Common Questions & Answers about Viruses

Version 5

    November 30, 2009, Version 1.1

    Common Questions & Answers about Viruses

    By: Mark (secured2k)

    Many times I see the following questions in the McAfee Communities:

    1.      How did I get a virus (malware)?

    2.      Why did my anti-virus solution let something in?

    3.      Who is making these viruses and why?

    4.      What can I do to prevent this from happening (again)?

    This document tries to answer these questions and offer recommendations to help educate home users about safe computing practices.

    1. How did I get a computer virus (malware)?


    In the past, computers were not designed to be secure. Machines were simple and not networked. To make things easier on the user, programmers allowed most of the system to be “open access” to just let things work. Now, the systems are highly complex and networked. Open access is not an option as people value their data and privacy. The problem is that some of the old bad practices of “open access” and “ease of use” have stuck around. Also, programmers make mistakes and sometimes have written code that works but doesn’t do what it is supposed to do when something unexpected happens. This is called an exploit and these flaws are commonly used to gain control over a computer.

    Computer Malware is not randomly generated code. A person wrote the malware with the ability to run on a computer. While there are a few other ways to get a computer virus, these are probably the most common methods I see today.

    1. Viruses can spread by storage media like CD/DVDs, hard drives, and flash “thumb” drives.
    An example of this would be plugging in a flash drive or removable hard drive with an “Autoruns” virus on it. As soon as the system sees this code, it automatically runs what it’s told.
    This is an exploit of the Operating System’s trust of the physical hardware plugged into the computer.

     

    2. Trojans pretend to be something they are not but usually have other intent or purpose.
    “AntiVirus 2009” may show fake alerts and pop-ups about problems that really don’t exist. Another example would be downloading something CLAIMING to be Adobe Flash but really being a Trojan/Virus.
    This is an exploit of the user’s trust in what the user sees.

     

    3. Worms tend to automatically spread by network connections (internet).
    These are spread by email, by exploiting program flaws on computers, and social networking sites like Facebook.
    These worms exploit the user’s trust and flaws in the Operating System/Software in order to spread.

    Here you can see the main security concerns are exploits and trust. The Operating System and Software trusts the input it gets is valid. Once the input becomes invalid, the unexpected result allows the malicious programmer’s instructions to take over. The other side is in the user. If the user is tricked into believing fake information or downloading and running a bad program, that program is given full access to the computer. A combination attack could trick a user into visiting a bad site or email that exploits flaws in the software on the computer.

    2. Why did my Anti-Virus solution let something in?


    There is no Anti-Virus that can detect 100% of the malicious software that is out there.

    Since the malicious code is created by human creativity, there is always a new variant that has not yet been seen by the Anti-Virus researchers. Furthermore, malicious software may use techniques designed specifically to encrypt and mask its signature to evade detection. The Anti-Virus authors could make their software even more paranoid but then problems with incorrect detections on legitimate software occur. Increasing the security on unknown software could happen but what usually happens is users get so many pop ups to Allow or Disallow an action, they get used to just clicking Allow most of the time. When a virus would be stopped by this prompt, the user usually will be in such a habit of pressing Allow that the added security does not help and causes more of a hassle.

    Future security software may start looking at the detection methods in reverse. There is more malware floating out there than mass produced legitimate software. As a result, security software may result in becoming highly paranoid for anything unrecognized while all known software is not checked as thoroughly.

    3. Who is making these viruses and Why?


    Anyone with some knowledge and experience in programming can make a virus.

    Many viruses that have been found are analyzed to be poorly written and broken by inexperienced programmers. There have also been some viruses that have shown very advanced techniques that could only be done by professionals.

    While a virus author could be from anywhere, many that I personally see tend to come from China, Russia, and other second and third world countries.

    Why? In the past, virus authors created their malicious software just for the challenge and fame. Now-a-days, this has greatly moved to a financial motivation. Browser hijackers try to simulate you clicking on links as this could generate some money through advertisers. Other malware tries to steal your personal information in attempts to steal your identity. Trojans can allow remote access to your computer so someone else can use your computer and network resources for their own gain. Many systems infected are a part of a Botnet that is designed to host illegal files without the computer owner ever knowing. Finally, some try to create a problem in attempts to trick some users to actually pay for their software to remove it. There are even viruses out there that will encrypt your data and hold you ransom where you must pay for the key to decrypt it.

    4. What can I do to prevent this from happening (again)?


    Standard Web Sites, E-mails, and Programs can all show you ANYTHING they want including false information.

    Currently, the biggest attack is on the users’ trust. Be vigilant about who and what you trust online. I tell many people that before you trust a site with your information, email address, and/or password make sure it is legitimate. A quick Google search about the site in question can give many hints about potential issues. If in doubt about software to download and install, open a new browser window and go DIRECTLY to the source company that makes the software. Also make sure there is someone accountable. If you can't find an identity that can be held accountable by legal action, that site is probably not worth trusting with ANY of your information. Everything sent online should be considered insecure and public unless it is securely encrypted and authenticated valid identity (Ex. https SSL/TLS business site).

    Use Different Secure Passwords

    Make sure your email, financial, and personal information services all have secure and different passwords!

    A weak password will trump strong security. Make sure your password includes at least 8 characters with a number, uppercase letter, lower case letter, and symbol. Also, this password should not contain a dictionary word or common name or date. (Example: 2Az%kmcP)
    This is a fairly strong password but what happens if you use it on a site that is hacked because the site has poor security. There is a chance a bad guy will try that password on your email or some other account you use.

    Backup Your User-Created Data

    Do not ever assume your hard drive or system is secure against disaster. The best solution for home users is an online remote backup. McAfee currently offers this service. I also recommend a pay service called "Carbonite" for general home users. This way, even if your computer is stolen or in a natural disaster, you can always get your data back. Some might even consider it faster than fixing a massive virus infection as re-installing from scratch can take only a couple hours compared to days or weeks of working with a “sick” system that you may still never be able to trust!

    Encrypt Your Sensitive Data

    This probably only needs to be done on a few files on your system, but in the case someone else got access to your hard drive (stolen computer or Trojan Virus), at least they could not steal your files with your personal information in them.

    McAfee offers this kind of protection. Other options include whole disk Encryption like TrueCrypt, or BitLocker(Vista/7 Ultimate/Enterprise). Windows 2000-7 all have built in support for encryption (Encrypting File System based on Digital Certificates) but it is not as easily setup as the previously mentioned solutions and is not included on the "Home" versions of the OS. PGP (Pretty Good Privacy) is another high end solution for data security through encryption. Finally, for those that need a secure removable media option, I recommend IronKey.

    How to Protect Your Computer

    · To protect your computer, make sure you follow the steps at the following Microsoft site:

    4 steps to protect your computer (Enabled Firewall, Up-to-Date Software, Up-to-Date Anti-Virus/Anti-Spyware)

    It is important to change step 2 to include all key software on your computer, not just the Operating System. This includes Java, Flash, Acrobat, Firefox, Chrome, WinAmp, and iTunes/QuickTime/Safari to name a few.

    · The program Secunia is free and will scan your computer for software with security issues. In some cases, it will provide a direct download link to the updates. I suggest you download, install, and use this tool.

    · If you don't have an active Anti-Spyware utility, the Windows Defender is a great free solution by Microsoft. Note: Vista/7 has this built in.

    · McAfee offers a free browser plugin called SiteAdvisor that can help protect you from many websites online that have been found to be malicious. Note: Internet Explorer 8 has a similar feature built in.

    Below are some tools I have used and know work well to detect and repair some things that McAfee and Windows Defender might miss. These stand-alone tools should only be used when you suspect your computer is still infected when your primary Anti-Virus does not detect and/or repair the problem.

    Software tools I recommend for a second opinion and repair (in alphabetical order):

    · A Squared (Anti-Spyware and Anti-Virus [Ikarus])

    · ESET Online Scanner (Anti-Virus & Anti-Spyware [NOD32])

    · Kaspersky Virus Removal Tool (Anti-Virus & Anti-Spyware [KAV/AVP/AVZ])

    · Malware Bytes (Anti-Spyware Repair Utility) *** My Personal First Recommendation ***

    · McAfee FreeScan, McAfee Stinger, and Secured2k QuickScan (If McAfee isn’t installed, can’t run, or update)