Do you REALLY need to know the difference between malware types?

Explaining Malware Types is Hard To Do

One of the stranger perils of being a technical writer involves being ambushed at odd moments by people demanding on-the-spot explanations of complex technical concepts.  I was out on the town one night and somehow found myself having to explain to a not-too-tech-savvy friend how to differentiate between a virus, a trojan and a worm.

After patiently listening to a lengthy, rambling answer, my friend thought it over for a minute and then asked, “So, why should I care? Why is this important to me? Do I really need to know the difference between different types of malwares?

My automatic reaction was to say, “Of course you need to!” – but to my surprise,  I couldn’t coherently express why I felt that way (though to be fair,  I was having trouble thinking clearly about anything that night).

Thinking it over in the sober light of day,  I realized that he’d actually asked a pretty good question. For most computer users, the difference between malware types is academic and irrelevant – at least,  right up until their computer gets infected. If everything’s working just fine, why in the world should they be able to distinguish between an exploit and a backdoor?

A Technical Person’s Answer

To get a expert’s opinion on this,  I relayed my friend’s question to an Analyst in our Response Lab. His reply was (and I’m paraphrasing here):

“Yes,  so that if anything happens, you’d know how the computer got infected, how to deal with the infection, and how to prevent it from spreading.”

Now, that’s the condensed version of a technical person’s answer. The real answer was actually a long, in-depth and detailed explanation covering how certain malware types had specific behaviors and particular vectors for distribution, as well as recommendations for dealing with particular types of infection.

And that there was the problem in a nutshell – it’s a lot of information to absorb. It was a thorough answer, but not an easy one to communicate to people with little interest in technicalities.  Some parts of the explanation also assumed more computer knowledge than most users would probably have or want.

Having said that, I thought the condensed version of our Analyst’s answer seemed like a helpful, ‘user-friendly’ answer. It summarizes all the main points effectively, puts it in a context most users would understand  and – this is important – it isn’t long-winded. I’ll come back to this again a little later.

Why A User Doesn’t Need To Know Malware Types

Trying to find a simple, all-encompassing answer to my friend’s question made me wonder if he really had a point and that users didn’t really need to know something as technical as malware types. So I decided to turn the question around and ask:

“Are there any cases in which ‘the average user’ doesn’t need to know the difference between malware types?”

The following four scenarios were the only ones I could think of where knowing malware types wouldn’t be helpful (if you can think of others, feel free to leave a comment). Of course,  I included some reasons why I think knowing malware types would be helpful even in these situations.

  1. I don’t do anything that might harm my computer.

    If you can honestly claim this, you’re probably what I’d call an Exemplary User: someone who diligently updates the operating system and programs, never installs programs or uses removable media without thoroughly vetting it first, doesn’t download from untrusted sources and basically, just does computer security right.

    An Exemplary User can laugh with scorn at looming malware outbreaks.  If this describes you, great! You can stop reading now. (Heck, you probably know the malware types already, anyway).

    Since the vast majority of users will never qualify for Exemplary Userhood however (myself included), the second best scenario is:

  2. MY computer can’t be infected.

    No, I’m not starting a PC versus Mac debate. What I mean is that even if malware does get onto your computer, it needs to find a suitable environment before it can have an effect. A Linux virus that somehow manages to get onto a Windows machine usually can’t do anything except blush sheepishly. Ditto for a backdoor that uses HTTP to connect to a remote site but ends up on a standalone computer without Internet acess.

    If your computer happens to be set up so that the majority of malware doesn’t target it or affect it (now you can start the PC/Mac debate), then our query becomes moot. Again, congratulations!

    Of course, most people have very little choice in the kind of operating system or programs they have on their computer, particularly business users. Even home users usually have to consider familiarity and affordability over specifically tailoring their computer to be malware resistant. To fix that, most users use antivirus protection. Which leads to reason 3:

  3. Why worry? My antivirus will remove it.

    Actually, since I work for a computer security company, I’d reeeaaally like it if more people could claim this. And hey – shameless plug – our Internet Security is doing pretty well in independent tests!

    Unfortunately, this solution isn’t 100% bulletproof, especially if you’re not an Exemplary User or are just plain unlucky.  Sometimes, the antivirus doesn’t catch the malware. Or it makes an error and the wrong file get fingered, causing all sorts of mayhem. Worse still, the antivirus turns out to be rogueware.

    In other words, the program you’re depending on to sort out all the problems….doesn’t. What then? Ah, then we move on to reason 4:

  4. Not my department. (IT/Tech Support/the computer guy) will just clean out any infection for me.

    OK, so the person fixing an infected computer should be the one with the technical knowledge, true. That person may not be the user, true. If you have someone dependable, willing and trustworthy, who can fix anything that goes wrong…can I have their number? Such a person is a godsend. Treasure him/her.

    Still, even if you’re that lucky, it’s often a great help to the actual technician if the user can pinpoint the probable cause. Knowing what type of dastardly program is screwing around with the computer gives the technician a good place to start investigating, and maybe also some idea of how to fix it.

    Or, to use an analogy, it’s the difference between driving to a workshop and telling the mechanic, “My car’s making a funny sound”, and saying, “The fan belt’s busted.”‘

And the Conclusion Is…

If you’re not in one of the 4 ‘Ideal Situations’ listed above, then it would probably be helpful for you to know the different kinds of malicious programs that can damage your computer, because…well, refer to condensed Analyst’s answer above.

Realistically though, learning about malware types, even superficially, requires investing time and energy that not every user can spare – which is why technical writers (ahem) have to find ways of communicating these concepts in ways that are interesting and easily accessible for everyone. Which brings us back to the condensed Analyst’s answer. It’s short, to the point and gives just enough information without being overwhelming. And if more information is asked for, well that’s the time to start going in-depth.

Personally, I like it – but since my part of my work deals with malware types anyway, I freely admit to being biased about this. So really, the best people to evaluate how useful that answer is – You, dear reader. So how about it? Do you think the condensed Analyst’s answer is a helpful, informative reply?

——

Oh and since we’re on the topic, here are the Types F-Secure uses to classify the samples – the good, the bad and the merely suspicious. You can also find plenty of other sites with excellent information on this topic – for example, HowStuffWorks.com has great articles explaining how trojans, viruses and worms work.

More posts from this topic

mikko hypponen WPFD

VIDEO: Mikko Hypponen at World Press Freedom Day

Today is World Press Freedom Day – a day created by UNESCO in recognition of the importance of free speech, as well as the important role journalists play in using this right to help inform citizens about what’s going on with the world around them. This year’s main event is being held in Helsinki, Finland, and co-hosted by the Finnish government. There was lots happening at Finlandia Hall – the event’s “ground zero”. And because Finland is home to F-Secure’s headquarters, we were there in full force to express our support for the journalists who, according to Reporters without Borders, put their privacy, freedom, and even their lives on the line to keep us all informed. Mikko Hypponen, F-Secure’s Chief Research Officer, delivered a keynote address ahead of a discussion called “Protecting your rights: Surveillance Overreach, Data Protection, and Online Censorship”. “But right now, over the last couple of years, the biggest changes in this field have not been with online crime. They’ve been with governments entering the online, cyber attack business,” Hypponen told the audience (he hits the stage at about 20:32). [youtube=https://www.youtube.com/watch?v=R8tKOGVxPSo&w=560&h=315] After his speech, Mikko shared some additional thoughts on Apple vs. the FBI, and World Press Freedom Day. [youtube=https://www.youtube.com/watch?v=BBINozrQGlc&w=420&h=315] Sean Sullivan was also there, along with one of F-Secure Labs’ forensic analysts to help journalists check their devices, and provide security tips on how they can protect their data. “Without privacy, we can’t have free press. And without a free press, we cannot have democracy. And without democracy, we cannot have freedom,” Mikko told the audience. And that’s not just rhetoric – it’s something we’re backing up. Any journalist interested in using encryption to protect themselves against unwanted surveillance can get in touch with us before May 15 to get a free, 3-device, 12-month subscription for F-Secure's Freedome VPN, which lets users encrypt their communications, block tracking attempts and malicious websites, and change their virtual location. All journalists need to do is send a confirmation of their valid press credentials (for example, an image) by direct message to our Twitter feed (@FSecure) before May 15. Edited to add: We also caught a panel discussion about digital threats to journalists with F-Secure Cyber Security Advisor Erka Koivunen, Tanzanian journalist and newspaper editor Dennis Msacky, and University professor, writer and journalist Hanna Nikkanen. [youtube=https://www.youtube.com/watch?v=WYifFDj2UaI&w=420&h=315]

May 3, 2016
BY 
842710939_d8f092ed9f_b (1)
April 28, 2016
BY 
Why press freedom matters and how tech can help

World Press Freedom Day: Why it Matters and How Tech Can Help

Finland is home to the freest news media in the world, according to Reporters Without Borders. It's fitting, then, that the annual UNESCO World Press Freedom Day conference will be held in Helsinki this year, May 2-4. Freedom of information is a topic that's close to our heart. We were fighting for digital freedom before it was cool - yes, before Edward Snowden. A free press is foundational to a free and open society. A free press keeps leaders and authorities accountable, informs the citizenry about what's happening in their society, and gives a voice to those who wouldn't otherwise have one. Journalists shed light on issues the powers that be would much rather be left in the dark. They ask the tough questions. They tell stories that need to be told. In a nutshell, they provide all of us with the info we need to make the best decisions about our lives, our communities, our societies and our governments, as the American Press Institute puts it. That's a pretty important purpose. But it can also be a dangerous one. Journalists working on controversial stories are often subject to intimidation and harassment, and sometimes imprisonment. Sometimes doing their job means risking their lives. According to the Committee to Protect Journalists, 1189 journalists have been killed worldwide in work-related situations since 1992, when they began counting. 786 of those were murdered. Freedom of the press and digital technology are inextricably intertwined. Journalists' tools and means of communication are digital - so to protect themselves, their stories and their sources, they also need digital tools that enable them to work in privacy. Encrypted email and messaging apps. Secure, private file storage. A password manager to protect their accounts. A VPN to hide their Internet traffic and to access the content they need while they're on assignment abroad. F-Secure at World Press Freedom Day It's because press freedom and technology are so intertwined that it's our honor to participate in this year's World Press Freedom Day conference. Here's how we'll be participating in the program: Mikko Hypponen, Chief Research Officer at F-Secure, will keynote about protecting your rights. Tuesday May 3, 14:00 to 15:45 Erka Koivunen, our Cyber Security Advisor, will participate in a pop-up panel debate on digital security and freedom of speech in practice. Tuesday May 3, 15:45 – 16:15 Sean Sullivan, our Security Advisor, will be on hand to answer journalists' questions about opsec tools and tips. One of our lab researchers, Daavid, will be inspecting visitors' mobile devices for malware. We'll feature our VPN, Freedome.   Check out our Twitter feed on May 3 for livestream of Mikko's and Erka's stage time.                 Banner photo: Getty Images

April 27, 2016
BY