Home »
Viruses and Malware
»
Malware Prevention
Summary: Connecting to the internet without protection in place is a very dangerous thing to do. Fortunately, this danger is very easily dealt with.
|
I remember reading not too long ago about virus programs that are computer generated and that conduct a random search for unprotected IP address' to download to. I was recently talking to some friends who also shut off their PC when not in use but leave the cable modem running and connected to speed up the startup process. The question is are there such virus programs and if they exist what is the risk factor of being connected for even a brief period of time without operational protection? |
I vaguely recall the worst case scenario that you're referring to: an unpatched and unprotected version of either Windows 2000 or an early version of Windows XP lasted about 30 seconds after connecting to the internet before it was infected with a virus.
30 seconds.
Things are better today, but you still want protection. And turning your machine off isn't really helping.
•
The programs we're talking about aren't computer generated, they've been written by real people, but they definitely do scan the internet looking for vulnerable PCs. The scary part is that even after all these years of warnings, there are a significant number of machines on the internet that remain unpatched and unprotected.
It's exactly as you've heard: these programs look for machines that are connected directly to the internet that have not been patched with the latest updates to correct known vulnerabilities. In some cases, the vulnerabilities have been known for years, and the patches to correct the vulnerability have also been available ... for years. And yet there are unprotected machines out that have been infected in exactly this way. (Many are now spambots, for example.)
But from reading that, you can see that the two criteria for getting infected that way are easily rectified.
"... connected directly to the internet ...". OK, don't do that. This is extremely easy to fix: get behind a router and the computers out on the internet can't initiate a connection to your computer. Problem solved. This is why I so highly recommend a router as a firewall as it simply eliminates the issue.
Speaking of firewalls, if you can't get a router and must connect directly to the internet, then you must get a firewall. At a minimum, enable the Windows firewall already in XP. One of the reasons that machines don't get infected within 30 seconds of a "naked" internet connection these days is since Windows XP SP1 the internet firewall is on by default.
"... that have not been patched ...". Once again, the solution here is simple: patch. Enable automatic updates, or visit Windows Update or otherwise take steps to ensure that you're getting the latest and greatest patches to your operating system as soon as they come out.
Remember that the availability of a patch does two things:
Fixes a vulnerability
Announces to the world that the vulnerability exists
Hackers then, having learned of the vulnerability, immediately start trying to exploit it simply to take advantage of machines that have not been patched as quickly as possible.
So to answer your question: the risk of being connected to the internet at any time if you're unpatched and unprotected is very high. However, if you've been taking updates and have placed your machine behind a router or firewall, this kind of threat is very easily dealt with.
In fact, it's what allows me to have several machines safely connected to the internet 24 hours a day.
Related:
What are these access attempts in my router log? Any device sitting on the internet is subject to a constant stream of "internet background noise". It's why you really want to be behind a firewall.
Do I need a firewall, and if so, what kind? Firewalls are a critical component of keeping your machine safe on the internet. There are two basic types, but which is right for you?
How do I make sure that Windows is up-to-date? You can make sure that Windows is up-to-date by either enabling Automatic Updates or by visiting the Windows Update web site.
Article C3609 - January 3, 2009
I fully agree with Bradley.Most of the Viruses are created by Antivirus companies itself coz they are the only people benefiting from a virus infection.Now a days i hate Antivirus softwares more than the virus itself coz they slow the system down.If users r not that vigilant against Bradley's "click" traps they can try "Deep Freeze"which makes use of the virtualisatiion technology.It never slows down(not an iota,coz its not an antiviurs software) while giving a bullet proof protection.No updates,no defragmentation,no missing files,no Windows reinstallation ....
Ranjith
07-Jan-2009
There is definitely a risk to surfing the Internet without protection. My elderly dad let his antivirus software expire and he started getting popups, browser redirects and his inbox was inundated with spam. Unfortunately, he fell for one of the rouge antivirus products in the 2009-antispyware family. After paying $59.95, he still got all that annoying stuff, plus alarming reports every 5 seconds saying that his machine was still infected.
It took some work, but we managed to get his computer clean with the help of Malwarebytes’ Anti-malware. His ISP had a free McAfee suite available for subscribers in his tier, so we installed that. Then we made sure everything else was updated by running a Secunia scan. And to keep his daily Internet surfing safer we installed Web of Trust. I feel fairly confident now that he is protected. I left detailed instructions and will email reminders for him to run scans.
But after all that, he was furious. He felt violated and hurt by these fraudsters. Being on a fixed income, he was worried about losing the money. He is now waiting for his credit card bill to come in so he can refuse payment and report the scam. I hope he gets satisfaction.
Posted by: Deborah at January 7, 2009 3:11 AMI agree with Bradley also. Do you really believe that all of this malware is coming from 1000's of people all pissed at Bill Gates. If you believe that then you believe all of Obama's money is legit.
08-Jan-2009
No matter how much protection you use, it's still a risky place to be, and it's always going to be a race between the software, OS, & AV updates and the security holes found.
Posted by: Richard FDisk at January 10, 2009 2:07 PMThere's no perfect protection except to stay off and never connect to anything but power sockets.
But for the most part the biggest security hole is the space between the mouse, keyboard and the user, even a fully updated system across the board can still get bombed by the newest "Threat" and sometimes an older "Threat" if the user isn't paying attention to how they're searching, clicking, opening, etc.
This article resurfaced a concern of mine. I usually turn on my computer and plug in my DSL modem at the same time, and then go about other business while Windows boots and Norton AntiVirus loads and then Windows and Norton AntiVirus do their updates. The modem is ready several minutes before Windows and Norton AntiVirus are finished loading. In the intervening time is my computer exposed to the internet and any nefarious bugs out on the web? It is a nuisance to turn on the computer and wait for Windows and Norton AntiVirus to load before plugging in my modem.
Posted by: Kenneth Crook at January 11, 2009 2:21 AMThe problem with "User Education" as an end-all solution is that it's truly an immense undertaking for a general user to be as educated as Leo, Bradly or myself. We're "geeks" (for lack of a better term) and it takes time to get to that level of understanding. For example, I just had this one from a client...
"How do I know if I'm opening an email attachment...when I highlight the email, it shows automatically...can I get a virus just by highlighting it?!?!"
To the new email user, this thought is common. Heck, it took me a long time to understand that one too. However, how am I to explain this one small facet of computer use? "No, you didn't open the attachment, but by having the auto-preview feature on, you are subjecting yourself to more spam because it's auto-downloading pictures which tell the spammer you exist." This is truth, but they don't understand it. Again, this is just one, tiny detail of Internet/computer use. The common Internet user may go their whole life without learning this level of detail...on this one ... small ... detail. User education will grow on it's own, but they'll never be up to speed with the hackers/spammers. The general user will always be susceptable to frauds as Deborah's unsuspecting and underserving father was.
User education is important, but it'll never solve it all.
14-Jan-2009
Agree absolutely with router protection. Best protection with the lowest performance hit.
After that - all bets are off. Caveat Emptor - click at your own risk! I agree to the point made to get updates only from the source (Flash from Adobe.com, Java from Java.com, etc.).
The greatest appeal of the internet to many is anonymous access - and it could be its downfall. Before clicking or accepting an offer, ask if you know the vendor or can get to the offer through the vendor's home page first.
Sure, once behind a router, one can use the internet without additional protection of anti-virus and anti-spyware software if one knows what one is using!
Posted by: Robert M. at January 13, 2009 10:28 AMHappy surfing!
First of,I had my anti virus block viruses. If I did not have it I would have been infected and I did not needed to click " allow". Just entering site was enough. Secondly, just correction. The Norton from google is just scanner. It used to remove Spyware but last time I downloaded it it did not and send me to Norton to buy their product in order to remove spyware. As to Spyware Doctor, it is Spyware scanner and has only PARTIAL protection in it's free version. You NEED ANTI VIRUS program and there are some good free ones. As to conspiracy by anti virus companies I cannot disagree strongly enough.
Posted by: Pavel at January 13, 2009 11:06 AMAlthough I am not an IT specialist by profession, I have been involved in computer programming and hardware utilization for 35 years. I have my children and many friends who keep me busy with PC and software related problems.
Posted by: O.A. Orcan at January 15, 2009 12:38 AMRecently I tested one router in a friend's company and got through it and the additional protection software within minutes. I'm sure some other people could do the same. The company I work for has all the hardware and software based protection available and I still observed my computer would have been in trouble three times within 18 months because of malware getting through against all the company security measures (but not through my firewall, two antivirus, two anti-malware and composite & blackhole list utilities, etc.); all updated daily.
This means no matter what external resources are available for somebody, additional measures like a firewall, antivirus and other anti-malware programs are absolutely required as one can't always be on guard too, even if he/she is a specialist.
Also, not too many people are aware of the fact that a firewall is needed especially against info getting out of one’s own computer. Even an operating system or software might send some sensitive data unless a firewall is there to warn that something funny is going to happen if it isn’t blocked. Same is true when one visits a website in some other ways. Many spam messages might appear after one tries a piece of software, visits a website or just ticks a box. Among other things, I have seen time limited or trial software trying to send a list of websites visited, a list of software, multimedia content I have in my PC and even found out some code trying to access S/N’s in one case. A firewall is definitely needed and its rules have to be carefully defined. Don’t forget that even after a PC is compromised, a good firewall will still catch outgoing rewards for a spammer, hacker, etc, let you block it and also let you know where to take action in your system.
Hi everyone, I never would have expected so many people to comment on my comment, I am very glad it sparked some interesting conversation.
Leo, thanks for your response.
Here is why I believe so many viruses and malware come from the anti virus companies.
1. first and foremost: 8 times out of 10 there is an advertisement for the specific anti virus package you "need" built right into the virus! what if your windshield was broken and attached to it was a sticker that told you where to get it fixed, if it happened often enough you would have to assume that the fixer was the breaker.
2. there are virus writers who are sitting on yachts earning millions and millions of dollars just from writing viruses, some of this money goes for mafia and organized gangs, some goes for terrorist activities and weaponry and some (thank you Nigeria) goes to help small guerrilla factions - oh yeah, and some just goes into the pockets of of very wealthy black-hats.
here is an analogy: Say Leo owned "Leo's Tire Repair Service" every day he can throw rusted bent nails out his car window and some people might get flat tires, some of those people might come to his shop (especially if he had a billboard nearby) and so he is increasing his possible income without investing anything (except free, rusted bent nails) NOW lets take that same nefarious story and put it towards a much more lucrative venture. You write a virus, lets call it "Windows Ultimate Killer 2009" then you put the removal tool for it on the internet at $45 per download and advertise it all over the place so anyone who googles that virus will see YOUR sites. Then through the power of multiplication (infect 2 computers who each infect 2 who each infect 2, etc etc) you eventually infect 1 million computers. now if only 1% (more likely 50% or more) of those infected people decide to get an anti virus program, that's 100 thousand people, if only 1% of THOSE people (remember your adverts are the only ones all over the web guaranteeing removal) decide to buy YOUR anti virus removal tool, that's 10 thousand people who pay $45 for your anti virus little de-ransomware tool. you just made $450,000 dollars without having to invest anything but a little time. NOW, here is the kicker, instead of 1 virus, you make 300 (hell, just rename some of the existing ones or change the formula a bit, you already have the source code) and instead of infecting 1 million computers, infect 5 million or more, and hell, infect some of the same ones again with a different virus after they pay for your removal tool, thats a common thing. anyway, my point is, that virus creation and removal go hand in hand and it is an amazingly lucrative business that takes little to no $$ investment to start. just infect a server at a university in France from a computer in Germany being operated by a terminal in Japan which is using a hijacked connection and it will take years for them to track it to that coffee shop in Switzerland where you are never going to go back to anyway OR just pay the IT guy at some school or business to allow his servers to be compromised.
It is not a conspiracy theory, it is a fact. Viruses are just about the most lucrative business on the net and the ones you really have to worry about are the ones you do not know you have. when your system is infected with a clever virus, it will not slow you down or give you popups or give you any indication that you have a problem, but at 3am it's passing it's gunk around to every other system it can, getting on your CDs and thumb drives, getting into your email, etc, then on a certain date or some pre-determined action, >BAM
Posted by: Bradley at January 17, 2009 1:25 PM