Computer Virus

Malware: It’s worse than you think

My view on the subject of anti-malware/security suite software may be quite different than that of most casual computer users. I think that one of the primary keys to securing your system is a lack of stupidity, not anti-virus software, and that relying on an anti-virus product for protection is tantamount to relying on guard rails to keep your car on the road; sooner or later you’re luck will run out.

Fact number one: The primary method of protection against malware is by way of virus signatures, also known as ‘definitions’. In order to develop a signature for a piece of malicious code, the anti-malware vendor must be aware of its existence and since black-hat malware authors and those identifying 0-day vulnerabilities often sell their code or findings to major corporations and governments, they are obviously going to try to protect their secret as long as they can. This means that an exploit or piece of malicious malware may have been in the wild for hours, days, weeks or even years.

Fact number two: No single product can possibly protect your system against all threats, much less malware that is tailored for a particular company, obscure software product or even a particular person. On the other hand it simply is not feasible, or even possible in some cases, to run multiple anti-virus products simultaneously, nor is it practical to manually scan every incoming file with a half dozen anti-virus products.

Fact number three: There are many viruses and software exploits that were never, are not currently, and probably will never be detected by any widely available anti-malware product. In fact, it is rather trivial to write a piece of malware that most, if not all anti-malware products will happily report as being ‘clean’.

Fact number four: Everyone has very likely been infected with something they would not want to be infected with at some time. If you think you are an exception, then i would argue that you simply never knew your system was compromised.

Fact number five: The good ol’ days of malware are over; while it was often trivial (and humorous) in the past to see your mouse cursor moving and combine that with the fact that you weren’t the one moving it in order to determine that there was something amiss, much of the malware being distributed today is orders of magnitude more sophisticated. Today’s malware is often designed to be as completely transparent, efficient and resource friendly as possible so that it can remain completely undetected. The stakes are extremely high and there are many millions of dollars to be made by black-hat hackers.

I’m not suggesting that you throw your hands up in utter defeat, trash your anti-virus software and commence to having digi-sex without a digi-condom, but i want to make it clear that relying entirely on anti-virus software to protect you against all threats is a road laden with landmines, regardless of how many products you use, what they cost, what they scored on the latest Virus Bulletin test, or what bells and whistles the vendor claims it has. If there was just one, affordable antivirus-product that protected against even most of the threats, there wouldn’t be heaps of malicious hackers getting paid to write malware any longer, yet malware is more prevalent today than ever before and more people are running anti-malware software today than ever before. What does that tell you about the overall effectiveness of the anti-malware product peddling industry?

This does not mean you can’t protect yourself from the majority of common threats however; not only can you do so, but you can do so effectively without even using an anti-virus product. I wouldn’t recommend you go without any software protection, but my point is that anti-virus software plays a much less significant role for the savvy computer user, who relies on more effective means of protection than any software product can provide.

Security is a dish best served cold. And in layers. Here are some of the key security practices i would suggest for most anyone, especially the casual computer user who is at the greatest risk due to their lack of technical knowledge:

  • Realize what the vectors for attack are, which is basically anything you connect to your machine including flash drives, discs, modems, routers, printers, USB devices, T.V.’s and even peripherals like mice and keyboards, etc., as well as anything that is delivered through your network to your web browser, email client, instant messenger, IRC, etc.. In realizing your attack vectors, you can focus on the software that is used to access those avenues.
  • Realize that malicious software isn’t likely to be considered malicious by your anti-virus product until after it is known to exist and a signature is developed and pushed out by the vendor, leaving you completely vulnerable in the interim. Also realize that the existence of some exploits and malware will never be known.
  • Realize that no anti-malware product on the planet is bullet-proof — not even close — and many are just plain garbage or are malware themselves. Do some research before choosing any product.
  • By learning just a handful of good security practices, the burden of protection will naturally shift more toward the smarter you and away from your dumber anti-virus software.
  • Do not install crap-ware or software from nefarious sources and, by all means, forget about “warez” and “cracks” as failing to do so will cause doom either immediately or eventually. Also see my article Firefox Configuration Guide for Privacy Freaks and Performance Buffs.
  • That game that’s being passed around all over Facebook or wherever? Let it pass.
  • Get in the habit of never opening email attachments. None. Ever. Period. The only exception is if you are expecting something important from someone and even then you should not trust it blindly, especially if it’s an executable. Your coworker or close friend could be using a little social engineering to infect you, or they could be infected themselves and not know it, or it might not be your coworker or friend at all, but rather someone impersonating them. If someone sends you something you really want to see, ask them to send a link to the webpage if possible (and ask them to quit sending attachments).
  • For many of us, our internet browser is our primary software window to the digital world. It is also a huge vector for attack, not only because of security hols, but because of what users do with their browser. Tighten down the security of your browser with add-ons like uBlock or NoScript and disable any unnecessary plugins, including Flash, Java, your PDF viewer, etc.. Most modern browsers can handle video and PDF content without plugins anyway. Browse smart and stay away from porn sites or any other sites with garbage content which are hugely popular. Keep in mind that you need not click or do anything on a malicious website to become infected other than simply visit it (see drive-by malware). Also see my article Firefox Extensions: My Picks which covers some of the best privacy and security add-ons i have found for the Mozilla Firefox browser, some of which are available for Chrome as well. I would also highly suggest dumping Microsoft Internet Explorer and replacing it with something more secure and transparent, which is basically anything other than IE.
  • As with your browser, your email client also represents a huge vector for attack, so learn how to harden it by disabling JavaScript and HTML mail. As with your browser, i would highly suggest dumping any Microsoft email clients and replacing them with something more secure and transparent.
  • Scan everything you download from any source whatsoever with a decent anti-virus product. You don’t have to run big, bloated “security suite” in the background that analyzes your every click and key press and file you open, but at least have an on-demand scanner available to manually scan all incoming downloads and email attachments.
  • If you’re not sure about the integrity of a piece of software or the reputation of a website, scan it using something like the VirusTotal service, which uses a whole bunch anti-malware products to scan a single file or website URL. There are several add-ons for Firefox that make accessing VirusTotal very easy. Certainly do not rely on the over-pimped “Web of Trust” website or software or any other service where the data comes primarily from everyday users who lack knowledge regarding malware and rate sites based primarily upon personal perception.
  • If you use only mainstream software products for protection, such as the built-in Windows firewall, the Comodo Internet Security suite, etc., realize that chances may be significantly higher that malware is in play which is purposely designed to completely bypass the protection these products offer.
  • Do not log on to your operating system as an administrator for everyday use.
  • Keep regular backups of your data, preferably off site and encrypted, but at least on an external drive.
  • If you discover a virus, and especially if it’s a Trojan, assume all your data has been compromised including any passwords, banking information, credit card numbers, documents, etc.. You should immediately physically unplug your computer from your modem and take action to remove the virus, change all of your passwords and notify your bank.

Once again, i do not advocate running around the web with your skirts flying high and no underwear on. The trick is to find a good anti-malware product and, while there are hoards of them to choose from, there are not that many that are actually worth choosing. In the past i have had extended communications with a couple of people who are apparently heavy hitters in the anti-malware industry and Bitdefender seems to be one of the better general purpose products. So is Malwarebytes Anti-Malware. I must emphasize again however that there is no single product that will provide protection against all threats, period.

Personally i don’t run a resident virus scanner at all any more, but i do use the Emsisoft Commandline Scanner which is an on-demand scanner (you have to run it manually) to scan everything i download. It is a general purpose anti-malware tool that is probably about as good as they come and is free for personal use. Also known by it’s executable, a2cmd, the Emsisoft Commandline Scanner is a hybrid of both Emsisoft and Bitdefender technologies.

While i have been infected a couple of times back in the day, that i was able to detect, to my knowledge i have never been infected with any malicious software in the last 15 years or so since i started learning more about computer security. I am very careful about what i download and install, what websites i visit and where i allow JavaScript or browser plugins to run and what email attachments i choose to open. I have taken measures to harden my browser and email client and i use a non-Microsoft firewall and anti-virus products. I never plug anything into my everyday machine that i don’t own, which especially excludes USB flash memory, or “thumb” drives. Still, i feel very threatened by the potential that something will slip by my defenses, but my vigilance in this regard probably plays a key role in keeping me infection free… at least to the best of my knowledge.

Good luck. You’ll need it.

Leave a Reply

Your email address will not be published. Required fields are marked *