In the last newsletter, â€œVirus Wars Iâ€ I talked about some of the more recent â€œcustom threatsâ€ and how the enemy is becoming more professional in their approach to infecting our systems . Today I want to identify these threats and see what we can do to protect ourselves. Instead of scattering links through-out the article, I’m including them all at the end for convenient reference. Believe me, protecting against these threats isnâ€™t easy. The changes weâ€™re seeing in malware can be organized into three basic categories.
Immense volume of the variants being released is what makes it impossible for researchers to keep pace. They are winning because of sheer numbers.
New Compilers prevent detection with outdated, signature based, detection software. An example would be if my DNA changed every time I left the house.
Custom Design or Micro Malware puts the focus on small select groups, thus attracting less attention until itâ€™s too late.
These three strategies are involved with all of the new threats. The names of specific threats change so frequently and the variants morph so quickly that specific names canâ€™t keep pace. Something as simple as Win32 just doesnâ€™t do it anymore. Because of that, I am dividing the threats into 5 groups starting with the most prevelant at the top.
TOP 5 THREATS
1. MalWare 2. is the second generation of product from malware designers and writers. The name indicates that the software is not only still here but is now improved. The StormWorm is a successful recent example. It manifests such variety of behavior and reproduction that Zero-minute exploit, rather than Zero-day exploit, is the term used to describe it.
Malware 2.0 renders signature detection ineffective by the use of new compilers. New compilers change the signature each time it is implemented. There is no commonality remaining to detect.
2.Trojans have for a long time come ahead of the common virus on the list of dangerous enemy weapons. Today weâ€™re seeing a major increase of infections to mobile devices, and not just for windows based systems. Symbian and iPhone are getting their share.
3. RootKits are proliferating and a specific variation is the bootkit. A bootkit activates as soon as a computer is turned on. They are located in the boot section of the hard drive and are almost impossible to find and remove. Remember the outcries when Sony first implemented its anti-copy protection. What made it such a scandal was that they used this very tactic to provide anti-copy protection for CDs and DVDs. They modified this section without the users informed consent.
4. Social networking sites like Facebook and MySpace deserve a category unto themselves. Because users trust these sites there is a huge risk of infection. Viruses spread because of the users willingness to view and download anything that is offered. This presents a huge opportunity for malicious code to be embedded and hide until downloaded as requested by the user.
5. Simple Virus infections while slipping in notoriety are still increasing in numbers. Chinese cyber-criminals targeting on-line gamers looks to be one of the yearâ€™s hot new targets.
All malware has improved its self-protection. Daily it is becoming more adept at hindering detection and stopping the functionality of security software. It is now capable of protecting itself and attacking our defenses. To combat this progression todays antivirus needs to be as much concerned with protecting itself as protecting your system.
PROTECTING THE FORT
First thing to do is clean up the operating system so it’s ready to accept the software needed to protect you. I suggest going to our OverDrive scan and using the FREE scan to detect any and all settings problems. You can go through them manually or you can use Optimize to perform the corrections for you.
After running OverDrive check the Windows Update site and get the latest. Let me caution XP users and tell you that I’m not giving a blanket OK to install SP3. You will need to determine whether you should install SP3 and whether you think it’s worth the risk. Previous articles are available here and I’ll reference them at the end of this article also.
Use a hardware firewall. Nothing is better than a router for preventing inbound intruders. This is true whether youâ€™re using Vista or XP. There are many choices available for under $50.00. You can get them on-line or from your local retail store. For the â€œPhone Homeâ€, outbound variety, I suggest XP users get a third party firewall like ZoneAlarm (free). XPâ€™s firewall does not prevent outbound connections but Vista users should be good using the included Vista Firewall.
Today there is no getting around the need for an antivirus. The only question is whether you want to purchase, or use free.
The best free variety is, without a doubt, AVAST. Itâ€™s not a trial that expires, itâ€™s excellent at detection, and it also has real time, early warning.
The votes for best paid antivirus go to Kaspersky with NOD 32 coming in a close second. The difference between the two seems to center on the frequency of updates and Kaspersky ekes out that win. If you’re looking for a paid antivirus then my recommendation is Kaspersky followed closely by ESET NOD 32. A third option that gets good reviews from our own spyware forum is AVIRA.
In addition to installing and using an antivirus itâ€™s extremely important to update your definitions regularly. Updating definitions assures you that your antivirus knows what to look for. All antivirus software companies worth their salt will update frequently, some weekly, some daily, and some, like Kaspersky, hourly. Most can be set to do this automatically. This is one of the things I see people forgetting to do. When asked, some of us donâ€™t know if weâ€™re updated or not.
Something new in the mix for AV software is control of applications allowed to open in the background. This feature can reduce some of the overhead responsible for slowing a pc. Most applications try to open when Windows boots, but thereâ€™s really no reason for most to be running in the background. NOD 32 is just one of several programs offering this feature.
The biggest mistake I see is users installing multiple antivirus programs. Do Not Use More Than 1 antivirus program. Do not have more than one antivirus program installed on your pc. Doing this will prevent the software from properly protecting you at the very least, and at the very worst it can prevent your pc from operating. Multiple AVs will slow your PC to a crawl. It will cause all sorts of weird and crazy behavior similar to being infected by a virus.
One of the good things about the rapid growth of SaaS is the number of FREE Online virus scans available. Using an online scan wonâ€™t prevent you from being infected, but it will detect when you are infected. Iâ€™m including some of the best for you here.
Please, be sure to uninstall or turn off your AVs before using the online scans. Using multiple scans can give you an increased measure of protection. *Please note: Iâ€™m not advocating the use of multiple antivirus programs. These are virus scans that reside on-line. They install only a small ActiveX utility and not an antivirus program.
Anti-Spyware is the third line of defense. Exterminate heads my list of must have programs to remove spyware gathered from daily surfing. Coupled with programs like Adaware and SpyBot, I know my systems are clean and ready to give performance that is not crippled by the junk clogging todayâ€™s Internet. Look for a major change in the way Exterminate handles your spyware. The changes should come soon
In addition to the programs designed to find and remove spyware from your machine, some of the best will even prevent infections. Tops on that list is SpyBot S&D. It comes with a large scan list that is updated frequently. It also has the ability to immunize against infections and stop unauthorized programs from starting with Windows. Updates are frequent and the folks at Spybot are on top of all changes affecting your security. Immediately after the release of Chrome, Spybot got busy and has already completed support for scanning and cleaning Chrome cookies. It is expected to have immunization available, provided Chromeâ€™s structure will allow it. Install these programs and run them frequently for full protection.
Your last line of defense is direct help form sites like PC Pitstop. Our forum is filled with people that want nothing more than to help keep you computer free of malware and running strong. Powerful programs, like HiJack This, require trained advisors to help remove todays malware. Without these advisors you’re likely to do more damage than the threats your fighting.
For easier jobs our “AntiSpyware Brigade” is able to solve most problems and the User To User section is there for any and all problems not centering on malware. Use all these tools and malware will not be a problem for you.
FREE ON-LINE VIRUS SCANS
CA Personal Firewall 2008
44 total views, 2 views today