Security Software - The Basics

Another quite interesting article from Lavasoft’s (authors of Ad-Aware) web site explains why you need several layers of security software. I liked their way of explaining this and quote from this web page. Here is the link in text format:
http://www.lavasoft.com/support/securitycenter/articles/security_software_basics.php

In a few locations I have changed the sequence of sentences or paragraphs to denote levels of importance and I have added some formatting and applied emphasis to enhance readability. The text itself has in no way been modified.

Today's threats are varied, sophisticated, and continue to adapt in order to get past your defenses. And that means that going online without essential protection in place on your computer is no longer an option.

The best ways to stay secure online are to prepare your PC with the right tools and to use caution and common sense whenever you use the Internet. An up-to-date firewall is another security must-have. Updated spyware and virus protection with real-time monitoring are important tools in keeping spyware and malware from infecting your computer. These three elements provide fundamental security to your PC, and are essential to protect your information and your privacy.

What exactly are these tools and why are they necessary?

Firewall.
A firewall works as a barrier between your PC and cyber space. When you are connected to the Internet, you are constantly sending and receiving information in small units called packets. The firewall filters these packets to see if they meet certain criteria set by a series of rules, and thereafter blocks or allows the data.

A firewall provides critical protection to keep your PC safe from unauthorized access, yet it cannot remove malware from a system that has already been infected; therefore it should be used in conjunction with anti-spyware and anti-virus software.

Anti-virus software.
A virus is code that recursively replicates a possibly evolved copy of itself. Viruses use computers to spread from one to another. They [viruses] often perform a function that can erase files and processes from your computer.

Anti-virus software can protect your computer from a range of cyber threats like viruses, worms, rootkits, and phishing attacks. The software keeps you protected by scanning files to look for known viruses, and by using what is known as heuristics to identify suspicious behavior which may indicate a threat.

Anti-spyware software.

Spyware attaches itself to individual computers to perform functions like monitoring Internet navigation and stealing information. Spyware can track your personal data and then send it to cyber criminals.

Anti-spyware software can protect your computer by providing real-time protection against malware, spyware, and adware installations, as well as by detecting and removing such programs that are already installed on your computer.

I hope you find this quote from Lavasoft interesting.

To the description of the Firewall I want to add that the most important feature of a Firewall is the ability to protect the computer from actively being "hacked" into. My experience proves over and over again that the firewall in Windows XP by now does this very well and dependably.

As usual I welcome comments and suggestions right here in the blog.

Thank you in advance.

Malware Categories

Upon downloading updates for Ad-Aware I found on Lavasoft’s web site a categorization of malicious software. I kind of liked their way of explaining what all is out there and trying to get on our computers. Lavasoft kindly granted permission to literally quote contents from this web page. Here is the link in text format:
http://www.lavasoft.com/support/securitycenter/blog/?p=269#more-269

In a few locations I have added links to the original text as help to explain technical expressions that may not be commonly known.

ADWARE

Adware is a type of advertising display software that delivers advertising content potentially in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions, and therefore may also be categorized as tracking technologies. Some consumers may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program, or are frustrated by its effects on system performance.

BACKDOORS

Backdoors may open up ports on the compromised computer, allowing remote access and control of the victim’s machine.

DIALERS

Dialers are programs that utilize a computer’s modem to make calls or access services. Users may want to remove dialers that dial without the user’s active involvement, resulting in unexpected telephone charges and/or cause access to unintended and unwanted content.

DOWNLOADERS

Downloaders are programs designed to retrieve and install additional files. Downloaders can be useful tools for consumers to automate upgrades of essential software such as operating system upgrades, browsers, anti-virus applications, anti-spyware tools, games and other useful applications. Unauthorized downloaders are used by third parties to download potentially unwanted software without user notification or consent.

FLOODERS

Flooders may provide functionality that makes it possible for an attacker to send massive amounts of data to a specific target. The flooding of a target may, for example, disturb communication services or make various systems unresponsive. This is similar to a DDoS attack where massive amounts of calls are launched against a system. A DDos attack may even make large systems unresponsive if the attack is launched from several computer systems that are infected by a DDoS capable Trojan Horse.

PASSWORD STEALERS

Password stealers can steal user passwords on an infected system, compromising system security and user privacy.

ROUGE ANTI-SPYWARE APPLICATIONS

Rogue anti-spyware applications may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

TROJANS

Trojans (also known as Trojan Horses) are programs that appear to do one thing but actually do another. Trojans may also download additional files to the infected system.

TROJAN.DROPPERS

Trojan.Droppers will drop additional files on the infected system. These files are often other Trojans or downloaders.

TROJAN.NOTIFIERS

Trojan.Notifiers are Trojans for the Microsoft Windows platform. This Trojan installs to run at system startup, opening ports on the infected system and increasing system vulnerability. Trojan.Notifiers may thereby compromise system security and user privacy.

TROJAN.PROXIES

Trojan.Proxies may open up the infected machine to be used as a proxy server.

TROJAN.SPIES

Trojan.Spies are a type of malicious program that can steal information such as passwords, surfing habits, credit card details and e-mail addresses.

VIRUSES

Viruses are code that recursively replicate a possibly evolved copy of itself. Viruses infect a Host File or system area, or they simply modify a reference to such objects to take control and then multiply again to form new generations.

WORMS

Worms are network malware, primarily replicating on networks. Usually, a worm will execute itself automatically on a remote machine without any extra help from a user. However, there are worms, such as mass-mailer worms, that will not always automatically execute themselves without the help of a user.

MISCELLANEOUS MALWARE

This grouping contains other programs with malicious intentions.

Although I do not fully concur with all of these categories I think this is informative reading and good background information for everybody.

And the intricacies of the English language caught up with the (presumably Swedish) author of this as well. In Worms we read that the worm program “executes itself …”. What the author means is that the worm program runs, that it executes the program instructions. The worm program definitely does not place itself in front of a firing squad. I had a good chuckle reading this; how’s about you?

As usual I welcome comments and suggestions right here in the blog.

Thank you in advance.
.

XPAntivirusPro2008 and variants

One of the nastiest malware applications currently going around is a whole family of programs with names like XPAntivirusPro, WinAntivirusPro, VistaAntivirusPro and many variations of above names pre- and/or suffixed with years from 2007 through 2009. You may find almost any combination of Win, Windows, XP, Vista, anti, virus, spyware (and others?) in almost any semi-reasonable order.

• A word of Caution: Above link on XPAntivirusPro brings you to a Wikipedia page that is not yet fully edited but still gives a fair overview of the related problems.
  Beware: Way at the bottom of this Wikipedia page is a link to "WinAntiSpyware Removal Instructions for Windows XP and Windows Vista". At the time of writing this link goes to a DANGEROUS web site according to Siteadvisor; it has NO instructions at all; do not use this link!
• Added Oct-10-08: By now there are many more variants with different names out there. It is justified to say that with the exception of about one dozen of more or less proven programs most of what is promoted likely is malicious. The louder and/or scarier the "promotion" the more likely that it is bad stuff. Do your homework or ask me, don't just download and install only because "it says it's an Anti whatever" program.
  

The original program appears sometimes as secret payload of another "free download" or gets put on your computer by malicious websites. Once running it attempts to scare you into buying any of the variants of XPAntivirusPro. The scares are by now really convincingly well crafted and look like legitimate messages from Windows. When you really buy the junk software that supposedly would solve all problems that is the moment when the real problems begin. Some of the variants download Trojan horse programs, others download key loggers and so on.

This garbage comes primarily through the use of Internet Explorer on your computer. You can read details about one man’s epic trip to rid his father’s computer from this malware program here. Here this link in text format:
http://swoofware.com/blog/2008/06/29/xp-antivirus-2008-and-antivirus-2009-are-evil/

I admire this guy's persistence on the rocky road he took and congratulate the final success. If you are interested you may want to read the other articles on this issue he has posted. The links are in a small rectangular box on the right side at the beginning of the page I have just linked to.

BUT: Had the son earlier gone through with “switching” his father to the Firefox web browser they both would have avoided a grueling experience.

I have successfully removed these malware programs from many computers; I use a very different approach that renders success in an hour or two rather than spanning days! The worst case so far was a computer that had three layers of this garbage on top of each other; now that took a bit longer but the machine is clean now!

Here I can only repeat what I preach to my customers over and over:

Use the Firefox Web Browser instead of Internet Explorer!

Okay, I know, there are a few web sites out there that require Internet Explorer because they are programmed to use some non-standard functionality that is available only in IE. If the web site that requests IE is from a reputable well known company or a government agency you can do that. Just don’t begin a casual browsing session from within IE.

You would not believe what I see all the time. I get called to a customer whose computer is acting up. I find and remove some ActiveX malware that can have invaded the computer through IE only. The customer confirms most animatedly that “nobody here used IE”. I check the folder where IE stores temporary files and there are 10s of megabytes of recent temporary files that only IE can have put there. Funny coincidence, isn’t it?

BTW, when I talk about IE please mentally include Outlook Express and Outlook, Microsoft’s email programs.

Use Thunderbird E-Mail instead of Outlook or Outlook Express!

Switching you from Outlook Express to Thunderbird is simple and does not require a lot of learning. Switching from Outlook to TB is only feasible and simple if you did not use Outlook’s integrated calendar, planning and contact management features. But then again, I question the feasibility of using MS Outlook on a free-standing home computer anyway. Outlook is an application that should be used in companies, preferably with one centrally and professionally managed mail server behind it.

The reason I hear most often for using Outlook is ‘I am used to it because I use it at work’. Want to know what I am hearing? Good that you ask, I would have told you anyway; I hear ‘I am soooo unwilling to learn something new that I don’t give a hoot if I have to pay you repeatedly for fixing my computer after I have messed it up again’.

We all know, habits are hard to break - and sometimes costly to keep. ;-)

As usual I welcome comments and suggestions right here in the blog.

Thank you in advance.
.