Security

Five tips for desktop malware first responders

The earlier you can take action against a malware infection, the easier it will be to deal with the effects.

The moments when malware is rifling through your process table are not conducive to lucid contemplation, but that's exactly when you must don your First Responder hat. Taking the right steps early on in the infection can save hours of later remediation. These steps may be routine for full time malware warriors, but network security is only one duty among many for the typical SMB network administrator. Here are some tips for minimizing the impact.

Note: These tips are taken from the article Network security: Seven tips for desktop malware first responders.

1: Understand the risks

Obey the First Responder's Hippocratic Oath: Do no harm. In other words, don't make things worse. Assess whether the malware needs to be removed immediately or whether a better approach is to shut down the machine and pursue remediation in a controlled environment. Consider what data is at risk of being compromised vs. the current need for the device.

2: Carry a Web-enabled smart phone and carry a big (16GB USB) stick

Pay for that data plan. Get reasonably proficient with a favorite mobile browser. Store bookmarks. Most phones support flash cards where additional remediation software can be stored. Also, consider carrying a hefty USB drive containing favorite anti-malware utilities, if not a fully bootable OS with security tools on it, such as Slax.

3: Check for broader attack

Determine whether the attack is an ordinary bit of malware visiting your unlucky laptop or a feint: a sequence of attacks designed to exploit the usual remediation steps rather than succeed with the initial infection.

4: Conduct a disaster recovery walk-through

Even if you're fortunate enough to avoid a data loss on this occasion, it's still worth exploring the disaster recovery options you might have taken. They may need updating. The experience may also turn up some useful online security Web content, so be sure to update your phone's bookmarks, too.

5: Review and document

In the military, it's called "After Action Review," or AAR. After the malware has been removed and damage corrected, assess which tools were needed and make them more convenient to access. Document what happened. Ensure that your CEO doesn't encounter the same nuisance just before heading out to testify before a Congressional subcommittee.


Check out Five Tips... the newsletter

Get a concise roundup of solutions and techniques that will make your IT job go more smoothly. TechRepublic's Five Tips newsletter, delivered every Tuesday, gives you instant access to the information you need. Automatically sign up today.

About

Mark Underwood ("knowlengr") works for a small, agile R&D firm. He thinly spreads interests (network manageability, AI, BI, psychoacoustics, poetry, cognition, software quality, literary fiction, transparency) and activations (www.knowlengr.com) from...

4 comments
plogan97470
plogan97470

I feel these things valuable but if all that is listed is general information it make it hard for beginners to discern what to carry & what to look for. Listing steps to take in general & free/shareware programs to assist in the troubleshooting help greatly.

mcswan454
mcswan454

Unless we have some who simply choose to fight over this article. This should be the only post. As we cannot ignore the malware issue, the five tips are great points for the guy/gal who has to resolve the issues. M.

Neon Samurai
Neon Samurai

I believer there was a top 10 or top 5 apps for responding to malware though I haven't he URL handy. It should be in the TR search though.

Editor's Picks