Sunday, February 8, 2009

Prevent Virus Infections #1

Much of what is written about security issues requires you to read “between the lines” to get down to what you can do to protect your computer. Here is the lowdown in (hopefully) layman’s terms.

Many of my customers have unrealistic ideas about computer security. According to mainstream media and pundits our computers face mainly three threats:

1. Flaws in Windows being exploited by malicious people.
2. Viruses received from emails.
3. Visiting a maliciously programmed Web site.

All this is all too real but in the big picture the reasons above account only for a small percentage of infections on a home PC; the majority of infections seem to stem from something much more mundane: Downloading and/or running infected programs is the biggest and rapidly increasing risk factor.

I make my living by cleaning viruses from people’s computers and I observe this for some years now. When I ask my customer when and how the problems began the answer is more often that not "after downloading a new program". Ask any tech-support person in any company; they will likely confirm this.

Security research company and software vendor Trend Micro reported that in 2008 about 63% of infections of the top 100 were caused by downloading and running programs. Infections from Email and exploits of security flaws together accounted for less than 5% of PC infections.

Free games, free utilities and free tool bars are at the top of the list of infectious programs; but any other program a web site lures you into downloading can and often will be dangerous too. Currently we see rapid growth of so called scare-ware, programs that scare you into believing your computer is infected with x number of viruses and claim to be able to "clean" your computer; generally the opposite is true. Great risks stem from pirated, that is illegally copied software and from pornography. Pirated programs tend to be very dangerous because they are widely used and quite likely virus infected.

A well known professional software tester needed virus infected software for testing anti-virus programs. He downloaded some 60 illegal copies of commercial software; 39 of these programs were virus infected; that means using any two out of three of these programs would have “killed” his computer had he run them.

I don’t mean to scare you; downloading and trying out new programs is one of the most exciting ways to use the Internet – for me at least. You just need some smarts and you need to go carefully about it. You’ll see it is not rocket science; if I can do it you can do it too! Over the years I have downloaded and tried literally hundreds of programs and never, ever gotten my computer infected.

I am not a technical super-hero or supernaturally gifted fortune-teller. I don’t know THE secret security software that takes care of all of that simply because this software does not exist! My computers have never gotten infected because I habitually apply safe computing practices. Your computer can be just as safe as mine and it is not rocket science as you will see.

Basically I have four rules:

1. Download from reputable sources ONLY!
2. Scan all downloaded files with more than one anti-virus scanner.
3. Run even only potentially suspicious programs in a sandbox.
4. Read (or analyze) the End User license agreement.

I will explain this further in Prevent Virus Infections #2 and #3.

Please note: This by no means invalidates the technical prerequisites of avoiding or mitigating risks I wrote about in my January post "Avoid or Mitigate Risks".

Continued in Prevent Virus Infections #2.

As usual I welcome comments and suggestions right here in the blog.

Thank you in advance.

Prevent Virus Infections #2

Rule #1: Download only from reputable sources

Adhering to this single rule will cut your risk of infection dramatically. So, what is a "reputable source"? Certainly the following:

1. Any major download site like Download.com, Softpedia.com or MajorGeeks.com.
2. Any site of a reputable developer or vendor, such as Microsoft, Google, HP or Dell.
3. Any open-source software hosted on sourceforge.net, mozilla.com and other large open- source hangouts.

Of course there are many more "reputable sources." The secret is in knowing which sites to trust. McAfee SiteAdvisor is a free plug-in for Internet Explorer and Firefox (download page) that rates sites based on a number of security criteria, including whether the downloads from the site are free from malware. If a site has SiteAdvisor's "green" rating, you can be pretty sure it's safe. Conversely, you can count on any site with a "Red" rating as being unsafe.

So, what files are definitely unsafe to download or install?

Topping the list are files a site offers to you all by itself or via a popup window. If the site asks whether you'd like to install a toolbar, video viewer, download manager, or whatever, always say no. Such files are the riskiest of all downloads, so never be tempted. Make no exception here; this is seriously dangerous territory.

Other unsafe sources are file-sharing services. Never download software from BitTorrent and other file-sharing networks unless you can verify the authenticity and integrity of the download with 100% certainty. For most people, it's best to play it safe and never download from these services.

The same prohibition applies to software provided to you by friends, classmates or colleagues. Unless it's on the original manufacturer's CD, there's no way you can verify the authenticity and integrity of the program.

Rule #2: Scan all downloaded files

Normally, you don't have to worry about scanning files you download, because most of the top antivirus programs automatically scan a file when you download it. If you're unsure whether your security product scans downloaded files automatically, you can usually initiate a manual scan by right-clicking the downloaded file and selecting the "Scan this file" option before you run it.

Unfortunately, even the best virus scanners have a less-than-100% detection rate; a downloaded file may scan as clean yet still be infected.

You can further reduce the chance of a file being infected by making use of a free Web-based scanning service, such as Jotti and Virus Total. These sites run your downloaded file through a dozen or more antivirus and anti-malware programs.

Of course, there's still a chance your download is infected, even if it passes all the tests at Jotti or Virus Total. However, the protection these services offer is good enough to keep most PCs safe.

Continued in Prevent Virus Infections #3

As usual I welcome comments and suggestions right here in the blog.

Thank you in advance.

Prevent Virus Infections #3

Rule #3: Run suspicious programs in a sandbox.

If you have the slightest doubt about a program or e-mail attachment you downloaded, install the program or open the file in a sandbox or other virtualized environment before you load it on your PC.

My favorite sandbox application is the excellent free program called Sandboxie. This and other virtual environments allow you to install and run programs in an area of your PC that's been specially fenced off; it actually isolates the program you are running from the rest of your computer. If the program you install happens to be infected, the infection is confined to the sandbox and cannot affect your PC. Any infection can be removed by simply deleting the sandbox or its contents.

A neat feature of using a sandbox is this: Your security software can see what's happening in the sandbox and can warn you of any problem. In fact, it's much easier for your virus scanner to detect an infected program that is actually running rather than to detect an infection only by scanning the file.

If you install a downloaded program in a sandbox and get no warnings from your security software, it's unlikely that the file is infected. You can then delete the sandbox and install the program with confidence on your real PC.

Sandboxes are also great for safely opening e-mail attachments. The next time someone sends you a funny Powerpoint presentation, save the attachment and then open it inside a sandbox. OK, it may take you 20 seconds longer, but that's a lot less time than the hours you'd spend removing a malicious infection from your PC.

Rule #4: Read the software licensing agreement

Of my four rules for safe downloading, this one is most likely to be ignored. That's a pity, because analyzing the end-user licensing agreement (EULA) is a surprisingly good way of determining whether the program you're installing contains any unwanted components.

Now, no hacker or Internet criminal is going to tell you in a licensing agreement that they have malicious programs in their software. However, most adware purveyors and spyware vendors will disclose the contents of their "services."

That's because advertising software is quite legal. Indeed, some AV and antispyware programs won't pick up particular advertising programs because they are legitimate.

Spend a couple of minutes reading the EULA rather than just automatically clicking the "I have read this and agree" button.

If you find reading EULAs too tedious, download and install Javacool Software's EULAlyzer program. Let this program “read” the EULA in question; it will flag any worrying or potentially alarming pieces of text. EULAlyzer is free for personal and educational use.

In addition to reading the EULA, you should also be vigilant about what you agree to as part of the installation. Quite often, software vendors will slip into the install wizard a default selection permitting the installation of a third-party product, a subscription to their promotional newsletter, or a browser toolbar; I consider the latter to be a terrible practice. In my opinion just by choosing this way of “stowaway” distribution this piece of stowaway software is disqualified.

A common example of this practice is the otherwise excellent freeware disk-cleaning program CCleaner (more info). Embedded in the installer is a default option to add the Yahoo search toolbar to your system. If you don't want the toolbar, you need to uncheck the option. To be fair I need to mention that Ccleaner is developed by an individual. For every installation of the Yahoo toolbar he likely gets a few cents and I rather watch out and de-select this sort of thing than see Ccleaner disappear because the author can't finance the development anymore.

Now, the Yahoo search toolbar is a legitimate product and supposedly quite a good one. But do you really want it? I don't, and I suspect most other users don't want it, either. The next time you install a program, read before you click.

So, that's it.

Of all the security threats your computer faces, downloading and installing programs is statistically your highest risk. I have outlined four simple rules for downloading that anyone can follow. Just stick to these rules and you are on the way to a future free of malicious software.

As usual I welcome comments and suggestions right here in the blog.

Thank you in advance.