Malware and You!

In my line of work, I see malware and its effects on a regular basis. It is readily apparent that malware infections are becoming more common and frequent despite the best efforts of software developers and antivirus companies. An unseen battle is currently being wages between the malware creators and the anti-malware architects. In this war, the first line of defense is overlooked all too often… the user. A properly educated and attentive user can prevent an infection just as proper hygiene can prevent illness. I can’t help with attentiveness, but I may be able to help educate and “knowing is half the battle”. The questions below are the ones that I am most frequently asked.

What is malware? In a nutshell, malware is malicious software and can take various forms, such as:

• Virus – a program that attaches to another program and makes copies of itself.
• Worm – a program that makes copies of itself without the need for another program.

• Spyware – software that collects information about users without their knowledge – passwords, browsing habits, etc.

• Adware – software that displays advertisements to the users usually as popups.

• Scareware – software that uses social engineering to scare an unsuspecting user, usually with the intent of having them download and buy something, such as fake antivirus software.

• Rootkit – allows hidden privilege access to a users computer and can be difficult to detect.

• Backdoor – allows remote access to a computer while remaining undetected.

• Key Logger – tracks a users keystrokes and transmits the information to a third party.

Where does malware come from? Malware can come from a number of sources, including:

• Applications – be careful when downloading and installing things from the internet, particularly: games, coupons, toolbars, screensavers, wallpapers, weather gadgets, anti-spyware applications.
• Email – attachments and links to the internet can be methods for compromising your computer.
• Websites – look out for game sites, coupon sites, links posted on social networking sites, and videos.

How do I avoid infection? There are a number of simple steps that you can take in order to significantly reduce your risks.

• System Updates – make sure that you are set up to receive the latest updates. If you do not have them set to install automatically, make sure that you install them manually on a regular basis as most of the updates are security related.
• Antivirus – make sure that you are running a current and reputable antivirus program. There are a number of options available and even some free options that do a good job. Be certain that the software is being updated frequently with the latest definitions and that it is running scheduled system scans.
• Anti-Malware – no antivirus program is 100% effective and it is a good idea to supplement it with anti-malware software that is not memory resident. Keep the software up-to-date and run scans daily or weekly. Some free examples (at least for personal use) are Spybot S&D, Malware Bytes, and SuperAntiSpyware.
• Practice safe surfing – Be vigilant. If something seems to good to be true, it probably is. When a website asks you to install something, make sure that it is trustworthy, you know exactly what is being installed, and that it is legitimate. Check the browser’s security settings – the security and privacy settings need to be set to the defaults or higher.
• Email Safety – Phishing is the most dangerous thing to watch for with email. Scammers have gotten very good at crafting emails that look like they come from eBay, or your bank, or PayPal. These emails usually contain a link for you to click on so that you can change your password or accept a new security policy or something that appears would be to your benefit. The problem is that the link doesn’t take you to eBay, or your bank, or PayPal but redirects to the scammers website. As soon as you type in your username and password, the scammer has it and is using your hard earned money to buy themselves some fancy new apartment in Nigeria. Do NOT click on links in an email. Just don’t. If you get an email from your bank, or eBay, or PayPal… close the email, open your browser and visit the website manually. Do not open attachments unless you are certain they are safe.
• Other tips – Avoid peer-to-peer software such as Kazaa and Limewire. Be careful about letting other people use your computer – they could inadvertently (or intentionally) install malware on your computer. Log out or lock the computer when not using it. Restart your computer regularly to allow for boot time antivirus scans.

Why do people create malware? There was a time when home computing was new and the internet was still limited to scientists, that most people writing viruses were doing it as a technical exercise or a somewhat malevolent hobby. That isn’t the case today and the primary reason for virus and malware creation is… MONEY. The software is used to steal account information, turn computers into SPAM servers, track browsing habits, or trick users into purchasing bogus software.

Why should I care about malware? At the very least, malware can cause your computer to run very poorly, creating frustration and wasting your time whenever you use it. At its worst, malware can compromise your bank account information and personal security, creating massive problems that can be extremely difficult to resolve.

How do I remove malware? Removing malware, depending on the variant, can be quite problematic and is beyond the scope of this post. Reputable antivirus tools and the anti-malware tools mentioned earlier are a good start, although booting windows into safe mode, using MSCONFIG, and editing the registry may also be requirements. In some cases, difficult infections may require a computer professional for proper removal and in the worst cases, a system  format and reinstall is the only certain fix.