1888Articles.com Logo
Sign In Register Latest Authors Latest Articles Sitemap
Submit an Article Expert Authors RSS Feed Archive Article Featured Articles Pricing Options
1888 Articles Home | Computer Articles | Personal Tech Articles | Windows Articles Personal Tech RSS

10 Steps To Reduce The Risk Of Malware

A brief description of malware/viruses, their delivery methods, their payloads, and how to reduce the risks associated with them. This article is directed toward the intermediate to advanced computer user.
Author: Adrian Wyllie
Article Tools:           

Everyday, I'm asked about some type of malware infection. Malware, is a new word in the English language, and refers to all forms of computer viruses, Trojans, rootkits, bots, worms, rogueware, spyware, etc. It originates from "mal" which is taken from French to mean bad or wrongful, and "ware" which means a family of related objects such as "software" or "silverware."

Never in my 20-plus years of working with computers have I seen malware so widespread, so dangerous, and so difficult to stop.

HISTORY

In the 80's viruses were mostly pranks written by college kids. Some started as test code written by computer engineers, but were accidentally released into the wild. They were mostly spread by sharing floppy disks, so they were easy to contain. These malware infections were mostly harmless, such as the classic "Stoned" virus, which would randomly cause the PC to display a message that said "Your computer is now stoned" at start up. The Stoned virus could easily be removed by looking for "legalize marijuana" in the boot sector.

By the 1990's, email started becoming popular among the general public, and viruses began to spread via email attachments. Though viruses were still mainly just used for mischief, some started to deliver more malicious payloads, such as attempting to destroy files or steal information. Others attempted to deliver advertising, most frequently promoting pornography or illegal activity.

In this decade, malware has grown increasingly diverse, harder to detect, and much more evil in intent. Worms began spreading viruses automatically by mining email address books or spreading across business networks. A single infected PC could spread a virus to thousands of other systems without the user ever being aware of the infection. The ILOVEYOU worm alone caused an estimated $10 billion in damage.

TODAY'S THREATS

Identity theft, espionage, sabotage, and illegal profit are the motives of today's malware writers. Whereas malware used to be written by geeks and misfits for petty vandalism, today's advanced malware is being written mostly by organized crime syndicates and foreign governments. Their target is your bank account, your credit cards, your identity. They can record your keystrokes, capturing your credit card number or your online banking password, and then transmit that data to the waiting thief without your knowledge.

They also target the commercial, military and infrastructure systems of Western industrialized nations, most commonly the United States. China, Russia, North Korea and Iran are where the majority of today's malware originates. In the past year, the Pentagon has had to shut down their entire network due to damaging malware infections on at least two occasions. And, because this is a "shotgun" type attack, many personal or business computers end up being victims of collateral damage.

In addition to becoming more dangerous, malware has become exponentially more sophisticated. Most malware now have defensive counter measures to avoid detection and eradication. For example, they will attempt to disable antivirus programs, shut down your firewall, and prevent you from downloading software updates. In some cases, they will block your ability to access the internet completely. They can disable features of your operating system that could be used to block or remove the malware.

HOW ANTIVIRUS PROGRAMS WORK

All antivirus programs are reactive. This means that in order for the antivirus program to detect a specific piece of malware, that malware signature must be included in their database. Computer malware is much like a human virus in its life cycle, where many humans become infected before a vaccine can be created.

When malware first begins infecting computers it is unknown to the antivirus and IT community. It can spread to computers with impunity because the antivirus systems have not yet identified it. At some point, it will come to the attention of an IT professional, and be submitted to the antivirus companies as a new sample. The antivirus companies will then identify the unique signature of the virus, and begin working on a cure. Once that is completed, they include the new virus signature in their updates and distribute the updates to their subscribers.

The time between a new virus being introduced into the wild and the antivirus companies being able to detect and cure that virus can range from a few hours to several weeks. If you do not regularly update your antivirus program, your potential exposure time can be much greater.

There are now well over one million malware programs in the wild. White Hat Info Tech discovered three new viruses in 2009 alone, and we were the first to submit these previously unknown viruses to the antivirus companies.

Think about that for a moment. A small IT firm in Palm Harbor, Florida discovered three new viruses that were completely undetected by companies like Symantec/Norton, McAfee, AVG, Trend Micro, Kaspersky, etc. It gives you a rough idea of how vulnerable we all are.

WHAT YOU CAN DO

Just as there can be no guarantee that you will not be injured in a car accident each time you get behind the wheel, there is no fail-safe, 100% protection against malware. To minimize the risk while driving, you wear your seatbelt. You buy a car with air bags and crumple zones. You keep your car well maintained. You practice defensive driving. While you can't totally eliminate your accident risk, you can take steps to reduce it.

Studies show that a completely unprotected computer will be compromised by malware or directly hacked within 20 minutes of being connected to the Internet. However, just like driving, you can take steps to reduce that risk to an acceptable level. Here are the basic steps you must take.

1. WINDOWS AND MAC UPDATES: The bad guys are always looking for ways to exploit Windows or Mac operating systems (OS). When an exploit is discovered, the OS manufacturer will fix it, and issue an update or patch. It is critical that you download and install updates for your operating system and other software on a regular basis, daily if possible. It's best if you use the automatic update feature. Most software programs also have regular security updates. Usually, you can check for updates using the help function within the program. Contrary to popular belief, Macs are not immune to malware, they are simply targeted less often because of their small market share. Some people avoid installing updates because they are afraid it will crash their computer. I can assure you that the risk of NOT installing updates is much higher than the risk of an update crashing your system.

2. TURN ON YOUR FIREWALL: A firewall is designed to block hackers or programs from accessing your computer via outside connections, such as the Internet. Both Windows and Mac have firewalls included. Certain antivirus packages, such as Norton and McAfee also include firewalls. Make sure you turn on your firewall, and limit any firewall exceptions to programs that you know and trust. Most broadband routers for home and small business also have built-in firewalls.

3. ANTIVIRUS SOFTWARE: Get a good antivirus program. Most cost between $30 and $70 per year, which is a small price to pay compared to having your identity stolen. As we discussed, antivirus programs are not 100% effective, but they will reduce your risk of infection by orders of magnitude. The most popular are Symantec/Norton, McAfee, Trend Micro, AVG, and Kaspersky. Some of these programs, specifically Norton and McAfee, require a lot of system resources, and may have some negative effect on your computer's overall performance. We recommend AVG, which offers a free basic version that is efficient and quite effective.

4. READ AND SCRUTINIZE MESSAGES: As we work on computers, we are accustomed to seeing small windows pop up with messages. They usually include options such as YES / NO or OK / CANCEL. Many people get so used to these distractions, that they just click OK to whatever pops up. This is a major mistake and can lead to infection. When you get a pop up message, read it. Try to determine which program it is coming from, and if it is legitimate. If you have any suspicion that it might be malware, do not click any of the YES / NO / OK / CANCEL buttons. Click on the "x" in the corner to close it. When in doubt, turn your computer off immediately. Press and hold the power button if necessary.

5. KNOW WHEN TO AVOID CLICKING LINKS: Everybody uses the blue underlined links that connect the web. However, there are certain times when you need to be more discriminating on which links you click. Two areas to be skeptical about links are in email messages and social networking sites like Facebook. It is incredibly simple to make a link to a malware site look like a link to a legitimate site. For this reason you should never click on a link in an email, especially from your bank or other financial entity. If your bank sends you an email about your account, be extremely leery. Don't click on the link. Instead, type the bank's web address in your browser. By the same token, if your Facebook friend posts a message that just says "LOL. Hey check out this cool link!" you should be skeptical, especially if it seems uncharacteristic of that person. More often than not, your friend didn't send it.

6. PRACTICE SAFE SURF: There is one surefire way to get yourself infected with malware quickly. All you have to do is visit sites that offer pornography, pirated software, free music or movie downloads, free games, free screen savers, or free stuff in general. The bad guys know human nature, and they know human vice. There are no free lunches on the Internet. While it's impossible to gage exactly, I estimate that about 50% of these type of site will attempt to infect your computer. If the pop-up message says "Congratulations! You just won a free iPod!" you can be safe in assuming that you didn't. And, you might already have been infected without your knowledge by a “drive-by download.”

7. LEGITIMATE SITES AREN’T IMMUNE: In some cases, a legitimate website can be hacked, become infected, or unknowingly download malware onto the computers that visit the site. For example, the official site for Major League Baseball, www.mlb.com, was recently found to be unknowingly infecting visitors via third-party ads on the site. If something suspicious happens while visiting a well-respected website, don’t assume that it is safe.

8. KNOW YOUR URLS: When using search engines, make sure that the URL matches the description of the site. In most search engines (i.e. Google, Bing, Yahoo) the URL is located just below the description. It is the line that begins with http://. For example, if you are searching for the Tampa Bay Buccaneers, the top results should begin http://www.buccaneers.com or http://www.nfl.com. If you see something that has a ".cn" or ".ru" you should know that you are going to a site in China or Russia respectively. There are some tools that can help you determine if the search engine results you are seeing are legitimate. Among the best is McAfee's Site Advisor which can be downloaded at SiteAdvisor.com.

9. FAKE ANTIVIRUS PROGRAMS: Among the most alarming trends in malware is the rise of the rogue antivirus programs. These are programs that appear to provide legitimate antivirus protection, but instead are themselves malware. Once infected with one of these rogue antivirus programs, they will continuously launch pop-up messages warning of infections - that are either not there or have been intentionally downloaded by the program - until you enter your credit card. Once you give them your credit card, you will become the victim of identity theft. If you are ever infected with one of these, shut down your computer and take it to a computer specialist immediately.

10. BE PARANOID: To quote the book famous book Joseph Heller, just because you're paranoid doesn't mean they're not after you. When in doubt, assume that the website or email or download has malicious intent. This may mean that you have to avoid that cool game download or widget, but you're odds of becoming a victim of malware will drop dramatically.

CONCLUSION

If even after following all of these guidelines, you still may find yourself in the stressful position of being infected with malware. In that case, it's time to turn it over to the experts. Now is not the time for a do-it-yourself computer project. Until the cavalry arrives, it is imperative that you shut down your computer and unplug the connection to the internet or local network.

About Author

Adrian Wyllie is the CEO of White Hat Info Tech Corporation (http://www.whitehatinfotech.com ) in Palm Harbor, Florida and is a member of Information Systems Security Association and the High Technology Crime Investigation Association .

Article Source: http://www.1888articles.com/author-adrian-wyllie-28079.html

Visit WebSite


Computer
Certification Tests
Data Recovery
Games
Hardware
Mobile Computing
Personal Tech
Software
All Category

1888ArticlesHome| About Us| Submit an Article| Services| Contact Us| Author Guideline| Publisher Guideline| Privacy Policy| Favorite| Buddies| Site Map