Malware

Malware is a catch-all term refering to software that runs on a computer and operates against the interests of the computer's owner. Computer viruses, worms, trojan horses, "spyware", rootkits and key loggers are often cited as subcategories of malware. Note that some programs may belong to more than one of those categories.

How Does Malware Get Onto a Computer?

Some malware is spread by exploiting vulnerabilities in operating systems or application software. These vulnerabilities are design or programming errors in software that can allow a clever programmer to trick the defective software into giving someone else control. Unfortunately, such vulnerabilities have been found in a wide variety of mainstream software, and more are detected all the time — both by those trying to fix the vulnerabilities and by those trying to exploit them.

Another common vector by which malware spreads is to trick the computer user into running a software program that does something the user wouldn't have wanted. Tricking the user is a pretty powerful way to take over a computer, because the attacker doesn't have to depend on finding a serious weakness in mainstream software. It is especially difficult to be sure that computers shared by several users, or a computer in a public place such as a library or Internet cafй, are not compromised. If a single user is tricked into running a malware installer, every subsequent user, no matter how cautious, could be at risk. Malware written by sophisticated programmers generally leaves no immediately visible signs of its presence.

What is Malware Capable of?

Malware is extremely bad news from a security and privacy perspective. Malware may be capable of stealing account details and passwords, reading the documents on a computer (including encrypted documents, if the user has typed in the password), defeating attempts to access the Internet anonymously, taking screenshots of your desktop, and hiding itself from other programs. Malware is even capable of using your computer's microphone, webcam, or other peripherals against you.

The chief limitation in malware's capability is that the author needs to (1) have anticipated the need for the malware to do something, (2) spent a substantial amount of effort programming the malicious feature, testing that it works and is robust on numerous different versions of an operating system, and (3) be free of legal or other restrictions preventing the implementation of the feature.

Unfortunately, a black market has appeared in recent years that sells malware customized for various purposes. This has reduced the obstacles listed in category (2) above.

The most alarming feature of malware is that, once installed, it can potentially nullify the benefits of other security precautions. For example, malware can be used to bypass the protections of encryption software even if this software is otherwise used properly. On the other hand, the majority of malware is mainly designed to do other things, like popping up advertisements or hijacking a computer to send spam.

Is Malware Infection Likely?

Nobody knows how many computers are infected with malware, but informed estimates range from 40% to almost 90% of computers running Windows operating systems. Infection rates are lower for MacOS and Linux systems, but this is not necessarily because Windows is an easier target. Indeed, recent versions of Windows are much improved in security. Rather, more malware authors target Windows machines because an effective attack will give them control of more computers.

The risk that any given computer is infected with malware is therefore quite high unless skilled computer security specialists are putting a substantial amount of effort into securing the system. With time, any machine on which security updates are not installed promptly is virtually guaranteed to become infected. It is however overwhelmingly likely that the malware in question will be working on obtaining credit card numbers, obtaining eBay account passwords, obtaining online banking passwords, sending spam, or launching denial of service attacks, rather than spying on specific individuals or organizations.

Infection by malware run by U.S. law enforcement or other governmental agencies is also possible, though vastly less likely. There have been a handful of cases in which it is known that warrants were obtained to install malware to identify a suspect or record their communications (see the section on CIPAV below). It is unlikely that U.S. government agencies would use malware except as part of significant and expensive investigations.

How Can You Reduce the Risk of Malware Infection?

Currently, running a minority operating system significantly diminishes the risk of infection because fewer malware applications have been targeted at these platforms. (The overwhelming majority of existing malware targets only a single particular operating system.)

Vulnerabilities due to software defects are difficult to mitigate. Installing software updates promptly and regularly can ensure that at least known defects are repaired.

Not installing (or running) any software of unknown provenance is an important precaution to avoid being tricked into installing malware. This includes, for example, software applications advertised by banner ads or pop-ups, or distributed by e-mail (even if disguised as something other than a computer program). Recent operating systems attempt to warn users about running software from an unknown source; these security warnings serve an important purpose and should not be casually ignored. Strictly limiting the number of users of a computer containing sensitive information can also be helpful. Notably, some malware targets children, including malicious code along with downloadable video games. (Of course, computer users of any age can be tricked into installing malware!)

On Windows, regularly running antivirus and antispyware software can remove a large proportion of common malware. However, this software is not effective against all malware, and must be regularly updated. Since anti-malware software is created by researching malware discovered "in the wild," it's also probably ineffective against uncommon, specially-targeted malware applications that aim to infect only a few specific computers rather than a large population on the Internet.

CIPAV: An Example of Malware Use for Law Enforcement

A CIPAV is an FBI acronym which stands for Computer and Internet Protocol Address Verifier. CIPAVs are a type of malware intended to identify people who are hiding their identity using proxy servers, bot nets, compromised computers or anonymity networks like Tor. A small amount is known about them as a result of published documents from cases in which they were used. CIPAVs may include use of browser exploits to run software on a computer regardless of how many steps of indirection are present between the attacking server and the user.

Malware Risk Assessment

Ubiquitous malware poses a threat to all computer users. The seriousness of the threat varies greatly. For some users, it is sufficient to install operating system updates regularly and utilize caution in running software found on the web. For organizations that face a high risk of being specifically targetted by a malware author, it is advisable to find computer security experts to defend their computers — or better yet, to simply avoid using networked computers for their most sensitive activities.

Назад | Дальше