Scareware a growing security concern for computers using Windows operating system
by
Alan Zisman (c) 2009 First published in
Business
in Vancouver October 13-19, 2009; issue #1042
High Tech Office column
Last week’s column noted the
need to keep Windows, applications and the host of add-ins (Flash,
QuickTime and more) up to date and recommended software- inspecting
tools from
www.secunia.com to help stay patched.
Here’s
another trend in malware 2009: scareware. You’ve probably seen the
come-ons – visit a website – often a well-respected one – and a window
pops up stating that a virus or spyware has been found on your computer
or that there’s a problem with your Windows registry. A fix for the
infection or problem is just a click away.
If you go there,
you’ll find what seems to be information about security software, often
with quotes from reviews by reputable publications and tables comparing
this software with other better-known competitors. Brand names include
Doctor Antivirus, Spyware Preventer and Total Virus Protection. USA
Today suggests there are more than 9,000 varieties of such programs,
though many are the same software appearing with different names.
Thirty or 40 dollars later you’ve downloaded the software and it reports that your problem has been solved.
Congratulations.
You’ve just been tricked into installing scareware. You’re not alone.
Microsoft claims its Malicious Software Removal Tool (run as part of
Windows Update) has cleaned more than 4.4 million systems infected with
just one scareware program.
Best-case scenario: your newly
installed software does nothing except pop up false messages.
Hopefully, despite thinking you’re protected (you’re not), you won’t
pick up other infestations. (Once installed, some scareware blocks
legitimate security programs.)
Potential worse scenarios: some
scareware includes “key-loggers” – software that watches everything you
type on your computer, sending credit-card numbers and other financial
and personal information to who knows where. Still other scareware has
been reported to encrypt user documents, making them inaccessible, then
offering to unencrypt them upon payment of “ransom.”
While
you’re more at risk hanging out on the wrong side of the information
superhighway, this year, the New York Times, Newsweek and FoxNews were
all embarrassed by reports that ads appearing on their websites offered
users scareware. Like other major websites, they had contracts with
online ad- placement services, which apparently are not screening ads
well enough.
Social-networking sites, including Twitter and
Facebook, have been used to serve up scareware come-ons. Recently,
people searching for news stories on the death of Patrick Swayze got
pop-ups urging them to download “Total Security” – software that steals
personal information, according to (real) security company McAfee’s
Avert Labs.
You can keep scareware off your computers, though.
Reputable and up-to-date security software will generally warn you if
you download and try to install a bogus security package. (Not sure if
your installed software is legit? Remember, Google is your friend –
search for reviews from trustworthy sources.) And you can generally see
through the faux-security software’s websites if you’re careful.
Scareware
web pages filled with reviewers’ quotes never link to the original
reviews. That’s because the original reviews don’t exist. A quick
Google search for the “brand name” of the false product will almost
always reveal that it’s a scam.
But don’t bother.
Along with
installing legitimate security products and keeping them up to date,
the best strategy is to recognize that all messages (other than from
your installed security software) that pop up and claim that your
computer is infected or has problems or offer a free scan for problems
are bogus. Don’t click to continue – don’t even try to close the
pop-up. Shut down your browser. If it won’t shut down easily, press
Control-Alt-Delete and use the Windows Task Manager to end the task.
Note that to date, only Windows systems are vulnerable to scareware,
even though the same “you’re infected” messages will pop up on Macs or
Linux systems. Non-Windows users are allowed to chuckle at warnings
that their Windows registries are corrupted or at pop-ups appearing to
scan their non-existent My Documents folders.
If you don’t think
your home computer has an adequate level of protection from viruses,
spyware and assorted malware, the just-released – and free – Microsoft
Security Essentials: (
www.microsoft.com/security_essentials) is worth a try. •