What is Malware?

In my previous tech note, we discussed the concept of a program. In many ways, most malware is simply another program, an undesirable one, but just a program. The term malware is a general, catch-all term for any sort of malicious program that might become entrenched in a person's computer. Many terms are used, such as Virus, Worm, Trojan, and more. All these are undesirable, and most users really do not care about the fine distinctions. Hence the catch-all term malware is used as a general term for anything of this nature.

Some forms of malware can embed itself into another program, and thus not be an independent application in it's own right, but nonetheless it is a program designed to intrude on your computer with undesirable results.

In addition to programs that infest your computer, there are malicious web pages that can do nasty things, even without a program being on your computer. This is because there are little “programs” that are embedded in web pages, in the form of Java Applets, Flash animations and even Perl scripts. When you go to a web page, these programs run on your computer, in the web page. Most web pages have programs of this sort, but they are used for good purposes. Some pages have programs that are used for evil purposes. The damage they can do is limited, but can still be annoying.

Commonly you receive an email from a friend with a link to a site that might seem interesting. Often it sill simply say something like “Hey, Check this out” or “even just “Here ya go”. When you click that link, one of several things might happen. In the simplest form, the site may run a Java Applet that grabs your email contact list and sends the same email to all your contacts. Such attacks are good at propagating the link to the malware infested site, but don't do a lot of harm to your computer. This is because the very nature of Java running in a web page limits the damage. But it can spam all your friends with the nasty thing, and open the door to more malicious infestations.

A more advanced attacker might pop up a dialog box telling you some system component, such as Flash, is out of date and ask you to install an update. If you click the link for that, you are opening the door to all manner of infestations. You are giving the site permission to install system level software on your computer. Don't do that... If you think you do need an update to any component such as Flash, go directly to the supplier's site and download the real thing, do not use a link from an email.

Protecting yourself from malware is fairly easy, as a general idea, although even the best of us can fall for the scammers tricks. A few simple steps will limit your vulnerability to such attacks.

The first step is to ensure your system has at least a basic level of protection against malware. This means installing an Antivirus program. There are a great many to chose from. In November 2012, Neil Rubenking of PC Magazine published an article comparing the performance of the top anti-virus products. In that article he listed thirteen products that performed excellently in the PC Labs testing. The same author on August 30 had previously published another article that lists thirty-seven such products.

Most of these products cost something, usually an annual subscription. They also use their presence on your system to bombard you with advertisements and inducements to buy something in addition to the protection they sell. Some of the products are nominally free, but still annoy you with up-selling techniques. Only one product, as far as I know, is both free and does not attempt to sell you additional services. Microsoft Security Essentials is free, does a decent job of protecting you and does not annoy you with the hard-sell.

Microsoft's critics are quick to claim that Security Essential falls short of being the best product. I am not entirely sure I agree, and certainly the benefit of not annoying me with ads for upgrades and such is worthwhile. Most critics point to what they claim is inadequate ability to remove infestations already on your machine. There is some truth to this, but Microsoft also has a companion Malicious Software Removal Tool (MRT) that fills this lack, and is also free. Used together, Security essentials and MRT provide adequate protection, for free, and with minimum annoyance. Further, many especially difficult infections have specific free tools to remove them.

If you are uncomfortable using a Microsoft product, or a product that some claim is “second best” the other vendors are more than willing to meet your needs. You can go to their site, fork over the requisite funds and feel safe. All of the companies reviewed in PC Magazine are reputable and trustworthy, although they can be very annoying, and difficult to remove should you decide you don't want them after all. I have not experienced any incident where I found it necessary to use anything other than Security Essentials and MRT, and certainly they are much, much better than nothing at all.

Once you have a basic malware protection package in place, the next important step is to simply follow safe practices when using your computer. In light of bad actors trying to appropriate contact lists and other information from your computer, I strongly urge caution storing such information on your computer. Sensitive information should ideally be secured with some form of encryption.

In your contact list, do NOT store email IDs “in the clear”. It is easy to fool these programs by simply obfuscating the email address a bit. Instead of storing my address as wa4otj@yahoo.com, for example, simply place a 'x' in front. It becomes xwa4otj@yahoo.com instead. Or put the extraneous character on the end, as in wa4otjx@yahoo.com. If the program grabs this and sends it, you will see a bounce-back from the email system, and you will not annoy me with junk mail. The downside is that you will have to manually remove the 'x' in the address when you want to send me email. That's an annoyance, I agree, but will foil most email harvesting programs. You can of course use more sophisticated techniques to foil the bad guys, inserting additional bogus characters, or other obfuscations. The point is simply to make it more difficult for a program to send mass emails using the contact list on your system. Perhaps the best way to avoid email harvesting is to not place information in your computer's default contact list. If you keep contacts on your computer, use a different, more secure mechanism.

Other information on your computer is vulnerable as well. There are other malicious programs out there that will look for Quicken files, and other obvious, sensitive items to steal. Beyond the risks of this data falling to malware, your computer might simply be stolen. For this reason I strongly recommend any sensitive information, any financial data, Quicken or Quickbooks files, or anything of that nature should be encrypted. In Safe Computing #8 – Protecting Your Data I discuss encrypting your data using Truecrypt, or a Zip archiving program.

Beyond actively protecting your computer with malware programs and encryption, simply using great care when clicking on any links in any emails, being very careful about allowing “updates” to be installed when you open a web page, and so on will go a long way towards protecting you from the bad guys.

The ABC's of protecting yourself on the web are Avoiding infection, Blocking infection, and Cleaning infections. The first is simply being very careful about what links you click, what web pages you go to, and what emails you open. The second is having protection in place, antivirus, encryption and so forth, and the third is removing infections once caught. MRT will mostly take care of the last, although there are other, sometimes better tools. In extreme cases a computer can become so compromised that only a reformat and reinstallation of the operating system will resolve it. Avoiding and blocking infections will hopefully prevent the need for that last ditch effort.