you don't have a care in the world. 你不知人间烦恼为何物》
《enduer注:1。Case in point:例证
2。concentrate on:集中在(专心于)
3。left behind:遗留(留下)》
What is malware?
恶意软件是什么?
我们可以将恶意软件威胁分成5大类。简概如下:
- Viruses: Self-replicating code inserts copies of the virus into host programs or data files. Viruses can attack both operating systems and applications.
病毒:自我复制代码插入宿主程序或数据文件。病毒可攻击操作系统和应用程序。
- Worms: A self-replicating, self-contained program executes without user intervention. Worms create copies of themselves, and they don't require a host program to infect a system.
蠕虫:一个执行时无需用户介入,自我复制的独立程序。蠕虫创建自身拷贝,并且它们不需要宿主程序来感染系统。
《enduer注:1。self-contained: 设备齐全的, 独立的, 沉默寡言的》 - Trojan horses: This self-contained, non-replicating program appears to be benign, but it actually has a hidden malicious purpose. Trojan horses often deliver other attacker tools to systems.
特洛伊木马:这是独立的,非自我复制程序,表面良好,但实际具有隐藏的恶意目的。特洛伊木马通常释放其它攻击工具到系统。 - Malicious mobile code: This software with malicious intent transmits from a remote system to a local system. Attackers use it to transmit viruses, worms, and Trojan horses to a user's workstation. Malicious mobile code exploits vulnerabilities by taking advantage of default privileges and unpatched systems.
恶意传播代码(恶意移动代码):从远程系统传染到本地系统的有恶意企图的软件。攻击者使用它来传输病毒,蠕虫和特洛伊木马到用户的工作站。
- Tracking cookies: Accessed by many Web sites, these persistent cookies allow a third party to create a profile of a user's behavior. Attackers often use tracking cookies in conjunction with Web bugs.
Tracking cookies:由一些网站访问,这些永久cookies允许第三方创建用户行为文件。攻击者通常将tracking cookies与网站bugs配合使用。
《in conjunction with:连同(共同,与-协力,连带着)》
这些是威及用户和网络的恶意软件威胁的主要类型。它们成功时会发生什么呢?一个有效的恶意软件响应计划包括这6个步骤:
- Preparation: Develop malware-specific incident handling policies and procedures. Conduct malware-oriented training and exercises to test your policies and procedures. Determine whether your procedures work before you actually have to use them.
预防:开始特定恶意软件事故处理策略和过程。举行针对恶意软件的培训和训练来测试策略和过程。在实际使用他们之前判断你的过程是否工作。
- Detection and analysis: Deploy and monitor antivirus/anti-spyware software. Read malware advisories and alerts produced by antivirus/ anti-spyware vendors. Create toolkits on removable media that contain up-to-date tools for identifying malware, examining running processes, and performing other analysis actions.
检测和分析:部署和监视抗病毒/抗间谍软件。阅读病毒/抗间谍软件提供商的恶意软件建议和警告。创建包含最新识别恶意软件,检验运行中的进程,和执行其它分析活动的工具的工具包或移动媒介。
《enduer注:1。up-to-date:最新的,现代的》
- Containment: Be prepared to shut down a server/workstation or block services (e.g., e-mail, Web browsing, or Internet access) to contain a malware incident. Decide who has the authority to make this decision based on the malware activity. Early containment can stop the spread of malware and prevent further damage to systems both internal and external to your network.
控制:为关闭服务器/工作站或封锁服务(例如电子邮件,网页浏览或Internet访问)作好准备,以控制恶意软件事故。决策者基于恶意软件活动作出决策。及早控制可停止恶意软件传播和预防对网络内部和外部的更大危险。《enduer注:1。Be prepared to:准备》 - Eradication: Be prepared to use a variety of eradication techniques to remove malware from infected systems.
根除:准备使用各种根除技术来移除被感染系统中的恶意软件。
《enduer注:1。a variety of:种种(若干,各种)》
- Recovery: Restore the confidentiality, integrity, and availability of data on infected systems, and reverse containment measures. This includes reconnecting systems/networks and rebuilding compromised systems from scratch or known good backups. The incident response team should assess the risks of restoring network services, and this assessment should guide management decisions about restoration of services.
恢复:恢复被感染系统中数据的保密性,完整性和可用性,并翻转封闭措施。这包括重新连接系统/网络和从受损处或好的备份中重建受损系统。事故响应团队要评估恢复网络服务的风险,并且这个评估要指导管理者对恢复服务的决定。 - Report: Gather the lessons learned after each malware incident to avert similar future incidents. Identify changes to security policy, software configurations, and the addition of malware detection and prevention controls.
报告:在每一次恶意软件事故后收集教训以避免未来的类似事故。认定安全策略、软件配置和恶意软件检测和防御控制的改变。