Malicious code is code causing damage to a computer or system. It is code not easily or solely controlled through the use of anti-virus tools. Malicious code can either activate itself or be like a virus requiring a user to perform an action, such as clicking on something or opening an email attachment.
Malicious code does not just affect one computer. It can also get into networks and spread. It can also send messages through email and steal information or cause even more damage by deleting files. It can be in the form of scripting languages, ActiveX controls, browser plug-ins, Java applets and more. This is why it is often recommended to deactivate these options in Web browsers.
Malicious code can come in various other forms. A common type of malicious code is the virus, which is a little program attaching to other programs or files and will copy itself in a computer and even spread to other networked computers. Viruses can range from being relatively harmless to causing significant damage to a system.
Worms are pieces of malicious code making copies of itself. Conditions have to be right for a worm to proliferate. They are created mainly using scripting languages.
Trojan horses are forms of malicious code appearing as safe software. But that is how they get into a computer. They may be hiding inside another program and be installed with an otherwise safe program. Sometimes they give someone in a remote location control of the victim’s computer.
To help protect a system from infection, anti-virus software should be the first thing installed on a computer. Good computer habits are also important, such as not opening email attachments from unknown sources or installing media from unknown sources. Also, removing software that has not been used for long periods is a good idea. This removes still another avenue for malicious code to enter a system.
Read More »
Join over 135,000 IT pros on our weekly newsletter.
Security incident and event management (SIEM) is the process of identifying, monitoring, recording and analyzing security events or incidents within a real-time IT environment. It provides a comprehensive and centralized view of the security scenario of an IT infrastructure.