Do you REALLY need to know the difference between malware types?

Explaining Malware Types is Hard To Do

One of the stranger perils of being a technical writer involves being ambushed at odd moments by people demanding on-the-spot explanations of complex technical concepts.  I was out on the town one night and somehow found myself having to explain to a not-too-tech-savvy friend how to differentiate between a virus, a trojan and a worm.

After patiently listening to a lengthy, rambling answer, my friend thought it over for a minute and then asked, “So, why should I care? Why is this important to me? Do I really need to know the difference between different types of malwares?

My automatic reaction was to say, “Of course you need to!” – but to my surprise,  I couldn’t coherently express why I felt that way (though to be fair,  I was having trouble thinking clearly about anything that night).

Thinking it over in the sober light of day,  I realized that he’d actually asked a pretty good question. For most computer users, the difference between malware types is academic and irrelevant – at least,  right up until their computer gets infected. If everything’s working just fine, why in the world should they be able to distinguish between an exploit and a backdoor?

A Technical Person’s Answer

To get a expert’s opinion on this,  I relayed my friend’s question to an Analyst in our Response Lab. His reply was (and I’m paraphrasing here):

“Yes,  so that if anything happens, you’d know how the computer got infected, how to deal with the infection, and how to prevent it from spreading.”

Now, that’s the condensed version of a technical person’s answer. The real answer was actually a long, in-depth and detailed explanation covering how certain malware types had specific behaviors and particular vectors for distribution, as well as recommendations for dealing with particular types of infection.

And that there was the problem in a nutshell – it’s a lot of information to absorb. It was a thorough answer, but not an easy one to communicate to people with little interest in technicalities.  Some parts of the explanation also assumed more computer knowledge than most users would probably have or want.

Having said that, I thought the condensed version of our Analyst’s answer seemed like a helpful, ‘user-friendly’ answer. It summarizes all the main points effectively, puts it in a context most users would understand  and – this is important – it isn’t long-winded. I’ll come back to this again a little later.

Why A User Doesn’t Need To Know Malware Types

Trying to find a simple, all-encompassing answer to my friend’s question made me wonder if he really had a point and that users didn’t really need to know something as technical as malware types. So I decided to turn the question around and ask:

“Are there any cases in which ‘the average user’ doesn’t need to know the difference between malware types?”

The following four scenarios were the only ones I could think of where knowing malware types wouldn’t be helpful (if you can think of others, feel free to leave a comment). Of course,  I included some reasons why I think knowing malware types would be helpful even in these situations.

  1. I don’t do anything that might harm my computer.

    If you can honestly claim this, you’re probably what I’d call an Exemplary User: someone who diligently updates the operating system and programs, never installs programs or uses removable media without thoroughly vetting it first, doesn’t download from untrusted sources and basically, just does computer security right.

    An Exemplary User can laugh with scorn at looming malware outbreaks.  If this describes you, great! You can stop reading now. (Heck, you probably know the malware types already, anyway).

    Since the vast majority of users will never qualify for Exemplary Userhood however (myself included), the second best scenario is:

  2. MY computer can’t be infected.

    No, I’m not starting a PC versus Mac debate. What I mean is that even if malware does get onto your computer, it needs to find a suitable environment before it can have an effect. A Linux virus that somehow manages to get onto a Windows machine usually can’t do anything except blush sheepishly. Ditto for a backdoor that uses HTTP to connect to a remote site but ends up on a standalone computer without Internet acess.

    If your computer happens to be set up so that the majority of malware doesn’t target it or affect it (now you can start the PC/Mac debate), then our query becomes moot. Again, congratulations!

    Of course, most people have very little choice in the kind of operating system or programs they have on their computer, particularly business users. Even home users usually have to consider familiarity and affordability over specifically tailoring their computer to be malware resistant. To fix that, most users use antivirus protection. Which leads to reason 3:

  3. Why worry? My antivirus will remove it.

    Actually, since I work for a computer security company, I’d reeeaaally like it if more people could claim this. And hey – shameless plug – our Internet Security is doing pretty well in independent tests!

    Unfortunately, this solution isn’t 100% bulletproof, especially if you’re not an Exemplary User or are just plain unlucky.  Sometimes, the antivirus doesn’t catch the malware. Or it makes an error and the wrong file get fingered, causing all sorts of mayhem. Worse still, the antivirus turns out to be rogueware.

    In other words, the program you’re depending on to sort out all the problems….doesn’t. What then? Ah, then we move on to reason 4:

  4. Not my department. (IT/Tech Support/the computer guy) will just clean out any infection for me.

    OK, so the person fixing an infected computer should be the one with the technical knowledge, true. That person may not be the user, true. If you have someone dependable, willing and trustworthy, who can fix anything that goes wrong…can I have their number? Such a person is a godsend. Treasure him/her.

    Still, even if you’re that lucky, it’s often a great help to the actual technician if the user can pinpoint the probable cause. Knowing what type of dastardly program is screwing around with the computer gives the technician a good place to start investigating, and maybe also some idea of how to fix it.

    Or, to use an analogy, it’s the difference between driving to a workshop and telling the mechanic, “My car’s making a funny sound”, and saying, “The fan belt’s busted.”‘

And the Conclusion Is…

If you’re not in one of the 4 ‘Ideal Situations’ listed above, then it would probably be helpful for you to know the different kinds of malicious programs that can damage your computer, because…well, refer to condensed Analyst’s answer above.

Realistically though, learning about malware types, even superficially, requires investing time and energy that not every user can spare – which is why technical writers (ahem) have to find ways of communicating these concepts in ways that are interesting and easily accessible for everyone. Which brings us back to the condensed Analyst’s answer. It’s short, to the point and gives just enough information without being overwhelming. And if more information is asked for, well that’s the time to start going in-depth.

Personally, I like it – but since my part of my work deals with malware types anyway, I freely admit to being biased about this. So really, the best people to evaluate how useful that answer is – You, dear reader. So how about it? Do you think the condensed Analyst’s answer is a helpful, informative reply?

——

Oh and since we’re on the topic, here are the Types F-Secure uses to classify the samples – the good, the bad and the merely suspicious. You can also find plenty of other sites with excellent information on this topic – for example, HowStuffWorks.com has great articles explaining how trojans, viruses and worms work.

More posts from this topic

15855489588_6c209780a9_b

How “the Cloud” Keeps you Safe

“The cloud” is a big thing nowadays. It’s not exactly a new concept, but tech companies are relying on it more and more. Many online services that people enjoy use the cloud to one extent or another, and this includes security software. Cloud computing offers unique security benefits, and F-Secure recently updated F-Secure SAFE to take better advantage of F-Secure’s Security Cloud. It combines cloud-based scanning with F-Secure’s award-winning device-based security technology, giving you a more comprehensive form of protection. Using the cloud to supplement device-based scanning provides immediate, up-to-date information about threats. Device-based scanning, which is the traditional way of identifying malware, examines files against a database saved on the device to determine whether or not a file is malicious. This is a backbone of online protection, so it’s a vital part of F-Secure SAFE. Cloud-based scanning enhances this functionality by checking files against malware information in both the local database found on devices, and a centralized database saved in the cloud. When a new threat is detected by anyone connected to the cloud, it is immediately identified and becomes "known" within the cloud. This ensures that new threats are identified quickly and everyone has immediate access to the information, eliminating the need to update the database on devices when a new threat is discovered. Plus, cloud-based scanning makes actual apps easier to run. This is particularly important on mobile devices, as heavy anti-virus solutions can drain the battery life and other resources of devices. F-Secure SAFE’s Android app has now been updated with an “Ultralight” anti-virus engine. It uses the cloud to take the workload from the devices, and is optimized to scan apps and files with a greater degree of efficiency. Relying on the cloud gives you more battery life, and keeps you safer. The latest F-Secure SAFE update also brings Network Checker to Windows PC users. Network Checker is a device-based version of F-Secure’s popular Router Checker tool. It checks the Internet configuration your computer uses to connect to the Internet. Checking your configuration, as opposed to just your device, helps protect you from attacks that target home network appliances like routers – a threat not detected by traditional anti-virus products. So the cloud is offering people much more than just extra storage space. You can click here to try F-Secure SAFE for a free 30-day trial if you’re interested in learning how F-Secure is using the cloud to help keep people safe. [Image by Perspecsys Photos | Flickr]

June 30, 2015
BY 
money, burnt, online, internet, scams

The 5 Internet scams your kid or mom is most likely to fall for

There wouldn't be billions people online every moment of every day if everyone was getting scammed all the time. Online security is, in many ways, better than ever, as are the sites designed to attract our attention. But exploits and the crooks that want to exploit us still exist, enjoying advanced malware-as-service models proven to steal our data, time and money. And with the awesome number of people online, scams only need to work a tiny percentage of the time to make the bad guys rich. We're sure you're savvy enough to avoid most trouble. But for everyone else you know, here are 5 common scams to look out for. 1. Ransomware. This scam, which F-Secure Labs has been tracking for over 5 years, prospers because it offers incredible returns -- to the scammer. "It estimated it would cost $5,900 (£3,860) to buy a ransomware kit that could return up to $90,000 in one month of operation," the BBC reports. It works like this. You suddenly get a message saying that your files are being held and you need to pay a ransom to release them. Sometimes the scam pretends to be from a police organization to make them extra scary: Anonymous cyber-currencies like bitcoin have made the scam even more appealing. "That's what really enabled the ransomware problem to explode," our Mikko Hypponen said. "Once the criminals were able to collect their ransom without getting caught, nothing was stopping them." They really do take your files and they generally will give them back. Ironically, their reputation matters since people will stop paying if they hear it won't work. Mikko recommends four ways to defend yourself from this -- and almost every scam: Always backup your important files. Ensure software is up-to-date. Be suspicious of message attachments and links in email. Always run updated comprehensive security software. He adds, "Don't pay money to these clowns unless you absolutely have to." 2. Technical support scams. "In a recent twist, scam artists are using the phone to try to break into your computer," reports the U.S. Federal Trade Commission. "They call, claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need." Never give anyone who calls you unsolicited your private information or access to your computer. As a matter a fact, don't do that even if the call is solicited. If you feel the call may actually important, ask who they are calling from and then contact the organization directly. For more tips visit the FTC site. 3. Facebook freebies. Free iPad! Free vacation! Free gift card! If it's free, it's on Facebook and it comes from someone you do not know or trust directly, assume it's a scam. At best it's a waste of your time, at worst it could end up costing you money. Unfortunately, there are only two things you can do to avoid these scams. Don't follow people who share crap like this on Facebook and don't click on things that seem too good to be true. "There is no way a company can afford to give every Facebook user a $25.00, $50.00 or $100.00 gift card," Facecrooks, a site that monitors these scams, reminds you. "A little common sense here tells you that something is way off base." So be suspicious of everything on Facebook. Even friends asking for money. 4. Loan scams. Scammers are smart. They know that the more a person is in financial need, the more desperate she or he becomes. For this reason, loans of various kinds -- especially mortgages that are in foreclosure -- are often lures for a scam. Once they have your attention, they may use a variety of tactics to dupe you, the FTC explains. They may demand a fee to renegotiate your loans for lower payments or to do an "audit" of what you're paying. It may even go far enough that they'll ask you directly or trick you into signing over your house to ease the pressure from your creditors. There are many warning signs to look out for. Keep in mind that if you're ever in doubt, the best step is to back off and seek advice. You can also tell the person you're going to get a second opinion on this from a lawyer. If the person you're dealing with insists that you not or freaks out in any other way, it's a good sign you're being taken. 5. Money mule scams. These scams are a variation on the 419 scams where a foreign prince asks you to hold money for him. All you have to do is wire him some first. But in this case you may actually get the money and be used as a tool of organized crime. A money mule illegally transfers money for someone in exchange for some of the take. Many law-abiding people get drawn into this crime while searching for jobs or romance, which is why your should stick to legitimate sites if you're seeking either of those things. Greed and the lure lottery winnings and inheritances is also used as a lure for potential victims. Trust is the most important thing on the internet. Anyone who trusts you too quickly with offers of money or love is probably scamming you. Cheers, Sandra [Image by epSos .de | Flickr]

June 24, 2015