Computer security has borrowed a lot of terminology from the medical field. Is your computer “infected”? Has it been exposed to a “virus”? Writing for Forbes, Sourcefire executive Alfred Huger suggested another medical term, “patient zero,” could be the key to addressing malware problems.
“Most technologies focus solely on detection and give us little recourse after an infection occurs,” he said. “As a result, many organizations begin a game of malware ‘whack-a-mole’ – they know they have an infection, they take steps to remove it, but it keeps popping up again. Why? Because they haven’t identified patient zero.”
The term “patient zero” refers to the person who started an outbreak in real life. It’s a fundamental way to attack a disease; find the original and destroy all of the clones. Huger said identifying the most recent patient is also important so researchers can view the scope of the infection.
“The most common way organizations discover an infection is with a help desk call,” he said. “But they may also learn of an infection when a detection tool is updated and discovers malware previously missed. In this case the detection alert becomes an infection alert. No matter how you’re notified of the infection, with the help of technology that automates file analysis, identifies where the infection entered your environment and tracks the full extent of exposure you have the visibility to effectively deal with your malware problem.”
Recent research from Securosis looked at 18 ways to deal with malware from a company standpoint. It found that fewer than half of people who try to get rid of malware do any analysis of why it happened and move right past this question to remediation. Knowing how the infection got there may be just as important as figuring how to remove it from a system, as businesses want to avoid going through the restart and restore process all over again.
How do you try to deal with preventing malware? The last time you were infected, did you figure out how that happened? Let us know!