The computer virus comes of age

In November 2009 the Morris Worm celebrated its 21st birthday. Without getting into too much virus theory, let’s just group all of these bad things, Trojans, worms, parasitic file infectors, spyware, adware under the title of virus – something we don’t want infecting our computers. It is with some humor that I learned that the original term for these bad applications was a weed – yes a plant metaphor. That would mean that my antivirus software would have been called an herbicide? Somehow asking someone to scan their computer for viruses seems more understandable than asking them to run the weed wacker or weed eater through their system!
While the original intent of the Morris worm was not malicious, it is safe to say that these days, virus writers (let’s just call them hackers in general), do want to infect your systems. What do they want with your computer? Typically, they want your personal information such as credit card numbers and passwords especially passwords to online bank accounts. Once your system has been pilfered, it will still hold a purpose in that it along with thousands, tens of thousands and even hundreds of thousands of other compromised systems will be sold as a service for things like sending spam, hosting malicious web sites and attacking web sites or companies in targeted attacks.
This is not meant to purvey the image of doom and gloom online. This is reality and citizens of the connected world need to be aware of the risks. Drawing a parallel with the physical world, much of the Internet is safe but as you stray off the main streets, you should be more aware of the environment and take appropriate precautions. In one sense, you could even consider the Internet a questionable neighborhood you have to visit every day of your life. You would lock your doors or make sure your wallet was not in the back pocket of your jeans wouldn’t you?
So what advice do I have? I have some tips that apply equally to Windows systems and Apple Macintosh systems. The Mac vs. PC debate is one I’ll happily discuss, but another day. What is important to realize is that as Mac’s become more popular with users, so will they become popular with hackers. If your bank doesn’t care what kind of system you use to perform online banking, neither will a hacker.
Spend some money on reputable commercial antivirus software for your computer(s) and most importantly, make sure it is installed, enabled and is kept up to date. I am referring to just the plain antivirus package and not the all inclusive security solutions that endlessly prompt you to accept or deny actions. The average user will quickly tire of the questions and disable some or all of the system which defeats the overall purpose of said software. Ask your office IT manager if the office has any home use licenses available. Often these are very low cost if not free.
Turn on your system’s firewall. This will prevent unsolicited connections to your systems. Communications initiated by you will automatically be allowed.
Keep your software up to date. Most operating systems and applications perform routine checks online for updates. I’m sure you have all seen multiple messages indicating updates are available for download or need to be installed. Do keep up with these periodically. Manufacturers distribute these for good reasons. Usually they are to fix problems, including security ones, found in their products and sometimes they actually make the product perform better. Updating a faulty product we spent good money on may be a distasteful act, but unfortunately we accepted this practice long ago in the industry.
Be careful where you surf. A really good tool I recommend for my corporate customers exists as a free package for consumers – SiteAdvisor. SiteAdvisor is an add-on to Internet Explorer or Firefox web browsers. Once this small package is installed, it will give you toolbar with an indicator for web site rating. Consider SiteAdvisor as a sort of traffic light for the web, complete with the green, yellow and red light concept. Started by MIT graduate students, the SiteAdvisor database is a sort of credit or safety rating for web sites based upon the content of the site specifically dealing with adware, spyware, pop-ups, viruses and even the sites propensity to distribute private information such as your email address. You can find it easily by Googling (Binging if you prefer too!) SiteAdvisor.
Be careful what emails you open. Windows and specifically Outlook users can download the free TrustedSource toolbar. Google TrustedSource toolbar. The TrustedSource database is also a credit rating of sorts, but of addresses rather than web site names. The toolbar can help you by identifying spam and fraudulent emails. If you still choose to open message or click on a link contained in an email, don’t say we didn’t warn you!
It does trouble me when I hear of friends, or friends of friends that are victims of identity theft or have lost all of their family photos because of a virus (yes, they should have had a backup but that is a battle for another day). It also bothers me when I see Facebook updates for links to malicious websites or videos. I know that my friends systems have been infected with something, and they may not even know it.
Coming into the holiday season, there are specific things to watch out for. McAfee has interesting consumer news regarding “The Twelve Scams of Christmas.” Google it and please take the time to read it.
If you’re lost with any of these steps, please contact me. Really, please do.
In a later article, I will share some very interesting statistics into this underground industry and economy. For example, volumes of spam increased significantly following the passing of Michael Jackson and Farah Fawcett. Spammers love a good tragedy and know how to exploit it.


IT Matters by Sean Slattery, Senior Systems Engineer and McAfee Security Instructor at Alphasoft Ltd.