Malware – It’s worse than you think

Computer Virus

UPDATE: Since writing this article i have finally dropped Windows and moved to Linux-based operating systems which are inherently more secure in some ways (not all). If you’re considering doing the same, and i suggest you indeed consider making the move, you may be interested in my personal experience which you can read about in A personal perspective: From Windows to Linux to Windows to Linux to….

My view on the subject of anti-malware/security suite software may be quite different than that of most casual computer users. I think that one of the primary keys to securing your system is a lack of stupidity rather than anti-virus software, and that relying on an anti-virus product for protection is tantamount to relying on guard rails to keep your car on the road.

Fact number one: The primary method vendors of anti-virus software employ to protect against malware is by way of virus signatures, also known as ‘definitions’. In order to develop a signature for a piece of malicious code, the vendor must be aware of its existence and since black-hat malware authors and those identifying 0-day vulnerabilities often sell their code or findings to major corporations, governments and other black-hat hackers, they are obviously going to try to protect their secret as long as they are able. This means that an exploit may exist undetected in the wild for hours, days, weeks or even years.

Fact number two: There are many viruses and software exploits that were never, are not currently, and probably will never be detected by any widely available general anti-malware product. In fact, it is rather trivial to write a piece of malware that most, if not all anti-malware products will happily report as being ‘clean’.

Fact number three: No single product can possibly protect your system against all threats, much less malware that is tailored for a particular company, obscure software product or even a particular person. On the other hand it simply is not feasible, or even possible in some cases, to run multiple anti-virus products simultaneously, nor is it practical to manually scan every incoming file with a half dozen anti-virus products.

Fact number four: Everyone with an internet connection has very likely been infected with malware. If you think you are an exception, then i would argue that you simply never knew your system was/is compromised.

Fact number five: The good ol’ days of malware are over. While it was often humorous to read about or even experience your mouse cursor moving and combine that with the fact that you weren’t the one moving it in order to determine that something was amiss, much of the malware being distributed today is orders of magnitude more sophisticated. Today’s malware is often designed to be as stealthy, efficient and resource friendly as possible so that it can remain completely undetected. With many millions of dollars to be had by selling malware, the stakes are extremely high.

I’m not suggesting that you throw your hands up in utter defeat, trash your anti-virus software and commence to having digi-sex without a digi-condom, but i want to make it clear that relying primarily upon anti-virus software to protect you against malware threats is a road laden with land mines, regardless of how many products you use, what they cost, what they scored on the latest Virus Bulletin test, or what bells and whistles the vendor claims it has. If there was just one, affordable anti-virus product that protected against even most of the threats, there wouldn’t be heaps of malicious hackers getting paid to write malware any longer, yet malware is more prevalent today than ever before and more people are running anti-malware software today than ever before. What does that tell you about the overall effectiveness of the anti-virus industry? And it gets even worse.

The 2016 article, Antivirus software could make your company more vulnerable, from CSO Online, points out exactly what is suggested in its title which is that using popular anti-malware products that are generally trusted can, in and of itself, get you in trouble:

Since June, researchers have found and reported several dozen serious flaws in antivirus products from vendors such as Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes. Many of those vulnerabilities would have allowed attackers to remotely execute malicious code on computers, to abuse the functionality of the antivirus products themselves, to gain higher privileges on compromised systems and even to defeat the anti-exploitation defenses of third-party applications.

Exploiting some of those vulnerabilities required no user interaction and could have allowed the creation of computer worms — self-propagating malware programs. In many cases, attackers would have only needed to send specially crafted email messages to potential victims, to inject malicious code into legitimate websites visited by them, or to plug in USB drives with malformed files into their computers.

This does not mean you can’t protect yourself from the majority of common threats however. Not only can you do so, but you can do so quite effectively without even using an anti-virus product. I wouldn’t recommend that Windows users go without any software protection, but my point is that anti-virus software plays a much less significant role for the savvy computer user who relies on more effective means of protection than any software product can provide.

Security is a dish best served cold. And in layers. Here are some of the key security practices i would suggest for most anyone, especially the casual computer user who is at the greatest risk due to their lack of technical knowledge:

  • Realize what the vectors for attack are, which is basically anything you connect to your machine including flash drives, discs, modems, routers, printers, USB devices, T.V.’s and even peripherals like mice and keyboards, as well as anything that is delivered through your local network or internet connection.
  • Realize that malicious software isn’t likely to be considered malicious by your anti-virus product until after it is known to exist and a signature is developed and pushed out by the vendor, leaving you completely vulnerable in the interim. Also realize that the existence of some exploits and malware may never be known.
  • Realize that no anti-malware product on the planet is bullet-proof — not even close — and many are just plain garbage or are effectively malware themselves. Do some research before choosing a product.
  • By learning just a handful of good security practices, the burden of protection will naturally shift more toward the smarter you and away from your dumber anti-virus software.
  • Do not install crap-ware or software from nefarious sources and, by all means, forget about “warez” and “cracks” as failing to do so will cause doom at some point.
  • That game that’s being passed around all over Facebook or by email or wherever? Let it pass.
  • Get in the habit of never opening email attachments. None. Ever. Period. The only exception is if you are expecting something important from someone you trust and even then you should not trust any attachment blindly, especially if it’s an executable. Even hyperlinks can be dangerous. Your coworker or close friend could be using a little social engineering to infect you, or they could be infected themselves and not know it, or it might not be your coworker or friend at all, but rather someone impersonating them. If someone sends you something you really want to see, ask them to send a link to the webpage if possible and make sure you know where that link is pointing before clicking it (and ask them to quit sending attachments unnecessarily).
  • For many of us, our internet browser is are our primary window to the digital world. It is also a huge vectors for attack, not only because of security holes and poorly coded extensions, but because of what users do with their browser. Tighten down the security of your web browser with add-ons like uBlock or NoScript and disable any unnecessary plugins, including Flash, Java, the Adobe PDF viewer, etc.. Most modern browsers can handle video and PDF content without plugins anyway and Java is rarely used anywhere now days. Browse smart and stay away from porn sites or any other sites with garbage content, even if they are hugely popular. Keep in mind that you need not click or do anything on a malicious website to become infected other than simply visit it (see drive-by malware). Also see my articles regarding Firefox. I would also highly suggest dumping Microsoft Internet Explorer and replacing it with something more secure and transparent, which is basically anything other than IE.
  • As with your browser, your email client also represents a huge vector for attack, so learn how to harden it by disabling JavaScript and HTML mail. As with your browser, i would highly suggest dumping any Microsoft email clients and replacing them with something more secure and transparent, such as Thunderbird.
  • Scan everything you download from any source whatsoever with a decent anti-virus product. You don’t have to run a bloated “security suite” in the background that analyzes your every click and key press and file you open, but at least have an on-demand scanner available to manually scan all incoming downloads and email attachments.
  • If you’re not sure about the integrity of a piece of software or the reputation of a website, scan it using something like the VirusTotal service, which uses a whole bunch anti-malware products to scan a single file or website URL. There are several add-ons for Firefox that make accessing VirusTotal very easy. Certainly do not rely on the over-pimped “Web of Trust” service or any other service where the data comes primarily from everyday users who lack knowledge regarding malware and rate sites based primarily upon personal perception.
  • If you use only popular, mainstream software products for protection, such as the built-in Windows firewall, the Comodo Internet Security suite, etc., realize that chances may be significantly higher that malware is in play which is purposely designed to completely bypass the protection these products offer. The larger the following, the bigger the target.
  • Do not log on to your operating system as an administrator for everyday use.
  • Keep regular backups of your data, preferably off site and encrypted, but at least on an external drive.
  • If you discover a virus, and especially if it’s a Trojan, assume all your data has been compromised including any passwords, banking information, credit card numbers, documents, etc.. You should immediately physically unplug your computer from your modem and take action to remove the virus, change all of your passwords and notify your bank.

Once again, i do not advocate running around the web with your skirts flying high and no underwear on. The trick is to find a good anti-malware product and, while there are hoards of them to choose from, there are not that many that are actually worth considering. In the past i have had extended communications with a couple of people who are apparently heavy hitters in the anti-malware industry and Bitdefender seems to be one of the better general purpose products. So is Malwarebytes Anti-Malware. I must emphasize again however that there is no single product that will provide protection against all threats, period.

Personally i don’t run a resident virus scanner at all any more, but i do use the Emsisoft Commandline Scanner which is an on-demand scanner (you have to run it manually) to scan everything i download. It is a general purpose anti-malware tool that is probably about as good as they come and it’s free for personal use. Also known by it’s executable, a2cmd, the Emsisoft Commandline Scanner is a hybrid of both the Emsisoft and Bitdefender products.

While i have been infected a couple of times back in the day, to my knowledge i have never been infected with any malicious software in the last 15 years or so since i started learning more about computer security. I am very careful about what i download and install, what websites i visit and where i allow JavaScript or browser plugins to run and what email attachments i choose to open. I have taken measures to harden my browser and email client and i use a non-Microsoft firewall and anti-virus products. I never plug anything into my everyday machine that i don’t own, which especially excludes USB flash memory, or “thumb” drives. Still, i feel very threatened by the potential that something will slip by my defenses, but my vigilance in this regard probably plays a key role in keeping me infection free… at least to the best of my knowledge.

Good luck. You’ll need it.

Leave a Reply