The war on malware
First of all, Happy New Year! Here’s hoping that 2013 is a terrific year for you and your family.
Sadly, I believe that 2013 will be a watershed year for malware, as it morphs into more sophisticated and broader based applications. In the past few years, there have been articles upon articles discussing the many ways your computer can be compromised to either steal information from you or to use your computer to damage and steal from others. However, what’s disturbing to me is how the game is changing.
There are several ways that malware writers have morphed to stay ahead of the anti-malware and other safeguards. For this post, I want to focus on two:
- Increasingly sophisticated attacks
- Broad array of platforms vulnerable for attacks.
It wasn’t that long ago, the principal concern were viruses targeted to Windows systems. Anti-virus solutions by stalwart providers like Norton and McAfee would include an engine that would run though a list of the most up-to-date virus “signatures” attempting to match one or more of these signatures against files on your computer. When a new virus or virus variant hit the Net, the research arms of these companies and various government entities would scramble to devise a new signature to be used to identify the problem. It would take a few hours to generate the new signature and a few days to get a large enough base of updated computers to prevent wide spread contamination. This solution made several assumptions:
- A signature would be able to be identified. Signatures are patterns in various system and user files as well as applications that indicate something is not quite right.
- An updated signature file would be available and deployed quickly enough
- Damage was limited if the number of computers with up-to-date signature files was sufficiently large.
- Viruses typically didn’t impact non-Windows systems.
However, as one might expect, malware writers are not stupid and though the cat-and-mouse continues, malware writers are making it very difficult to identify signatures. Malware is now being developed that exploits some or all of the assumptions listed above.
Back in June, I wrote about a particularly nasty bit of malware called Flame. In this particular attack, the malware disguised itself as a legitimate Microsoft application that required downloading or updating. It’s taken researchers years to identify the problem, then to generate the signature. For over 5 years (yes, that’s YEARS), Flame was quietly infecting computers, collecting data and worming its way into enterprise networks.
Another case was the Adobe Flash spear-phishing malware that infected a single computer at the security company RSA, which over a very long time wormed its way into very sensitive servers compromising RSA’s SecureID authentication in 2011. This was a very sophisticated attack that started with finding one user not paying attention.
Today, anti-malware solutions, while still important for preventing the reemergence of pre-existing malware and helping to slow the dissemination of malware, are not adequate for protecting your computers. It’s becoming clearer that users need to take on more responsibility for your actions. Fortunately both Windows and Macs make it harder for malware to infect as long as you’re diligent:
- Keep all of your software (including anti-malware) up-to-date. Some of the most effective deterrents and fixes are in updates.
- Don’t click on links in emails
- Don’t approve the installation or update of software unless you request it.
See my article about whether Anti-malware software is needed for Macs for how to safeguard your machines regardless of which OS you run.
For more information on the limitations of traditional anti-malware solutions, see the NY Times article: Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt
Broad array of platforms
The other major change is the shear number of different platforms that have become so ubiquitous as to be huge, juicy targets. Couple that with the fact that we don’t think of them as real computers. Smart phones, tablets, smart gaming consoles, smart TVs to name a few.
To take but one example: eWeek projects that Apple will sell 173 million iPhones in 2013 alone. Consider that Android based phones currently dominate iPhones and the shear numbers are mind-boggling.
In August, I wrote a post entitled The Canary in the Coal Mine about this very concern. I believe that in 2013, malware in devices will come to the forefront. I’m particularly concerned about smart phones and tablets, but we might also see infestations in other electronic appliances like game consoles.
Again, take the same precautions that you’d take with your computers. Also, only install apps from known the appropriate “store”, as there is some accountability for the quality of the apps by the company sponsoring the store.
Also, though I don’t usually push one type of OS or solution over another, I personally am a lot more comfortable with Apple’s iOS solution over Google’s Android. I feel that the more closed Apple environment, along with closer integration between the hardware and software makes it easier to control quality and security. It’s not perfect by a long shot, but better.
Be very careful transacting commerce and doing banking and other financial transaction via your mobile device. Though there are safeguards and the transactions are encrypted, the deployment of these solutions is happening so rapidly, it will take time to determine how secure they really are. Security experts recommend to NOT use your mobile device for financial transactions, but alas the genie is out of that particular bottle.
Also, be sure to lock down your device, using passwords and limiting the number of retries before the device is erased. Also, know how you will find and remotely erase the device if you lose it. You need to do this while you still have the device and not wait not until its gone and time is of the essence. Also, be sure to back up your device at least once a week so that you can recover your apps and data if the device is lost and/or damaged.
Finally, if you received a new device for Christmas or your birthday, be sure to securely erase the old one before disposing or reselling it.