Malware: What’s running on your computer / network without your knowledge?

By now, you have been through the process of getting a new computer and seeing how great it runs, only to be bogged down within the first thirty days (or less) after connecting to that DSL/ Cable / T1 Internet connection. As I’ve noted in the past, though, the longer you have that new computer, the slower it will become. While computer costs are not what they once were, even if you are in a one or two year cycle for hardware replacement, you still need to keep those systems running well. The threats are numerous, and unless you have a multi-pronged approach to Malware infection prevention, you will have software that is running on your hardware that you do not want, may not have known was installed and just need to get rid of. As the threats increase, your use and knowledge of tools must increase as well

What is Malware?
As I discussed in a 2004 article, Malware is a word coined to describe hostile software like viruses, Trojan Horses and worms. Definitions available on the Web refer to Malware as malicious software specifically designed to damage or disrupt a system, such as a virus or a Trojan Horse. While a good definition, the problem is that a program that I might consider Malware- that is, one that gathers information and reports back to the people who wrote the program - might not be considered as such by the authors. Perhaps they really are just trying to gather information to improve their product or service (yeah, right). In reality, they are doing so at the expense of 1) my disk space, 2) my bandwidth and 3) my privacy. Many of the programs classed as Malware offer something that people want, and the Malware component is in the payload. The main difference is that so many things we all use can be laced with Malware or, at a minimum, code and components you do not need or want may be installed.

What are the new threats?
It is interesting to me that some companies with good reputations in the marketplace are now bundling unwanted software and components with their programs. A good example of this is America Online’s Instant Messenger. When doing the default installation, this program will try to setup email you do not want, load a browser you do not want and put shortcuts in every nook and cranny on your computer. AOL is not alone: Yahoo! and others do it, too. Worse yet, when you load drivers for mice, one vendor (Logitech) loads components that include links and tools for eBay. The key is to look and actually read the installation instructions for the software and driver installation programs. As it has always been, if you choose a ‘default’ install of anything, someone else is making the choice of what to install on your PC; and you are letting them do it.

What about other threats?
Some of the worst things that can get loaded on a system come piggybacked with software that is under fire anyway. Limewire, Warez and the infamous Kazaa have been used for years by people who ‘share’ files. This ‘sharing’ results in the widespread distribution of copyrighted software, movies and music illegally without the permission of the copyright holders. As these programs try to wrangle around the legal systems, new ones come to the forefront or worse yet, something completely different comes out.

A good example is Skype, a free Internet telephony product that uses peer-to-peer (P2P) networking protocols, from the people who wrote Kazaa. This allows users to make free internet-based phone calls and low-cost voice calls around the world. What individual or business would not like to eliminate / curtail rising phone costs? That is the hook. Here is the gotcha.

When Skype is installed, the user consents in the license agreement (you know, the box that no one reads and where everyone clicks “Next” just to get off the screen?) to allow your machine, your network connection and your system processor to be designated as a super node. If your Skype connection is behind an inexpensive or improperly configured firewall/router, particularly on a broadband connection, you stand a very good chance of becoming a supernode, that is helping to switch traffic for people who are behind NAT on their LANs or business / home networks. In some circumstances the sheer volume of TCP connections can then overwhelm the router, like a Denial of Service (DOS) attack. Your system grinds to a halt with DNS and web timeouts.

By running Skype, your system can (and probably will) participate in providing Voice over IP (VoIP - internet phone calls) services outside of your direction and control. You are also agreeing to provide services to Skype for resources owned that may be owned by your company. As individual users are not empowered to give such consent, your IT people will probably become rabid.

Where Can I Find Out More?
There are many sites on the web that give some very good information on Malware and on removers for Malware and associated components. While this is not an endorsement, you can find a rather inclusive list of malware and the associated threats associated with programs that people use and download everyday at http://www.cexx.org/adware.htm . In addition, the link for programs that remove these programs can be found at http://www.cexx.org/noadware.htm . Remember however that you should check all sources to make sure there are not issues with any of the programs listed, and make sure you are running a currently updated virus scanner before downloading anything! Once you have removed the junk that is gumming up your system, make sure you run the program you are using to detect these program at least once a week, if not daily. You will be amazed at the speed increase you will see without all this junk clogging your machine’s performance! If you have questions or comments about this article, contact me.

All product names / logos, company names / logos are copyrights of their respective holders. John Boline is an MCSE, CNE, USE and a member of the Network Professional Association. The content herein is often based on late-breaking events. Much of the material is based on information from sources that are believed to be reliable. Hagerman & Company, Inc. disclaims all warranties as to the ultimate accuracy or completeness of the information. Hagerman & Company, Inc. and its employees shall have no liability for errors, omissions or inadequacies in the information contained within this article or for any interpretations thereof. The recommendations, positions and best practice policies outlined herein represent Hagerman & Company, Inc. initial analysis and therefore are subject to change as further information which may have bearing on these positions is made available. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. Entire contents 2006 Hagerman & Company, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden

 

 

 

This page last edited on Tuesday, March 09, 2010