Security Awareness Blog

Feb OUCH - What Is Malware

Today we released the February edition of OUCH!, the free, monthly security awareness newsletter. Led by Malware expert and SANS instructor Lenny Zeltser, we explain what Malware is, who is creating it, and how to protect yourself. In addition, we just added Indonesian to this release. OUCH! is now translated into 23 languages. We had several goals with this release.

  1. The first was to explain what Malware is. We the security community like to use technical terms such as Trojan, Rootkit, Virus, or Worm, each with its own unique (and confusing) definition. These terms no longer matter. Malware is simply software that often combines the functionality of all them. And to be honest, people do not need to know the different terms. All they need to know is Malware is evil and they do not want it.
  2. We also wanted to address some misconceptions with Malware, especially with Anti-virus. Far too often people feel they are 100% secure when they have AV, that they cannot get infected. Unfortunately, we know that this is not true and explain as such in the newsletter.
  3. Finally, we wanted people to know that ultimately, they themselves are the best defense they have. Since so many malware attack vectors depend on social engineering, an educated person is the best defense.

Next month we will cover Windows XP and how Microsoft will no longer support it starting 08 April. As always, you can download and share the latest version of OUCH from



Posted February 6, 2014 at 6:50 PM | Permalink | Reply


For the knowledgeable, I like the term malware since it is encompassing
For the unskilled, general users, I've come to like the term "virus" because the analogy can be understood by users.
Your shield (real time protection) is like a vaccination. It can only protect against what it has been "vaccinated" against (that is your virus definitions). If the threat is not known or the definitions are outdated, you are vulnerable to infection.
Periodic scans are like a checkup. But it will only find what the doctor tests for (also, virus definitions).
Vaccinations simply do not prevent or detect all infections, just as antivirus cannot. Just as you must still avoid certain activities, wash your hands regularly, and eat right, computer users must still use firewalls, avoid suspicious links and attachments, and generally avoid risky behaviors in order to further reduce risk.
Great work by SANS, as always.