Saturday, June 26, 2010

Never Let Your Guard Down

I don't consider myself a computer/network/Internet security expert, but I've been at this a long time, and having 10+ years' experience on both sides of the fence, I'd say I know more than the average user about the issue of computer security.

Security is an issue I take very seriously, and I pretty much run my own network in "paranoid mode." My anti-virus/malware/spyware tools and programs are always up-to-date, I use a well-configured hardware firewall, anything I download personally gets scanned twice, I do regular malware/spyware/virus scans in addition to having constant protection enabled against such threats.

I say this because today I got a trojan, my first one in 9-10 years, that my anti-virus detected and warned me about, but wasn't able to quarantine or delete, though it said it would be deleted after a reboot.

Being curious about these kind of things, as well as hoping to learn where I could have picked up the trojan to begin with, I went to Google first to find what I could about this particular trojan, TR/Agent.uwi.6144, and saw some really curious behavior in my Google searches. Each search I did would redirect to another kind of search site. At first I thought it was something with the sites themselves, yet I found I could still see the intended site using Google's cached option. Google cache is your friend: Before I started using version control for Web Design projects, Google's cache saved my butt a time or two when I'd accidentally deleted the wrong file. In case you're wondering, this was using Firefox browser, not Internet Explorer (which I only use for testing purposes).

This particular trojan (which goes by a variety of names) hijacks your browser and redirects to spam search sites. After a reboot - as the anti-virus program promised - the trojan was gone and correct functionality was restored to my Google searches. Trojans are not typically caught by most anti-virus programs, as anti-virus focuses on viruses (spell-check claims "virii" isn't a word), and trojans aren't technically a virus (they're a back-door, which is worse), and usually require a separate program. The anti-virus I use, Avira, scans for and blocks trojans, malware and spyware.

My point here is this:
The average computer user views their anti-virus, anti-spyware, anti-malware applications as something you "set and forget." Setting is good...forgetting, or becoming complacent about security. It's a lot easier to defend against an intrusion than to clean it up afterward.

Just like spammers who are always finding new ways around spam filters, virus writers/creators are always finding new ways around existing computer protection. It may take hours or days for a brand new threat to be included in your anti-virus' database (and therefore detected), so even when you keep your anti-virus definitions up-to-date, there's always a window of time where a potential infection could occur.

Beyond that...no anti-virus/anti-spyware/anti-malware (or for that matter, spam filters) is, can be, or should be considered to be 100% fool-proof.

Never let your guard down.


Disclaimer:
This is not an invitation to a geek pissing contest, to see who can boast they've never had a security issue, or that they don't have to worry because they run Linux/Mac/etc. I find this kind of behavior boorish at best, and counter-productive at worst. The single most important part of computer security is user education, which is why I'm taking the time to post this. I don't need a chorus of geek snobs (and you know who you are) claiming "If you only ran Linux that wouldn't happen."

Like each computer itself is set up differently, each computer users' needs and requirements are different. I happen to have a business need for running a Windows machine...period, end of story. Windows dominates the market in personal (home) computers, and it's counter-productive to pretend otherwise.

I also work my machines to death, way more than the casual computer user, which means that I am both more aware when something isn't right (spending 18 hours a day with anyone or anything you develop a symbiotic relationship) and my machines are also exposed to more potential threats than the casual computer user. I download files from clients on a routine basis, and though they are scanned once if not twice, there's always the possibility of receiving an infected file that they themselves aren't aware of.

[cross-posted to Hello World!, our Web Design blog]