Viral Insurance Racket

Page 1: Introduction

By Oli on Friday, 08th December 2006. More information. Comments.

Viruses == Fear == Power We've all seen the films. A mobster goes to see the restaurant owner and offers to sell him insurance against nasty accidents happening to him that might ruin his livelihood. If he doesn't pay, his business gets burnt to the ground, flooded or blown up. The typical

Viruses == Fear == Power

We've all seen the films. A mobster goes to see the restaurant owner and offers to sell him insurance against nasty accidents happening to him that might ruin his livelihood. If he doesn't pay, his business gets burnt to the ground, flooded or blown up. The typical mob tactic for funding organised crime. If there's nothing to sell, make something to sell.

This is mirrored in today's politics. Following World War II, politicians offered beautiful images of hope and glory but when they couldn't deliver that, we quickly found ourselves presented with a gloomy picture of death and destruction saying: "it could be a lot worse... especially if you [say we cannot reinterpret the Geneva convention/vote for the other people]". I'm not saying there isn't a problem; just playing on public fears to get more power is not going to solve anything.

Around the same time as terrorism from unknown threats was creeping into our everyday lives, another threat has come at us: viruses, spyware, Trojan horses, backdoors, spyware, adware, malware, pop-ups and malicious software. Year on year we are reminded from left right and centre that there are fifty billion malicious programs for each computer user in the world with thousands more coming out every day; that the viruses could destroy all our work (and families); that adware and spyware can steal our credit card numbers and bank details just before we're all declared bankrupt; that our machines can be made slaves, filling the pockets of spammers.

I have no problem with the statement that any of those could happen. I could have a seizure, crash my car into a fuel-tanker and kill a hundred people. I could wake up tomorrow and forget how to breathe. A million worse things could happen to me but if I worried about every single threat to my existence, I would get nothing done. In fact the worrying would become the prime threat to my living. The fact is there are many better ways of addressing the problems of "what-if" than trying to build a wall around yourself, especially when that wall, however tall, is only one set of bricks thick.

How do we get malware?

Historically viruses were something that wormed their way around a computer, installing themselves in so many places, making them impossible to remove before their payload was delivered. "A payload", I hear you ask... That's the whole point of the virus. Almost every virus ever written has been more than a "because it can" affair. There have been ones focused on destroying as much data as possible, ones that aim to spread out across networks and infect other computers and more and more today, money is involved and there's no cash in anarchy.

The problem with the argument at hand is in order for me to contract any one of these nasty ailments, I have to actively find and activate said nasty. Most spyware is installed by a user being too stupid to tell that "debbie_does_dallas.avi.exe" is an executable and not a video file. Other programs like that come through illegitimate download sources, such as fake sites pretending to offer the user something (be that a program, a crack or porn) when in fact they're just pushing out something loaded with crap. Some is targeted in that a person makes something especially for one person but that's very rare and still usually requires that someone to do the "deed" of opening it without question.

A heavy part of why people fall victim to malware is also down to the way people run Windows. It's not neccessarily their fault, it's how things are setup by default. When you install Windows, you are asked to make a user and that's it. What it doesn't tell you is that the user is running with administrative permissions which, in turn, means anything the user does and anything the programs that the user runs do can read, write and edit anything on the computer. So when a user gets hold of something bad and runs it, all the default system security in place stands for precisely nothing. I'll come back to this later on when I make my suggestions.

The last "big" entry hole is exploits. An exploit is a method of drawing behaviour that was not designed from a targeted application. A recent example of this is in the Windows Vector Mark-up Language. Almost none of you will recognise it but it's a tool Windows can use to draw a picture to screen from a basic text-syntax, a lot like Scalable Vector Graphics. There was a sequence of characters you could put in a VML document that would break the functionality of the VML engine so bad that any further code would be executed by the system. In short, if someone puts code to load Calculator in a VML doc after the exploit code and you opened this document, calculator would load. Loading calc is a tame example. Most commonly it orders your PC to download and install some spyware or adware to make the writer some money.

This particular exploit was only found when people started noticing things installing themselves but most potential exploitable holes are caught by programmers or security techs and the developers of the application are notified. Any application that can receive external data can be exploited. Who is to blame for exploits? The programmers are partially to blame because they left security holes in their code but some applications are too complex to catch all the bugs on the first pass.

How Does An Antiviral Application Help?

An antiviral application works by monitoring all the files that are running on your computer, all the files that are being read/written/edited and occasional all the other files in big batch scans. It compares the internal data of every file against a massive database of every known virus. The antiviral companies build these databases up from viruses they find around the world and each time your antiviral application updates it gets more of these definitions so it can protect you against more nasties.

When an antivirus detects a file matching a definition, it moves it away from the eyes of the user and the computer, commonly known as quarantine; a holding area where you can decide whether to annihilate it or try to remove the virus.

As such, an antivirus can only protect you against programs or files that you download. It cannot protect you from exploits forcing their way into your computer. I repeat: you can have 15 antiviral applications running but if you visit a site that is targeting an exploitable hole on your computer, it will execute. Just as if you're hosting a web server or database for a large multinational. If there's an exploit available, no antivirus can stop someone exploiting it.

Some of the newer antiviral packages offer "script" scanning to stop downloaded exploits coming in but these won't protect your web, database server or any accessible Windows services.

Pages

Written by Oli on Friday, 08 December 2006. Tagged with antivirus, security. Read 4747 times. If you liked it, please give it a digg.

#1 /* 2 years, 1 month ago */

Recently installed Norton and it was worse than a virus... wouldnt do anything i asked, couldn't turn it fully off for more than a restart, couldn't uninstall it because it didn't install properly and hence LiveUpdate didnt want to work either... so who provides the answer? Norton. Norton know that their products are shocking and hence provide a Norton Removal Tool which removes all their products once run... draw your own conclusions.

Quote