Do you REALLY need to know the difference between malware types?

Explaining Malware Types is Hard To Do

One of the stranger perils of being a technical writer involves being ambushed at odd moments by people demanding on-the-spot explanations of complex technical concepts.  I was out on the town one night and somehow found myself having to explain to a not-too-tech-savvy friend how to differentiate between a virus, a trojan and a worm.

After patiently listening to a lengthy, rambling answer, my friend thought it over for a minute and then asked, “So, why should I care? Why is this important to me? Do I really need to know the difference between different types of malwares?

My automatic reaction was to say, “Of course you need to!” – but to my surprise,  I couldn’t coherently express why I felt that way (though to be fair,  I was having trouble thinking clearly about anything that night).

Thinking it over in the sober light of day,  I realized that he’d actually asked a pretty good question. For most computer users, the difference between malware types is academic and irrelevant – at least,  right up until their computer gets infected. If everything’s working just fine, why in the world should they be able to distinguish between an exploit and a backdoor?

A Technical Person’s Answer

To get a expert’s opinion on this,  I relayed my friend’s question to an Analyst in our Response Lab. His reply was (and I’m paraphrasing here):

“Yes,  so that if anything happens, you’d know how the computer got infected, how to deal with the infection, and how to prevent it from spreading.”

Now, that’s the condensed version of a technical person’s answer. The real answer was actually a long, in-depth and detailed explanation covering how certain malware types had specific behaviors and particular vectors for distribution, as well as recommendations for dealing with particular types of infection.

And that there was the problem in a nutshell – it’s a lot of information to absorb. It was a thorough answer, but not an easy one to communicate to people with little interest in technicalities.  Some parts of the explanation also assumed more computer knowledge than most users would probably have or want.

Having said that, I thought the condensed version of our Analyst’s answer seemed like a helpful, ‘user-friendly’ answer. It summarizes all the main points effectively, puts it in a context most users would understand  and – this is important – it isn’t long-winded. I’ll come back to this again a little later.

Why A User Doesn’t Need To Know Malware Types

Trying to find a simple, all-encompassing answer to my friend’s question made me wonder if he really had a point and that users didn’t really need to know something as technical as malware types. So I decided to turn the question around and ask:

“Are there any cases in which ‘the average user’ doesn’t need to know the difference between malware types?”

The following four scenarios were the only ones I could think of where knowing malware types wouldn’t be helpful (if you can think of others, feel free to leave a comment). Of course,  I included some reasons why I think knowing malware types would be helpful even in these situations.

  1. I don’t do anything that might harm my computer.

    If you can honestly claim this, you’re probably what I’d call an Exemplary User: someone who diligently updates the operating system and programs, never installs programs or uses removable media without thoroughly vetting it first, doesn’t download from untrusted sources and basically, just does computer security right.

    An Exemplary User can laugh with scorn at looming malware outbreaks.  If this describes you, great! You can stop reading now. (Heck, you probably know the malware types already, anyway).

    Since the vast majority of users will never qualify for Exemplary Userhood however (myself included), the second best scenario is:

  2. MY computer can’t be infected.

    No, I’m not starting a PC versus Mac debate. What I mean is that even if malware does get onto your computer, it needs to find a suitable environment before it can have an effect. A Linux virus that somehow manages to get onto a Windows machine usually can’t do anything except blush sheepishly. Ditto for a backdoor that uses HTTP to connect to a remote site but ends up on a standalone computer without Internet acess.

    If your computer happens to be set up so that the majority of malware doesn’t target it or affect it (now you can start the PC/Mac debate), then our query becomes moot. Again, congratulations!

    Of course, most people have very little choice in the kind of operating system or programs they have on their computer, particularly business users. Even home users usually have to consider familiarity and affordability over specifically tailoring their computer to be malware resistant. To fix that, most users use antivirus protection. Which leads to reason 3:

  3. Why worry? My antivirus will remove it.

    Actually, since I work for a computer security company, I’d reeeaaally like it if more people could claim this. And hey – shameless plug – our Internet Security is doing pretty well in independent tests!

    Unfortunately, this solution isn’t 100% bulletproof, especially if you’re not an Exemplary User or are just plain unlucky.  Sometimes, the antivirus doesn’t catch the malware. Or it makes an error and the wrong file get fingered, causing all sorts of mayhem. Worse still, the antivirus turns out to be rogueware.

    In other words, the program you’re depending on to sort out all the problems….doesn’t. What then? Ah, then we move on to reason 4:

  4. Not my department. (IT/Tech Support/the computer guy) will just clean out any infection for me.

    OK, so the person fixing an infected computer should be the one with the technical knowledge, true. That person may not be the user, true. If you have someone dependable, willing and trustworthy, who can fix anything that goes wrong…can I have their number? Such a person is a godsend. Treasure him/her.

    Still, even if you’re that lucky, it’s often a great help to the actual technician if the user can pinpoint the probable cause. Knowing what type of dastardly program is screwing around with the computer gives the technician a good place to start investigating, and maybe also some idea of how to fix it.

    Or, to use an analogy, it’s the difference between driving to a workshop and telling the mechanic, “My car’s making a funny sound”, and saying, “The fan belt’s busted.”‘

And the Conclusion Is…

If you’re not in one of the 4 ‘Ideal Situations’ listed above, then it would probably be helpful for you to know the different kinds of malicious programs that can damage your computer, because…well, refer to condensed Analyst’s answer above.

Realistically though, learning about malware types, even superficially, requires investing time and energy that not every user can spare – which is why technical writers (ahem) have to find ways of communicating these concepts in ways that are interesting and easily accessible for everyone. Which brings us back to the condensed Analyst’s answer. It’s short, to the point and gives just enough information without being overwhelming. And if more information is asked for, well that’s the time to start going in-depth.

Personally, I like it – but since my part of my work deals with malware types anyway, I freely admit to being biased about this. So really, the best people to evaluate how useful that answer is – You, dear reader. So how about it? Do you think the condensed Analyst’s answer is a helpful, informative reply?

——

Oh and since we’re on the topic, here are the Types F-Secure uses to classify the samples – the good, the bad and the merely suspicious. You can also find plenty of other sites with excellent information on this topic – for example, HowStuffWorks.com has great articles explaining how trojans, viruses and worms work.

More posts from this topic

amazon Echo, voice-activated, internet of things

Yes, Your Voice-Activated IoT Devices Are Always Listening

What's easier than typing, clicking or even swiping left? For most of us, speaking. Until we can get actual USB ports in our brain, our mouths may be the quickest way to make our our desires known to our devices. And as it Internet of Things develops, we're going to be doing more and more talking to machines, including our thermostat, light bulbs and possibly even our drones. Fans of Siri and the Amazon Echo are already familiar with the benefits of a conversational interface. But, as with any new technology that gains widespread adoption, privacy and security concerns are inevitable. We spoke to F-Secure's Cyber Gandalf Andy Patel about what users of voice-activated technology should know as they make the leap into this newer realm of connectivity that has long been imagined by science fiction visionaries from Philip K. Dick to Star Trek's Gene Roddenberry. So are these voice-activated devices listening all the time? Yes. In order for a device to react to a voice command without the user pressing a button to activate the feature, the device must listen all the time. How could this be used against us? If a device streams voice data to a server for processing, a few privacy and security implications arise. If the data is being streamed in an insecure way, it can be intercepted by a third party. If the speech data is stored insecurely, it can become compromised in the case of a data breach. It can also potentially sold to a third party. Speech is processed into text. That text might be stored, it might be associated with its source, and it could also be leaked. When the speech processing service returns data to the device that requested the processing, it could also be intercepted. Are the any real privacy concerns for owners of voice-activated devices? Some companies outsource their speech recognition services and cannot properly account for the processes and collection methods used by those companies. Along those lines, just last year, Samsung TV voice recognition made the news for recording owners' chatter. Voice command systems can also be maliciously hijacked. Last year, a group of French researchers demoed a method for remotely controlling Siri from a distance, using sounds that triggered Siri’s voice control, but that couldn’t be recognized by a human. So what will voice-activated technology look like in five or ten years? Big names are interested in voice control because they attach it to AI and machine learning systems -- which are, in turn, fed by the Big Data they’ve collected -- for an interactive experience. The end goal would be a scenario where you could ask your computer to perform arbitrary tasks in the same manner as on Star Trek.

July 21, 2016
BY 
Traveling and using public wifi - privacy is at risk

Free Wi-Fi is a vacation must, but are we paying with our privacy?

We used to search holiday magazines to find the hotel that offered the biggest pool and then triple check that the hotel has air conditioning. If we were really picky, we wouldn’t look twice at a hotel that didn’t offer cable TV. Now we see the perfect summer holiday in a different light. We can’t possibly leave our smartphones, tablets and laptops behind. A survey by Energy Company E.ON revealed that the most important feature hotels must have to even be considered is free Wi-Fi. Why do we find it so difficult to disconnect ourselves from the digital world? Even when we’re sitting in the beautiful sunshine, sipping on cocktails and splashing in the sea? Partly our digital dependence is practical, of course. The web helps us navigate around our holiday destinations finding the best attractions, the coolest bars and most remote beauty spots. But if we’re honest, many of us would admit that we’re so digitally connected because we don’t want to miss anything happening on Facebook, Instagram, Snapchat, Twitter and all the other social apps filling our electronic wonders. We continue to check in, trying to make our friends jealous by posting the latest update about our perfect holiday. Now that we’ve settled that an internet connection is a top holiday priority, why don’t we just use our phone network? Simple: we’ve all heard the horror story of someone getting crazy high bill after spending just a few days in Spain. So, we’re constantly on the search for a local bar or café that offers free Wi-Fi. It’s a fantastic feeling to be wiser than our internet provider – they can’t spring us with unheard-of charges. But connecting to public Wi-Fi comes with its own risks, and, I would argue, scarier ones than an unexpected post-holiday bill. For example, take a look at this infographic. It shows the personal data that can be intercepted and the risks you face to your privacy when you connect to public Wi-Fi without using a VPN. If the thought alone of anyone being able to snoop on what you do online isn’t enough to want to run away from ever connecting to public Wi-Fi again, then think about the bigger risks. The worst case scenario here is you could become a victim of stalking, receive threats, or have your identity stolen. This might sound farfetched, but with what information you reveal on public Wi-Fi, is it worth the risk? If you use a VPN like Freedome while on public Wi-Fi, all your internet traffic will be encrypted. This means instead of your internet traffic connecting directly to the websites from your device, revealing exactly what you’re doing online to the Wi-Fi provider, the VPN will garble your internet traffic and keep what you’re doing online anonymous. You internet privacy and safety is our biggest concern here, and Freedome will definitely provide that security. But here’s a little extra to boost your internet love and consumption when on holiday abroad: When in another country, you might not be able to stream your favorite content from back home. But with Freedome VPN, you can be “virtually” back in your home country, accessing all your favorite content as if you never left.

July 20, 2016
BY