Figure 3-45
Malware Activities
• Display irritating messages and pop-up ads
• Delete or modify your data
• Encrypt your data and demand ransom for the encryption key
• Upload or download unwanted files
• Log your keystrokes to steal your passwords and credit card numbers
• Propagate malware and spam to everyone in your e-mail address book or your instant messaging
buddy list
• Disable your antivirus and firewall software
• Block access to specific Web sites and redirect your browser to infected Web sites
• Cause response time on your system to deteriorate
• Allow hackers to remotely access data on your computer
• Allow hackers to take remote control of your machine and turn it into a zombie
• Link your computer to others in a botnet that can send millions of spam e-mails or wage denial-ofservice
attacks against Web sites
• Cause network traffic jams
How do I know if my computer is infected? Watch out for the
symptoms of an infected computer listed in Figure 3-46.
Figure 3-46
Symptoms of Infection
• Irritating messages or sounds
• Frequent pop-up ads, at times with pornographic content
• The sudden appearance of a new Internet toolbar on your browser’s home page
• An addition to your Internet favorites list that you didn’t put there
• Prolonged system start-up
• Slower than usual response to mouse clicks and keyboard strokes
• Browser or application crashes
• Missing files
• Your computer’s security software becomes disabled and it cannot be restarted
• Periodic network activity when you are not actively browsing or sending e-mail
• Your computer reboots itself frequently
Some malware does a good job of cloaking itself, so victims are unaware of
its presence. Cloaking techniques are great defense mechanisms because
when victims aren’t aware of malware, they won’t take steps to eradicate it.
Many victims whose computers were part of massive botnets never knew
their computers were compromised.
Some hackers cloak their work using rootkits. The term rootkit refers to
software tools used to conceal malware and backdoors that have been
installed on a victim’s computer. Rootkits can hide bots, keyloggers, spyware,
worms, and viruses. With a rootkit in place, hackers can continue to
exploit a victim’s computer with little risk of discovery. Rootkits are usually
distributed by Trojans.
How do I avoid security threats? The Orientation section at the
beginning of this book listed some techniques for safe computing. That list
is worth repeating (Figure 3-47).
• Install and activate security software on every computing device you own.
• Keep software patches and operating system service packs up to date.
• Do not open suspicious e-mail attachments.
• Obtain software only from reliable sources, and before running it use security software to scan for
malware.
• Do not click pop-up ads—to make the ad go away, right-click the ad’s taskbar button and select the
Close option.
• Avoid unsavory Web sites.
• Disable the option Hide extensions for known file types in Windows so you can avoid opening files
with more than one extension, such as a file called game.exe.zip.
What’s a virus hoax? Some virus threats are very real, but you’re also
likely to get e-mail messages about so-called viruses that don’t really exist.
A virus hoax usually arrives as an e-mail message containing dire warnings
about a supposedly new virus on the loose. When you receive an
e-mail message about a virus or any other type of malware, don’t panic. It
could be a hoax.
You can check one of the many antivirus software Web sites to determine
whether you’ve received a hoax or a real threat. The Web sites also provide
security or virus alerts, which list all the most recent legitimate malware
threats. If the virus is a real threat, the Web site can provide information
to determine whether your computer has been infected. You can also find
instructions for eradicating the virus. If the virus threat is a hoax, by no
means should you forward the e-mail message to others.
What if my computer gets infected? If you suspect that your computer
might be infected by a virus or other malware, you should immediately
use security software to scan your computer and eradicate any suspicious
program code.
SECURITY SUITES
What is a security
suite? A security suite
integrates several security
modules to protect against
the most common types
of malware, unauthorized
access, and spam. Security
suites might include additional
features such as
Wi-Fi detection that warns
of possible intrusions into
your wireless network
and parental controls for
monitoring and controlling
children’s Internet usage.
A security suite, like the
one in Figure 3-48, typically
includes antivirus, firewall,
and anti-spyware modules.
What are the advantages and disadvantages of a security
suite? A security suite costs less than purchasing standalone security
modules. In addition, a single interface for accessing all of the security
suite’s features is much less complex than having to learn how to configure
and run several different products.
When installing a security suite you are typically required to uninstall or
disable all other antivirus, anti-spyware, and firewall software on your computer.
Most security suites cannot run concurrently with standalone security
products, and overlapping security coverage from two similar products can
cause glitches. Therefore, one disadvantage of security suites is that you
become dependent on your security package’s vendor, who becomes the
sole protector of your computer from malicious code. In addition, suites
may not have the best individual security components, but you cannot pick
and choose. However, competition between security suite vendors tends to
increase the quality of security offerings
Where can I purchase a security suite? The most popular security
suites include Symantec Norton Internet Security, McAfee Internet Security
Suite, ALWIL avast!, and Trend Micro Internet Security. They can be purchased
in most office, electronics, and computer stores, or downloaded
from the Web.
It is also worth looking into your ISP’s free security offerings. For example,
Comcast provides its customers with McAfee security products, all accessible
through Comcast’s special toolbar. AOL gives its customers a security
package that combines McAfee’s main security products with its own homegrown
security features, such as parental control and spam filters.
A security suite is often pre-installed on a new computer. However, usually
it is demoware, so you have the option of purchasing it after the trial period,
normally 60 days. Typically, there is also an annual subscription fee for continued
use and regular updates. When you renew your subscription, you
might have an option to upgrade to a newer version for an extra $10–$20.
There are also open source versions of antivirus software, which do not
require annual subscription fees.
Is open source security software as dependable as commercial
security suites? Open source security software, like all open
source software, is distributed with its source code. Because the source
code is open for examination, black hats can view the code and look for
security holes. They can potentially plot strategies to disable security protection
or sneak past its defenses. Proponents of open source software,
however, claim that because the code is open, security holes are likely to be
discovered and fixed by white hats before they can be exploited by hackers.
Vulnerabilities have been discovered in both open source and commercial
security products.
Whether open source products such as ClamWin (Figure 3-49) or commercial
security software, each security suite has unique strengths and
weaknesses, which can change as the suites are updated. Before you
purchase a security suite, read current reviews and check user ratings
at consumer Web sites.