3 hours 35 minutes
hello and welcome to P C Security Intermediate Course.
In this video, I will be talking about anti malware protection.
So no special things they will be talking about anti malware in general.
And first of all, I will give you a very, very sad fact, which is? Anti malware is destined to fail. So
so far that has been designed has failed
eventually at one point in time at a certain configuration. So we have to
approaches tow, anti virus or anti malware software.
The old style, which is pretty much no longer used, is using signatures and signatures air. Basically,
it records certain pieces of code off the certain Alvear
and then compares the file you are
trying to execute with that,
let's say, a stored signature. And if they mention, say, Okay, this is a virus. This is Trojan, whatever, and I will not let it front. Simple.
The problem with this is that Ah, a couple of years ago, there was a statistic saying that there was a new wall were created in the world. Every four something seconds.
for you, can you imagine if you're creating an entire hour on their wares program
you have to collect. Call these you have tow. Confirm that their viruses to find their the behavior to find how to remove them from your PC
and then to put it in an update and then to distribute that update to everybody who's using it
now, depending on them on the type of Marber before you actually detected, because
you don't have ah PC connected to a network world where all virus creators are just sending their PC for you to discover. So you have to get the feedback
it can take from couple of weeks to a couple of months before actual mulberries processed, found and its signature placed in the update of the anti where softer. So this method is definitely not good.
We have what's called next Gen M and T Miller, which is pretty much every time Albert today,
and it's using the artificial intelligence behavior analyses and outduels,
and it actually detective something. Besides, if something is mulberry or not,
with the next Gen, we have the situations of false positives, so you have some kind of software that you actually want to install your PC, but you're in time, our
things it's Ah,
it's a mulberry, so it doesn't let it so you. Then you have to switch off your and time our and sometimes it's very difficult to do. So it's it's a problem.
But on top of that,
we have absolute 2099 point trend report, which shows that 28% at any given time in the world either have outdated or missing and time over.
if you're in time, Alvarez knocked updated, you might feel even if
you know if it's there. And there are situations in which users just have, you know, they try to install some kind of softer, which is getting a false positive so it gets blocked from being installed
and then creative user. They just disable and time, hour or day and install it. And if they hadn't been writes on a PC, they can actually do it.
So this is a big problem.
But regardless of that, having an time, our on the PC is much better than not having it. So the fact that it will fail eventually
just the fact off life and you have to with it live with it,
and there are ways to essentially,
find a way to make it a little bit better.
So you have to first choose the right one,
and you you have to create a list of requirements. So because this list of requirements is essentially different if you're, for example, a government agency that protects government secrets or if you're a small business,
that is, I don't know, doing shipping off
and no title paper and similar products.
the probability that some high level, highly trained, highly organized hacking group will attack you if you're shipping toilet paper is
unlikely. So unless you are generating huge amounts of cash,
they will. They will not look at you. So the list of requirements in terms of protection has to be different.
And, of course, you have to look at the price of the product because
real living in the real world, where we're budgets are limited, not unlimited.
Then you have to create the short list of solutions, and then you have to actually test them. If you don't have people to test them,
hire somebody from you know, like external contractor to do the testing off these solutions and to see what percentage of off failures did they have because they will all have some kind of failure.
You can include their false positives. Or can you close the Mallory that actually managed to pass through the,
um, untie Melber,
solution. Then you discard those that they're performing below certain standards,
and then you choose one and then you install it on your PC. So you have.
Let's say your PC is protected from Albert to a certain extent,
but what you have to do is continual, periodic testing off the solution. So you basically find the way toe learn how to do it, or
just the fix a budget for somebody to do it for you on a regular basis. And regular races can be from once a week
for highly sensitive environments to like twice a year
or something like that.
So except choosing the right plan, you have to keep keep continually testing it. Why? Because these things are not perfect. These things fail eventually,
and the last thing you have to do, which is not in the bullet points in the slide, is essentially that. You have to make sure that it leased its on and updated on every device.
So you have to find the way to monitor your PC fleet and to check for presence and the version off of anti Mallory device. And if and to get some kind of alert that will tell you. Okay, this PC doesn't have antivirus offer or has the wrong one.
might happen. So you have to have some kind of alerts and the way to act immediately when these things happen.
If it can be automated, even better.
So, uh, we have reached the end of this video
in which you have learned how to choose and how to maintain anti Mellors after for pieces in your company. And, of course, you had to sum lecture about the fact that you shouldn't put 100% trust in your on time malware software.
In next lesson, I will be talking about protecting the anti members. After that, you have chosen