12/08/2011
Ask the Experts: Do I Need Antivirus Software?
Here's my reply: (with a little extra added here for clarification)I'm 73 years old. My grand kids have been getting after me a lot lately. They want to me to put some of that antivirus software on my computer. I don't know a thing about this stuff. I don't understand why I even need it. I use my computer for email and reading the news.
Thanks for writing, Martha.
I'm glad to hear your grandkids have been after you to get antivirus software. They're wise beyond their years. :-)
The first question here is:
Since there are so many different ways a computer can get a virus, the question to ask to decide if you need antivirus software is:
The main risks of viruses are that they tend to be:
- destructive
- personally invasive
- resource thieves
If you have nothing of value on your PC, there's no risk here other than the time and cost for a PC shop to restore your PC and get it back into a working state.
On the other hand, if you do have things of value (real or sentimental) on your PC, maybe photos, music, emails, or the like, what would be involved in restoring those files, assuming it's possible?
As for viruses being personally invasive, it means viruses can steal your files, your data, and under the right circumstances even your identity.
Ditto here. If there's nothing of value on your PC, the risks are the time and cost of repair. If you use your computer for things like online banking, doing your taxes, or medical-related stuff, what's the risk of this information falling into the wrong hands?
The last one, resource theft, means viruses can burrow their way onto your PC and can make your computer a part of a "botnet".
Botnets are often used for sending spam, so if your PC gets sucked into a virus botnet, it's pretty likely someone would start using it to send their spams, probably without you even knowing it.
Even if there's truly no risk of data loss or theft (which isn't really the case, but assuming it is), if your computer is in a botnet, it's definitely being used for malicious purposes, something most folks don't want.
As to how you get a virus, there are a lot of ways computers get viruses. These days, the bad guys are resorting to taking over legitimate websites and using clever tricks to confuse people--or their computers--to installing their viruses.
How you get a virus is actually less important than what would happen if you got one, which is the real question to ask yourself if you're trying to figure out if you need antivirus software.
12/05/2011
Ask the Experts: What's the difference between antivirus and Internet Security software?
Easily one of the most Frequently Asked Questions we get is,
What's the difference between antivirus software and an Internet security suite?
Right on the heels of that is the next one, Is the upgrade worth it?
Each security software company puts their own spin on things, but generally it boils down to the addition of two critical features:
- firewall software
- malicious website filtering
firewall software
Creates a virtual "moat" between your PC and the Internet (or the rest of a network if you're on an open wireless network somewhere like a coffee shop or the airport.)
Sure, some malware can beat a software firewall, but it's another layer of defense to help keep your PC safe.
The other benefit to the best firewalls: you can record (and block) traffic both going to your PC and traffic leaving from it, too.
What's the point?
You'd be surprised how many programs are installed on your PC that make connections all on their own to check for updates, etc. Viruses, worms, keyloggers, spambots, and other malware do this, too.
So, if you suspect a virus may've infected your PC and gotten past your antivirus software, a firewall can help you track down if and when it's making connection attempts from your PC back to a master server somewhere.
malicious website filtering
You're out reading some news and checking out your favorite sites. Maybe you're clicking around and visiting some sites you've never been to, maybe you just made a typo did "yuorbank" instead of "yourbank."
Who knows.
In either case, the bad guys are on the prowl and are:
- secretly taking over legitimate sites and installing their viruses onto them
- buying domain names that are typos of legitimate sites
- sending spams and phishing emails
Regardless of their method, the bad guys are out there, and malicious website filters (including anti-phishing ones), like a firewall, can give you one more layer of protection before the actual virus detection part of antivirus software has to come into play.
Is the upgrade it worth it?
Yes.
In a lot of cases when it comes to technology, there's wiggle room in an answer. In this case though, the "Yes" is clearcut.
Sure, these two features will cost a few bucks more, usually about $10. The $10 is well spent though, since you're getting real benefit from it.
The $10 isn't just fluff on a fancier name; it's $10 on--at least--two different security technologies that you don't get with most basic antivirus protection.
And, they're two technologies that can make all the difference between your PC being compromised (and all the clean-up time, expense, and mess that goes along with it) and not.
08/25/2011
Android Malware, Adobe Exploits, Spam Volume & More in the McAfee Quarterly Threat Report
Here are the highlights:
- Android is now the most highly targeted platform for mobile / smartphone malware.
- More successful legal actions are being taken against cybercriminals
- 22% increase in malware samples over 2010
- On pace for 75 million malware samples by the end of 2011
- Fake antivirus software continuing to grow
- 38% increase in rootkits (stealth malware) over 2010
- Adobe outpaced Microsoft for security exploits in their software (Acrobat, Acrobat Reader, etc.)
- After a brief up-tick, spam is again declining
- Over 7,000 new malicious websites per day
- Over 2,700 new phishing websites per day
- Smartphone viruses are here, they're real, and they're growing.
- It isn't just a matter of keeping your OS updated. You've got to update all the software on your system regularly. Adobe Acrobat/Reader is proving that.
- Antivirus software is a must.
06/30/2011
TLD4 / TDSS an "Indestructible" Botnet?
That's a quote directly from Kaspersky's analysis of the TDL4 / TDSS bot.The malware detected by Kaspersky Anti-Virus as TDSS is the most sophisticated threat today.
No matter where you look, this botnet is making news. And it's making even the Conficker/Downadup worm that made big news last year look pretty tame by comparison. Why?
Translation: the TDL-4 is great at hiding itself and great at hiding viruses and other threats from antivirus software.TDSS uses a range of methods to evade signature, heuristic, and proactive detection, and uses encryption to facilitate communication between its bots and the botnet command and control center.
TDSS also has a powerful rootkit component, which allows it to conceal the presence of any other types of malware in the system.
The TDL software itself isn't particularly new, but what's interesting about it is how its creators have evolved it over time, making it harder to detect and stop with each version. This latest version, TLD-4, for instance, is now able to infect 64-bit systems.
So, if you had any sense of additional security from the fact that most viruses still weren't able to attack 64-bit systems, those days are gone.
This botnet is clearly not something garden variety. Kaspersky's researchers go on to say,
What makes it so hard to detect to begin with is that it's a "bootkit": it infects the Windows MBR Master Boot Record.The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and antivirus companies.
And, because the MBR is infected, it runs before the operating system even starts. Huh?
Exactly, and as The Bard says, "there's the rub." Because it's activated before the OS starts, it's also running before your antivirus software, too.
So, how the heck do you detect this thing, much less get rid of it?!
As of the writing of this piece, it's somewhat hit-or-miss as to whether or not a given piece of antivirus software will remove it if you've gotten it. So far, it looks like all the best antivirus software manufacturers have updated their software and/or signatures to detect it.
Even still some of them, including Norton and Kaspersky are considering this such a big threat, they're making specific Popureb / TDL-4 / TDSS removal tools.
Kaspersky Anti-rootkit TDSSKiller
Microsoft's initial advice to remove Popureb (as Microsoft is calling it) according to a Computerworld.com piece was,
This is inline with what Microsoft was telling customers in early 2010 when the Alureon rootkit was first making the rounds. MSRC (Microsoft Security Response Center) director Mike Reavey said at the time,If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state.
Ouch.If customers cannot confirm removal of the Alureon rootkit using their chosen anti-virus/anti-malware software, the most secure recommendation is for the owner of the system to back up important files and completely restore the system from a cleanly formatted disk.
Depending on who you ask, this is either overkill or, really, the best, most cautious approach.
One researcher for Symantec, Vikram Thakur, says,
If you have any suspicion that you've been infected, a great tool to ferret out a rootkit is, GMER (version 1.0.15.15640 as of this writing.)When you fix the MBR, you pretty much expose the threat itself to other applications, including antivirus applications. They can then pick up on the threat, and delete it.
If you get bad news from GMER it'll look like,
Notably, Microsoft adds a critical part almost as an afterthought,If your system is infected with Trojan:Win32/Popureb.E, we advise fixing the MBR using the Windows Recovery Console to return the MBR to a clean state.
Here's how to fix the MBR by hand:
- Open a Windows Recovery Console
- For Windows XP:
Installing and using the Recovery Console in Windows XP- For Windows Vista:
System Recovery Options in Windows Vista- For Windows 7:
System Recovery Options in Windows 7- Use the tool BOOTREC.exe1 to fix the MBR as in:
bootrec.exe /fixmbr
- Restart the computer and you can then scan the system to remove any remaining malware.
If you opt to use Windows Restore to remove the malware instead, you must still fix the MBR first, and then restore the system.
The bottom line with this thing is, it's no joke. As the Kaspersky researchers put it, it's "the most sophisticated threat today."
If you've been infected, we'd suggest trying to ferret it our first with your antivirus software. If that doesn't work, look to some of the other methods like the GMER and the specific removal tools like those from Symantec and Kaspersky. 1More info on BOOTREC.exe.