Another Day With My PC

If you think that virus authors are quickly discouraged by knock out blows from antivirus programs, think again.

IBM’s Internet Security Systems has recently revealed that an old foe of anti-malware applications is slowly making its way back to center stage again. The worm, which debuted in January 2003, is known as Spammer. It damaged countless systems during that year, making it one of the most dreaded and unwanted programs in recent history.

Resurrected?

Many thought that the worm had already been completely wiped out of every PC unit after security suites focused on its eradication during the months and years after its discovery. In fact, many have already forgotten about it during the past two years. However, IBM’s revelation had brought back its ghost, along with the reluctant prediction that the worm may come back with a vengeance.

What’s the Worry?

Many are downplaying the possible dangers that Spammer could bring to present computer systems. For one thing, security suites have already dealt with it successfully in the past. Hence, they shouldn’t encounter any difficulty in doing a repeat of their bout with the worm a few years ago.

The problem though, is that security software are having a tough time keeping at pace with the release of new viruses or the modified versions of old unwanted programs. It’s not as if Symantec or McAfee will be able to automatically detect the release of every worm or virus that is born in cyberspace. That’s almost next to impossible. Most of the time, they only come to know about the unwanted program after it has already infected a number of systems. There are thousands of hackers and malware authors around the globe. The number is simply and obviously overwhelming.

Keeping the Program Manageable

It would be very easy for antivirus applications to just retain old virus definitions in order to stem future attacks from old worms. However, this is quite impractical. Without retiring old virus codes, the size of anti spyware or antivirus programs could easily swell to exponential proportions. I’m sure you wouldn’t want your antivirus to be as large as Windows Vista, would you?

This practice of trimming down antivirus programs to manageable levels by retiring old definitions creates gaps on the security of a PC unit. Hence, all that a defeated virus author has to do in order to make a comeback is to put his creation in hibernation for a few years, then resurrect it after a new version of the antivirus that eliminated the worm comes out. This is a very easy task for the malware maker, especially since he need not even have to make any modification anymore.

New Approach

Security suites and system utilities, such as registry cleaners, should come up with a new plan on how to prevent the resurrection of old worms and viruses without having to resurrect its old warriors. There must be some way by which an antivirus or anti malware software could efficiently protect a unit from all known forms of unwanted software without being bloated by definitions and other algorithms.

The fight against malware has just gotten more sophisticated.

Although these schemes are not new, incidents regarding spyware and virus attacks using fake Web sites or security alerts are alarmingly increasing. Many users are falling for it since they look authentic. Indeed, even the most experienced and cautious PC user or surfer won’t be able to recognize that the page or file is a fake unless they take a closer second look.

Mirroring

It’s ironic that the infected Web site or security alert replicates that of antivirus and anti-malware’s. This is the reason why many have fallen prey to this modus operandi. Users usually don’t doubt messages regarding security updates. Many immediately download the suggested files or patches without even verifying if the source is genuine. To make matters worse, security suites will sometimes let the download pass without checking its authenticity since the process was initiated or had the approval of the user.

Be Proactive

Although this may seem too tedious, the best way to ensure if the updates or security alert that you have received is genuine is by looking at the URL of the page that you’re being led to after clicking the link presented in the notice. If the address seems unfamiliar or doesn’t direct you to the manufacturer’s Web site, chances are is that the notice is spurious and that you’re being led to an infected page. Always check the URL if it seems genuine. It may be a very simple way of checking file or page authenticity, but it’s definitely effective.

Simply Effective

Don’t think that the techniques which malware authors use to enable their virus or malicious file to get into your system are that sophisticated. Sometimes, if not most of the time, the methods that they use are either crude or pre-historic. As people expect attacks to be complicated and well planned, they leave everything to their antivirus and anti-spyware software. This hands-off approach is dangerous. Anti-malware software often rely on the user for inputs and other decision-making tasks. Consequently, when the user allows the downloading of a purported update which is actually a malicious file, the security program would treat such file or page as harmless. Of course, if such file would perform processes that clearly intend to wreak havoc in the system, your security tool would definitely put a stop to it.

Basic Necessity

No computer in any part of the globe could survive without antivirus software or registry cleaners. Sure, you may contend that standalone PCs or those which have no Internet connection or disk drives are some of the exceptions. But they are precisely just that – exceptions. One could hardly define a computer without mentioning that it has or should have the ability to connect to the Internet. It’s not too presumptuous or erroneous to say that the essence of a computer is to be able to process data and share the same to other people regardless of where they may be. Indeed, what’s the use of your PC if it can’t take you around the world.

Many anti spyware and antivirus programs promise ease of use and impeccable efficiency. Not surprisingly, many live up to that guarantee. Indeed, most security programs take care of everything, leaving the user virtually useless in the process.

This doesn’t mean that you should just always sit back and leave everything to the application. There are times when anti malware programs overreacts and eliminates files which are actually harmless, or worse, critical or important to some of your tasks.

Take, for instance, the way some antivirus treat IRC programs. McAfee’s Virus Scan has mistakenly identified mIRC as a potentially harmful program. While IRC software could introduce harmful programs to your system, it’s not a virus-hoarding application per se. As with any other programs, such as e-mail clients, it may serve as a portal for malware if used carelessly.

Before concurring with the recommendations made by your antivirus or anti spyware programs, make sure that you’ve thoroughly reviewed the report, especially if the remedy that is being suggested involves deleting the suspected files.

• Nov 19 : Mac Fans are Just as Vulnerable as PC Users
• Nov 14 : Cartoon of the Week
• Nov 12 : Should You Trust User Reviews?
• Nov 10 : YouTube Adds Freemantle Content
• Nov 7 : Orange Unveils Free Asus Laptop