Malware: Another Pandemic Of Which You Need To Be Aware
Suzanne was spot-on a week ago in suggesting a cause-and-effect relationship between H1N1, aka the Swine Flu, and the broad economy, specifically the semiconductor industry and the systems those chips go into. While the impact on the travel industry, for example, may be more obvious (who wants to travel to Mexico right now?), any time there’s uncertainty folks tend to keep their wallets in their pockets. More uncertainty equates to less likelihood to pry open purses…for purchases that include cell phones, computers, flat-screen TVs and innumerable other electronics devices.
As such, I’m relieved to hear that reports of new H1N1 cases are subsiding, and that this new flu virus variant is overall milder than originally feared. However, I have two personal data points within the last two weeks, coupled with abundant ongoing media coverage, which suggests that an equally virulent pandemic of a digital nature is a far greater threat to the well being of the tech industry and its customers going forward. That threat is malware, which Wikipedia defines as:
Software designed to infiltrate or damage a computer system without the owner’s informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code….Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U. S. states, including California and West Virginia.
About a week and a half ago, my neighbor Mark called me with a tale of woe. The night before, while researching a mysterious bug that he and his partner Deb had seen crawling around inside their home, a Google search led him to a university website (which, as you’ll soon see, had apparently been appropriated by outsiders for nefarious purposes). Immediately, a pop-up window appeared on his screen ‘informing’ him that his computer was infected with dozens of viruses, and that he should click ‘ok’ to initiate a clean-up operation. He did…and immediately knew he’d done the wrong thing, because his hard drive started churning away, his network connection went crazy, and his computer slowed to a crawl. Within an hour of subsequent use, the Windows XP Home-based PC was so spyware-clogged that it was essentially unusable (even in the absence of an overt ‘die’ command).
Fast-forward to this past Friday, when my friend Terry down in Sacramento called me at 9PM on behalf of his spouse, Helen. She’d also been visiting a reputable website (no porn or Internet gambling in either case, folks), when an ‘alert’ from ‘Internet Antivirus Pro’ appeared on her Windows XP-based PC’s screen, again reporting numerous claimed infestations and offering to rectify the situation for ‘only’ $90. She wisely contacted me before clicking on the ‘purchase’ button, but the damage had apparently already been done. Her local computer consultant worked on the problem all day yesterday, she told me this morning, and the system’s still ridden with infected files, Registry entries and who knows what else.
I told her that she’s probably going to have to do what I helped Mark do; get all the important data files off the PC (in the hopes that they weren’t infected), then wipe the HDD clean (hoping that its boot sector isn’t infested) and re-install Windows from scratch. Mark had misplaced the install discs that originally came with his Toshiba Satellite P25-S507 laptop (PDF), so I donated a spare set of Windows XP Home CDs to the project. Before visiting any other website, we repeatedly went to Windows Update and kept installing available service packs and other patches, rebooting afterwards when necessary, until Microsoft’s servers reported we were up to date.
Then Mark and I went hunting for the peripheral drivers (graphics, Wi-Fi, sound, etc) that Windows Update hadn’t directly provided us. Toshiba didn’t make it easy; for some baffling unknown reason, the company’s support website download advisor doesn’t list that particular model. A manual search on the keyword ‘P25-S507′ uncovered many of the necessary bits, with the notable exception of the Nvidia graphics drivers. Fortunately, a bit of research uncovered the fact that the newer Satellite P25-S526 (faster CPU, slightly larger HDD), which was listed in Toshiba’s download advisor, had an otherwise identical peripheral mix, including the same GeForce FX Go 5200 GPU.
Microsoft, I think, bears a notable percentage of the responsibility for my friends’ quagmires. With both Windows XP and Windows Vista, the company decided that computers that had not passed Windows Genuine Validation would not be given access to the full suite of available operating system patches. Were computers standalone entities, this might be a marginally acceptable strategy to get folks to pay up. But the spyware infestations turned both Helen and Mark’s computers into networked virus delivery nodes, thereby putting an exponential number of additional computers around the world at risk. I’m delighted to see that Microsoft’s finally seen the error of its ways and chosen a more enlightened alternative path with upcoming Windows 7. Toss up notification messages on-screen, restrict functional capabilities, heck even abruptly shut down computers running pirated Windows copies after a few hours’ use, but don’t restrict their access to security updates.
Helen swears that her computer was both validated and had undergone its most recent Windows Update patch cycle just a few weeks earlier. I’m admittedly a bit skeptical, because it appears from her description that her computer was the victim of a ‘drive-by’ infection (i.e. one that occurred simply by virtue of her pulling up a web page in her browser), though I don’t have the PC in front of me for postmortem analysis and wasn’t with her when it became clear that Windows’ defenses had been overrun. Perhaps the virus payload was instead a malignant Adobe PDF or Flash clip.
Mark’s situation is equally intriguing. He’d apparently spent the previous week disregarding Windows Genuine Validation alert pop-ups from Microsoft, ironically because he didn’t trust that they were legitimate. A short time after he went ahead and confirmed validation, the bogus ‘multiple virus infestation’ pop-up appeared on-screen. Mark was initially cautious, but Deb pointed out ‘it must be ok, because it’s got a Microsoft logo on it’. Theirs was clearly a very bad decision, in retrospect, but an understandable one. And as he later watched me downloading Windows Update patches, Mark commented that ‘wow, I’ve never had to do that’. So I don’t know how long his computer had actually been un-validated, therefore security-neutered. I also wonder if his Windows Update settings were configured in a more passive manner than optimum for his particular degree of computer expertise; to download updates but not automatically install them, for example, or to only alert the user to the availability of updates without downloading them, or (heaven forbid) to even block update alerts.
Those of you who, like me, are predominantly-to-completely Apple computer houses might be feeling a bit cocky right now, considering that both cases I’ve documented were Windows XP-centric. I strongly urge you to wipe those smug smiles off your faces. Need I remind you of the numerous and voluminous Software Updates, many of them fixing discovered security vulnerabilities, which regularly come tumbling down from Apple’s servers to your Macs? And how many of you have heard of all those Mac users that recently installed pirated versions of iWork 09, later discovered to be ridden with malware?
Claim, if you want, that the pirates deserved their fate. It’s not just a pirate problem. As long as the Safari browser’s default setting allows the operating system to "Open ’safe’ files after downloading" (where ’safe’ mindbogglingly includes movies, images, music, text, PDF, ZIP archive and disk image files), any Mac user is an ill-advised administrator password entry away from following in Mark’s footsteps. And speaking of Apple products, don’t think this is just a traditional computer problem, either. In case you haven’t noticed, mobile phones (including, but not limited to the iPhone) are increasingly becoming quite powerful portable computing devices in their own right. The iPod touch, similarly, is a PDA running OS X and masquerading as a multimedia playback device. Heck, routers are even being attacked nowadays.
What’s to be done? Here’s where I’m at a loss for words. Operating systems and the applications that run on them are getting increasingly complex with the passage of time; it’s the nature of the business beast. No matter how robust the development and testing tools, buffer overflow and other Achilles’ Heel’s will inevitably creep into the code. Microsoft tried adding more user alerts to Windows Vista in the form of User Account Control, but users rebelled (some, like me, just turned the feature off), and Apple mocked its competitor in television ads (quite unwisely, in my opinion).
Malware prevention companies like AVG, McAfee and Symantec can strive all they want to stay on top of the malware flood. But malicious software developers, most of which reportedly reside beyond the reach of U.S. law enforement in Eastern Europe and China, are fiscally and otherwise (i.e. the notoriety of bringing arrogant Apple to its knees) highly motivated to keep one step ahead. Just as with a human virus, malware disables its victims’ defenses whenever possible, and it evolves and mutates in order to remain immune to inoculation attempts.