Review Index:
Feedback

Greater than 20 Percent of Malware Articles Miss the Point

Manufacturer: PC Perspective
Tagged: Malware

Malware, explained.

I take issue with the virus metaphor. Comparing malware with a virus tends to suggest that they are somehow more what they are: a program.

Malware is just an application which performs instructions outlined by an attacker.  The attacker needs to get the user to launch the application and often desires to prevent the user from terminating the application. Malware does not need to be visible; often much development time is spent writing malware that is as hidden as possible. It is much easier to exploit a user who is complacent -- so why advertise that the user has a reason to not trust you?

View Full Size

You better be clicking here before clicking on an Antivirus installer.

If the attacker cannot convince you to launch the virus they must convince something on your computer to launch it.

One common attack is to create an image or applet which loads in a specific web browser or a plugin installed on it. If the attacker knows vulnerabilities for that specific browser or plugin version they can exploit that vulnerability and convince the application to execute instructions in the data that the attacker added exactly where the vulnerable program would accidentally look. Those instructions would have the same permissions as the vulnerable program because the computer could not tell that it is not the vulnerable program. These vulnerabilities are regularly patched which would make you immune to those attacks.

((Technically, DEP might have a chance at stopping it... but only conditionally and it is beyond this article.))

A major problem occurs if you are behind on your updates: you are vulnerable to publicly known exploits. The publicly available patch had to have fixed something, right?

View Full Size

I'm no security phoney...

Mobile devices are just as at risk. The phone creator gives you reduced permissions to attempt to prevent you from installing untrusted code. If you have ever heard of someone jailbreaking their phones then you know that there exists a process to remove admin privileges from the phone creator and give them to yourself. Jailbreakme.com allows you to seize permissions from your iOS device just by browsing a website -- imagine a different website which gave the permissions to someone other than you?

A few years ago, iOS had an error in the way that they handle SMS text messages. It was entirely possible for someone to send you a series of text messages and take over your phone. After all, text messages are just data which originates from an untrusted source. If the phone is not patched against that weakness then you are vulnerable.

Thankfully, that just has not happened on a massive scale yet. Just do not be complacent and believe it cannot happen.

As for malware itself, it exists for many purposes:

  • Delivering pop-up or spam advertisements to you (not so much any more)
  • Extort website owners with threats of flooding traffic from thousands of infected PCs to block legitimate users
  • Steal information such as credit card numbers and contacts to scam them posing as you/vice versa
  • Lock the infected PC and demand money to clean it
  • Government espionage

… and so forth.

In almost every case the attacker intends to use your device for financial gain. That is why people do these sorts of things: to make money. Attacks will become progressively less profitable as users become progressively more aware about the situations they face. Eventually most, but not all, attackers will simply find a better job somewhere else -- hopefully this time more legal.

Read on to see what antimalware does about this problem and what you can do, yourself.

May 13, 2012 | 09:10 AM - Posted by Moogle Stiltzkin

the best computer security i think is this .....

anti virus: nod32

anti pop up: admuncher

sandbox: sandboxie

other things to do ...

1. regularly update windows 7 64bit

2. update the other software mentioned

Essentially the sandboxing will be the biggest help in ensuring even if a virus does get onto your pc, it wouldn't be able to do anything and can be easily cleaned.

i tried sandboxie browser setting. when your browse under sandbox, now and then you would download something and want to move the file out of sandbox to your hard drive proper. you can easily do that in sandboxie to authorize the downloaded file like a video etc to move out of the sandbox.

PS: forgot to mention a hardware router with firewall and portforwarding is a must these days. i don't recommend upnp, instead do the port forwarding manually :X

May 13, 2012 | 09:26 AM - Posted by Goofus Maximus (not verified)

We're all human, and that means that we will all be tricked at some point or other, no matter how paranoid we get, short of living in a concrete cell with no communications at all.

I just live my life normally, with nothing more than my usual habitual paranoia (such as turning off/blocking all services that I don't need or want like remote access or NetBIOS, and running NoScript in my browser). For the rest, I just keep an eye on things like my credit reports, or reports of e-mails from "me" that I never sent, that will tip me off if things are wrong.

May 13, 2012 | 09:30 AM - Posted by Goofus Maximus (not verified)

Shimata! I forgot to mention one very helpful security utility for Windows, that I always use and recommend! EMET 2.1 from Microsoft, which lets you turn on/manage all those windows security enhancements, both globally, and for individual programs, even if those programs don't support said features.

May 14, 2012 | 05:23 AM - Posted by aussiebear (not verified)

Since I use both Windows and Linux...

For Windows
* Windows XP or 7 (Professional versions)
* Password the default Administrator Account.
* Set up Limited or Standard User Account. (SUA or LUA)
* Apply Software Restriction Policy. (Default Deny)
* MS Enhanced Mitigation Experience Toolkit. (Applied on browsers, Flash, Java Runtime, etc.)
* Stay updated. (Use "WSUS Offline Update" if multiple machines.)
* Practices adopted from Linux...
=> Only use Administrator account to install/upgrade/update. Daily computing use is only done with SUA/LUA.
=> Disable or remove anything I don't use.
=> Only install applications from trusted/known reputable sources.
* Firefox with NoScript.

End result? No malware encountered for the last 5+ years.

For Linux (Desktop)
* Stay updated.
* Standard User for daily computing use.
* Disable or remove anything I don't use.
* Only install applications from trusted/known reputable sources.
* Firefox with NoScript.
* Use SELinux or AppArmor (Depending on Linux distro) for refined access control of applications or vulnerable areas.

End result? Never encountered malware since using Linux from 2005 onwards. (Spent 1 year learning and breaking old, bad habits: "Transition Period". Started using Linux full-time in 2006).

For home network firewall/gateway, I use a custom build, low-power PC with Linux-based solution called ClearOS. Has anti-malware, intrusion prevention, URL filter, Protocol filter, Spam filter, Multi-WAN, etc.

I never use remote access. I take the perspective that I must be physically present to use the system.

March 11, 2014 | 10:25 AM - Posted by Nafis (not verified)

HI Scott!
I am grateful for this post, it was informative. But my lap restarts these days after showing a blue screen. i tried this Spyhunter anti spyware tool. the issue is now solved after i scanned with it, but now some error notifications appear.
any solution?

October 25, 2014 | 04:29 AM - Posted by Anonymous (not verified)

really nice post and data , your article deserved the salute , thanks man SpyHunter 4 Crack i appriciate you , i read yor blog , totally supported and slove my problem

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.