2 hours 27 minutes
welcome back to intermediate endpoint Security Course. In this lesson, I'm going to talk about protecting programs or applications that you have installed on your PC.
So I'm going to talk about ah types of attacks saying programs, applications and the general
ways to protect the program applications. So when you talk about types of texts, we have viruses, which is a typical thing that is spread by infecting software.
Of course. Uh,
except for viruses, we also include their here Trojans and other malware. So Trojans are not essentially targeted towards applications, but they can attack application. Sometimes they can embed theirselves directing toe operating system.
it is Ah, it is very similar. Like protecting Gore s. You essentially have just them
some kind of malware that is going to attack yours software.
And when we talk about protection, 1st 1 is the anti malware solutions. What this popular popularly known as anti virus software.
Um and what is also important is to have regular testing, are fun to military solution. So
in general, to do the penetration testing on a regular basis the same way like it's done for operating system. A zay said that I recommend this doing being done twice a year, a t least if you are
target two regular attacks. If your company's prone to be attacked, then maybe even even more frequently. I have heard about people doing penetration testing like once a month
because they have to stay alert and make sure that their systems, the protection systems, are extremely effective now. One thing in particular is very important,
and this is when you are implying implementing new software or upgrading existing software. You should do it in what's called Eyes Island Environment, meaning that
you don't let the software update being done automatically when it comes up. The reason for this is the famous 15 4016
a non petty attack that happened in Ukraine
when the Russian hacking group managed to will, in fact, more than 60,000 PC's in less than two hours.
They did it by actually infecting the
very popular accounting software that was used in all government businesses in Ukraine. Um,
and what this hacker group did is they didn't infiltrate all these institutions that they managed to infect with non PETA. They have actually infiltrated the company that was developing that softer
and installed malware, non Petya virus or whatever that is called into the update of the software.
So this this one thing teaches us that we should never trust them a software update unless it's, for example, from a very renowned company, like like some office package or something like that. So if ever you're using some custom kind of softer
officer or some specialized software in no urine,
not 100% sure that the software manufacturers is not being compromised,
then you should always test the new installation you upgrade
in the isolated environment before you let it go into your network.
so I know that sometimes this is problem. Sometimes application update themselves. But if it's possible, you should prevent that and the
find a way to do it
manually, meaning for is the test and then letting the application get the update. If this is not possible, my suggestion is not toe. Let such an application run in on your system unless it's absolutely necessary.
So is the quick learning truck, and the question is, what is the best way to test endpoint protection? Is it by giving PC to employees off with history of carelessness. So somebody who clicks on fishing links by
on the regular basis Is it to do the same simulated virus attack? Or is it to do pen testing
or penetration testing? And the correct answer is, of course, the do penetration testing because it's, ah,
all around way to test everything that you have on your PC.
In this video, you have learned about how to protect problems, implications on a PC from different types of attacks and what precaution you should
use in order to make sure that your PC doesn't get infected in any possible way. In next lesson, I'm going to talk about protecting network from PC's.