Security Reality Check: Malware, Grayware, and Other Ugly Computer Software

In today’s media and society as a whole, scare tactics run rampant, often causing preemptive reactions and paranoia.  The culture of fear that results can be scarier than the actual threats propagating them but, in the case of computers, there are very real threats to come to terms with.  The face is often obscure and it goes by many names so I’m here to give you a little PC Security & Contingency Planning 101 course.

Malware: A family of critters that can make your day a bad one for computing.

Ewww.. Get it off my puter, plz!

First, let’s get a few things straight: any device that has access to software is at risk.  If such device has Internet access, there’s even greater risk.  You run a risk if you partake in certain activities as well.  What risk?  The risk of compromising your computer’s security.

Security compromises in the computer world manifest themselves in many ways.  There is a wide array of methods for attackers to infiltrate your computers by way of intrusive software programs/applications.  Here are a few symptoms that may hint to possible computer adulteration:

  1. Random performance spikes that cause system unresponsiveness or sporadic slowdown.
  2. Dynamic web content that seems to know a little TOO much about you.
  3. Sudden inaccessibility of known-working web sites.
  4. Overall sluggish system performance, regardless of what you are doing on your computer.
  5. Weird e-mail messages from names that sound foreign or just look like gibberish.
  6. Unexpected pop-ups, desktop icons, and extra stuff appearing.
  7. Your computer does not boot up properly or at all.
  8. Specific programs become unavailable or crash, often including security and diagnostics software.
  9. Memory randomly leaks during long computing sessions, no matter how little you multitask.
  10. Familiar screens suddenly look a bit “off” but you can’t quite pin-point why…

Certainly, there are many other tell-tale signs of foul play but these are amongst some of the most common things I’ve seen first-hand.  The key thing here is to note that malicious software works differently depending what you have.  You can have multiple infections at once or you may just be due for a computer overhaul and/or reformat.  Be wary: some issues are due to lack of ongoing housekeeping and others are caused by unwanted programs.  It’s hard to tell which is which, but that’s why you have tech-savvy friends and tech consultants (hopefully).

Security Jargon In A Nutshell.

One can become easily overwhelmed by all the geek speak and techno babble out there.  We usually techies have to remind ourselves not to get caught up in the passion for our trade and throw out a myriad of perplexing vocabulary words when trying to explain computer issues.  Sadly, there are some amongst us that use the big talk of our trade to make people feel small and ask less questions.  Supposedly, talking the talk helps us establish ourselves as irrefutable experts.  Tsk tsk…  There are better ways to do this, I say!

In regards to ugly computer software, there are many terms that are often thrown out interchangeably.  While there is much overlap, there are some distinctions worth noting.  Mind you, the terminology below has countless interpretations but this is my take on the whole mess:

  • Malware – All malicious software falls into the category of “malware”.  This term is being used more and more as a synonym for “virus” but, as you’ll soon see, that is not truly correct.
  • Virus – Contrary to what movies may depict, viruses don’t usually boast colorful banners and animations letting you know you’ve been had.  In fact, not all viruses are destructive.  Viruses, in simple terms, are bits of codes that can copy themselves.  Some of these bits of codes are complex enough to be considered programs whereas others serve singular purposes.  In the world of viruses, the polymorphic variety are the peskiest because they can adapt and change on-the-fly, making them difficult to detect, especially using anti-virus programs with outdated signatures/databases.
  • WORM – If my old brain serves me properly, WORM stands for Write-Once Read Many or, at least, that’s how the story used to go.  Worm viruses are nasty little things that spread so quickly that entire networks can become incapacitated unless the affected computers are quickly isolated.  Unlike traditional viruses, worm viruses are independent and do not require centralized control nor do they need to attach themselves to executable code.  This is a special case where the vector is the virus itself.
  • Grayware – Also referred to as greyware, these programs are clever in that they do not perform anything illegal (per se) and, thus, are allowed to frolic freely about.  Some of the better virus programs may “misreport” these due to patterns that resemble malware coding but most security suites will disregard grayware applications or write them off as “safe”.  These kinds of programs are particularly scary as major software developers have found legal loopholes and are creating services, web sites, and off-the-shelf software alike that invades, intrudes, and manipulates.
  • Spyware - In this category, elusive programs that steal personal information may be found.  Spyware comes in many flavors but essentially the main threat here is losing your privacy.  Simple spyware just records your usage preferences so that you can get spammed about stuff that you should like while other spyware can be a lot more intrusive, causing things to pop-up when they are least warranted or wanted.  Spyware uses many methods for tracking information and cookies are amongst some of the main offenders on that end.
  • Trojans – Trojans are programs that disguise themselves so that you willingly install them.  Trojans often come in the downloader and password stealer/keylogger varieties, both of which can be quite bothersome.  There is a trend now where trojan viruses simply become the method of injection of greater threats.  In such cases, a trojan virus opens the door for other security threats.  Smart trojans are usually set off by trigger events or timers, which makes it harder to find out how they got there to begin with.
  • Rootkit – A rootkit is a type of malware that cloaks or hides itself, making it darn near impossible to detect.  The term “root” comes from the world of UNIX/Linux, where having root control means you have full, uncontested access.  Malware of this kind essentially hijacks your computer and attacks at such a low level that security software, key system processes, and other critical code is disabled, replaced, and just plain hosed.  Even seasoned IT veterans will have trouble completely undoing the damage of a rootkit, mainly because they attack several system areas at once.
  • Dropper – As Stason.org so eloquently puts it, a dropper is a program designed to insert malicious code into a target system.  In essence, a dropper is a trojan horse whose payload and only function is installing self-replicating software (a.k.a. virus).  Most virus scanners do not notice these vicious bits of code but they are out there, though some say they are not as common.  I’d be wary of executing any file format that has built-in macros and executable codes.  Even multimedia formats such as WMV and WMA can contain malicious code!
  • Downloader – Yet another flavor of trojans, downloaders do exactly what they suggest: download data.  Most downloaders I have encountered merely bog down your connection downloading junk but the really nasty ones download more malicious code to spread countless virus/malware bits.  It’s definitely not a good time if you get one of these!

There are countless other terms and definitions out there but the above items should help you get a grasp of the various types of behaviors and manifestations of malware and grayware are out there.  For the most part, you are safe if you do not download files or visit suspicious web sites.  Even trusted web sites that focus on user-generated content are dangerous (yes, that means YouTube too), in spite of their security hardening efforts.

Apples Get Rotten Too.

Now, I want to debunk the whole bit about Apple computers being virus-free.  Apple devices of any sort are not invincible from viruses.  No feat of engineering can make any information system bulletproof, so to speak.  If Mac computers were virus-proof, there wouldn’t be anti-virus programs nor would there be a lucrative business in the Apple break-fix industry.  Let’s not forget that anything that can be engineered can be reverse-engineered; thus, if it can be fixed, it can be broken (and vice-versa).  That means everyone is at risk but, fortunately, there are fixes and preventative measures alike, regardless of your platform of choice (sorry Apple, you need to stop lying).

More Hard Truths.

The reality of it all is that security of any form, on computers and in other facets of the world, is more of a deterrent than a guarantee.  People like to pretend that their computers are unhackable or malware-proof but that’s just silly talk.  Everyone becomes a victim at some point and some don’t even know it.  It’s more a matter of when it will happen, not if.

The other tough reality to face here is that there are some problems that can’t be fixed or even band-aided.  Some issues are better avoided through proper care and preventative maintenance.  This is where hindsight becomes particularly pesky.  I can’t tell you how many times clients say something to the effect of, “Do you REALLY have to reformat??  But I’ll lose all my data..  I should have backed up last week…..”  Ah, by then it’s too late.  Of course, us good consultants advise our clients of such measures but rarely do people heed our warnings (mainly because they want to cut corners and save money..  which costs you more in the long run).

Coming to terms with these realities is key because computer problems can be very heartbreaking if you are not realistic about them.  Some of us don’t have irreplaceable data and can simply buy new computers when our old ones act up.  For the rest of the world, investing in proper security hardening and system tweaks goes a looooooong way.

P.S. Whomever decided cookies are bad thing doesn’t know much about computers (sorry).  Cookies were originally created as a way to store session data/information for individual web sites.  When you log onto a web site, that web site will check your cookies to see if there are any preferences that you’d like to restore for that session.  In a similar fashion, cookies maintain persistent data when switching between pages.  Using cookies nowadays makes you seem like a lazy programmer or an evil doer (MU HA HA!!) but they are not inherently bad things – seriously!  Of course, from a design perspective, using any cleartext methods when there are so many more things you can do with SSI (PHP anyone?) seems like an unnecessary security risk..  Cookies DO make social engineering efforts much easier by targeting specific interest groups…

What’s At Risk.

It’s not just your computer’s performance and data that is at risk.  Your identity can be stolen, which can affect your credit, driving, medical, and other types of records.  Your friends and family can also become targets once your personal address book is compromised.  Some of the hastier folks will simply block all incoming communication, isolating themselves for the sake of increased privacy and security.  That’s where security becomes a major inconvenience..  I suppose that is the trade-off!

For some folks, the problem is easily fixed by replacing the affected computer.  That’s fine and dandy if you have the money to throw around but, if you don’t change your usage habits, you’ll only be exposed again.  I find that hardening security on any computer is an ongoing process and, sometimes, there is a lot of trial-by-fire involved, especially as more advanced algorithms give viruses the leg up over security programs.  For those of us with vital data that cannot simply be reproduced, such as important research and years of family photos, simply scrapping your computers is not a viable recourse.

Weigh out your options (scrap it, trade/sell it, fix it, or rebuild it) and be forthright with your local tech guy of choice so they can work with you better!

Staying Protected.

The best way to fight malware and grayware is to practice safe computing and take preventative measures.  First and foremost, you want to back up and syndicate key data as much as possible.  As cell phones get more advanced, they become more susceptible to malicious (or just buggy) software as well.  What does that mean?  Your address book is a lot more volatile than you may think!

There are countless applications that offer server-client synchronization so that is definitely a good place to start.  Consider Yahoo, Microsoft Outlook, and other popular solutions.  In addition to ongoing synchronization and native platform backups (such as Blackberry Desktop, Outlook archives, and Microsoft Activesync), you’ll want to do offline backups to an external hard drive, remote server, DVD discs, and the like.  Many of the complete security applications include some sort of backup solution.  I wouldn’t rely on just one backup solution so consider manual file copies, compressed archives, and automated file mirroring using third-party solutions.

In addition to backing up your data files, you should consider saving copies of registry keys, system files, system folders, and the like.  Again, if you are not too savvy with computers, there are applications that will do this for you.  Of course, such backups are only good if you can access them outside of your main OS.  Consider setting up an alternate OS (multi-boot configuration FTW) as a backup.  Creating a boot disc that will give you a secure OS is a critical strategic move as well, especially if the ubiquitous Safe Mode and roll-back options fail you.

After you got your data protected, consider having a good software firewall in addition to a hardware firewall with strong SPI (Stateful Packet Inspection).  I recommend two strong anti-virus applications such as Panda, AVG, Avast, or Kaspersky to work in tandem with specialized anti-malware software (I’ve personally had the best results with Spybot Search & Destroy and Malware Bytes).   Pretty much all these applications can be found in FREE versions on Download.com – w00t!  Here are some key points when considering what to go with:

  1. Kaspersky – Most die-hard IT professionals, geeks, and tech enthusiasts will recommend this anti-virus solution. Kaspersky has a dedicated lab that is constantly researching virus architecture and developing complex algorithms that will detect viruses that aren’t even in circulation yet.  For around $60-100 you can cover your SOHO network for a year.  Kaspersky Internet Security 2011 also features several awesome features including Rescue CD, Safe Surf, Digital Identity Protection, and Rootkit Detection.  Essentially, it is the only tool you really need.  Even so, I’d still have at least one anti-malware application installed alongside it.
  2. AVG & Avast – For those that do not have mission-critical data or just do not have the money to invest in security hardening efforts, AVG and Avast make a very good one-two punch.  I use this setup on a lot of client computers and it works.  I like that it’s FREE and you still get some web safety features, including link inspection and preemptive connection abort options (when connecting to a site that is a known threat).  AVG has a Silent/Game Mode which I really dig on my gaming rig while Avast, on the other hand, tends to be a lot more disruptive with it’s pop-ups.
  3. Panda – I keep hearing good things about Panda but, unfortunately, it does not like to play nice with other anti-virus apps so I can’t say too much about it.  I can say that Panda offers a USB security tool that “inoculates” any USB device automatically.  It’s free and it seems to work well but you need the registered full version to get complete multi-user support.

Unfortunately, the old mainstays provided by McAfee, Trend-Micro, and Norton are not quite as good as the aforementioned and they can be quite pricey and clunky.  I haven’t played with recent releases but it seems that the aforementioned solutions do not like when you have other security software installed and, at times, they’ll misreport these other apps as potential threats.  Bogus.

Early Detection.

While it is possible to subside with certain malware infections (much like people let their cars clunk out until they finally must repair them), it is not recommended.  Some infections work very gradually or are timebombs (timed triggers/release)  so they may not be detected until it is too late.  The more clever of these types of malicious applications will hide themselves when virus scanners are resident or just actively scanning.  In such a case, you may get lucky and be able to find the infections in a protected/safe mode or after manually stopping all but the system-critical services and TSRs (Terminate-and-Stay Resident programs).

Most of the major security solutions out there are good at detecting but the question is WHEN will they find the problem.  Generally speaking, the programs that update the most often, such as Avast and Kaspersky, usually keep you ahead of the game.  Viruses are developed at an alarming rate so having early detection solutions is paramount.

Always consider security suites that will provide connection control, heuristics scanning, algorithm/pattern and variant detection, and other dynamic methods of protection.  The ideal here is to preemptively subvert malicious software and system attacks.  I will reiterate this now: your behavior is a key part of the security effort so do not depend completely on the application.  With time, you’ll become more aware of common scams, malicious code insertion methods, and other digital trickery.

Social Engineering.

In 99% of malicious software and system intrusion/infection, a major degree of end-user acceptance is required. Think of the ugly software out there as an evil vampire (more like a Russell Ellington from True Blood, perhaps): you have to invite them in before they can enter and wreak havoc.  This is where social engineering comes in…

We all leave a digital trail (some of us more than others) and a lot of our personal data is more exposed than we’d like to think, especially if you network heavily for business or personal reasons.  In that aspect, social networking is both a boon and a bane for computer users. Most social engineering efforts use your personal interests or trusted friends as leverage.  For example, on dating sites, the super sexy individual welcoming you to a webcam session or friendly chat may just be a calculated attack on your system.

Consumers are at particular risk, especially in this “interesting” economy we now find ourselves in.  Finding a good deal is great but at what cost?  If you check out sites like Snopes.com and FraudWatchers.org, you’ll find that there are many common hoaxes, scams, and suspicious activities out there (and people still fall prey to them).  It used to be that if you dealt locally or used the phone as a primary means of contact you were safe but even these methods can be exploited to a degree.

Before making any sort of deal over the Internet, check all third-party validation available, as applicable.  There’s always the BBB, Verisign, and countless business registries, complaint boards, and professional affiliations. These companies exist to give consumers added assurance.  They have their flaws so be sure to ask around and remember the old tried-and-true adage: if it’s too good to be true, it probably isn’t.

I had a close family member almost become a victim of a pet sale scam.  Fortunately, too many things smelled funny in the e-mail exchange and it became painfully obvious from the onset that something was amiss.  Here are some sure-fire signs of suspicious businesses, auctions, and one-off sales/deals:

  • The web site has not been registered for very long (use WHOIS tools, as provided by Network Solutions and other registrars).
  • The business does not turn up many or any yellow pages and other business directory hits.
  • The company or individual does not provide multiple points of contact.
  • The company or individual moves quickly through the business transaction as if rushing.
  • Communications seem scripted, lack proper grammar, automated, and/or do not fit with what you are putting on the table.
  • Non-secure and/or untraceable methods of payment are required to proceed with the transactions.
  • The selling party is using a third-party service that does not seem to exist.
  • The selling party references a third-party that has no knowledge of the individuals in question nor their supposed arrangements.
  • The selling party does not address your immediate concerns and questions.
  • Photos and other provided materials seem falsified, “borrowed”, or appear on multiple other sites.
  • You are providing more information than the other party is providing.

Some of the scams are a bit more subtle than the rest but the majority of them are very fishy if you keep your excitement under control and look closely enough.  I say all this not to dissuade you from buying online but, rather, to prepare you to be a smarter online consumer.  Whenever possible, try to meet sellers and potential business partners face-to-face before exchanging money, signing anything, or giving away personal information.

Currently, the big trends I’ve seen for scams is to focus on home buyers, people looking for pets, and those that believe that you can get something for nothing.  There are thousands, if not millions, of sites offering a free iPad, MP3 player, laptop, Xbox 360, and what-have-you but, in reality, they have a hidden agenda.  Some of these organizations are simply selling your personal information to strong-armed marketers but others have much more diabolical intentions – BEWARE!

When It Breaks.

While I am ALL for DIY fixes, major computer issues should be left to the professionals.  If I had a dollar for every time someone messed up their computer in an effort to avoid consulting fees, well, I’d be filthy rich (sadly, that’s not an exaggeration).  Sometimes, it is as simple as installing some software and letting it automatically fix problems but, really, you’ll need to tweak settings and do some manual work if you are to get every bit of malicious code (and the residual effects) cleaned up.

Be particularly careful when using spyware/malware removal tools.  Spybot Search & Destroy does a good job of warning you of the potential effects of malicious software removal but most people just click through on any pop-ups and splash screens that appear. The issue with malicious software is that it sometimes attaches itself to key system files and software components, embedding itself so deeply in your system that removing it will ruin a dependency elsewhere.

Once again, this is where preventative measures are the “real money”.  Back up your files, use alternate web browsers, lock down key files, encrypt files containing personal data, and just be ready for GAME TIME.  Everyone is a victim at some point, no matter how careful you are.  In fact, unless you isolate yourself from friends and cut off your Internet access, there is always some degree of exposure and risk.


Tips For IT Consultants.

Often, the hard part of the IT job is not fixing the problem but, rather, managing expectations (and integral part of world-class customer service).  The most dangerous kind of customer is one that is informed but not capable of acting.  You’ll often find clients read a few blurbs here and there or attend classes, suddenly making them “experts”.  As I’ve often refuted, expertise always stands to be questioned because no amount of credentials guarantee experience or true working knowledge.

You also have to know who you are actually working for.  The person that may have hired you may just be the scout but don’t be surprised if you end up dealing with someone else in the end.  This can be scary as well because you built the relationship with one person and went through your whole spiel.  Unfortunately, there are not guarantees that your messages are being passed along accurately and completely, so now you have to go through the whole rapport-building process again and hope nothing gets lost in translation.

On a similar vein, timing is key. Not only do you want to set reasonable timelines and commit only to what you know you can do with complete certainty (even the smallest of issues can snowball quickly and unexpectedly), but you also want to control access and build up proper expectations on that end as well.  All too often we in the IT business fix a problem or at least the symptoms but the root cause goes unaddressed.  Guess what happens in the world of naughty software?  Yes, the same actions that were performed to put those pesky bits of code on the computer(s) are performed once again, and now you’re the one that is at fault as far as your client is concerned.  d’oh.

I’ll give you a real-world example: I did some really cheap work for a maintenance guy that was freaking out because his wife’s computer wasn’t simply going haywire, for lack of a better term.  When he finally realized he couldn’t fix it, he got it to me.  I got working right away but little did I know that he was not telling me the full story.  I asked him what he was doing before the activity started but he kind of beat around the bush.  Well, I reboot the computer and guess what happens?  It does not boot up at all.

Now I am not only removing malware but I’m also rebuilding his OS before I can even get to cleaning things up and hardening security.  The next day he kept harassing me about how he needed the computer back as soon as possible.  I gave him the computer back, along with an invoice, and explained all the services rendered and the risk he was still running by taking the laptop back so soon.  He quickly reassured me that “it was cool” and he appreciated my quick turn-around.

He gets the laptop home and my phone is blowing up.  Now I’m dealing with him and his wife.  It was painfully obvious that his wife was the one that wore the pants in the house.  I explained everything that I did and what was left to be done.  In all her arrogance and ignorance, she insisted that the computer was not really fixed.  In fact, she went as far as to say I “did nothing”, even though her desktop was cleaned up and new apps were clearly installed.

The main issue here is that the husband was clearly looking at “special sites” without her knowing and he needed a scapegoat.  I didn’t bother to delete the icons and saved media because I did not want to touch her personal stuff and ruffle anyone’s feathers.  In this particular case, I decided it was best for me to wash my hands of it and let them go to the magical IT fairy that would fix it for dirt cheap, deal with their BS, and save the sinking ship that was their laptop.  I believe they went on to go to Best Buy Geek Squad, where they paid darn near the price of the laptop itself to fix it, in spite of my honest advice and trying to work with them on VERY competitive pricing.

Sadly, unethical businesses are bountiful in this competitive landscape and, in the end, people may very well go with the lesser of the greater evils, just because they have made a name for themselves.  Stuff like this is why I only do IT consulting as a side gig but I focus my energies on more fruitful business ventures.   I do a very good job of building up my credibility, staying realistic, and being as fair as possible but, eventually, you have to draw a line and count your losses.

That being said, make sure you build a relationship with your clients.  Try to perform diagnostics in their presence, keep communication lines active, and be as detailed as possible.  You want to tackle any potential objections preemptively and be as reassuring as possible.  Provide customers with options and let them know what you can do over the competition.  If your angle is being cheaper or more convenient, work that angle.  If you claim to be more thorough and experienced, be ready to build a strong case and go above and beyond.

Consumers now, more than ever, want the most bang for their buck.  You can’t blame them.  We want the same as consumers too.  That’s why  I recommend focusing on root causes and finding out what people are really saying.  When people ask for one thing, there is usually an implied request (I want it fixed cheap, I just want my files, I rather trash it if it will cost me, etc.) so find out what your client priorities are so you can align your efforts accordingly.

Happy safe computing from Yogizilla, your resident friendly and informative geek – IT consultants, HANG IN THERE!

;o)

One thought on “Security Reality Check: Malware, Grayware, and Other Ugly Computer Software

  1. My partner and I stumbled over here different page and thought
    I should check things out. I like what I see so now i am following you.

    Look forward to checking out your web page for a second
    time.

Join the party - start a conversation TODAY!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s