Virus and Spyware Threat is Larger Than Ever Before - Anti-Virus Companies Struggle to Keep Up with Flood of Spyware - Part 2

Posted on April 8th, 2008 by Todd

Thanks for visiting Tech-Bitz.com, you may want to subscribe to my RSS feed in order to stay up to date with all the latest news, reviews and how-to guides

In Part 1 of this article - Virus and Spyware Threat is Larger Than Ever Before - Anti-Virus Companies Struggle to Keep Up with Flood of Spyware - we talked about the ever increasing threat posed by malware, spyware and viruses.

Today we will be talking about what different anti-spyware companies are doing in order to fight this threat.

Why The Techniques of the Past Will Not Work Anymore

In order to understand exactly what these companies are doing today, we must first look at what they have done in the past to combat spyware and viruses.

In the past anti-virus and anti-spyware companies have always taken the malicious software, be it spyware, viruses, trojan horse programs, etc. decoded it and determined what made it unique, and then how to remove it from a system.

Every piece of malware is unique, just like a fingerprint, they all have a signature that, when analyzed will allow software companies to tell a ‘good’ software program from the ‘bad’.

In order to recognize these programs, anti-virus companies typically fought the invaders just like the human immune system. They would distribute copies of the virus ’signature’ to subscribers who had theirComputer Tech in Decontamination Suit anti-virus/anti-spyware programs installed and that would build up the ‘library’ of known virus programs.

When the individual computer receives or downloads a program or piece of software from a disk, network, email or Internet connection the files would be compared to these ’signatures’. If a match was found in the library of known malicious software, then the file could be quarantined or destroyed before it could do any harm to the computer system that anti-virus program was defending.

That is why a good anti-malware program will constantly update itself whenever an Internet connection is made. Because their protection is only as good as that software library of known viruses or spyware.

This approach has worked very well in the past, when software companies such as McAffee, Norton, Symantec, Webroot, etc. would have the time necessary to break down and analyze each and every malicious software program, and then come up with a ’signature’ that could then be included in the next batch of library or definition updates.

The problem that these companies are now facing is much more fluid and dynamic. Just as armorers and inventors of the past constantly increased the effectiveness and deadliness of their weapons, the weapons evolved from arrows and spears to cannon and black powder muskets, now todway we have balistic missile submarines and stealth fighter jets.

The programmers that are releasing viruses and spyware today are doing the same thing as the armorers and inventors of old. They are improving not only the efficiency of the viruses and trojan horses, but also their stealth capabilities. Only at a significantly increased pace.

The attackers have also found a serious vulnerability in the system that anti-malware companies have used to detect and combat their programs in the past.

The attacking programmers have begun turning their malware programs into changelings, able to update themselves and change their signature as rapidly as anti-spyware companies release their updates.

With a different signature, the traditional anti-spyware software simply can’t ’see’ the virus or spywware for what it is and let it go past undetected. The scary part is that the spyware and worms that are being released have been programmed to change their signature on their own, and it only takes a slight change in order to make the anti-virus programs of the past totally ineffective.

This in part accounts for the vastly increased levels of spyware encountered in the past several years. In the graph below, part of the increase can be accounted for because each time the virus of spyware ‘changes’ it signature, it is counted as a completely new and different threat. As can be seen in the graph below (click for larger image).

Increasing Threat of Malware on the Internet

This is how you end up with spyware or worms with names like Melissa-A, Melissa-B, Melissa-Ab, and so on, each variation is counted as a completely new threat, even though it is basically the same virus or worm with a slightly changed signature, which in turn forces companies like McAffee and Norton to break down, analyze and release updates for each variation.

This large increase in the sheer number of spyware threats and their variations have forced sofware companies to change the way that they fight the attackers. Much like castle builders evolved higher walls and improved defenses as attackers went from simple catapaults to cannons.

A New Technique is Developed for a New Threat

The ways that anti-spyware companies have come up with in order to battle this new threat and to keep from becomming swamped with the overwhelming numbers of new viruses and other programs is two-fold.

First - They have increased the hardware and manpower available to analyzed and sort out the new viruses. This allows them to lighten the load on servers used to analyze and sort the programs, and more manpower allows more library definitions to become available at a faster rate.

Second - The companies are also getting away from the method of trying to combat each and every new threat and variation of that threat with a specific library definition.

Just as the attackers have used better programming to develop malicious software that can change form.
Software companies are using programs that can recognize multiple threats using a more ‘generic’ version of the definitions.

This new method of spyware recognition is called ‘Heuristic Programming’, basically what this means is that instead of having to provide the anti-virus or anti-spyware program with a specific list of definitions or libray entries, the software companies basically ‘teach’ the software how to recognize patterns in certain types of malicious software. The anti-virus programs can then recognize multiple types of programs as dangerous from one defintion.

Computer Viruses Cause Extreme AgravationThis can lead to some unintended consequences however. As definitions become more and more generic in order to combat more and more threats, the number of ‘false postives’ increase significantly.

False-positives can result in ’safe’ programs and applications being recognized as dangerous malware.

The anti-virus software can then attack the ‘good’ software and cause significant damage to applications and operating systems. There have been several reports in the past several years of anti-spyware programs recognizing Windows Operating System components and programs as ‘dangerous’ and a few mouse clicks later, can cripple or even destroy entire operating systems, which results in the entire operating system and all associated programs needing to be reinstalled.

So what are we as consumers and computer users supposed to do about this situation?

Check back here at Tech-Bitz.com later for the third and final part of this article series where we will discuss what the future holds and how we can join the fight to keep our computers running clean even with the increased number of threats on the Internet.

1 Comment »
Filed under: Internet, Security, Spyware Watch

Getting Ready for Internet 2.0 - New Internet will be 10,000 Times Faster

Posted on April 8th, 2008 by Todd

Imagine Downloading an entire full length High Definition movie in under three seconds over the Internet!

Or how would you like to download the entire music collection of the Beatles in the blink of an eye.

Near instantaneous downloads of music, high definition movies, on-demand cable tv and true video phones are going to within our grasp in the next few years, and the first steps towards that marvelous day will be taken later this summer.

Scientists at the Cern laborartory near Geneva, Switzerland have developed what will soon be called ‘The Grid‘ or as most people will come to recognize it ‘Internet 2.0‘. This new Internet will do for downloads and filesharing what Facebook and MySpace has done for social networking.

A significant portion of this second Internet has already been built. It will not completely replace the existing Internet as much as it will run in combination with it.

You could think of The Grid like a permanent highway by-pass around a congested city street system. The new Internet 2.0 will not directly connect to every home that is currently on the Internet immediately, but it will allow traffic to flow much more smoothly and faster to the high traffic points on the roadway. Therefore making the overall flow of traffic, both on and off the new highway, much quicker.

Experts predict that the typical Internet connection of today will eventually become up to 10,000 times faster as The Grid eventually fans out across the globe and spreads beyond the academic centers that are scheduled to go ‘on-line’ this fall.

For additional information you can go the original story on TimesOnline

Tech-Bitz will make sure to keep you informed of all the latest developments of this new network, and what they will mean for the average web surfer, as The Grid goes live later this summer and early fall.

No Comments »
Filed under: Internet, Tech News

Best Bitz of the Web: EcoGeek.org reviewed

Posted on April 7th, 2008 by Todd

EcoGeek.org Blog shows that technology can help save the environment

Green High Tech Recycle Symbol
With EarthDay right around the corner, I thought I would dedicate the next couple of Best Bitz of the Web reviews to websites that promote green technology and/or the environment.

Luckily, this week I am able to do both with this weeks review of EcoGeek.org.

As a self confessed gadget geek and also a person who cares as much about the environment as I do about my next computer upgrade, this is a site that I got interested in very quickly.

As their About Page description begins “Technology can be a force for evil, or for awesome…EcoGeek devotes its pages to exploring the symbiosis between nature and technology”

Ecogeek.com was originally started as a graduate project by the author Hank Green as an assignment from his professor, and it has developed into one of the reasons I love the blogosphere. This site and others like it provide me with news about technological advances to keep an eye on that no one in traditional media even touches (other than the occasional Discovery or Science channel show).

EcoGeek focuses on the synergy that can be achieved by combining technology, environmentalism and capitalism in creative ways to help reduce pollution, reduce energy costs and basically clean up the environment, while still living as or more comfortably than we do today.

I usually try to spend a little time each week going through these pages, with almost 1500 posts and approximately 10 more added every day, they have some really interesting information that almost everyone can find something of interest on.

The website itself is very easy on the eyes and laid out very well. (I’m considering using EcoGeek as one of the sites to model the next version of Tech-Bitz.com after, I like the look of it that much)

All posts are clearly designated to specific categories as found on the right side-bar menu, with a minimum of ads and other clutter that make up a lot of the web today.

All-in-all anyone interested in either gadgets, technology and/or the environment should really put EcoGeek on the short list of sites to check out this EarthDay.

No Comments »
Filed under: Best Bitz of the Web, Internet, Tech News, Website Reviews

Definitions of Malware, Spyware, Viruses and More - Beginners Guide to Malware, Viruses and Spyware.

Posted on April 7th, 2008 by Todd

Everthing Old is New Again: Trojan Horses

Trojan Horses - Anyone familiar with Greeek Mythology recognizes the tale of Troy and the Trojan Horse.
Basically, Trojan Horse programs were developed as bait to get people to do the hard work of spreading computer viruses. Just like their historical namesake, a vicious little package is placed in a trojan horse in order to conceal it from sight, the unsuspecting computer user intalls the program because it looks like it will help him/her or it looks cool or whatever. Once installed on the computer and safely inside the outside protection of the computer, the trojan dumps its cargo of computer viruses, worms, etc.

The Trojan Horse itself can be just about any program or utility. P2P file sharing programs like Kazaa and Limewire are some of the better known culprits and have been accused of installing spyware and browser highjackers since they were first introduced, If you look carefully through their End User License Agreement in fact it practically spells out that they fully intend to infect your computer with everything from pop up ads to browser spies to track your every move and click online.

There are other examples as well. Fake Spyware removal and Anti-Virus utilities and programs have beenWho is Spying on You and Your Computer used as Trojan Horses as well as Fake Download Speed Boosters,

Usually the tell-tale clue that something may be a Trojan Horse program is the old saying about “if it sounds to good to be true, then it probably is”.

Any time you have a professional looking program that someone or some company has obviously spent a significant amount of time and money developing, yet they are not charging anything for it, it is usually a pretty good sign that the software could be a Trojan Horse.

For Example - You receive an email about new spyware prevention/removal program that is free to download and use, with no restrictions or trial period indicated. The company is basically just giving the software away. That is usually a good indicator that the program is a Trojan Horse.

The most imporant thing to remember about Trojan Horse programs is that by themselves they are not designed to harm computer systems themselves. They are the camouflage or disguise that ‘carries in’ the damaging malware. A Trojan Horse without a payload of either a virus, a logic bomb or spyware is just an empty suit of clothes.

Any time a company is spending money to develop a piece of software, yet doesn’t charge anything, should be a big warning sign that something may be too good to be true. The software company is making making money somewhere/somehow, they are just making it from a ’silent partner’ who is probably paying them to install spyware or some other form of malware into the program.

This way this silent partner can receive different types of information such as marketing information, free traffic driven to a specific site, advertising in the form of pop up windows, etc, and ‘that’ is how the software company is making their money.
Open-Source software seems to be the exception that proves this rule correct, by its very nature open source programs can be torn apart, inspected and determined to be free of malware by the open source community. Open-Source programs cannot hide any secret Trojan Horse programs because of their ‘open’ software design.

In future posts I will be discussing some of the most widely used Open Source and Free software that you can trust to not carry any Trojan Horse or Spyware applications.

Check back here tomorrow for the next installment in the Beginners Guide to Malware, Viruses and Spyware or you can Subscribe to our RSS feed to make sure that you don’t miss any other updates here at Tech-Bitz.com

Tomorrows topic will be: Making Money from Malware: Spyware, botnets, keystroke loggers and dialers.

1 Comment »
Filed under: Internet, Security, Spyware Watch

New “Contact” and “About Tech-Bitz” pages added to Tech-Bitz.com

Posted on April 7th, 2008 by Todd

I just wanted to make sure that everyone knows that Tech-Bitz.com has now added both a Contact and About page to the site, both to let you know exactly who I am and why this blog exists, as well as to let you contact me easier with any questions you may have.

Don’t worrry, the weekly Best Bitz of the Web website review and the follow up to Definitions for Malware, Spyware, Viruses and More - Beginners Guide to Malware is on the way shortly.

The second installment of Virus and Spyware Threat is Larger Than Ever Before - Anti-Virus Companies Struggle to Keep Up with Flood of Spyware will be posted in a few hours.

No Comments »
Filed under: General, Tech-Bitz News

« Previous PageNext Page »

Subscribe to RSS Feeds Subscribe

Add to Technorati Favorites Join My Community at MyBloglog!

  • Calendar

    • January 2009
      M T W T F S S
      « Apr    
       1234
      567891011
      12131415161718
      19202122232425
      262728293031  

  • Archives