Beating Malware 2009 requires staying patched and paying attention
by
Alan Zisman (c) 2009 First published in
Business
in Vancouver October 6-12, Issue 1041
High Tech Office column
There’s good news and bad news on the security front.
Good news first.
For
most of us, e-mail spam is a minor issue. Major e-mail providers,
network administrators and Internet service providers are generally
doing a pretty good job of filtering out spam, phishing messages and
messages bearing viruses and other nasty attachments. Not perfect, but
pretty darn good. The downside of this is for those e-mail providers,
etc., who have to bear the costs of dealing with all these unwanted
messages, which account for a huge percentage of all e-mail traffic.
More
security good news. Computer viruses are, like, so 1990s. Spyware
infesting computers with pop-ups advertising porn sites and the like
are so 2005. Old news. That doesn’t mean that you shouldn’t guard
against them, but they’re not in our faces the way they were a few
years ago.
That’s because malware - the nasty stuff – has moved
on. Epidemiologists note how real viruses and bacteria quickly evolve –
the ones that quickly kill their hosts generally are less successful in
the long term than those that let their hosts live on long enough to
spread the infection widely.
It’s the same with computer
infections. The ones that you’re most likely to notice are the ones
that you’re going to deal with quickly. As a result, they’re less
likely to remain a problem for the long term. That’s what’s happened
with “classic” viruses and spyware.
Malware 2009 is less
noticeable. And its goal is different. Instead of crippling your
computer or hijacking your address book to spread itself like computer
viruses, it wants your computer to quietly join others, acting as a
widely distributed (and thus hard to shut down) spam-generating
network.
Even though most spam is filtered out, the small percentage that makes it through generates enough business to be profitable.
And
rather than come to your computer via infected e-mail messages (mostly
stopped by e-mail filtering or antivirus software), Malware 2009 is
increasingly likely to make its way to your computer through holes in
older unpatched software. Sometimes through Windows vulnerabilities –
but with increasing numbers of users automatically updating through
Microsoft or Windows Update, Malware 2009 is turning instead to widely
used third-party programs. Adobe Flash, Shockwave and Acrobat Reader
for instance. Apple’s QuickTime and more.
Almost all of us have some or all of these installed.
Some
studies suggest 98% of all computers had at least one unpatched program
and the average Windows user had an even dozen unpatched and insecure
programs. And though many programs are set to automatically check for
updates, it’s too easy to suffer from “update overload” and routinely
close or ignore update notices.
Worth checking out: Secunia’s “software inspectors” (
secunia.com/vulnerability_scanning) –a free online scanner that checks for 70 commonly installed programs and whether they’re up to date.
More
comprehensive: a downloadable personal desktop version checks far more
programs and runs regularly in the background. It’s free for home use.
A corporate version is also available.
When unpatched and
vulnerable program versions are found, including missing Windows
patches, the user is notified and given a link to the location of the
patch.
Highly recommended.
Less highly recommended:
increasingly, software companies are trying to make a few dollars from
the software patch process. The vital fixes are still free, but bundled
alongside – even from some of the biggest companies – are installations
of other often unwanted programs.
Adobe’s Flash updater may
install a trial version of a Norton security program while Adobe’s
Shockwave installer offers software from Norton competitor MacAfee.
Update Apple’s iTunes or QuickTime and you may find an icon for Apple’s
Safari browser on your desktop.
Lots of installs bundle browser
toolbars from Yahoo or others. Generally, if you’re on your toes, you
can uncheck the default option to install these extras.
Stay on top of updates, but along the way, pay attention and read the fine print before clicking OK. •