Just a few short years ago most virus writers were amateurs trying to trash your PC, just because they could. Nowadays, the “malware” industry is very professional, dominated by organized crime, whose products keep your PC running to enable sensitive keystroke/data logging (think Hannaford, TJ MAXX, etc.), to send spam, or to try to extort money from you with phony “Your computer is infected! Click here to fix!” scams.
The anti-virus software companies have raised the bar by bundling more protections into their traditional anti-virus products, in many cases releasing them as new products: Symantec Endpoint Protection for example has replaced Symantec Anti-Virus Corporate Edition. And although you can still buy products labeled as “anti-virus” from the majors, sales of these limited-use products have declined considerably of late.
As these new protection products have become more complex, sophisticated and bloated, their performance impact on older PCs has become more noticeable. Bargain PCs purchased as recently as two years ago can be too slow to be used efficiently with these full-suite protection products installed. Furthermore, the protection products are by nature always playing “catch-up” with the bad guys, so we have seen some companies forgo desktop protection software altogether in favor of strong network perimeter protection combined with policies limiting Internet access and prohibiting employees from bringing in cdroms, USB drives, outside laptops etc. into the office. (The more powerful servers still have protection software installed however.)
That’s one way to do it, but many companies can’t manage the politics associated with limiting or preventing employees from browsing the Internet. And some companies, like ad agencies and web developers, can’t really be restricted at all.
Further, we have seen a lot of malware that these protection products simply can’t protect against, because the malware looks and acts like legitimate software.
Switching to a Mac or a Linux PC can help, but these devices can become “carriers” for malware, bringing a whole host of new challenges. And most security pundits believe that as Macs and Linux PCs become more popular, it will only be a matter of time before malware for these machines starts appearing as well.
So if these big protection products can’t save us from ourselves reliably, what can be done?
Well, here is our list of the top four ways you can protect yourself.
1. Slow Down! We have seen malware come in via email looking like Hallmark e-cards, IRS W-2 form updates, PayPal and bank account alerts, etc. If a friend’s PC gets an infection, you will get an email from your friend, and the web link or attachment that looks so enticing (if not workplace safe) will be your downfall. So, before you click on anything, take a moment to scan it with your own brainpower and a skeptical eye.
2. Be Careful Where You Stick Your Browser. The San Fransisco bath house analogy notwithstanding, the majority of malware infections these days are installed via a web link. Staying away from those web sites you know you shouldn’t be frequenting anyway is a good start, but keep in mind that malware writers are very clever. They do things like buy ads on legitimate web sites to distribute their wares, so just because you are on cnn.com doesn’t mean you can click anywhere safely 100% of the time. When you get a popup or other prompt to take an action you weren’t expecting, apply Rule #1 and slow down before doing anything.
3. Be Proactive and Scan Your PC. Whether you use malware protection software or not, periodically being proactive and running scans on your PC at least once a month is a good thing. We like Malware Bytes a lot, but our favorite tool de jour is Combo Fix, available as of this writing here. Be careful when you search for these tools; the malware folks have bought look-alike domains and lots of Google AdWords! We have seen several folks with a minor infection wind up with a totally borked workstation because the web link they thought was malware removal software from the good guys was actually more malware from the bad guys. Remember Rules #1 and #2?
4. Keep Your PC Patched. The majority of patches coming out of Microsoft are security, not bug fixes. Making sure your PC is regularly updated is key. If you are running non-Microsoft products, like Adobe Acrobat Reader, Apple’s Quicktime, etc. you want to be sure those products are kept up to date as well. Acrobat products this week are being blasted in the trade press because the Javascript code in the product has been a valuable attack vector for malware developers. Adobe can’t or won’t “fix” this because the same Javascript code is used for filling in PDF forms, and Adobe doesn’t want to hinder that functionality.
So be safe out there! And if you have questions or get yourself in trouble, we are here to help. Don’t send us an infected email though, just give us a call at (207) 772-5678.
All the best,
Mark
CIO