The following information was used to help my wife restore computer files after a recent virus attack delivered by a respected website.
There are about 100,000 hostile threats for Windows and about 100 for Macintosh.
Anti-Virus software provides all the protection you need.
Right?
- Anti-Virus Company Hacked - BBC News
- Symantec Hack: Company Admits Hackers Stole Source Code - Huffington Post
Wrong.
Anti-virus products have been exploited and anti-virus products now represent a growing threat in the coming months.
Despite this fact, you need to run an anti-virus product if you use Windows, but that is not good enough.
My wife's Windows-based computer was attacked despite having anti-virus software.
Even if the anti-virus product is safe to use, viruses can travel across the Internet for months before you can download a fix that can only be obtained if you pay the rental fee for the anti-virus product. Such products are no guarantee you are safe.
It helps to know how hostile software works.
- Viruses - adds itself to an existing program file
- Worms - independent program file
- Trojans - hostile software installed by the user
- Rootkits - allows other users to control your system remotely
- Spyware - tracks and reports your activity
- Hacking - unauthorized access by compromising password
Virus and worm programs use defects to install themselves on your computer without your permission to replicate.
Trojans and spyware are normally installed by the user because of a phishing attack.
- Phishing - official looking website or email that pranks the user into installing software or sending bank information
Spyware gathers personal information without your permission.
There is no protection for single threats directed against high-profile users, such as celebrities, elected officials, large companies, and government agencies. That is because the virus must first activate and be reported somewhere before it is picked up by anti-virus manufacturers.
There is zero protection for the first individual or organization that is attacked.
What protection do you have?
There are, as far as we know, no Mac OS X viruses in the wild.
To prove that assertion wrong, you only have to name one.
No Mac or Linux viruses exist in the wild.
As it turns out, the primary threat to Mac and Linux is the user, and this challenge still stands.
These are phishing attacks that deliver a trojan horse payload that is installed by untrained users. These work by pranking Apple users into installing fake anti-virus software by exploiting fear created by actual virus threats that exist only for Windows computers.
There is no such thing as anti-virus software for Mac because there are no viruses.
There are always users that fail to research software before installing.
A trojan attack works because the attack relies on lazy users.
Users can only be protected from trojans and phishing with training. Software can provide no such protection.
The only anti-virus products for Mac and Linux are email scanners to thwart virus and worm attacks directed against Windows clients.
Trojans are always downloaded and installed by the user. No software can protect for that kind of threat.
There are no widespread Mac and Linux virus threats because of the following.
- Defect correction cycle shorter than the time required to develop a virus threat
- Modern security features that isolate user accounts from the main operating system
You protect yourself from trojan threats by investigating software producers on a non-administrator account before installing the actual product from a site that has a good reputation. No software can provide this kind of protection. These sites have a good reputation with regard to researching threats and weaknesses before posting a product for download.
Microsoft recently joined this list, but some products remain vulnerable.
Trained users typically deal with infections as follows (requires a modern operating system).
- Create at least one account with administration privilege just for maintenance (as soon as you get the computer)
- Create separate accounts for each user and block administrator access (as soon as you get the computer)
- Log into the administrator account regularly to install updates (weekly or monthly)
- Web and email are only accessed through the user account
- The user must backup their files regularly
- Delete any user account that becomes infected
These techniques were used on my wife's computer to restore normal operation.
This works well with Apple OS X, Windows Vista or Windows 7, and Linux. The reason is that when malicious software takes over a user account, the hostile software is not supposed to be able to access areas belonging to the administrator and other users. That is true if the operating system uses competent security features and timely updates.
Deleting the affected account will remove the virus or trojan if the manufacturer has built a product with competent security.
The maintenance account is not used for routine browsing and email because an infection in an administrator account requires the hard disk to be partitioned and reformatted to remove the virus.
Why are Windows computers 1000 times more vulnerable?
There are different vulnerabilities, but the classic virus that best helps to understand the issue is the image threat for Windows XP, Windows Professional, Windows 98, and Windows 95.
From 1995 to 2005, Internet Explorer (and Outlook) would open files, such as images, without verifying the files contains an actual image file, move file, or sound file (media). Windows would open any computer program renamed with the wrong suffix using the registry to determine whether or not to open the file, such as jpg for a computer program masquerading as an image file. The renamed computer program file runs as a program. The classic threat consists of a web site or email where a picture has been replaced with the virus program. The primary lure is people seeking appealing images, sounds, and videos.
Unlike Trojans, Virus threats take advantage of weaknesses in browser and email software to gain unwanted access to your computer resources without your cooperation.
Weaknesses like this are found by thoroughly testing the product, so product maturity is the primary way to control this risk.
Visual Basic is one of the common attack vehicles, which relies on interconnection between these packages to accomplish the infection (macro virus).
A macro virus is actually a trojan because the user must open the file to activate the payload, so there is no protection.
One of the emerging threats is the Adobe PDF macro virus. This requires JavaScript or Flash, so script features should be disabled in Adobe.
The best overall combination for Intenet security are the following.
- Firefox with NoScript - for web browsing
- Thunderbird - for email communication
- Preview - for PDF and image viewing on Apple (does not support JavaScript and Flash)
- Evince - for PDF and image viewing on Linux (does not support JavaScript and Flash)
- Open Office - productivity software
Software updates for operating systems, web browsers, and email clients reduce threats.
More mature systems reduce virus threats, and this brief history illustrates the underlying nature of the problem.
- 1969 - Internet created (ArpaNet)
- 1971 - UNIX released
- 1976 - Apple 1 released
- 1982 - Microsoft DOS released
- 1986 - AppleTalk on all MacIntosh computers - adopted by schools and universities for network access
- 1988 - Morris Worm - developed at Cornell University; launched from MIT - network security development begins
- 1991 - Linux released - based on UNIX
- 1992 - MacPPP (Merit Network) and Winsock (Sun) - support for commercial Internet access
- 1993 - Mosaic - first modern web browser developed for Mac and UNIX
- 1995 - Microsoft networking capabilities begin with Windows 95
- 1999 - Mac migrated to UNIX with OS X release - enhances network security; virus threats eliminated
- 2006 - Microsoft begins to catch up on Internet security with Windows Vista
The actual market for anti-virus products was created by Microsoft vulnerabilities left uncorrected by between 1988 and 2006. Security features required to eliminate virus threats were not demanded by customers. Anti-virus software deals only with damage created by programmers that exploit this weakness by delivering virus software.
Apple and UNIX networking existed for approximately 10 years before mainstream Microsoft networking products emerged.
Microsoft focuses most of its resources on development and marketing, so the company averages 7 years behind Apple and Linux for sophisticated infrastructure features like competent security.
You can find more information about computer security at the following comedy website.
Disclaimer: I do not advocate any particular operating system product. Each individual product has different strengths and weaknesses. For this reason, I own products that run Windows Vista, Windows 98, Apple OS 7, Apple OS X, UNIX, and Linux.