtoascomputerviruses.Malwareisdefinedbyitsmaliciousintent,actingagainsttherequirementsofthecomputeruser,anddoesnotincludesoftwarethatcausesunintentionalharmduetosomedeficiency.

Malwarecanbedividedintotwocategories:thosethatneedahostprogram,andthosethatareindependent.Theformer,referredtoasparasitic,areessentiallyfragmentsofprogramsthatcannotexistindependentlyofsomeactualapplicationprogram,utilityorsystemprogram.Virusesandlogicbombsareexamples.Thelatterareself-containedprogramsthatcanbescheduledandrunbytheoperationsystem.Wormsandbotprogramsareexamples.1TypesofMalwareMalware51.VirusComputervirusesareself-replicatingprogramsdeliberatelydesignedtointerferewithcomputeroperation,record,corrupt,ordeletedata,orspreadthemselvestoothercomputersandthroughouttheInternet.Theyfirstappearedintheearly1980s,andthetermitselfwascoinedin1983.Whenthecodeofavirusisexecuted,itspreadsitselftootherprograms.Atypicalcomputervirusdoestwothings.First,itcopiesitselfintopreviouslyuninfectedprograms.Second,itexecutesotherinstructionsthattheviruscreatorhasincludedinit.Whenevertheinfectedcomputercomesintocontactwithanuninfectedpieceofsoftware,afreshcopyoftheviruspassesintothenewprogram.Thus,theinfectioncanbespreadfromcomputertocomputerbyunsuspectinguserswhoeitherswapdisksorsendprogramstooneanotheroveranetwork.Inanetworkenvironment,theabilitytoaccessapplicationsandsystemservicesonothercomputerprovidesaperfectconditionforthespreadofavirus.Malware5

Muchlikehumanviruses,computervirusescanrangeinvariety.Somevirusescauseonlymildlyannoyingeffectswhileotherscandamagesoftwareorfiles.Theyoftenslowthingsdownandcauseotherproblemsintheprocess.Malware52.Worm

Awormissimilartoavirusbyitsdesign,andisconsideredtobeasub-classofavirus.Wormsspreadfromcomputertocomputer,butunlikeavirus,ithasthecapabilitytotravelwithoutanyhelp.Awormtakesadvantageoffileorinformationtransportfeaturesonthesystem,whichallowsittotravelunaided.Thebiggestdangerwithawormisitscapabilitytoreplicateitselfonthecomputersystem.Forexample,awormcansendacopyofitselftoeveryonelistedinusers'E-mailaddressbook.Duetoitscopyingnatureandcapabilitytotravelacrossnetworks,theendresultinmostcasesisthatthewormconsumestoomuchsystemmemoryornetworkbandwidth,causingWebservers,networkserversandindividualcomputerstostopresponding.[7]Malware5

3.TrojanHorseATrojanhorseisfullofasmuchtrickeryasthemythological“TrojanHorse”itwasnamedafter.Unlikevirusesandworms,Trojanhorsesdonotreproducebyinfectingotherfilesnordotheyself-replicating.TheTrojanhorse,atfirstglancewillappeartobeusefulsoftwarebutwillactuallydodamageonceinstalledorrunonthecomputer.ThoseonthereceivingendofaTrojanhorseareusuallytrickedintoopeningthembecausetheyappeartobereceivinglegitimatesoftwareorfilesfromalegitimatesource.WhenaTrojanhorseisactivatedonthecomputer,theresultscanvary.SomeTrojansaredesignedtobemoreannoyingthanmaliciousortheycancauseseriousdamagebydeletingfilesanddestroyinginformationonthesystem.Trojansarealsoknowntocreateabackdooronthecomputerthatgivesmalicioususersaccesstothesystem,possiblyallowingconfidentialorpersonalinformationtobecompromised.Malware54.LogicBomb

Thelogicbombisoneoftheoldesttypesofprogramthreat.Itisapieceofcodeintentionallyembeddedinasoftwaresystemthatissetto“explode”whenspecifiedconditionsaremet.Examplesofsuchconditionsthatcanbeusedastriggersforalogicbombarepresenceorabsenceofcertainfiles,aparticulardayoftheweekordate,oraparticularuserrunningtheapplication.Oncetriggered,abombmayalterordeletedataorentirefiles,causeamachinehalt,ordosomeotherdamage.Malware55.Bot

Abot,alsoknownasazombieordrone,isaprogramthatsecretlytakesoveranotherInternet-attachedcomputerandthenusesthatcomputertolaunchattacksthataredifficulttotracetothebot'screator.Thebotistypicallyplantedonhundredsorthousandsofcomputersbelongingtounsuspectingthirdparties.Thecollectionofbotsofteniscapableofactinginacoordinatedmanner;suchacollectionisreferredtoasabotnet.BotnetshavebeenusedmanytimestosendspamE-mailorparticipateindistributeddenial-of-serviceattacks.Theyareincreasinglyrentedoutbycybercriminalsascommoditiesforavarietyofpurposes.Malware56.Blended-ThreatMalware

Ablendedthreatisasophisticatedattackthatbundlessomeoftheworstaspectsofviruses,worms,Trojanhorsesandmaliciouscodeintoonethreat.BlendedthreatsuseserverandInternetvulnerabilitiestoinitiate,transmitandspreadanattack.Thiscombinationofmethodandtechniquesmeansblendedthreatscanspreadquicklyandcausewidespreaddamage.AnexampleofablendedattackistheNimdaattack[8],whichusesfourdistributionmethods:E-mail,Windowsshares,Webservers,andWebclients.Blendedthreatsareconsideredtobetheworstrisktosecuritysincetheinceptionofviruses,asmostblendedthreatsrequirenohumaninterventiontospread.Malware5

Tocombatmalware,thefirststepistomakesurethatthecomputer'soperatingsystemisup-to-date.Thelatestversionoftheoperatingsystemwillrestoretheexistingbugsandhencestrengthenthesystem'scapabilitytoresistpotentialmalware.Thesecondstepistoinstallanti-virussoftware.Mostoftoday'santi-virussoftwareisdesignedtocombatawiderangeofthreats,includingallmalwarewementionedabove.Theycanidentify,neutralizeoreveneliminatemalwarebyusingtwoapproaches.Thefirstapproachisexaminingorscanningfilestolookforknownvirusesmatchingdefinitioninavirusdictionary.Thesecondisidentifyingsuspiciousbehaviorfromanycomputerprogramwhichmightindicateinfection.Mostcommercialanti-virussoftwareusesbothoftheseapproaches,withanemphasisonthevirusdictionaryapproach.2CombatingMalwareMalware5

Additionally,installingafirewallisofgreatnecessitytocombatmalware.Aswementionedpreviously,afirewallcanbeeitherhardwareorsoftware.Hardwarefirewallsprovideastrongdegreeofprotectionfrommostformsofattackcomingfromtheoutsideworldandcanbepurchasedasastand-aloneproductorinbroadbandrouters.Unfortunately,whenbattlingviruses,wormsandTrojans,ahardwarefirewallmaybelesseffectivethanasoftwarefirewall,asitcouldpossiblyignoreembeddedwormsinoutgoingE-mailsandseethisasregularnetworktraffic.Forindividualhomeusers,themostpopularfirewall