The Xware menace

(snip from one of our recent client communiques)...

Quite often we get asked about pop up screens when using Internet Explorer, alerting users that their systems are insecure or not performing correctly (for example). These messages typically have a button the user is prompted to press in order to take "apprioriate" action. Unfortunately, clicking on the button will more than likely install some malicious software onto the users compujter. But why does the anti-virus software not pick this up?

Basically, these messages are not strictly viruses, or even worms. They represent software known as malware which can include spyware. Malware is basically malicious software that can be installed onto your computer, sometimes without your knowledge. Spyware is designed to "spy" on your web browsing activity and report this back to a server on the Internet which in turn can instruct the spyware to display advertising on your computer.

Rather than go into a long technical discussion about the different forms of malicious code (viruses, worms, trojans, malware, spyware, rootkits etc etc) at the end of the day malware & spyware is a relatively new menace. Whilst it's been around for a few years, over the last 12 months or so it has become a lot more advanced such that it is not only very hard to keep up with the technological changes, but it's more difficult to understand and hence detect and remove.

The answer? It's a very long answer! In summary, the most important first step is education - educating users about how to safely use a computer, especially when using the Internet. Secondly, if you are using a Windows operating system on your PC other than Windows XP you are at risk, regardless of any firewall you may be using on your network. Having service pack 2 installed onto your Windows XP computer is extremely important as it provides many mechanisms for helping keep Internet browsing a safer experience. Thirdly, anti-virus software is still essential, and it is evolving to also detect, prevent and remove malware. Over the next few months we should expect to see vast improvements in the capabilities of this software.

Finally we need to remain vigilant. The Internet is a very different place compared to what it was a few years ago. Awareness is important, and thinking "it won't happen to me" simply won't keep you safe. I personally, and professionally, cannot stress enough the importance of taking this growing threat seriously.

==========================

So what's your favourite anti-Xware tool?

Posted: Jun 17 2005, 02:01 AM by calvert | with 1 comment(s)
Filed under: ,

Comments

calvert said:

Hey Dean,

I wouldn't recommend users depend on antivirus, now or in the future.

A very important line of defence is to install an anti-spyware product and keep it up to date

The Spyware Warrior web site hosts a comprehensive comparison of anti-spyware products which I think you will find very useful when deciding what product to use:
http://spywarewarrior.com/asw-features.htm

The end result of all this analysis is a list of “trustworthy” products:
http://www.spywarewarrior.com/rogue_anti-spyware.htm#trustworthy">http://www.spywarewarrior.com/rogue_anti-spyware.htm#trustworthy

Spywarewarrior also hosts a comprehensive list of rouge or suspect anti-spyware products (products that are of “unknown, questionable or dubious value”):
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Randy Knobloch, Microsoft MVP (aka Siljaline), works hard to keep people informed about the latest updates for various anti-spyware products. Keep an eye on his site for downloads relevant to software you have installed. Randy's personal blog is at http://www.msmvps.com/siljaline/ and his info-posts can also be found at Security Tools Updates.

# June 17, 2005 10:59 AM
Leave a Comment

(required) 

(required) 

(optional)

(required)