If you use the Internet, your computer is at risk
of infection from viruses. Much like biological viruses, some
are harmless, some are merely annoying and some can make your life
hell. Even if you only occasionally use your home computer, it
is important that you understand the risks and know how to protect yourself.
In the 1990s the
public's impression of what a virus is came from the media.
Newspapers reported how programs such as Michaelangelo[1]
would could cause a financial appocalypse by
infecting computers around the world and deleting vital data. If a
virus announces its presence in such a melodramatic way as
shutting down your PC or deleting your data, although you might find
it infuriating, at least you know that you have
a problem. Far more dangerous are the new breed of crimeware
viruses, unwelcome programs that run unnoticed while you continue to
use your computer, blissfully unaware that you are at risk.
A virus is a form of malware
(malicious software). Malware is software on your computer
that you didn't intentionally install, that is running against
your wishes and against your interests. Precisely defining the
distinction between a virus and other types of malware can get confusing
and the definitions are constantly evolving. For now just rememeber that a
virus is a form of malware and that malware is bad news for you and your
computer.
Some eccentric
people make viruses for fun or as a personal challenge,
but these are generally harmless or annoying at worst. A lot
of malware is now written with truly criminal
intent and is designed to acheive financial gain for their
creator at your expense. Don't assume that the target is only big business
because home users are equally at risk. Here are some common
motives for creating malware.
Your bank will
have warned you that shopping on
the Internet involves a risk of people stealing
your financial details. This can result either from
inadequate security considerations by the online seller or because you have
some form of malware on your computer. This is a scary thought when
you consider that certain transactions can take money from your account immediately
if the criminal has access to the right details.
Even if you don't shop
online, you could potentially end up in a lot of difficulty if
someone steals your identity. Many websites request that you provide them with
personal details that may seem innocuous enough, but to criminals
can provide the first step to identity theft. A gradual
accumulation of your personal details collected by malware could be sufficient
to enable someone to build up a profile of your identity and, for
example, apply for credit in your name. You might not find
out about this until the credit company has started hassling you for
the repayments.
Have you ever wondered where all
those spam e-mails come from offering investment tips, cheap
viagra and breast enlargemnts? One way that spammers get junk
mail delivered is to send it using software, known as bots, running
secretly on other people's computers. With millions of computers
connected to the Internet, malware that uses innocent home
users' equipment for dubious or illegal activities can put a lot
of power in the hands of deviant people.
By now you should understand that
malware is a bad thing and it can affect you. One
last misconception needs to be addressed:
Misconception: 'You only get viruses from dodgy looking websites and
emails'.
The reason why this isn't true
will be explained later. For now, let's address the problem.
The practical defence for home users
is antivirus software. Crucially this software must be up-to-date. If your
computer came with trial antivirus software that has now expired it's as good
as useless. This is because there are hundreds of new threats crawling the
Internet every year and if your antivirus software hasn't received its updates,
it can't defend you against an attack. So, if you don't have antivirus
software or if your software is out of date, you must install an antivirus
program. Here's how:
Disconnect your computer from the
Internet immediately, preferably physically (i.e. disconnect your modem or
network cable).
Use a computer that is already
running up-to-date reputable antivirus software to download the latest
antivirus installation software, then burn the installation files CD
or DVD. If you don't want to pay for antivirus software, some antivirus
companies offer free antivirus software for home use. Make sure you
download from a source that has a reputation for virus free downloads such
as www.download.com.
Avast! Home Edition and AVG Antivirus Free Edtion are
two popular antivirus products that are free for home use, easy to
download and easy to install[2].
If downloading and
burning isn't possible or seems too complicated you're probably
going to have to buy some software from your local computer shop. There are
many commercial antivirus products available off-the-shelf for
home use. Ask the dealer which product will suit you best.
Kill any processes that are
running that you suspect may be malware. To do this, bring up Task
Manager (by pressing Control, Alt and Delete at the
same time and then clicking on Task Manager) then look through the list
of processes on the processes tab. Make a note of the names of all the
processes, then using an uninfected computer, look up the names of
these processes on a reliable site like http://www.processlibrary.com/. If
possible, manually stop any unidentified or malware
processes on the infected machine using the End Process button from
Task Manager. You should also try to stop any unnecessary or
suspicious applications from running using the End Task button on the Applications
tab in Task Manager. Leave your computer running in this
condition as malware is likely to restart if you restart the infected
computer.
Backup your important personal
files to CD, DVD or another form of removable media. Beware that these
files may contain infected material so put a warning label on the
disk. These backups are for an emergency restore
only, such as if the files on your hard drive are wiped unintentionally later
on in the procedure or if the antivirus installation prevents the computer from
starting correctly.
It is preferable to install the
antivirus software in a diagnostic mode such as safe mode in
Microsoft Windows[3]. Malware and extraneous operating system
services are less likely to be running on you computer if you are in safe
mode, hence it is less likely that the installation can be sabotaged or
conflict with another program. Not all antivirus programs will allow you
to perform an install in safe mode. In that case, at least make sure that
suspicious and unneccesary processes are not running by following the
instructions in Step 3 before installing the antivirus software.
Follow the instructions supplied by
your antivirus software providor to complete the installation. This will
usually involve restarting the computer and automatically retrieving the
latest antivirus updates from the Internet.
Once you have completed the
installation you should use the software to run a scan of your computer.
Depending on the age and type of your setup this may take hours, so have
patience. Once the scan is complete your antivirus software should
present you with some reassuring information - either that the machine is
clean or that malware has been detected that can now be bannished. The
exact procedure will vary depending on your antivirus software.
Make another backup of the now
(hopefully) clean personal data files to CD or DVD. If you are intending
to or have to do a low-level reinstallation (see Advanced
Techniques), use these backups to restore your personal data rather than
those you made in step 1.
If you suspect that you may have
been the victim of malware you need to prepare for the possibility that your
identity has been stolen. Advice may vary depending on your country, but
a good starting point will be contacting your bank. You may need
to renew accounts and cards or even file a police report.
In all cases you must keep a close watch on any future bank statements.
Advice in the UK is available from the Home Office online: http://www.identity-theft.org.uk/what-if.html.
In the USA, the Department of Education provides similar advice at http://www.ed.gov/about/offices/list/oig/misused/index.html.
If you are still having problems
then you probably fall into one of two categories - either your operating
system is not applicable to the process presented above or you are dealing with
a particularly nasty virus that requires a more complex removal
process. In either case, if you're not confident or able to deal with the
attack using advanced techniques (see 'Advanced malware removal') then you will
probably have to get help from a trusted person more technical than yourself to
help you. If in doubt, contact your Internet Service Provider for
advice.
There are some common symptoms
that arouse immediate suspicion including:
- Computers mysteriously shutting
down on their own.
- Programs running
excessively slowly.
- Unfamiliar
processes running on the computer.
- Unfamilar programs starting on
their own or duplicating themselves.
- Other unexpected computer
behaviour.
Unfortunately, the most
insidious attacks will not be apparent to the victim until it's too late,
so looking out for syptoms alone is not a substitute for installing
antivirus software. Ultimately there is no guarantee that your computer is
not infected with malware. New attacks are becoming ever more
sophisticated and many attacks will innevitable infect home systems before
the antivirus updates are available, however, antivirus software
is currently the most reliable and practical way for a home
user to reduce the risk of a problem and to detect infection.
Returning to the question of
how malware is transmitted in the first place, it should be repeated
that in the current age this is not limited to getting infected through
contact with dubious material such as Internet porn
sites, pirated games and unsolicited e-mails. Although these
traditional sources still propogate malware, many of today's
attacks employs more subtle and sophisticated methods than, for
example, the Anna Kournikova virus[4].
Blaster was a malicious program that spread itself over the
Internet to Windows XP and Windows 2000 computers in 2003. One of
the syptoms was quite dramatic, effectively making a computer unusable by
forcing it to shut down within seconds of booting up. Most
of the high profile viruses in the recent years up until then
had spread through email attachments and required a bit of assistance from the
user themselves, but Blaster could spread over a
network without the user being involved. Computers without
the latest Windows updates or the protection of a firewall were
vulnerable merely by being connected to the Internet.
Your bank has probably warned you
about phishing (pronounced 'fishing') sites. Users are directed to
the phishing site from a phishing email - a bogus but official
looking electronic communication pursuading you to visit the phishing
site. By presenting a web page that looks identical and could
even appear to have the same URL as a familar trustworthy site, such as
your online bank, the phishing site lures you
into following instructions or submitting information in the belief that
you are safe, when in fact you are submitting information to a criminal or
assisting them with the installation of malware on your computer.
A variation on this idea is
that gaining the victim's trust by appearing that you are
there to help them with an urgent problem. Some malicious webpages
disguise themselves as a warning messages claiming that you have a
virus but that it can be removed by following certain instructions. Those
instructions then acheive the exact opposite - exposing the computer to an
attack and installing the malware.
The PC's autorun or autoplay feature
was once very useful as it enabled you to insert a disk, such as a data CD, and
the software on the disk would start automatically. As long as you only
inserted media that came from a reputable source, you could be pretty
sure that this feature wasn't going to automatically run any malware
because in the old days, CDs read only for most users, so malware
was not able to write itself to the disk media in the first place.
Today most users have CD or DVD
burners and can use pen drives (also known as 'USB sticks' or 'memory
sticks'). Although lots of CDs and DVDs are still read only, pen drives
are almost always the opposite. With the autorun feature still enabled on
most computers, malware can easily install itself to and from pen drives
that are inserted into your computer. You can stop autorun from
functioning by holding down the shift key while you insert the pen drive
or CD. To disable the feature more permanently is a bit more complicated, but
instructions are provided in a Microsoft knowledge base article
available from http://support.microsoft.com/kb/953252.
The unprotected transfer of data
with pen drives is so prolific at the moment, it is suspected malware has even
managed to make its way onto the International Space Station using this method [5].
The battle against malicious
attacks is an exercise in risk management and as always there is a
trade off between risk and cost. For example, when Blaster was spreading
itselft over the Internet, the protected Windows XP/2000 users were those
with either firewall software (which was less common at the time) or
both the latest antivirus updates and the latest operating system
updates. Should you therefore religiously download and install
the latest operating system updates? Not necessarily. Even the
more rigorously tested and less frequently released service packs may
not be suitable to install on your computer[6], although
this is the exception rather than the rule.
So what can you do? Whilst
there's guaranteed solution to the problem, there are steps you can
take that are not too complicated, time consuming or expensive and will
help to keep you protected:
1.
Always have antivirus software
installed and up to date. Check for web browser and OS updates regularly.
2.
Use 'strong' passwords and don't
reveal them to anyone. See http://www.microsoft.com/protect/yourself/password/create.mspx for
password advice.
3.
Don't use an administrator
account if you don't have to. Most modern operating systems support
accounts with different levels of privelege. If you're just surfing the
web, you don't need to be logged on as the system administrator and your normal
user account doesn't need administrative priviledges.
4.
Verify the authenticity of
websites and emails that request information. Check that the
webpages and emails come from the company they claim to be and
are not a clever typographical variation on the company name. Be
suspicious of any email requesting personal or financial information and ignore
all spam mail.
5.
Don't download or install
software from an untrusted source and hold down the shift key when inserting
pen drives or other types of media.
6.
Use an e-mail service that scans
emails for malware and don't open email attachments from an untrusted
source, even if apparently forwarded by friends.
7.
Use a personal firewall. Most
commercial home operating systems now come with a free firewall built
in. If not, use a third party personal firewall product designed for your
operating system.
8.
If while browsing the Internet you
start to receive messages claiming that you have a virus, exit your web
browser, disconnect from the Internet and restart your
computer. Once restarted, if you genuinely have a malware
problem, your antivirus software will inform you after downloading
the latest updates and doing a scan.
9.
Be suspicious of instuctions from
unverifiable sources. If an someone tells you to manually adjust the
configuration of your computer, find out what the risks are and try to
understand what your browser configurations actually do[7].
Never assume that an unverified source is an innocent source because it has
plausible motives. A plausible positive motive is exactly what malicious
attackers use as their disguise.
In
general you should be vigilant regarding computer security and not just where
it concerns malware. If personal or financial data needs to be kept secret then
it must be sent using a secure web page. This is usually signified by an
address starting with 'https' instead of 'http' and a symbol presented by the
web browser (not the webpage) such as a padlock. Find out exactly
what this should look like in your web browser so you don't fall for fakes and
remember that this is only protecting the information in transit, you
still need to be sure that the recipient is trustworthy. Also, be
aware that a standard e-mail is not a secure private communication - the
data is very easy to read in transit by someone snooping with the right
equipment. If you do send payment details over the Internet use a credit
card. Credit cards are less risky than debit cards as
the seller does not receive immediate payment, so you may have time
to cancel the transaction if you realise that you're being ripped off.
This may seem like overkill, but
re-installation is the most reliable way to get rid of a virus. The lower the
level at which you can do this the better, because the aim of
some malware is to entrench itself at as low a level as possible. So
if you know how, format your hard drive, then re-install the OS with current
anti-virus before restoring your applications and data. Obviously you are
in a better position to do this if you are pre-prepared.
Sometimes when you buy your computer it will come with a restoration
disk that can be used to return the machine to its factory condition.
Keep this safe. If not, find out from the
manufacturers/suppliers if your computer has an alternative factory
restoration method, and if not, look in to preparing your own restoration
procedure.
No comments:
Post a Comment