View RSS Feed

The Silph Scope

Anti-virus is not enough...

Rating: 4 votes, 3.00 average.
Anti-virus is not enough...so update your computer software, as automatically as possible.

Dear PokeGym Member,

I appreciate you and your contributions to the Gym. Because we may only know each through our computers, I hope you'll indulge me in a little frank, but affectionate & well meant advice about your computer.

Most of you, except Mac users, are running anti-virus software. First, a word to those who are not: what?

I recommend and use these two free products:

Win - http://free.avg.com/us-en/homepage
Mac - http://www.sophos.com/en-us/products...e-edition.aspx

Psst, fellow Mac users. Ever seen a Mac malware? I have. They exist. Never had one personally, but the folks at work pick them up from time to time. I know because my job is to detect them and KO the computer from our net til they rebuild it. This article is for Mac users, too.

BTW, AV is only helpful if its being updated, because the malware is being updated. If you got a trial of Brand X when you bought your PC and its expired, either pony up for the updates, or deinstall it and get one of the free ones above.

About to stop reading because you have anti-virus. Really? That's nice. How often do you update your computer software, especially your web browser plugins? Do you do it automatically? Are you sure?

Taking your computer to the Internet with just anti-virus, is like going to court in just your underwear.

Look, having an Anti-virus software isn't what it used to be because malware is now produced by professional criminals, not bored bright troublemakers. Guess what? Criminal programmers buy Anti-virus, too. And they test their stuff against AV before they serve it to you. (I'm not making this up, see page 8 in this paper from security research firm ESET http://www.eset.com/us/resources/whi...ion_of_TDL.pdf)

What's more, they don't always need you to do anything to take over your unpatched computer. You can go to a legit web site and get their malware installed, without you clicking. (Drive-by Downloads: Malware's Most Popular Distribution Method.) All these criminals need is for you to visit a website with your unpatched computer.

Updating operating systems is pretty easy. Just turn on auto update from Microsoft, Apple or your Linux distrubution. It's no fuss. Apple makes you OK each update, but the other two can be fully automated. Updating other things, like Java, Flash, Reader and other browser software is a tedious and complex issue. Some people have had problems updating (or clicked on a fake update that installed malware), so they don't. Sorry, but giving up or avoiding the problem will get you in trouble (statistically speaking, and to a high degree).

How can we make this update task easier?

Windows, home users, get this free software:

http://secunia.com/vulnerability_scanning/personal/

Turn it on, set it to automatic, let it do its job. This is what I do for my relatives, because I want them to be safe and I like to visit them, not their sick PCs.

Mac people, I wish I had a comprehensive answer. Apple is still taking care of your java (and quicktime), just let it update. For Flash and Reader, the best strategy is 1) go to http://www.adobe.com/downloads/ to download the latest versions of Flash and Reader (if you use it) and 2) set them to auto update. Mac users typically have to OK their updates - I guess Apple thinks you're smart enough to not put it off. Don't disappoint them.

Linux people, why are you reading this article, to chuckle at the Mac & Windows peeps? I think 1) your distro handles almost all updates and 2) "You know what you doing"; "Take off every Zig."

OK, that's it. Use updated anti-virus and auto-update your software. Then criminals have to trick you into installing their malware rather than just dropping it on your computer as you surf by.

On the Internet, your computer is 15 milliseconds away from every creep on the planet.

Of course, someone may not believe that it matters if your computer gets taken over by the bad guys, that it can't happen to them, they are the exception, etc. Well, I'm sorry. Consider this: on the Internet, you are 15 milliseconds away from every creep on the planet. Personally, I'd take precautions.

Best wishes,
'snore

p.s.

Wow, I didn't mention https://browsercheck.qualys.com ! While Secunia PSI is a permanent updating solution for our Windows users, the above link will let anyone check (and manually fix) their update status on any platform. Use it; love it.

bulba

Updated 12/28/2011 at 11:32 AM by bulbasnore

Categories
The Plateau

Comments

  1. bullados's Avatar
    Is AVG now considered better than Avast? I thought it was the other way around.

    I've also got a couple of anti-Malware and anti-Spyware programs that have worked wonders for me...

    Spybot S&D
    -- It's kind of basic, but it'll take care of most of the obvious stuff. It does have something of a spyware/malware firewall included, but I'm not sure how good it is.
    Spyware Blaster -- A background program. Just update it once a week, and it'll at least take care of the big stuff.
    Malware Bytes -- This is my favorite right now. It cleaned out some really nasty stuff that my computer got a few times. I wouldn't leave home without it.

    I've never heard of Secunia before. Founded 2002. A decade. Huh...
  2. bulbasnore's Avatar
    Ryan,

    I respect your opinion and experience with certain products. I hope you'll pardon me ramming home my point by responding to your comment.

    Thanks,
    Kim

    Us discussing AVG vs Avast to me is like Fruit of the Loom vs Jockey. Use what you're comfortable with, because it really doesn't matter beyond that. Updates keep the malware off your machine in the first place (unless one was tricked into running a malware installer by phishing or web scams).

    If you made me pick one of the other, I'd pick updating over antivirus, just like I'd pick outerwear over underwear if I could only have one on in public.

    The bad guys have antivirus, test their products against it and don't release them until they can get past AV. They can infect your unpatched computer no matter what AV you have.

    Updates >>> AV

    One can clean up 'messy stuff' with Charmin (Spybot S&D), Scott (Spybot Blaster) or Northern (Malware Bytes) but if people don't learn proper hygiene, they're doomed to having another embarrassing 'accident' to clean up.

    Nearly all malware on the computer is not an accident. It might be carelessness (no Updates) or it might be trickery ('if you want to see these pictures, install this codec' or 'hey run this holiday lights screensaver') but it doesn't 'just happen'.
    Updated 12/20/2011 at 05:29 PM by bulbasnore (typo, accuracy, emphasis)
  3. bullados's Avatar
    Ram away, Kim! No worries at all! I'm just always looking for the "next big thing to stop the next big thing", and I'd never heard of Secunia before you mentioned it. So I'm rightly curious about how it performs compared to some of the things I've been using pretty much forever. But the PSA is a great thing to have out.
  4. pkmn202's Avatar
    Anti-virus software is indeed very important to all internet users. And updating them is very important too. My computer has (I think) the latest Norton 360 software yet it seems to be infected with spyware and malware which is actually pretty scary.
  5. Otaku's Avatar
    Are there any anti-virus programs you recommend not using (in lieu of something better)? Obviously something is better than nothing. Well, unless the Anti-Virus program is a fake to get you to install malware.
  6. bulbasnore's Avatar
    Quote Originally Posted by pkmn202
    Anti-virus software is indeed very important to all internet users. And updating them is very important too. My computer has (I think) the latest Norton 360 software yet it seems to be infected with spyware and malware which is actually pretty scary.
    To recap: Most malware is written for MONEY, not fun.

    1. malware authors buy anti-virus for testing their products
    2. when it gets past anti-virus, then they release it
    3. the best way to prevent infection is therefore to update your software so that it isn't vulnerable

    So, if you have great anti-virus, fantastic. If you don't update your software automatically, constantly, you can still get infected!



    This could by why you have malware despite your anti-virus. Make sense?
  7. bulbasnore's Avatar
    Quote Originally Posted by Otaku
    Are there any anti-virus programs you recommend not using (in lieu of something better)? Obviously something is better than nothing. Well, unless the Anti-Virus program is a fake to get you to install malware.
    I could list some I don't respect, but the whole point of this article is: it doesn't matter that much. Most people relying solely on anti-virus to protect their computer are going to get malware.

    Once you have a fake antivirus program, you already have a different malware. That's right, they put another malware on there before the Fake AV, maybe several. Here's how the workflow goes:

    1. The user has Flash that is not updated.
    2. User goes to a legit website.
    3. Website loads an advertisment with javascript malware program.
      1. The javascript starts a tiny flash program that doesn't display anything, just checks the flash version.
      2. Now that it knows the version, the javascript runs another flash program that exploits the vulnerability for that version.
      3. This vulnerability is used to load a dropper program on your PC.
    4. The dropper program, running with your permissions loads any or all of the following:
      • Fake AV
      • Keystroke Logger
      • Banking Trojan
      • Root Kit
      • Remote Control
      • SpamBot
      • Master Boot Record loader
    5. You now are locked out of your PC by the Fake AV. You take measures to remove it. You also find and remove the dropper.
    6. The criminal has failed in his extortion attempt with Fake AV. +1 for you
    7. However, the root kit, banking trojan and MBR loader are still there. -$500 for you.

    This is not theoretical or extremely rare.
  8. bulbasnore's Avatar
    So, the question has been asked of me, "what should I update?" Well, the true answer sounds trite and impractical: everything.

    But, there is a practical approach --

    IF you have Windows and Mac updates set to as automatic as they can be,
    THEN just use
    • browsercheck.qualys.com
    • browsercheck from mozilla.

    These will tell you what else needs updating that touches the Internet through your browser - and they'll point you to the update.

    If you have a home Windows computer, you can use the free Secunia PSI, as I said, to put your non-Microsoft programs on auto-update. That will update almost everything and you'll be ahead of 99.5% of the victims on the Internet.
  9. Otaku's Avatar
    If you are concerned your computer is running too slow, do you recommend any sites that diagnose such problems? I hear many advertised, but besides not always remembering the exact address right (which seems kind of dangerous :p) I personally am on a very, very tight budget so I'd rather not find out a "free" one I was going to use wasn't actually free.
  10. bulbasnore's Avatar
    A slow computer could be just from the pure accumulation of files, preferences, etc. Or some corrupted files. Or an infection taking up CPU time - less so these days, as beyond Fake Anti-virus, malware is well written to show little impact to the computer as it likes to hide, not be found out.

    One way to deal with slow is make a backup on an external hard drive, make sure its good, boot from your install media and redo the operating system. Then, restore your documents from backup. On the Mac, I'm trying a freeware called Onyx. It did help me find about 70 corrupted preference files (I had an accident with disk encryption vs my backup - I didn't find out til after I restored) and that's sped things up by a bit for me.