Business-like, isn't he?


 

 

Business in Vancouver logo

    Beating Malware 2009 requires staying patched and paying attention

    by  Alan Zisman (c) 2009 First published in Business in Vancouver October 6-12, Issue 1041

    High Tech Office column

    There’s good news and bad news on the security front.

    Good news first.

    For most of us, e-mail spam is a minor issue. Major e-mail providers, network administrators and Internet service providers are generally doing a pretty good job of filtering out spam, phishing messages and messages bearing viruses and other nasty attachments. Not perfect, but pretty darn good. The downside of this is for those e-mail providers, etc., who have to bear the costs of dealing with all these unwanted messages, which account for a huge percentage of all e-mail traffic.

    More security good news. Computer viruses are, like, so 1990s. Spyware infesting computers with pop-ups advertising porn sites and the like are so 2005. Old news. That doesn’t mean that you shouldn’t guard against them, but they’re not in our faces the way they were a few years ago.

    That’s because malware - the nasty stuff – has moved on. Epidemiologists note how real viruses and bacteria quickly evolve – the ones that quickly kill their hosts generally are less successful in the long term than those that let their hosts live on long enough to spread the infection widely.

    It’s the same with computer infections. The ones that you’re most likely to notice are the ones that you’re going to deal with quickly. As a result, they’re less likely to remain a problem for the long term. That’s what’s happened with “classic” viruses and spyware.

    Malware 2009 is less noticeable. And its goal is different. Instead of crippling your computer or hijacking your address book to spread itself like computer viruses, it wants your computer to quietly join others, acting as a widely distributed (and thus hard to shut down) spam-generating network.

    Even though most spam is filtered out, the small percentage that makes it through generates enough business to be profitable.

    And rather than come to your computer via infected e-mail messages (mostly stopped by e-mail filtering or antivirus software), Malware 2009 is increasingly likely to make its way to your computer through holes in older unpatched software. Sometimes through Windows vulnerabilities – but with increasing numbers of users automatically updating through Microsoft or Windows Update, Malware 2009 is turning instead to widely used third-party programs. Adobe Flash, Shockwave and Acrobat Reader for instance. Apple’s QuickTime and more.

    Almost all of us have some or all of these installed.

    Some studies suggest 98% of all computers had at least one unpatched program and the average Windows user had an even dozen unpatched and insecure programs. And though many programs are set to automatically check for updates, it’s too easy to suffer from “update overload” and routinely close or ignore update notices.

    Worth checking out: Secunia’s “software inspectors” (secunia.com/vulnerability_scanning) –a free online scanner that checks for 70 commonly installed programs and whether they’re up to date.

    More comprehensive: a downloadable personal desktop version checks far more programs and runs regularly in the background. It’s free for home use. A corporate version is also available.

    When unpatched and vulnerable program versions are found, including missing Windows patches, the user is notified and given a link to the location of the patch.

    Highly recommended.

    Less highly recommended: increasingly, software companies are trying to make a few dollars from the software patch process. The vital fixes are still free, but bundled alongside – even from some of the biggest companies – are installations of other often unwanted programs.

    Adobe’s Flash updater may install a trial version of a Norton security program while Adobe’s Shockwave installer offers software from Norton competitor MacAfee. Update Apple’s iTunes or QuickTime and you may find an icon for Apple’s Safari browser on your desktop.

    Lots of installs bundle browser toolbars from Yahoo or others. Generally, if you’re on your toes, you can uncheck the default option to install these extras.

    Stay on top of updates, but along the way, pay attention and read the fine print before clicking OK. •

Alan Zisman is a Vancouver educator, writer, and computer specialist. He can be reached at E-mail Alan
Google
Search WWW Search www.zisman.ca