Malicious Software Protection

From Prank to Profit: Malware Evolves

The earliest computer viruses were conceived as digital vandalism in the mid-1980s. Hackers and programmers in search of an audience would create malicious programs (malware) to show off, or simply to alleviate boredom. As time went on and more economic activity moved online, malware experienced an explosive evolution from potentially destructive nuisances, designed simply to inflict damage, into tools of economic theft or malicious, “forced” advertising, in the hands of criminals.

This latter-day malware is extremely dangerous from a data protection point of view; before the afflicted user even knows what’s happening, a malware program can steal vital information in any number of ways:

• Waiting for you to access legitimate Web sites, then imitating those sites to steal vital information once you enter it

• Stealing online gaming information, then using that data to access gaming accounts for more valuable information

• Stealing passwords and credit card numbers with keylog programs that relay your keystrokes to a remote user who can then determine your passwords

Spyware and adware—programs that install advertising software into your computer without your permission—are not as dangerous as the malware described above, but they can lead to problems of their own, namely slowing down your system and subjecting you to advertising material you do not want, such as adult Web sites or other inappropriate content.

What Makes Your Computer Vulnerable?

A number of factors increase your vulnerability to malware.

• Using one of the major operating systems—Windows, Apple OS, UNIX, or Linux—increases chances of attack, simply because the code used in these platforms is common knowledge. Some other programs—major Web browsers in particular—create even more security risks due to common use and frequent security breaches.

• Leaving computers online 24 hours a day increases the access malicious users have to your system, as well as the time necessary to break in.

• Allowing open access on wireless networks gives criminals access to networked computers.

• Running outdated protection software leaves your system open to newer programs that have their own methods for circumventing older countermeasures.

Obviously, some of these vulnerabilities are easy to address, while others require major changes to your computer system. You can, for example, switch Web browsers fairly easily, or take your computer offline when you are not using it. Other changes, like changing operating systems, might be too disruptive, and result in costly (in both time and money) conversions.

The good news is that even if you’d like to continue using your current setup, there are a multitude of anti-malware programs and countermeasures available to protect you.

Protection Programs Defined

Defensive programs are your main line of defense from dangerous malware and the malicious computer users running it. These programs fall into a few different categories, and use different techniques to combat different malware. You must have all of them installed to establish adequate electronic protection.

• Firewalls: Block unauthorized access to a network or computer while allowing authorized communication. They keep outside users from accessing private networks, fulfilling a preventative function—they simply block things without identifying them.

• Anti-Virus Programs: Running a virus protection program as a stand-alone measure will not provide you with enough protection; malicious programs meant for criminal activity behave very differently than simple viruses, which seek mostly to reproduce themselves and cause more of a nuisance than an actual security threat.

• Anti-Malware Programs: These programs combat malware in two ways: providing real-time prevention of malware instillation (preventative) and detection/removal of malware already installed in the system (reactive). These programs rely on constant updates, as malware evolves daily, and they are never 100% effective, but they provide a significant defense, and are even more effective when computer users update them and run defensive scans regularly. Some newer programs will even track down security patches you don’t yet have and install them for you.

Users as System Flaws

Unfortunately, no protective software can cover for user errors. Social engineering is an attack method in which criminals manipulate people into giving up their valuable information online, the same way that malicious telemarketers used to steal credit card numbers over the phone by promising vacations and other offers to their targets. Online, this method works in much the same way; hackers will send emails or spoof Web sites that seem trustworthy, but in fact are traps designed to attain vital information. The best defense against these attacks is to trust no one—never give out important information in response to an email, phone call, or any other contact that you do not initiate with the company in question.