This is the second posting in a three-part series covering common threats a user may encounter.
This series serves as a rough and ready guide, highlighting key features and trends relevant to most users.
Viruses have always loomed large in users’ minds as the poster child of malicious programs – heck, we even call it the anti-virus industry. In the last 10 years or so however, the number of virus infections has nosedived; our Labs, which once dealt with viruses routinely, now sees a proper virus infection about once or twice a month. Today when people talk of ‘viruses’, more often than not what they’re describing is technically a trojan or a worm, and they’re using the term in a general, ‘any malware will do’ kind of way.
That’s not to say viruses are extinct; we still receive a small, if persistent, number of queries about viruses. This may be because many businesses, households and users (both in developed countries and in recently connected developing ones) still use old, out-dated, unpatched machines or programs, or haven’t yet developed a security-conscious habits.
Whatever the case, virus infections will probably still cling on to life for a weary day after, so let’s take a look at them.
The Merriam-Webster online dictionary’s bare-bones definition of a computer virus touches on important elements most users should know, so I’ll just elaborate a bit more on some key concepts:
Last week I compared a virus to a parasite, because not only does it ‘hide’ in another program, but also depends on its host to function. For the virus to run, the unsuspecting user must actively launch the infected program, which in turn launches the virus.
For this reason, virus writers usually create viruses that infect executable files (especially popular programs such as word processors or media files), which have a higher chance of being run; programs with files that get passed around a lot are extra attractive, since they can affect even more potential victims.
A good example is the Microsoft Office suite which, with their huge community of business and personal users, used to be a popular target for macro viruses. We still see queries related to this virus type, though thankfully far less than previously.
If you think of the common cold virus spreading from one person to another, you’ll have a pretty good idea of why this behavior can be so damaging. When a infected file is executed, it searches for and infects new files; if the newly infected files are launched, they find and infect new files in turn, like some evil Multi-Level Marketing operation. At worst, this pattern can lead to every targeted file on the system being infected.
The damage a virus can do by replicating and infecting new files is bad enough; its payload, a completely separate set of nasty actions, can be worse. The range of actions a virus can take is huge – connecting to a remote site, changing the desktop wallpaper, displaying silly notification messages, deleting data files…it really just depends on the virus author’s imagination and programming skills.
If you’re lucky, they’re not that good and you get failed viruses like Virus:W32/Stardust; if they’re good, then you get really nasty beasts like Virus:W32/Virut or Virus:W32/Sality.AA (one of the few viruses we still find regularly active).
With thousands of unique viruses out in the wild, antivirus companies find it necessary to divide them into sub-types. Unlike trojans though, viruses don’t fall into neat categories reflecting their actions; instead, they naturally fall into groupings based on technical differences in the way they infect a file – which is basically gobbledeegook to a user not interested in detailed analysis.
Gnerally, viruses can be divided into two groups – system infectors and file infectors. The majority of viruses are the latter and infect programs or data files. System infectors on the other hand write their malicious code to specific, critical sections of the hard disk containing the operating system, so that while the OS is running its normal routines, it’s also unintentionally executing the virus code.
Fortunately, for most users a virus’s classification is largely academic. For better or for worse, the sheer variety of possible effects each unique virus can have on a file or system makes it more practical to take each virus on a case by case basis.
So let’s go back to the original question that sparked off this series: do you really need to know if it’s a virus – as opposed to, say, a trojan or worm – infecting your computer?
Well, it helps to know because the two malware types tend affect your data and computer in different ways. As a (very) general rule, trojan infections is more about data theft and loss of control over the computer; virus infections tend to result in software disruptions or damage.
Trojans may copy and steal your data, but they don’t usually destroy the data file itself; they may stop programs from running but they don’t destroy the program. A virus on the other hand, insert its own code into a program or data file, and depending on how it does so, may either leave the host completely unharmed and functional, slightly disrupted, or completely non-functional.
Another difference between trojans and viruses that really affects the user involves disinfection. For one thing, a trojan is usually a single, discrete program – getting rid of it tends to be fairly simple, a matter of removing the malicious file and its residuals (registry keys, processes, icons, etc). Removing the trojan also generally doesn’t affect the integrity of other files on the computer.
Viruses are far more nebulous by design – they can be present in multiple files, in different locations. Identifying a virus-infected file may require scanning the entire computer to be sure every affected file is caught. Removing malicious code from an infected file or – if it can’t be saved, deleting the infected file entirely – can also be problematic if the damaged data is important or the program is a critical system component.
And this doesn’t even take into account the virus’s payload, which can produce a whole other set of worries.
Still, there is a ray of hope. If current malware trends persist, we may soon see adware or backdoors promoted to being the newest member of The Big Three, and viruses – as a distinct malware type – can finally be relegated to joining 3½” floppy disks in Computer Hell.
In the meantime, here’s some links to other, more in-depth resources on viruses:
Or partially available on Google Books:
Coming soon – Worms!
Kaisu who is working for us is also studying tourism. Her paper on knowledge of and behavior related to information security amongst young travelers was released in May, and is very interesting reading. The world is getting smaller. We travel more and more, and now we can stay online even when travelling. Using IT-services in unknown environments does however introduce new security risks. Kaisu wanted to find out how aware young travelers are of those risks, and what they do to mitigate them. The study contains many interesting facts. Practically all, 95,7%, are carrying a smartphone when travelling. One third is carrying a laptop and one in four a tablet. The most commonly used apps and services are taking pictures, using social networks, communication apps and e-mail, which all are used by about 90% of the travelers. Surfing the web follows close behind at 72%. But I’m not going to repeat it all here. The full story is in the paper. What I find most interesting is however what the report doesn’t state. Everybody is carrying a smartphone and snapping pictures, using social media, surfing the web and communicating. Doesn’t sound too exotic, right? That’s what we do in our everyday life too, not just when travelling. The study does unfortunately not examine the participants’ behavior at home. But I dare to assume that it is quite similar. And I find that to be one of the most valuable findings. Traveling is no longer preventing us from using IT pretty much as we do in our everyday life. I remember when I was a kid long, long ago. This was even before invention of the cellphone. There used to be announcements on the radio in the summer: “Mr. and Mrs. Müller from Germany traveling by car in Lapland. Please contact your son Hans urgently.” Sounds really weird for us who have Messenger, WhatsApp, Facebook, Twitter, Snapchat and Skype installed on our smartphones. There was a time when travelling meant taking a break in your social life. Not anymore. Our social life is today to an increasing extent handled through electronic services. And those services goes with us when travelling, as Kaisu’s study shows. So you have access to the same messaging channels no matter where you are on this small planet. But they all require a data connection, and this is often the main challenge. There are basically two ways to get the data flowing when abroad. You can use data roaming through the cellphone’s ordinary data connection. But that is often too expensive to be feasible, so WiFi offers a good and cheap alternative. Hunting for free WiFi has probably taken the top place on the list of travelers’ concerns, leaving pickpockets and getting burnt in the sun behind. Another conclusion from Kaisu’s study is that travelers have overcome this obstacle, either with data roaming or WiFi. The high usage rates for common services is a clear indication of that. But how do they protect themselves when connecting to exotic networks? About 10% are using a VPN and about 20% say they avoid public WiFi. That leaves us with over 70% who are doing something else, or doing nothing. Some of them are using data roaming, but I’m afraid most of them just use whatever WiFi is available, either ignoring the risks or being totally unaware. That’s not too smart. Connecting to a malicious WiFi network can expose you to eavesdropping, malware attacks, phishing and a handful other nasty tricks. It’s amazing that only 10% of the respondents have found the simple and obvious solution, a VPN. It stands for Virtual Private Network and creates a protected “tunnel” for your data through the potentially harmful free networks. Sounds too nerdy? No, it’s really easy. Just check out Freedome. It’s the super-simple way to be among the smart 10%. Safe surfing, Micke PS. I recently let go of my old beloved Nokia Lumia. Why? Mainly because I couldn’t use Freedome on it, and I really want the freedom it gives me while abroad. Image by Moyan Brenn
Passwords are the keys to online accounts. A good password known only to account owners can ensure email, social media accounts, bank accounts, etc. stay accessible only to the person (or people) that need them. But a bad password will do little to prevent people from getting access to those accounts, and can expose you to serious security risks (such as identity theft). And sadly, many people continue to recycle easy to guess/crack passwords. A recent study conducted by researchers from Google attempted to nail down the most common pieces of advice and practices recommended by security researchers, and unsurprisingly, several of them had to do with passwords. And there were several gaps between what security experts recommend people do when creating passwords, and what actually happens. Here’s 3 expert tips to help you use passwords to keep your accounts safe and secure. Unique Passwords are Better than Strong Passwords One thing experts recommend doing is to choose a strong and unique password – advice many people hear but few actually follow. Chances are, if your password is on this computer science professor’s dress, it’s not keeping your accounts particularly secure. Many major online service providers automatically force you to choose a password that follows certain guidelines (such as length and character combinations), and even provide you feedback on the password’s strength. But security researchers such as F-Secure Security Advisor Sean Sullivan say that, while strong passwords are important, the value of choosing unique passwords is an equally important part of securing your account. Basically, using unique passwords means you shouldn’t recycle the same password for use with several different accounts, or even slight variations of the same word or phrase. Google likens that to having one key for all the doors in your house, as well as your car and office. Each service should get its own password. That way, one compromised account won’t give someone else the keys to everything you do online. A strong password will be long, use combinations of upper-case and lower-case letters, numbers, and symbols. The password should also be a term or phrase that is personal to you – and not a phrase or slogan familiar to the general public, or something people that know you could easily guess. But there are still many ways to compromise these passwords, as proven by The Great Politician Hack. So using unique passwords prevents criminals, spies, etc. from using one compromised password to access several different services. Sullivan says choosing strong and unique passwords for critical accounts – such as online banking, work related email or social media accounts, or cloud storage services containing personal documents – is a vital part of having good account security. Experts Use Password Managers for a Reason One study showed that the average Internet user has 26 different online accounts. Assuming you’re choosing unique passwords, and you fit the bill of an “average Internet user”, you’ll find yourself with a large number of passwords. You’ve now made your account so safe and secure that you can’t even use it! That’s why experts recommend using a password manager. Password managers can help people maintain strong account security by letting them choose strong and unique passwords for each account, and store them securely so that they’re centralized and accessible. Keeping 26 or more online accounts secure with strong and unique passwords known only to you is what password managers do to keep your data safe, which is why 73% of experts that took part in Google’s study use them, compared to just 24% of non-experts. Take Advantage of Additional Security Features Another great way to secure accounts is to activate two-factor authentication whenever it’s made available. Two-factor (or multi-factor) authentication essentially uses two different methods to verify the identity of a particular account holder. An example of this would be protecting your account with a password, but also having your phone number registered as a back-up, so any kind of password reset done on the account makes use of your phone to verify you are who you say you are. While the availability of this option may be limited, security experts recommend taking advantage of it whenever you can. You can find a list of some popular services that use two-factor authentication here, as well as some other great tips for using passwords to keep your online accounts secure. [Photo by geralt | Pixabay]
The Android vulnerability known as StageFright has revealed the Android operating system's "heart of darkness." In theory, a simple MMS could take over your phone. The F-Secure Labs is actively monitoring for threats that target the exploit. The good news is that while the theoretical risk of attack is high and Android is consistently the target of nearly all mobile malware, we have not seen any active attacks that target it yet. But this is still a huge event that should trigger a major reconsideration of Android security in general. Our Micke explained: Android is the most widespread operating system on this planet. 48 % of the devices shipped in 2014 were Androids (Gartner). And that includes both phones, tablets, laptops and desktop computers. There’s over 1 billion active Android devices (Google’s device activation data). Most of them are vulnerable to Stagefright and many of them will never receive a patch. This is big! The ability to keep software updated is the essential task that makes security possible. Android's adaptability has helped lead to its remarkable growth. But it's also led to remarkable fragmentation in the ecosystem. "Recent data from Google suggests there are 6 different versions of Android that are widely used, with KitKat (Android 4.4) being the most popular. But it’s used by less than 40% of devices," Adam wrote on the F-Secure Business Insider blog. "The remaining 60% or so are spread out among the other five versions of the OS, and each is customized differently and receives varying levels of support from operators and OEMs." Many users cannot update at all. "Apparently the best supported method of updating your Android phone is to buy a new Android phone," F-Secure Chief Research Officer Mikko Hypponen tweeted. Obviously that option isn't available to millions of Android users. "Fragmentation also has socioeconomic implications," the EFF's Cooper Quintin wrote. "Older and cheaper phones tend to run older versions of the Android operating system, and vendors often give up supporting them or updating the software running on them. On the other hand newer and more expensive phones tend to receive updates faster and more reliably (especially Google Nexus devices)." So what should you do until then -- besides update your OS if possible and run mobile security that targets threats that take advantage of exploits like StageFright? 1. Examine the app that handles your MMS messages. Check out your Android device's default messaging app or Google Hangouts. Make sure to disable their automatic retrieve/fetching options. This will prevent automatic execution of potential exploits on any received messages. 2. Avoid viewing or opening any pictures or videos from untrusted sources. We'll keep you updated about this situation as it develops. Cheers, Sandra [Photo by Photo Cindy | Flickr]