Computer Viruses and How to Avoid Them
What is the difference between malware and a virus?
Malware is shorthand for malicious software and is used to describe an entire group of programs that includes advertising, tracking, key-logging, ID or credit theft or that cause other bad or undesirable activity. Simply explained, a virus is a computer program that invades or infects a user's computer by replication from another source (a disk, a USB flash drive, a network or the Internet), and then performs malicious functions on the new host computer. It's the malicious functionality that poses the problem, and for that reason viruses could be also called malware.
A virus is just one type of Malware.
There are many different undesirable things that computer malware does. Earlier viruses simply performed mischievous tasks, such as deleting data or program files. But the authors of newer malware are driven by the desire to steal enough sensitive data in order to eventually steal money. Some are thus designed to scan and send information from a victim’s computer back to the author of the malware. Still others keep track of actual keystrokes typed by an unsuspecting user. Some plant annoying popup advertisements on a computer. There are a few types of malware that will perform any of the above, but also attach themselves to email addresses so that they get automatically sent to the user’s address list to replicate on an ever growing number of systems. Sophisticated malware might even install itself on the hidden "boot sector" of a computer hard drive, or try to make a network server vulnerable to a hacker (a person who gains unauthorized access to a computer network). But, the most common type of malware, by far, is the malicious program that deceitfully disguises itself as a good or useful program, seeking to get results which the user did not intend.
The fact is that malware has caused billions of dollars in losses to computer users. People have lost valuable data and have had personal and financial identities stolen. Whole companies have been compromised or crippled by malware infections. At the very least, the average user suffers from the slowdown or complete hijacking of their system through a malware infection. It is therefore imperative for computer users to know some basics about viruses, or "malware," in order to protect themselves.
Types of malware
- Virus - The original malware. Malicious code attaches itself to other program files so that the execution of the host file also executes the malicious code. The malicious code also causes the virus to replicate itself by copying its code onto removable media or other computers in a network. Back in the 1980s, the first in the wild viruses spread themselves mostly through shared floppy disks, and performed everything from pranks to data destruction. By the 1990s, Internet "bulletin boards" were unwitting spreaders of viruses. Today, very little malware is of the virus type.
- Trojan - These comprise 75% or more of all malware, according to security experts. As the name from classical Greek mythology suggests, Trojans operate by deceit, tricking a computer user to trust a fraudulent program. Most Trojans are actually a complex of files - pop-ups that steer the unsuspecting user to a harmful website, or just install more malware, even when clicked to shut down; downloaders that bring in supporting malware programs; hijackers that shut down operating system functions and security; bots that may use the host computer as a slave to the malware author’s intentions; backdoors that make an infected computer open to free scanning by the malware author. Trojans operate independently of other programs, and thus do not need to attach themselves to other executable files as a classic virus does. The most popular Trojans, these days, masquerade ironically as antivirus programs. The user experiences sudden low computer performance, and then sees a pop-up offer with a phony virus scan report, urging the user to purchase the program offered as a solution to the computer problems they are experiencing. Naive and unsuspecting users then type personal information into the form provided (including name, address and credit card info). This information is never used to purchase the phony software. Rather, the Trojan authors use the stolen info to open new credit card accounts in the user’s name, and then sell those accounts on the underground market within minutes of receiving it.
- Worm - A Trojan that has the capacity to infect computers from other infected systems by scanning for IP addresses on vulnerable computers on the Internet or within a network, then replicating itself. Many phony antivirus programs start out as a worm infection. Worms are also notorious for attaching themselves to email address lists. Users falsely believe that Trojan infections come mostly from certain "dangerous" or risky websites. In truth, worms may employ any website that users visit as stepping stones to their computers.
- Spyware - Software programs that spy on users, observing data, keystrokes, screens and/or web sites visited. This is a broad category of malware and includes everything from adware to keyloggers (see below). Unlike viruses, Trojans and worms, spyware typically does not self-replicate by infecting other computers or removable media, but is downloaded through Internet connections.
- Keylogger - A particular type of spyware that is designed to steal live information. It secretly keeps track of such things as the user’s keyboard keystrokes, video screens, or streaming network data, and transmits that information back to the malware author. This malware attack is more rare, but it poses the serious risk of loss of private identity information, including credit cards, bank account info, Social Security numbers, and computer passwords.
- Rootkit - A stealth program that allows continual unauthorized access to a computer by a person unknown to the user. This malware replicates itself on a victim’s computer usually as a worm or a Trojan. It quickly shuts down user account controls and security designed to prevent unauthorized access. It can then steal and transmit info or simply provide a back door for a hacker. Rootkits are usually quite sophisticated, and often include the ability to deflect detection from weaker and more modest antivirus programs.
- Phishing - Typically an email message that is fishing for personal information. The victim receives a randomly sent message that appears to be an official request from an Internet service provider, a bank or some other service or organization. The graphics in the message typically look professional and authentic, though the grammar in the message is sometimes suspiciously bad. An appeal is made to the user to provide "lost" information. However, NO organization or bank will ever seek information this way. Such fraud should always be reported to the organization or service that is being used as a cover.
- Adware - The most benign of all types of malware, it can still annoy users with commercially-charged pop-ups and reduced system performance. Adware often gets installed without user’s consent, and often when downloading program updates, trial software and games or other services. Some adware functions as spyware by tracking the user’s favorite web sites and targeting the user with advertising that is likely to be the most appealing. Adware can hijack web-search functions. The most common form of adware is the browser toolbar, which ostensibly provides services such as search windows and quick-access icons. These toolbars slow computer and Internet performance, take screen space from web pages, and can even be a conduit for more serious malware.
Prevent and cure
How to Prevent Malware Infections
The best way to be free of malware infections is to take preventative measures rather than relying upon removal after infection. Once infected, a computer is often very difficult to clean. Some malware will destroy a computer’s operating system, or make it so difficult to recover that wiping the hard drive and reinstalling the operating system, programs and data is the only solution. This is usually quite a chore, may be expensive if the user does not have the technical know-how and may be personally costly if the user’s own data has not been previously backed up. There are several preventive measures that every computer user can take:
- Utilize a good antivirus program. There is no substitute for this measure. Avoid the seduction of free antivirus programs and the ones that come with Internet service providers, as they only do a mediocre job of prevention. A $40 to $50 investment in a good antivirus program with an annual license to update itself regularly is pretty inexpensive insurance.
- Manually scan your computer with an antivirus program. All good antivirus programs come with manual scanning features. Most will let you set a schedule for automatic scanning. This is good to do once a week, or every month, and especially if you see any suspicious activity on the computer screen.
- Update key programs every time. The Ziff-Davis network cited a study done in Denmark earlier in 2011 utilizing results from half a million
computers. The conclusion of the study was that some 99% of common malware infections could be avoided simply by updating Windows security patches, Internet Explorer, Java, Adobe Flash and Adobe Reader. The reason? Malware authors attempt to gain access to computers through weaknesses which the updates are written to prevent.
(See: ZDNet - The Ed Bott Report, Oct 7, 2011. Summary: Want to avoid being attacked by viruses and other malware? Two recent studies reveal the secret: regular patching. A fully patched system with a firewall enabled offers almost complete protection against drive-by attacks and outside intruders: www.zdnet.com/blog/bott/if-your-pc-picks-up-a-virus-whose-fault-is-it/4039)
- Use a hardware firewall. The SPI (Stateful Packet Inspection) firewalls that come with most newer routers is a great way to close unused ports and prevent hackers from intrusion. Even single computer homes and offices can benefit greatly from the use of a router. While utilizing a router’s hardware firewall, you may also use your operating system’s software firewall. Beware of using third-party software firewalls (such as those included with antivirus software) which serve to slow down a computer. If you’re using a wireless router, make sure to encrypt your network with WPA or WPA2 level encryption, never the older and simpler WEP encryption.
- Uninstall browser toolbars. Toolbars are the quarter-inch wide strips that layer near the top of a web browser. While some toolbars may be useful on a limited basis, they all steal screen space and clog up your Internet bandwidth only to provide revenue for the author. By definition, toolbars communicate with their authors, thus opening a vulnerability "hole" while the PC user is online. Utilizing the add/remove function in Windows machines is the best way to rid a computer of these browser plugins. Some of the most common toolbars include: AIM, AOL, Ask, Bing, Crawler, Dogpile, eBay, Google, My Way, My Search, My Web Search, Yahoo, etc.
- Regularly delete browser cookies and Temporary Internet Files. This is performed from within the browsers, themselves. Malware can hide amongst these files.
- Do not click on pop-ups - shut them down alternatively. If you DO get a suspicious pop-up window, try using the Alt-F4 combination to get rid of it rather than clicking on it and risking an unintended installation of a virus. If that combination does not work to close a window, use the Microsoft Windows Task Manager (Ctrl-Shift-Esc) and the Applications" tab. Simply click once on the listed application and then click the "End Task" button. After a forced-close, some browsers will attempt to recover the last page you were on the next time you restart. Select "No" or have it go to your Home Page instead.
- Use an Anti-Malware application and keep it updated. While antivirus applications will detect and block viruses, worms, and other programs that spread by design, they do not always detect or block programs that you allow to install on the computer. Clicking on pop-up advertising windows, opening, email or Instant messaging attachments, or downloading and installing games or other programs can trigger the installation of an undesirable application. Using a program to scan your computer periodically for programs your antivirus may miss is recommended. Programs like MalewareBytes, Spy Sweeper, or SuperAntiSpyware may catch and remove malware.
Security and Urban Legends
While it is important to be informed about the facts regarding malware, methods of infection, and methods of prevention, it is also just as important to know that there are some common public beliefs that are just not true. Here are some common "urban legends" that are patently false:
- antivirus software companies conspire to write viruses so they can stay in business. Many computer users are tempted to believe this falsehood, but only because they do not understand how lucrative the criminal activity of malware authoring has become. If legitimate software companies were the actual criminals, someone would have blown the whistle years ago. The actual malware criminals enjoy both anonymity (they attack unseen from anywhere in the world) and impunity (there are limited resources and jurisdiction for prosecuting them, even when observed).
- Viruses come mostly from questionable web sites. Computer users also typically believe that infections are the result of using social, illegal downloading or pornographic web sites. However, the fact is that malware infections such as worms and Trojans can attack from anywhere, and may use any legitimate and otherwise well-guarded web site as a stepping stone from one infected PC to another.
- Free antivirus programs are just as good as the paid-for programs.
This is demonstrably not true. Observe the results of serious testing labs. If ever there were a good application of the "you-get-what-you-pay-for" principle, it would apply with antivirus programs. Simply put, you pay for regular and effective program and virus definition updates. Licensed programs are anxious to push out good updates - often daily - to their customers. They want our business
year after year, and therefore work hard to distribute good products, and largely succeed at it.
(See: AV Comparatives - Independent Tests of antivirus Software. www.av-comparatives.org)
Don’t let the threat of malware infections stop you from using the rich resources of computing. Just use your computer wisely. Utilize the measures outlined above. And exercise a healthy dose of suspicion about what you see on your computer screen, short of being paranoid. There is no reason why the careful computer user cannot buy things with a credit card, do banking and investments, and send critical business data over the Internet If possible, encrypt the data you are sending or utilize a VPN (Virtual Private Network). Certainly, you should never carry out financial transactions over a public wireless network. In spite of the risks - which are present primarily in the midst of carelessness - computers provide a powerful tool for use both on and off the Internet