Although this column has been preaching about the subject for well over a year, some readers told me that they were truly shocked by last week’s column titled “How computer malware works.”
The war against malware (short for “malicious software”) like viruses, spyware and rootkits is a constant cat-and-mouse game between malware writers and distributors (the “bad guys”) and those who write, update and use antivirus and antispyware protection tools (the “good guys”). Companies like Avast, ZoneLabs, Team Spybot, McAfee and Symantec employ thousands of researchers and software programmers who work all day long, every day doing nothing but trying to figure out ways to fight malware. As there are many hundreds of new malware programs released on the Internet every day, the good guys aren’t in any danger of running out of things to do.
Computer service technicians like myself, who are “out in the field,” and end-users like my customers, are on the front lines of the malware war. Having antivirus and antispyware programs is wonderful, but unless they are properly installed, updated and used, they are almost worse than having nothing at all. It’s sort of like having a fancy, complicated, high-security lock on the front door of your house. If you don’t learn how to use that lock, then you might as well leave the front door wide open. Simply closing the door without using the lock is giving you a false sense of security.
There are many computer experts who contend that a false sense of security is exactly what we have in our computer/Internet-dominated world. People have their fancy-schmancy security “suites” installed, and, having been assured by the manufacturers that they are “protected,” they still continue to open mysterious email attachments, download shady programs, visit bogus websites and click on questionable popup ads. The hard truth is that there is no single antivirus program that catches all computer viruses (second opinions are good). There is no single antispyware program that stops all spyware. There is no all-in-one antivirus/antispyware/antipopup/antispam/antitheft/antihacker/antieverything Internet security “suite” that does an excellent job in all of its functions. It simply doesn’t exist. And they all fall short when trying to stop the most pernicious threat emerging from the Internet: the rootkit.
Rootkits are sets of bad-guy hacker tools that, once installed, immediately bury themselves deep inside a computer’s file system and registry, erasing any trace of their existence. After installing backdoors, keyloggers, password sniffers and file transfer programs, the malware is “root,” an old computing term for someone having complete control of a system.
Many rootkits attach themselves to and alter the “kernel,” which is the heart of the computer’s operating system. At this point, the only way to stop the rootkit is usually to completely erase the computer’s hard drive. However, that’s assuming that you are somehow able to detect that a rootkit has been installed in the first place. Computer security companies are scrambling frantically to develop programs that can detect and remove rootkits.
The best that we in the field can do is make sure that we’re using up-to-date, active security software, and to not put all of our eggs in one basket. Behave yourself on the Internet, and, with a hope and a prayer, you should be OK. As Mr. T might say, “Antivirus, antispyware, what we need is some antifool software!”