Saturday, 17 October 2015

Antivirus - part 2

As the tests in my recent post show, antivirus products are detecting 10 to 20% of the malicious software that is emailed to me. And that tells us something interesting - this is how they get in.

I get a few dozen emails per day that include a doc, pdf, scr or exe file. An exe file is a program; when you click on it, that program runs. An scr file is another exe file. A zip file is just a way of hiding what sort of file is inside it; when you click on it, Windows cleverly pulls the exe file out from inside it, and runs it. If a file has two extensions, like .jpg.exe, you might think it's a jpg file, but it's actually an exe file. A doc file can contain macros; if you doc file reader (often that's Winword) runs those macros automatically, then you've just run a program that's been emailed to you.

So there's lots of ways someone can email malware to you. What can you do about it?

It's difficult to block. You can have the strongest firewall possible, but you still want to receive email, so your firewall will be told to allow email to come in. Your incoming email, for most people, is your biggest vulnerability.

Wouldn't it be nice if something could be done about it? Preferably by the people who make your operating system, so that malicious software can't run? Well, they did try. But it didn't work well enough. So what can you do?

As discovered in my previous blog about antivirus, installing an antivirus isn't going to be the answer. Even if you install three of the best antiviruses, they're going to miss a high percentage of incoming malware. So what do do?

I'd suggest a two-layer defence. The first layer is you. If an email includes a doc file or a zip file (or any other attachment), don't click on the attachment, unless you have a *really good* reason to do so. And a really good reason does not include:

* It looks like it might be interesting
* It looks like it might be funny
* It looks like it might be important
* It looks like it came from your bank
* It looks like it came from a friend
* It looks like it came from your government

Did it come from your friend? Or could this just be a generic email that's pretending to be from your friend?

The second layer, is  your software.

If you're running Word, disable the running of macros.
If your software for reading doc files is something else, disable it in that.

If you're using Adobe Acrobat to read pdf files, disable macros. If you can't see how to do that (I looked, I couldn't see how) then use a different product to read pdf files.

If you're using Windows Explorer to browse the web, you can use higher security settings. 
Or you could use Firefox or Chrome.

So what happens if you don't bother with all this? Not much. At first.

Then the first malware gets installed. This slows your computer down, because as well as doing what you want, it's also doing what the malware wants, which might be pumping out spam to the rest of us.

Then the second malware insalls. This slows your computer down some more, and occasionally it crashed while your trying to do something, because the second malware wasn't written or tested very well. And it's being used to cause other computers to crash so that if discovered, you get the blame.

Then the third one arrives. This clashes with the first one, so you computer hangs from time to time, and accessing the internet becomes really slow. Also, it watches what you type, and anything that looks like a credit card number, is sent to the malware author. Do you check your credit card statement? Most people dont, and even if you did, if there's an occasional item for £30 that you don't remember, would you do anything?

By the time the tenth malware installs itself on your computer (and tries to uninstall the sixth, but fails leaving it partly working and causing lots more crashes), your computer has become pretty useless. Your credit card too, because as fast as you put money on it, it seems to evaporate. And you're having a long correspondence with your bank because they're saying that you logged into your account and took out £100, and you know you didn't.

Time to spend £1000 on a new computer. Or spend a few hundred getting a techie to wipe your computer clean (and you lose some or all of your data) and install a new copy of Windows, so now you can start the process again.

No comments:

Post a Comment