What is Malware?

Malware is software designed to infiltrate or damage a computer system without the owner’s informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

Most computer users are not familiar with the term and don’t use it. Instead, “computer virus” is commonly used incorrectly to describe all kinds of malware, though not all malware are viruses.

What is a Computer Virus?

A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus can only spread from one computer to another when its “host” (the infected file) is taken to an uninfected computer. This can happen by a user sending it over a network, the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive.

Today, viruses are somewhat less common than network-borne worms, due to the popularity of the Internet. Anti-virus software, originally designed to protect computers from viruses, has in turn expanded to cover worms and other threats such as spyware, identity theft and adware.

Ways in which viruses and worms spread:

• Web browsing security holes
• E-mail
• Instant Messaging
• File sharing systems (Peer-to-peer networks)
• USB drives
• Shared network drives

Types of Viruses

Trojan horses

A Trojan horse, or simply trojan, is a piece of software which appears to perform a certain action but in fact performs another such as a computer virus. Trojan horses are different from a virus because a trojan cannot replicate automatically.

Worms

A worm is a piece of software that uses computer networks and security flaws to create copies of itself. A copy of the worm will scan the network for any other machine that has a specific security flaw. It replicates itself to the new machine using the security flaw, and then begins scanning and replicating anew.

E-mail viruses

An e-mail virus will use an e-mail message as a mode of transport, and usually will copy itself by automatically mailing itself to hundreds of people in the victim’s address book.

Often, a malicious file like a Word document, PDF, image, video, batch file, etc. can be attached to the e-mail and the user is tricked into opening the file. There are software protections that will scan e-mail attachments for you. Additionally, it is a wise practice to not open video files and others in an e-mail attachment.

Logic Bombs

A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Many viruses attack their host systems on specific dates, such as Friday the 13th or April Fool’s Day. Malware that activates on certain dates are often called “time bombs”.

KangaPlace Free Pick

Windows: Avast! Free Home Edition – Free and commercial versions

Additional Resources

• ChildSafe International – Virus Detection / Elimination
• PcPro UK – Compares commercial and free Anti-Virus packages
• PC Mag Compares Commercial Anti-Virus Packages
• AV-Comparatives – independent comparisons for Anti-virus software
• AVG Anti-Virus Free Edition
• Consumer Research Anti-Virus Comparison

I read a well written article that breaks down a warning email from a major security vendor about an expired anti-virus subscription. Ever gotten one of those? The AD is designed to scare the user into buying the anti-virus software whether they need it or not. The really scary part is that they want the user to click a link in the e-mail which is actually both unsafe and unwise.

Check out the full article – Poor Windows users

Security begins with education. But education means users won’t be easily impressed with scary emails and may not actually cash out money for a rather mediocre security product they don’t need in the first place. Teaching people how to use their computers contrasts the primary goals of security vendors, which is to make profit.

It’s true. If the major security vendors wanted to actually make users safer and computer systems more secure, they would do more to educate the users. But that isn’t the goal. They don’t seem to care what the user does so long as they get the money.

So how do people who aren’t security experts get the basic computer safety education they need? Who’s providing it?

That’s one of our goals here. To help give clear, summarized information on security and point people to more complete resources. The information is all available for free and is all over. But most people don’t have the time or interest to go hunt it down.

Security begins and ends with education. The most vulnerable part of the system is usually the user. Tricking a user to give up private information is the easiest way to “hack” the system. Hopefully that will improve with time.