In popular vampire mythology, it is claimed that vampires cannot cross the threshold of your home uninvited. I’ve heard the same theory bandied around in relation to computer viruses. It isn’t uncommon to hear reasonably tech-savvy people downplay the chances of malware (malicious software) reaching your computer uninvited. It would be nice if it were true, but unlike vampires, computer viruses and attacks are not mythological. They are usually developed by people with criminal intent and unlike vampires, they do not care whether you have invited them in or not.
There are a lot of vampires in the media right now and it seems a good time to make it clear why treating viruses like vampires just won’t do.
1. Vampires need to be invited in.
There are computers connected to the internet that scan for unprotected computers in order to exploit them. The least you should have is a firewall to stave off this kind of attack. Still, a firewall alone is not enough.
2. All it takes to discourage vampires is garlic.
A firewall on its own is not enough to protect you from all threats and neither is that free anti-virus your friend recommended to you. The people behind computer attacks are often pretty smart people and they have money as motivation. They’ve found more ways in this connected lifestyle to compromise your personal computers and gadgets than traditional anti-virus can tackle alone.
3. Vampires can’t walk around in clear daylight.
If you’re actually going to use your computer for web browsing then you need protection against malicious entities that can be hiding behind perfectly legitimate web pages. It’s not just sites touting free downloads, music lyrics or pornography that pose a danger; sometimes large and trustworthy organizations have their pages stealthily hijacked. All it can take is a visit to the web page for you to have been stealthily hijacked, too.
You also have to consider what kind of email you are receiving and whether they are really clean. Not all spam mails are poorly worded stories about troubled Nigerian princes. Some malicious messages can look like they are from a company or person you know.
It’s not just e-mails that can lead you to believe your friends and colleagues are out to get you, either. You might also get an innocent-looking malicious link if someone you know has had their Facebook, Twitter, or instant messenger account compromised.
It is also worth remembering that you can get infected without being connected. Be careful of what you are plugging into your computer. USB “memory” sticks, music players and external hard drives are common tools and can all have viruses on them.
4. Vampires can be eliminated with a simple stake through the heart.
Cleaning up a system that has been infected may not be as simple. If you’ve been subject to a really bad infections you can lose irreplaceable files or have to revert your computer to its original pristine condition, losing everything on it in the process. You can’t easily restore the damage done to trust between yourself and friends or business partners if you inadvertently send them infected files, either.
For those of you who want a little more than my word on the matter, I’ve hunted down a few interesting links on the subject and staked them to this page:
A day in the life of an average user, Gabor Szappanos (Virus Bulletin, Jan 09)
You have to register with Virus Bulletin to read this, but I found it worth the time. This article puts an anti-virus company’s claim to the test, concerning how much malware the average computer user is bombarded with during a day of computer use. Gabor finds that, in his tests, the computer user was infected by a successful network worm attack at an average rate of every six minutes and he recorded 34 attacks that were a result of simply being connected the internet.
Botnets and How to Avoid Them, University of Calgary.
This is a succinct guide to protecting your computer and yourself, and what it is that you are protecting yourself from.
A firewall alone is not enough, Rik Ferguson (InfoSecurity Magazine, Oct 09)
This article is a technical, business-oriented statement of the very same thing I am trying to communicate with this blog post.
Malware Statistics Update, Niels Provos (Google Security, Aug 09)
Google provide some data on how many malware sites are out there.
If you know of any more good research on this subject, please let me know.