Do you REALLY need to know the difference between malware types?

Explaining Malware Types is Hard To Do

One of the stranger perils of being a technical writer involves being ambushed at odd moments by people demanding on-the-spot explanations of complex technical concepts.  I was out on the town one night and somehow found myself having to explain to a not-too-tech-savvy friend how to differentiate between a virus, a trojan and a worm.

After patiently listening to a lengthy, rambling answer, my friend thought it over for a minute and then asked, “So, why should I care? Why is this important to me? Do I really need to know the difference between different types of malwares?

My automatic reaction was to say, “Of course you need to!” – but to my surprise,  I couldn’t coherently express why I felt that way (though to be fair,  I was having trouble thinking clearly about anything that night).

Thinking it over in the sober light of day,  I realized that he’d actually asked a pretty good question. For most computer users, the difference between malware types is academic and irrelevant – at least,  right up until their computer gets infected. If everything’s working just fine, why in the world should they be able to distinguish between an exploit and a backdoor?

A Technical Person’s Answer

To get a expert’s opinion on this,  I relayed my friend’s question to an Analyst in our Response Lab. His reply was (and I’m paraphrasing here):

“Yes,  so that if anything happens, you’d know how the computer got infected, how to deal with the infection, and how to prevent it from spreading.”

Now, that’s the condensed version of a technical person’s answer. The real answer was actually a long, in-depth and detailed explanation covering how certain malware types had specific behaviors and particular vectors for distribution, as well as recommendations for dealing with particular types of infection.

And that there was the problem in a nutshell – it’s a lot of information to absorb. It was a thorough answer, but not an easy one to communicate to people with little interest in technicalities.  Some parts of the explanation also assumed more computer knowledge than most users would probably have or want.

Having said that, I thought the condensed version of our Analyst’s answer seemed like a helpful, ‘user-friendly’ answer. It summarizes all the main points effectively, puts it in a context most users would understand  and – this is important – it isn’t long-winded. I’ll come back to this again a little later.

Why A User Doesn’t Need To Know Malware Types

Trying to find a simple, all-encompassing answer to my friend’s question made me wonder if he really had a point and that users didn’t really need to know something as technical as malware types. So I decided to turn the question around and ask:

“Are there any cases in which ‘the average user’ doesn’t need to know the difference between malware types?”

The following four scenarios were the only ones I could think of where knowing malware types wouldn’t be helpful (if you can think of others, feel free to leave a comment). Of course,  I included some reasons why I think knowing malware types would be helpful even in these situations.

  1. I don’t do anything that might harm my computer.

    If you can honestly claim this, you’re probably what I’d call an Exemplary User: someone who diligently updates the operating system and programs, never installs programs or uses removable media without thoroughly vetting it first, doesn’t download from untrusted sources and basically, just does computer security right.

    An Exemplary User can laugh with scorn at looming malware outbreaks.  If this describes you, great! You can stop reading now. (Heck, you probably know the malware types already, anyway).

    Since the vast majority of users will never qualify for Exemplary Userhood however (myself included), the second best scenario is:

  2. MY computer can’t be infected.

    No, I’m not starting a PC versus Mac debate. What I mean is that even if malware does get onto your computer, it needs to find a suitable environment before it can have an effect. A Linux virus that somehow manages to get onto a Windows machine usually can’t do anything except blush sheepishly. Ditto for a backdoor that uses HTTP to connect to a remote site but ends up on a standalone computer without Internet acess.

    If your computer happens to be set up so that the majority of malware doesn’t target it or affect it (now you can start the PC/Mac debate), then our query becomes moot. Again, congratulations!

    Of course, most people have very little choice in the kind of operating system or programs they have on their computer, particularly business users. Even home users usually have to consider familiarity and affordability over specifically tailoring their computer to be malware resistant. To fix that, most users use antivirus protection. Which leads to reason 3:

  3. Why worry? My antivirus will remove it.

    Actually, since I work for a computer security company, I’d reeeaaally like it if more people could claim this. And hey – shameless plug – our Internet Security is doing pretty well in independent tests!

    Unfortunately, this solution isn’t 100% bulletproof, especially if you’re not an Exemplary User or are just plain unlucky.  Sometimes, the antivirus doesn’t catch the malware. Or it makes an error and the wrong file get fingered, causing all sorts of mayhem. Worse still, the antivirus turns out to be rogueware.

    In other words, the program you’re depending on to sort out all the problems….doesn’t. What then? Ah, then we move on to reason 4:

  4. Not my department. (IT/Tech Support/the computer guy) will just clean out any infection for me.

    OK, so the person fixing an infected computer should be the one with the technical knowledge, true. That person may not be the user, true. If you have someone dependable, willing and trustworthy, who can fix anything that goes wrong…can I have their number? Such a person is a godsend. Treasure him/her.

    Still, even if you’re that lucky, it’s often a great help to the actual technician if the user can pinpoint the probable cause. Knowing what type of dastardly program is screwing around with the computer gives the technician a good place to start investigating, and maybe also some idea of how to fix it.

    Or, to use an analogy, it’s the difference between driving to a workshop and telling the mechanic, “My car’s making a funny sound”, and saying, “The fan belt’s busted.”‘

And the Conclusion Is…

If you’re not in one of the 4 ‘Ideal Situations’ listed above, then it would probably be helpful for you to know the different kinds of malicious programs that can damage your computer, because…well, refer to condensed Analyst’s answer above.

Realistically though, learning about malware types, even superficially, requires investing time and energy that not every user can spare – which is why technical writers (ahem) have to find ways of communicating these concepts in ways that are interesting and easily accessible for everyone. Which brings us back to the condensed Analyst’s answer. It’s short, to the point and gives just enough information without being overwhelming. And if more information is asked for, well that’s the time to start going in-depth.

Personally, I like it – but since my part of my work deals with malware types anyway, I freely admit to being biased about this. So really, the best people to evaluate how useful that answer is – You, dear reader. So how about it? Do you think the condensed Analyst’s answer is a helpful, informative reply?

——

Oh and since we’re on the topic, here are the Types F-Secure uses to classify the samples – the good, the bad and the merely suspicious. You can also find plenty of other sites with excellent information on this topic – for example, HowStuffWorks.com has great articles explaining how trojans, viruses and worms work.

More posts from this topic

kids laptop remote working take your kids to work

How about ‘Take Your Work to Kid’ Day?

In the United States, Australia and Canada, April 23 will be Take Our Sons and Daughters to Work Day. But given our changing economy and workplace, is one day enough to improve the bonds between parent and child? Originally created to give girls a chance to "shadow" their parents in the workplaces women have so often been excluded from, Take Your Kid to Work Day, as it's often called, was expanded in 2003 to include boys as a way to help all kids see "the power and possibilities associated with a balanced work and family life." It's a nice ideal, but it isn't much of a reality, at least in many industrial countries. Americans spend an average of 1,788 hours a year at work. Most parents with full-time jobs will spend almost two-thirds of their day working and sleeping, leaving little time for anything else. Hopefully your country is a little better at balancing work/home. Finnish workers, for instance, spent 1,666 hours on average at work in 2013 that's 122 hours or 3 full weeks less than their American counterparts. Don't be jealous: German workers only averaged 1,388 hours at work in 2013. Chances are wherever you live your kids already see you at work. A 2012 survey found that 60 percent of Americans are email accessible for 13.5 hours a weekday with an extra 5 hours on the weekend. Given the extraordinary demands work makes on us, perhaps you can make a demand on your work to be a bit more flexible. Given that we're nearly always accessible, why can't parents plan around their kids' schedules and get some work done? Activities like sports, dance, karate and other arts offer parents a chance to be an active observer of their kids while getting some work done on a mobile PC or device while their children are being supervised by another adult. Given that 70 percent of millennial use their own devices for work, it's likely that younger parents already do this to some degree on their phones and tablets. But they're likely not thinking about potential data leakage that can occur, especially when using public Wi-Fi built on old technology that could expose your identity and possibly even your email. But with security and a virtual personal network -- like our Freedome VPN -- you can be about as secure in the office as you're out in the world seeing how your kids work, as they get another chance to see you. Cheers, Sandra [Image by Wesley Fryer | Flickr]        

April 21, 2015
BYOD

Why Bring your own Device (BYOD)?

Do you ever use your personal phone to make work related calls? Or send work related e-mails? Maybe you even use it to work on Google Docs, or access company files remotely? Doing these things basically means you’re implementing a BYOD policy at your work, whether they know it or not. BYOD – that’s bring your own device – isn’t really a new trend, but it is one that’s becoming more widespread. Statistics from TrackVia suggest that younger generations are embracing BYOD on a massive scale, with nearly 70% of surveyed Millennials admitting that they use their own devices and software, regardless of their employer’s policies on the matter. This is essentially pressuring employers to accept the trend, as the alternative could mean imposing security restrictions that limit how people go about their work. Consequently, Gartner predicts that 38% of businesses will stop providing employees with devices by 2016. It kind of seems like workers are enforcing the trend, and not businesses. But it’s happening because it’s so much easier to work with phones, tablets, and computers that you understand and enjoy. Work becomes easier, productivity goes up, life becomes more satisfying, etc. This might sound like an exaggeration, and maybe it is a little bit. BYOD won’t solve all of life’s problems, but it really takes advantage of the flexibility modern technology offers. And that’s what mobility should be about, and that’s what businesses are missing out on when they anchor people to a specific device. BYOD promotes a more “organic” aspect of technology in that it’s something people have already invested in and want to use, not something that’s being forced upon them. But of course, there are complications. Recent research confirms that many of these same devices have already had security issues. It’s great to enjoy the benefits of using your own phone or tablet for sending company e-mails, but what happens when things go wrong? You might be turning heads at work by getting work done faster and more efficient, but don’t expect this to continue if you happen to download some malicious software that infiltrates your company’s networks. You’re not alone if you want to use your own phone, tablet, or computer for work. And you’re not even alone if you do this without telling your boss. But there’s really no reason not to try and protect yourself first. You can use security software to reduce the risk of data breaches or malicious infections harming your employer. And there’s even a business oriented version of F-Secure's popular Freedome VPN called Freedome for Business that can actually give you additional forms of protection, and can help your company manage an entire fleet of BYOD and company-owned devices. It’s worth bringing these concerns to an employer if you find yourself using your own devices at the office. After all, statistics prove that you’re not alone in your concerns, and your employer will most likely have to address the issue sooner rather than later if they want the company to use technology wisely.  

April 17, 2015
BY