Internet Security Primer

I’ve frequently been asked about the difference between viruses, trojans, spyware etc, and whey we need different programs to detect each, so I thought I’d write a short primer.

Viruses, Trojans and other nasties.

Virus
A program or code that replicates, that is, infects another program, boot sector, partition sector, or document that supports macros, by inserting itself or attaching itself to that medium. Most viruses only replicate, though many do a large amount of damage as well.

Trojans
Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Malware (malicious software)
A malicious program. Viruses and Trojans are examples of malware. Potentially unwanted programs (PUPs) are not considered malware.

Adware
Programs (usually free) which make money for their writers by displaying adverts or redirecting people to particular websites, or collecting information about your browsing habits to allow targeting of adverts. Closely related to spyware and malware, there is a grey area where the activities of adware cross-over with malware and particularly, spyware.

Spyware
Software whose function includes transmitting personal information to a third party without the user’s knowledge or consent. This usage is distinct from the common usage of spyware to represent commercial software that has security or privacy implications.

Root Kits
A root kit is a set of software that consists of a program or combination of several programs designed to hide or obscure the fact that a system has been compromised – that is hide the infection from Anti-virus and anti-malware programs. Because they exist at such a fundamental level on the computer they can be very difficult to detect and remove, and there are examples of root kits which can survive a complete re-formatting and re-installation of the Operating System (OS) on the computer.

Pharming
A method of redirecting Internet traffic to a fake Web site through domain spoofing. This involves creating a fake DNS record for a real Web site, typically that of a bank or other commercial enterprise. The fake DNS redirects traffic from the real Web site to the fraudulent site, intending to gather customers’ personal information. For example, when a user types the URL of a bank into their browser, the browser does a DNS lookup to determine the IP address of the bank’s Web site. DNS servers store a list of domains and their corresponding IP addresses. Hackers insert false information on the DNS server, so that browsers looking up bank’s the IP address are redirected to the fake IP address. On the visitor’s browser, the site appears legitimate.

Phishing
A method of fraudulently obtaining personal information, such as passwords, social security numbers, and credit card details, by sending spoofed e-mails that look like they come from trusted sources, such as banks or legitimate companies. Typically, phishing e-mails request that recipients click on the link in the e-mail to verify or update contact details or credit card information. Like spam, phishing e-mail go to a large number of e-mail addresses expecting that someone will read the spam and disclose their personal information.

Why can’t Anti Virus software detect Spyware and Trojans?
Viruses usually embed themselves inside other (usually legitimate) files, so AV software scans for the changes that viruses make to legitimate files. Spyware, trojans and key loggers are programs in their own right. Some AV software will scan for both types of infection, some will only scan for viruses. “Anti Malware” or “Anti Spyware” will NOT scan for viruses, so you should not rely on one of those programs to give you full protection.

It is NOT good practise to have two AV programs running at the same time, because they check every file on the computer as it is accessed, this will slow your computer down. Just running a single AV program can have a noticeable effect on the computer’s performance, so it is best to have one program running in the background scanning all activity, then on a regular basis, run a separate Anti-malware/Anti-spyware program to scan your computer. It is also useful to have a software firewall running on your computer. Since Service Pack 2 of Windows XP, Windows has had a built-in firewall, however this only defends against external threats – i.e. things or people trying to access your computer. More useful is a firewall which can alert you when programs on your computer try to access the internet, because many types of malware try to transmit information back to their “masters” or download extra malware or hijack your computer to send spam.

Some Examples of Anti-malware/Anti-spyware programs:-
Malwarebytes Anti-Malware
Spybot Search-and-destroy
Super Anti-Spyware

Anti Virus Software:-
AVG
Kaspersky
Bitdefender
Norton/Symantec

Firewall Software:-
Online Armor
Zone Alarm
Comodo
Sunbelt Personal Firewall

Some software describes itself as an “Internet Security Suite” and have modules that act as a firewall, detect viruses, spyware and malware (e.g. Norton 360), however some security experts suggest that this is a “placing all your eggs in one basket approach”, and that by using programs from several different suppliers you get a meause of cross-checking – if one company has missed a particular problem, the software from a different company may pick it up. Most Broadband routers have a firewall built into them. Make sure your router has it’s firewall activated as an additional level of protection. However if you have a laptop, as soon as you connect to a wireless network somewhere away from home you may not be protected, so having a software firewall is vital.

Free or Paid for?
Many security programs have free versions, so why should you pay for software? Well most free versions are for personal or home use only. If you are using your computer for a commercial activity, then you may be in violation of the End User License Agreement (EULA) and you should purchase the software. Paid-for software will receive better support, more updates and contain more features. Having said that, it is perfectly feasible to get full protection for your computer by using only free versions of security programs, though you may have to put up with adverts or ‘nag screens’.

Practise safe computing.
Make sure you have a combination of Anti-Virus, Anti-Malware (& Spyware) and Personal Firewall. Update them regularly and run frequent scans of your system (at least once a week, preferably once a day). Don’t open email from people you don’t recognise, don’t share files with people if you aren’t sure about their own security measures (sharing files is illegal under many circumstances any way). This applies to email as well as “chat” or “Instant Messaging” programs such as MSN, ICQ, and IRC and social networking systems like Facebook and Twitter. Be wary of people using USB thumb drives on your computer. Turn off the “Auto-run” options for USB and CD-ROM/DVD drives (found in Control Panel) and use your security programs to scan the USB/CD/DVD before trying to access files on the device.

Make sure your computer has the latest security updates from Microsoft (or Apple if using a Mac. Macs are less vulnerable to infection, they are NOT invulnerable. AV, anti malware and firewall programs are available for Macs), consider using an alternative web browser like Firefox or Opera (tend to be less vulnerable to “poisoned” websites which “push” malware onto your computer) and disable Javascript. This will break many websites and prevent them displaying properly, but will prevent many instances of the poisoned website pushing malware at you. (There is an add-on for Firefox called No-script which allows you to enable Javascript on a website-by-website basis. Makes browsing the web harder work, but safer).

Be wary of warning messages that pop up telling you that you have an infection and suggesting that you download a program to fix it – these are often fake messages and you can end up infecting your computer, not cleaning it.

Example of a fake warning (not all fakes have bad grammar and spelling):-