(405) 919-9901

by Dave Moore, CISSP
07/02/2023

The war against malware (short for “malicious software”) like viruses, spyware and rootkits is a constant cat-and-mouse game between malware writers and distributors (the “bad guys”) and those who write, update and use antivirus and antispyware protection tools (the “good guys”).

Thousands of new viruses and virus variants are released onto the Internet every day. Companies like Avira, Avast, AVG, ESET, Trend Micro, McAfee and Symantec employ thousands of researchers and software programmers who work all day long, every day doing nothing but trying to figure out ways to fight new and existing malware. They’ve got their hands full.

Computer security practitioners like myself, who are “out in the field,” and end-users like you, are on the front lines of the malware war. Having antimalware programs is wonderful, but unless they are properly installed, updated and used, they are almost worse than having nothing at all. It’s sort of like having a fancy, complicated, high-security lock on the front door of your house. If you don’t learn how to use that lock, then you might as well leave the front door wide open. Simply closing the door without using the lock is giving you a false sense of security.

There are many computer experts who contend that a false sense of security is exactly what we have in our computer/Internet-dominated world. People have their fancy-schmancy security “suites” installed, and, having been assured by the manufacturers that they are “protected,” they think they are safe to continue opening questionable email attachments, downloading shady programs, visiting bogus websites and clicking on sketchy popup ads.

The hard truth is that there is no single antimalware program that catches all computer viruses. There is no single antispyware program that stops all spyware. There is no magic all-in-one anti-everything Internet security “suite” that does an excellent job in all of its functions. It simply doesn’t exist. They all miss something and they all fall short when trying to stop the most pernicious malware threat in town: the rootkit.

Rootkits are sets of bad-guy hacker tools that, once installed, immediately bury themselves deep inside a computer’s inner workings, erasing any trace of their existence. After installing backdoors, keyloggers, password sniffers and file transfer programs, the malware is “root,” an old computing term for someone having complete control of a system.

Many rootkits attach themselves to and alter the “kernel,” which is the heart of the computer’s operating system. At this point, the only way to stop the rootkit is usually to completely erase the computer’s hard drive. However, that’s assuming that you are somehow able to detect that a rootkit has been installed in the first place. Progress has been made, but computer security companies are still scrambling to develop programs that can reliably detect and remove rootkits.

The best we in the field can do is make sure we’re using up-to-date, active security software, and to not put all of our eggs in one basket. Keep your files backed up “onsite,” using an external hard drive, and “offsite,” using an online backup service like Carbonite. Behave yourself on the Internet, and, with a hope and a prayer, you should be OK. As Mr. T might say, “Antivirus software, antispyware software, what we need is some antifool software!”

Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org