Often while we?re cleaning an infection in a client?s PC and recommending various programs to remove and prevent infections (see Security 101), we?re asked ?What?s the difference between malware, viruses, spyware and adware, and why do I need to protect myself against them with different programs?? So let?s get into it.
Malware
This definition from Wikipedia is as good as any:
Malware, short for malicious software, is software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. Malware is a general term used to describe any kind of software ? specifically designed to exploit a computer, or the data it contains, without consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software.
Bottom line is, Malware is a term that encompasses all of the other forms of infection, much as the word disease encompasses many different forms of illness in living things. Disease was probably even too anthropomorphic for those who name things like computer viruses and memory after us organics! So the term covers viruses, worms, spyware and adware.
Malware fighters, such as Malwarebytes, can be run alongside other malware fighters such as adware removers, spyware removers and anti-virus programs. But it?s a generic term, and software that calls itself anti-malware may be capable of detecting a wide range of infections. However, it?s best used along with a blend of other software.
Viruses
There are some great descriptions of viruses out there already, so instead of reinventing the wheel, here?s a detailed description of the different types of viruses, how they work and what they do. It?s from a government document called Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology. You can read the complete document here:
http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdf
but here?s the part that deals with viruses. Wake me up when you?re done reading, and I?ll summarize.
A virus is designed to self-replicate?make copies of itself?and distribute the copies to other files, programs, or computers. Viruses insert themselves into host programs and propagate when the infected program is executed, generally by user interaction (e.g., opening a file, running a program, clicking on a file attachment). Viruses have many purposes?some are designed to play annoying tricks, whereas others have destructive intent. Some viruses present themselves as jokes while performing secret destructive functions. There two major types of viruses are compiled viruses, which are executed by the operating system, and interpreted viruses, which are executed by an application.
Compiled viruses typically fall into one of the following three categories:
File Infector Viruses. File infector viruses attach themselves to executable programs, such as word processors, spreadsheet applications and computer games. When they have infected a program, they propagate to infect other programs on the system and on other systems that use a shared infected program. The virus may also reside in the system?s memory, so that each time a new program is executed, the virus infects the program. Another method of file infector execution involves the virus modifying the manner in which the computer opens a file, rather than modifying the actual program running the file. In this scenario, the virus executes first, and then the program is run. Jerusalem and Cascade are two of the best-known file infector viruses.92
Boot Sector Viruses. A boot sector virus infects the master boot record (MBR) of a hard drive or the boot sector of removable media, such as floppy diskettes. The boot sector is an area at the beginning of a drive or disk where information about its structure is stored. Boot sectors contain boot programs that are run at host startup to boot the operating system. The MBR of a hard drive is a unique location on the disk where a computer?s basic input/output system (BIOS) can locate and load the boot program. Removable media such as floppy disks need not be bootable to infect the system; if an infected disk is in the drive when the computer boots, the virus could be executed. Boot sector viruses are easily concealed, have a high rate of success, and can harm a computer to the point of making it completely inoperable. Symptoms of a boot sector virus infection include a computer that displays an error message during booting or cannot boot. Form, Michelangelo, and Stoned are examples of boot sector viruses.
Multipartite Viruses. A multipartite virus uses multiple infection methods, typically infecting both files and boot sectors. Accordingly, multipartite viruses combine the characteristics of file infector and boot sector viruses. Examples of multipartite viruses include Flip and Invader.
Unlike compiled viruses, which can be executed by an OS, interpreted viruses are composed of source code that can be executed only by a particular application or service. Interpreted viruses have become very common because they are much easier to write and modify than other types of viruses. The two major types of interpreted viruses are as follows:
Macro Viruses. Macro viruses are the most prevalent and successful type of virus. They attach themselves to application documents, such as word processing files and spreadsheets, and use the application?s macro programming language to execute and propagate. Many popular software packages, such as Microsoft Office, use macro programming languages to automate complex or repetitive tasks, and attackers have taken advantage of these capabilities. Macro viruses tend to spread quickly because users frequently share documents from applications with macro capabilities. Furthermore, when a macro virus infection occurs, the virus also infects the template that the program uses to create and open files. Consequently, every document that is created or opened with the infected template is also infected. The Concept, Marker, and Melissa viruses are well-known examples of macro viruses.
Scripting Viruses. Scripting viruses are very similar to macro viruses. The primary difference is that a macro virus is written in a language understood by a particular application, such as a word processor, whereas a scripting virus is written in a language understood by a service run by the OS. Examples of well-known scripting viruses are First and Love Stages.
??????
Zzzzzzzzzzzzz ?hmm? Oh, done already? Hey, did you skim or skip?!! Can?t say I blame you. It?s pretty dry stuff. So lets summarize:
There?s some nasty stuff out there. Period. Bad people out to getcha. Evil Bart with a keyboard in his hands. Long story short, a virus is code that replicates itself and does bad things to your hard drive. Destroys data. Messes up your programs. You know, ruins your day.
The best way to protect yourself is to keep a great anti-virus program running and up-to-date at all times. Only one anti-virus program should run at a time, as they may start fighting each other and slow your PC down. So make it a good one. (Our recommendation is in the article mentioned above, Security 101). Let?s move on.
Worms
Starting to wish you never asked? OK, we?ll try to keep it brief. Here?s the government?s take on worms:
Worms are self-replicating programs that are completely self-contained, meaning they do not require a host program to infect a victim. Worms are also self-propagating; unlike viruses, they can create fully functional copies and execute themselves without user intervention. Worms take advantage of known vulnerabilities and configuration weaknesses, such as unsecured Windows shares. Although some worms are intended mainly to waste system and network resources, many worms damage systems by installing backdoors, perform DDoS attacks against other hosts, or perform other malicious acts.
So, worms are basically a sub-genre of viruses and are usually handled by the same anti-virus software. But some anti-malware programs also detect and clean these.
Getting clearer? Alright, let?s plunge onward.
Trojan Horses
Take it away, Uncle Sam:
Named after the wooden horse from Greek mythology, Trojan horses are non-replicating programs that appear to be benign but actually have a hidden malicious purpose. Some Trojan horses are intended to replace existing files with malicious versions, whereas other Trojan horses add another application to a system without overwriting existing files. Trojan horses are often difficult to detect because they appear to be performing a useful function.
The use of Trojan horses to distribute spyware programs has become increasingly common. Spyware is often bundled with software, such as certain peer-to-peer file sharing client programs; when the user installs the supposedly benign software, it then covertly installs spyware programs. Trojan horses also often deliver other types of attacker tools onto systems, which can provide unauthorized access to or usage of infected systems. These tools may be bundled with the Trojan horse or downloaded by the Trojan horse after it is placed onto a system and run.
Trojans are sometimes planted on your PC, but are only dangerous if you don?t have a firewall, and a hacker is able to identify your PC via ?pinging? a large range of IP addresses. If you use a router, you have a hardware firewall, so don?t worry about it. If you don?t, make sure your windows firewall is turned on.
Spyware and Adware
Let?s go back to Wikipedia for this one:
Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect. Spyware is often secretly installed on a user?s personal computer without their knowledge. However, some spyware such as keyloggers may be installed by the owner of a shared, corporate, or public computer on purpose in order to intentionally monitor users.
While the term spyware suggests software that monitors a user?s computing, the functions of spyware can extend beyond simple monitoring. Spyware can collect almost any type of data, including personal information like Internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with user control of a computer by installing additional software or redirecting Web browsers. Some spyware can change computer settings, resulting in slow Internet connection speeds, un-authorized changes in browser settings or functionality of other software.
Adware, or advertising-supported software, is any software package which automatically renders advertisements. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during the installation process. The object of the Adware is to generate revenue for its author. Adware, by itself, is harmless; however, some adware may come with integrated spyware such as keyloggers and other privacy-invasive software.
Advertising functions are integrated into or bundled with the software, which is often designed to note what Internet sites the user visits and to present advertising pertinent to the types of goods or services featured there. Adware is usually seen by the developer as a way to recover development costs, and in some cases it may allow the software to be provided to the user free of charge or at a reduced price. The income derived from presenting advertisements to the user may allow or motivate the developer to continue to develop, maintain and upgrade the software product. Conversely, the advertisements may be seen by the user as interruptions or annoyances, or as distractions from the task at hand.
So that?s it. Basically, it?s all bad stuff and the specifics really don?t matter to most users. To protect yourself, check out two of our blog entries: Security 101 and Backup your data.
stacy keibler stacy keibler esperanza spalding all star game oscar red carpet daytona 500 start time ryan zimmerman
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.