Malware – It’s worse than you think

Computer Virus

Note that this article was written during the time i still used Windows and, though it is slanted in that direction, users of other operating systems might find it useful as well.

My view on the subject of anti-malware/security suite software may be quite different than that of most casual computer users. I think that one of the primary keys to securing your system is a lack of stupidity rather than anti-virus software, and that relying on an anti-virus product for protection is tantamount to relying on guard rails to keep your car on the road.

Fact number one: The primary method vendors of anti-virus software employ to protect against malware is by way of virus signatures, also known as ‘definitions’. In order to develop a signature for a piece of malicious code, the vendor must be aware of its existence and since black-hat malware authors and those identifying 0-day vulnerabilities often sell their code or findings to major corporations, governments and other black-hat hackers, they are obviously going to try to protect their secret as long as they are able. This means that an exploit may exist undetected in the wild for hours, days, weeks or even years.

Fact number two: There are many viruses and software exploits that were never, are not currently, and probably will never be detected by any widely available anti-malware product. In fact, it is rather trivial to write a piece of malware that most, if not all anti-malware products will happily report as being ‘clean’.

Fact number three: No single product can possibly protect your system against all threats, much less malware that is tailored for a particular company, obscure software product or even a particular person. On the other hand it simply is not feasible, or even possible in some cases, to run multiple anti-virus products simultaneously, nor is it practical to manually scan every incoming file with a half dozen anti-virus products.

Fact number four: Everyone with an internet connection has very likely been infected with something they would not want to be infected with. If you think you are an exception, then i would argue that you simply never knew your system was/is compromised.

Fact number five: The good ol’ days of malware are over; while it was often humorous to read about or even experience your mouse cursor moving and combine that with the fact that you weren’t the one moving it in order to determine that there was something amiss, much of the malware being distributed today is orders of magnitude more sophisticated. Today’s malware is often designed to be as stealthy, efficient and resource friendly as possible so that it can remain completely undetected. With many millions of dollars to be had by selling malware, the stakes are extremely high.

I’m not suggesting that you throw your hands up in utter defeat, trash your anti-virus software and commence to having digi-sex without a digi-condom, but i want to make it clear that relying primarily upon anti-virus software to protect you against all threats is a road laden with land mines, regardless of how many products you use, what they cost, what they scored on the latest Virus Bulletin test, or what bells and whistles the vendor claims it has. If there was just one, affordable anti-virus product that protected against even most of the threats, there wouldn’t be heaps of malicious hackers getting paid to write malware any longer, yet malware is more prevalent today than ever before and more people are running anti-malware software today than ever before. What does that tell you about the overall effectiveness of the anti-virus industry?

This does not mean you can’t protect yourself from the majority of common threats however. Not only can you do so, but you can do so quite effectively without even using an anti-virus product. I wouldn’t recommend you go without any software protection, but my point is that anti-virus software plays a much less significant role for the savvy computer user who relies on more effective means of protection than any software product can provide.

Security is a dish best served cold. And in layers. Here are some of the key security practices i would suggest for most anyone, especially the casual computer user who is at the greatest risk due to their lack of technical knowledge:

  • Realize what the vectors for attack are, which is basically anything you connect to your machine including flash drives, discs, modems, routers, printers, USB devices, T.V.’s and even peripherals like mice and keyboards, as well as anything that is delivered through your local network or internet connection. In realizing your attack vectors, you can focus on the software that is used to access those avenues.
  • Realize that malicious software isn’t likely to be considered malicious by your anti-virus product until after it is known to exist and a signature is developed and pushed out by the vendor, leaving you completely vulnerable in the interim. Also realize that the existence of some exploits and malware will never be known.
  • Realize that no anti-malware product on the planet is bullet-proof — not even close — and many are just plain garbage or are malware themselves. Do some research before choosing a product.
  • By learning just a handful of good security practices, the burden of protection will naturally shift more toward the smarter you and away from your dumber anti-virus software.
  • Do not install crap-ware or software from nefarious sources and, by all means, forget about “warez” and “cracks” as failing to do so will cause doom at some point. Also see my article Firefox Configuration Guide for Privacy Freaks and Performance Buffs.
  • That game that’s being passed around all over Facebook or wherever? Let it pass.
  • Get in the habit of never opening email attachments. None. Ever. Period. The only exception is if you are expecting something important from someone you trust and even then you should not trust any attachment blindly, especially if it’s an executable, nor even hyperlinks. Your coworker or close friend could be using a little social engineering to infect you, or they could be infected themselves and not know it, or it might not be your coworker or friend at all, but rather someone impersonating them. If someone sends you something you really want to see, ask them to send a link to the webpage if possible (and ask them to quit sending attachments unnecessarily).
  • For many of us, our internet browser is are our primary window to the digital world. It is also a huge vectors for attack, not only because of security holes and poorly coded extensions, but because of what users do with their browser. Tighten down the security of your web browser with add-ons like uBlock or NoScript and disable any unnecessary plugins, including Flash, Java, the Adobe PDF viewer, etc.. Most modern browsers can handle video and PDF content without plugins anyway and Java is rarely used anywhere now days. Browse smart and stay away from porn sites or any other sites with garbage content, even if they are hugely popular. Keep in mind that you need not click or do anything on a malicious website to become infected other than simply visit it (see drive-by malware). Also see my article Firefox Extensions: My Picks which covers some of the best privacy and security add-ons i have found for the Mozilla family of browsers, some of which are available for Chrome as well. I would also highly suggest dumping Microsoft Internet Explorer and replacing it with something more secure and transparent, which is basically anything other than IE. Check out Waterfox, a Firefox derivative that takes user privacy more seriously than Mozilla.
  • As with your browser, your email client also represents a huge vector for attack, so learn how to harden it by disabling JavaScript and HTML mail. As with your browser, i would highly suggest dumping any Microsoft email clients and replacing them with something more secure and transparent.
  • Scan everything you download from any source whatsoever with a decent anti-virus product. You don’t have to run big, bloated “security suite” in the background that analyzes your every click and key press and file you open, but at least have an on-demand scanner available to manually scan all incoming downloads and email attachments.
  • If you’re not sure about the integrity of a piece of software or the reputation of a website, scan it using something like the VirusTotal service, which uses a whole bunch anti-malware products to scan a single file or website URL. There are several add-ons for Firefox that make accessing VirusTotal very easy. Certainly do not rely on the over-pimped “Web of Trust” website or software or any other service where the data comes primarily from everyday users who lack knowledge regarding malware and rate sites based primarily upon personal perception.
  • If you use only popular, mainstream software products for protection, such as the built-in Windows firewall, the Comodo Internet Security suite, etc., realize that chances may be significantly higher that malware is in play which is purposely designed to completely bypass the protection these products offer. The larger the following, the bigger the target.
  • Do not log on to your operating system as an administrator for everyday use.
  • Keep regular backups of your data, preferably off site and encrypted, but at least on an external drive.
  • If you discover a virus, and especially if it’s a Trojan, assume all your data has been compromised including any passwords, banking information, credit card numbers, documents, etc.. You should immediately physically unplug your computer from your modem and take action to remove the virus, change all of your passwords and notify your bank.

Once again, i do not advocate running around the web with your skirts flying high and no underwear on. The trick is to find a good anti-malware product and, while there are hoards of them to choose from, there are not that many that are actually worth considering. In the past i have had extended communications with a couple of people who are apparently heavy hitters in the anti-malware industry and Bitdefender seems to be one of the better general purpose products. So is Malwarebytes Anti-Malware. I must emphasize again however that there is no single product that will provide protection against all threats, period.

Personally i don’t run a resident virus scanner at all any more, but i do use the Emsisoft Commandline Scanner which is an on-demand scanner (you have to run it manually) to scan everything i download. It is a general purpose anti-malware tool that is probably about as good as they come and is free for personal use. Also known by it’s executable, a2cmd, the Emsisoft Commandline Scanner is a hybrid of both the Emsisoft and Bitdefender products.

While i have been infected a couple of times back in the day, to my knowledge i have never been infected with any malicious software in the last 15 years or so since i started learning more about computer security. I am very careful about what i download and install, what websites i visit and where i allow JavaScript or browser plugins to run and what email attachments i choose to open. I have taken measures to harden my browser and email client and i use a non-Microsoft firewall and anti-virus products. I never plug anything into my everyday machine that i don’t own, which especially excludes USB flash memory, or “thumb” drives. Still, i feel very threatened by the potential that something will slip by my defenses, but my vigilance in this regard probably plays a key role in keeping me infection free… at least to the best of my knowledge.

Good luck. You’ll need it.