Tag Archives: antivirus

Some Preventive Techniques for Malware

The dark side of computing….Viruses….Spyware….Rootkits….Trojan horses….etc. Almost everyone has been a victim of this at one time in their life. There’s no avoiding it! These unfortunate things are products of evil people who are trying to steal our information or make money from uninformed and ill-trained users.

I’ve been working the Computing and Communication Services (CCS) HelpCenter/HelpDesk at the University of Guelph (UoG) for the last 4 years. I’ve also been fiddling with computer hardware and software since I was a little kid. I’ve helped hundreds of people with computer malware issues. At CCS, My team of about 30 student consultants are just a small group of people deployed by UoG to help students clean and protect their computers. It is also our job to make sure they are able to connect to Resnet and have full internet connectivity with whatever comes across our desks. Most of us are informally trained but are well experienced and are able to dynamically change our methods to keep up with computers. We’re not geniuses; we’re careful patient ordinary people.

There are many different opinions and methods of preventing, getting, and cleaning malware. I will go through a quick guideline from my perspective on how to keep your computer healthy and malware free. I will also mention some alternatives to pesky paid subscription based antivirus software. Feel free to leave comments or questions below…I’ll answer them when I have time.

So what exactly is malware?

Malware is a term used to describe malicious software such as viruses, trojan horses, spyware, rootkits, worms, adware….etc; Basically anything involving software which is trying to takeover certain aspects of your computer without you realizing exactly it. From experience, most consumers and non-security professionals refer to this as a “computer virus”.

The majority of malware affects Microsoft Windows based systems due to their strong market domination of roughly 90%. Although Microsoft has done a great deal of leg-work at making its most recent version of its Operating system, Windows 7, more secure, there are still millions of users out there with malware on their machines. Those with Apple based products, who claim that there is no such thing as Mac viruses are naïve to think they are automatically free from any malware. Although most of the computers that I help service at the IT Helpdesk are windows based, we do see the occasional Macbook with very odd security or network settings which usually constitute to a virus.

One might wonder, “Why isn’t malware illegal?”…

Well it is! (mainly in Canada, USA, European countries) But because the Internet is a highly world-wide multilingual, multi-platform, multi-cultural, and multi-legal system, it is very hard for legal systems to convict a programmer or hacker from Russia or China. Laws are still being developed in conjunction with countries all over the world to help combat illegal computer activity.

How do you usually get malware?

I hate to be blunt, but I usually determine that if you have malware on your computer, you’ve done something stupid. A streaming video site shouldn’t be asking you to scan your computer for viruses. If it does, it’s usually a fake pop-up requesting you to download something. Don’t expect your favourite websites or a search for your favourite celebrity or artist on Google to be 100% trustworthy either. This past August, hackers tried to fool people by purposely getting their links listed on the first page of search results.

Other common ways of being infected with malware are by using unpatched windows versions without the latest updates or even old virus definitions installed. About 30% of users ignore their Windows Updates or disable it. This is especially dangerous as hackers find holes within the Windows platform and take advantage of them. About 90% of computer users are using Microsoft Windows, and about 30% of them don’t have recent updates. Hackers see a great opportunity to take advantage of the vulnerable and infect these machines as they are an easy target of unsuspecting clients.

Historically, email used to be a vast medium to spread viruses. It was a goldmine for hackers at the start of the 21st century. The ILOVEYOU or Nimda virus are prime examples of viruses which took advantage of email and spread very rapidly due to unpatched security holes in Windows and Microsoft Outlook. Today, email viruses still exist but have less penetration due to better email filtering offered by many web-based email accounts such as Gmail, Hotmail, Yahoo as well as business email security appliances such as Ironport. Nowadays, most hackers try and extract personal information by sending fake emails via spam and trying to impersonate an authority figure such a bank. This is known as phishing and can occasionally lead to malware.

Ways to prevent malware?

My number one method for preventing malware: Smart Browsing…be careful on the internet.

Since our lives revolve around technology, take a few minutes out of your time to think about what you’re actually clicking when you’re on your computer. Read pop-ups and alert messages and think before clicking Yes or No…if you’re unsure, ask someone who you think may know better.

Think about using different web browsers. In my opinion, the three mainstream browsers, listed in order of the most secure to the least, are

  1. Google Chrome
  2. Mozilla Firefox
  3. Internet Explorer (IE)

If you’re browsing the internet to stream movies/tv shows, downloading torrents, or general surfing, think about using Google Chrome. It’s fast, convenient and  the most secure. If you find that certain websites render or display funny, then maybe think about falling back on Mozilla Firefox. If all else fails, use Internet Explorer as the last resort. Although the latest versions of Internet Explorer are far more secure than its predecessors, IE, like Windows, is the most popular web client used around the world. Hackers target it for that reason.

Everyone knows they should have antivirus software installed. There are tons of free ones out there as well as some with paid subscriptions. I recommend using Microsoft Security Essentials as it is free, easy to download and install, and has been rated highly by many professionals. Keep in mind, contrary to popular belief, just because your computer has an antivirus program installed, your computer is not 100% protected from malware. Antivirus software only prevent approximately 70% of threats, the rest is up to you to be careful and diligent. Lastly, is it not recommended to install more than one antivirus software on your machine. It will greatly reduce performance and may lead to frustration as both software fight for power.

As mentioned before, keep your computer up-to-date! Download latest patches when alerted by your software or operating system. At the University of Guelph, CCS employs the Cisco NAC agent to enforce computers on the network to update their windows with the latest patches. Although this can be a pain for many, this is a great way of preaching and making people aware to always keep their computer up to date.

What to do if you have malware?

I find that the majority of users who are infected with malware know where they got it from. They usually say, “I knew doing __fill-in-the-blank__ wasn’t right, since then, my computer’s been doing weird things”.

This is great! It shows that the user is aware of their actions and will learn from their mistakes. Cleaning computers infected with malware is a pain and sometimes it’s faster and easier to reformat the machine instead of spending hours trying to remove it.

If you do have malware though, be careful when using Google to find solutions. On occasion, the malware provider publishes fake removal instructions by asking you to download a program to help clean your computer. This consequently infects your computer with more malware making it more frustrating to clean. Removing and cleaning out malware can sometimes lead to file corruption on your computer which would prevent it from booting up and performing regular functions. I would recommend that you backup any files on your machine that you value on a weekly basis in case this were to happen. It’s good practice to back up your data in case your computer gets stolen.

My favourite tool for removing malware is Malwarebytes. It is, for the most part free and you may find it here. I also recommend cleaning out temporary files before doing any scans in order to free your computer of excess files. This helps lower the time it takes for antivirus and malwarebytes to scan your computer. A great software for this is CCleaner.

I recommend the following steps for scanning and removing malware from your computer:
Please read through them carefully first before attempting instructions

1.      Restart your computer into Safe Mode with Networking Support (hit F8 while the computer is booting)

2.      Download CCleaner (portable or slim edition) and Malwarebytes

3.      Run CCleaner and clean out as many temporary files that it can

4.      Install Malwarebytes and make sure its updated to the latest file definitions

5.      Run a quick or full scan.

6.      After the scan, click Show Results and Remove Selected

7.      Restart your computer and see if it got rid of the malware

8.      If you still have malware, repeat all instructions until you find no more objects infected

9.      If you still have malware, seek professional help and think about reformatting.

Hopefully you now have a better understanding of malware and some preventive tactics to keep it off your computer. Feel free to leave messages or suggest for other users and if you know anyone who gets affected by this, feel free to forward them to this page. Remember, be smart when you’re on the computer and being proactive while using the computer is the best approach for preventing malware.

Further Reading:
PC World – How did my protected PC Get Infected?
PC World – Microsoft Security Essentials – Whats the catch?

A much more in-depth article about many types of malware and some popular real-life examples. The article is a bit out of date as it aims for Windows XP and was published in 2004, however you may have been exposed to some of these back in the day.
Ars Technica – Malware & How to prevent it

Conficker Update

The media hasn’t mentioned Conficker for a while so I figured I’d give you a little update about what its doing. BTW, I’m referring media as the mainstream news broadcasters, not the tech blogs/sites out there which most IT people tend to always follow.

Its been nearly 2 weeks since the April 1st doomsday. Last week, Conficker decided to silently start updating itself. It began downloading a variation of Waledac on April 7th. It is fake antispyware/antivirus software much like Antivirus 2009. It will attempt to trick you into purchasing its “services” for some amount. If you fall for the trick, congratulations, your credit card is now in the hands of hackers.

Once again, make sure your computer has the Windows updates. More specifically, the MS08-067 patch is installed. Also, make sure you have the latest anti virus updates.
You can also run Malwarebytes which has so far, had a good track record lately in detecting rogue software.

PS: AVG Free users, from experience, this anti virus software is like having no anti virus software installed. Get a new one! (I don’t have time to get into specifics)

Symantec Theat Center – Downadup.E
McAfee Avert Blogs

are you ready for the rabid virus?

Conficker? aka W32.Downadup.x

Well the media hype has been going for the last few days. I was going through my Google Reader feeds as I usually do and I saw continual stuff about the Conficker.C virus.

The NY Times, Vancouver Sun, CNET, BBC, oh and my favourite one: CBS’s 60 Minutes which was recovered by CNET, have been commenting on this virus and as usual, media attention is probably blowing this out of proportion. We really won’t know until Wednesday, April 1st, 2009. Maybe it’ll be one giagantic April fools joke. This is all very unlikely as the botnet and hacking networks are capable of making lots of revenue.

Are you protected?

For most virus scanners, as long as they are updated, they should be able to offer more safety from those who have no anti-virus tools.
The big key is to make sure you have the latest Windows OS Updates, and more specificall,y Microsoft Security Bulletin MS08-067 – Critical.
That patch was released in Oct last year so there shouldn’t be any excuses!

This virus is likely to affect corporate users who’s IT admins use group policies to disable auto-updates.

For the nerds…

Have some fun reading these science-report like documents:

http://mtc.sri.com/Conficker/ <— this one is ridiculous…and no, I did not read it. I just linked it! There are also 3 addendum.
http://support.microsoft.com/kb/962007

For everyone else…
Sit back, relax and watch the news!

I should mention that I am working during the afternoon shift at the CCS HelpDesk on Wednesday. I’m expecting a regular shift of university students who lose their essay due to stupidity and the usual, “where is the washroom/how do i scan/how do i print” questions.

PS: The 60 minutes interview was very amusing!

More links:

http://en.wikipedia.org/wiki/Conficker
http://news.cnet.com/8301-1009_3-10204590-83.html?part=rss&subj=news&tag=2547-1_3-0-20
http://arstechnica.com/security/news/2009/03/canadian-ca-domain-prepares-united-confickerc-defense.ars
http://www.theglobeandmail.com/servlet/story/RTGAM.20090326.wworm0326/BNStory/Technology/home