Trends in Malware

The Guardian takes a long look at trends in malware.

Among the trends they note are these:

  • Threats coming less and less from vandals and mischief-makers and more and more from organized crime, with increasing emphasis on money-making fraud and decreasing emphasis on breaking into systems just to show it can be done.
  • Less dependency on stealth technology and more dependency on “social engineering” to deliver malware. In other words, as firewalls and other anti-malware programs have gotten better, the bad guys are developing more sophisticated ways to get users to throw open the front door and invite them in. (Scareware is an excellent example of this trend.)

The authors of the article also find a disconnect between the eagerness of some governments (the Guardian is a British paper) to clamp down on illegal file-sharing, as with “three strikes you’re out” laws, while doing little to fight purveyors of malware or spam. and asks:

    The British government wants to stop filesharing to protect copyright owners, but shows no similar enthusiasm for protecting the general public from malware, which is arguably more important to us – and perhaps to the nation. After all, what happens to e-commerce if people don’t feel secure enough to buy things, do their banking or interact with government online?

The cynical response to that question is that the media companies make a huge political footprint; individual computer users do not.

Ever since I started messing about with these magic boxes, I’ve tried to stay up to date on viruses and other threats. Back then, the biggest worry was viruses, particularly MBR viruses, transmitted via floppy disks; despite concerns about internet and network transmittal of viruses, that was not a big deal in the olden days when most persons–even internet users–connected via dial-up (or timeshare, which was a form of dial-up). Online services, such as AOL, Compuserve, and Prodigy did a pretty good job of keeping their networks clean. Anti-virus programs were then wise precautions; firewalls, not so much, since the online service usually took care of them.

That, of course, has changed. If you have broadband, you are constantly connected to the internet as long as your computer is on and the the computer is physically connected to the network.

I do not put any box on the net without an AV and a firewall, unless it’s to download the AV program. (Linux has long has built-in firewall capability via iptables and its predecessors.) Then I immediately disconnect–I actually pull the cable or turn off the wireless–install the program, and run a scan before I reconnect to the net. There may be only 10 Linux/Unix viruses for every 10,000 Windows viruses, but, if I get one of those 10, the ratio becomes meaningless to me, now, doesn’t it?

Frankly, I don’t have any sympathy for persons who don’t take reasonable precautions. Anyone who is going to use a tool should learn a little bit about how to use that tool safely. That doesn’t require becoming an ubergeek, any more than learning how to cut wood with a circular saw (the hand tool that frightens me more than any other) requires learning how to disassemble and reassemble the saw.

I do sympathize with those who take reasonable precautions and still get infected. It’s a race, and sometimes the bad guys get a little ahead.

The best defense is to stay informed, and the best place I’ve found to stay informed is alt.comp.virus, though the activity level there is not what it used to be.

About Frank