Malware protection

What is malware protection?

Malware is short for malicious software. It is software or web content (viruses, worms, spyware, ransomware) that has been designed to cause harm. Malware protection helps prevent harmful code from causing damage or accessing sensitive data.

Viruses are a type of malware and their job is to stay alive (or evade detection) by getting onto your computer, doing whatever is required and then looking to infect the next computer.

Sources of malware include rogue links (sometimes seen in forums), rogue or hacked websites, phishing attacks, infected media or downloads from non reputable sources (cheap software that usually costs lots of money).

Why do I need malware protection?

Malware protection stops harmful software from accessing your system or network. Malware can damage files, or lock them to prevent you accessing them, unless you pay a ransom (ransomware). Malware protection helps to detect and prevent any potential threats from malicious software. In addition, malware protection can remove potential threats from malicious software

How do I get malware protection?

A number of operating systems already have malware protection installed and available. Defender is the product that Windows 10 uses.

Check to see whether your OS manufacturer gives you malware protection as part of the OS installation.

How does malware protection work?

It works by looking at either signatures found in files (for instance certain strings), though this is not helpful if the malware is able to change these signatures. Other ways of identifying malware is looking at the behaviours being exhibited and having the computer make a decision as to whether this looks weird.

What do I need to do to protect against malware?

There are three ways to protect your business from malware, but you may not need to use all three. However, you should complete a risk assessment to decide which controls are necessary for your business. You should, at least, use the first two controls.

Use anti- virus software: this should be updated daily and set to automatically scan files. Web pages should also be scanned and connections to malicious websites blocked
Application whitelisting: only allow approved applications to be used on devices. Keep a list of these applications and review them regularly.
Application sandboxing: This is a more technical solution. It prevents applications and programs from interacting with other devices or your network.

Where can I get more information?

As always, NCSC has done yet another brilliant article summing things up.

This can be found at: https://www.ncsc.gov.uk/collection/device-security-guidance/policies-and-settings/antivirus-and-other-security-software

To sum up, this is an overview of malware protection. For more information about Malware protection you should read our detailed blog about malware protection requirements for Cyber Essentials.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
AWSALBCORS	7 days	This cookie is managed by Amazon Web Services and is used for load balancing.
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores user consent for cookies in the category "Others".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
icwp-wpsf-notbot	1 minute	This cookie, set by wordpress, is used for Bot Management.
shield-notbot-nonce	1 minute	For all visitors and users, a temporary cookie is used to provide a nonce value for the NotBot system. This cookie is used to overcome limitations imposed by WP page caching plugins that don’t allow the updating of on-page nonce values. We send the nonce value via a cookie to ensure the client has access to the latest, valid nonce. This cookie doesn’t track anything or is linked to any users or visitors. It simply provide data required by the NotBot system to complete requests successfully.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gat_gtag_UA_176941806_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.