Defending The Kingdom

First, which browsers are the most common these days? Wikipedia has a useful summary of browser usage statistics collected from various sources. The summary statistics look a little off to me (even after considering the note at the bottom of the table), but you get the basic idea: Internet Explorer and Firefox are running away with it.

Security Update

Internet Explorer 6 remains a hopelessly dangerous browser, but I’ve been impressed by Internet Explorer versions 7 and 8. If you haven’t yet upgraded, do so now.

I wanted to update previous comparisons (see here, here, and here) between the two most prominent browsers, but Secunia, the security consultancy I had been getting figures from, now advises against using its statistics for comparison purposes because of the way it reports them.

Fair enough, and it wouldn’t hurt to go to a second source. I recently ran across a report by NSS Labs, which mentions that “53% of malware is now delivered via internet download versus just 12% via email, while IFrame exploits and other vulnerabilities comprise 7% and 5%, respectively…” (If you’re wondering, IFrame exploits are just another flavour of attack aimed at web browsers.)

Check out the report summary, which has two very interesting graphs. It looks like Internet Explorer 8 is beating Firefox (and other browsers) by a wide margin when it comes to protecting against “socially engineered malware” (links that lead to infected downloads), while the two leading browsers provide about the same amount of protection against phishing attempts.

Curious about the web’s most dangerous search terms?

The categories with the worst maximum risk profile were lyrics keywords (26.3%) and phrases that include the word “free” (21.3%). If a consumer landed at the riskiest search page for a typical lyrics search, one of four results would be risky.

What makes a webpage dangerous?

• Risky downloads—Downloadable files that contain viruses, spyware, or adware or make unrelated
  changes to the downloading computer
• Browser exploits—Also known as a driveby download, this type of malicious code enables viruses,
  keystroke loggers, or spyware to install on a consumer’s computer without consent and/or knowledge
• Email practices—Registration forms and other sign-ups that result in high volume email, highly
  commercial email or both. We also test for difficultly unsubscribing.
• Phishing—Scam sites that try to trick visitors into believing the site is legitimate
• Excessive popups—Sites that engage in aggressive popup behavior or display large numbers
  of popups
• Linking practices—Sites that aggressively link to other red- or yellow-rated sites

The report, by McAfee, mentions that hacking for profit has overtaken hacking for fame. I suspect that is why we no longer worry about viruses that will wipe our hard drives clean — the tactic is attention-getting, but is unlikely to be profitable to anybody. Today, viruses that collect information about our computing habits and personal lives are the primary threats.

If your installation of Windows XP is lacking an antivirus program or firewall, it’ll take about 8 seconds for it to become rabid and foaming with worms, viruses, and spyware. At least, that’s what this BBC article suggests.

But seriously, remember when all you had to worry about was some dork impressing his friends with some virus named after a girl that kneed him in the balls last week? That was a more innocent time.

Today, viruses have come of age. And they’re not even called viruses anymore. The biggest problems today are spyware and adware. The trouble with viruses was that their sole object was to penetrate your computer, then destroy it. That didn’t make anybody rich, though, because good parasites don’t kill their hosts.

The most sinister and pervasive threats have morphed into commercially propelled vehicles for privacy extraction with a view to profit. These days, when I look at a friend’s computer that has slowed and showed signs of derangement from infection, I don’t find a lot of viruses. But I find boatloads of spyware and adware (and that’s a metric boatload, not one of those sissy imperial boatloads).

So be aware of the threat you face now. A new enemy requires new tactics–this means your anti-spyware and adware programs are more important than ever. I previously recommended Spybot and Adaware for the newly important jobs – read my review of both and find out how to get them (they’re free, of course).

Google, by partnering with the StopBadware Organization, has begun to issue warnings when users click on search results that lead to dangerous websites.

StopBadware keeps a list (so far it appears to be quite limited) of user-submitted websites that are known to host spyware, adware, and other malware. After receiving submissions, the organization analyzes the purported malware using a list of seven categories of bad behaviour that help to identify malicious software.

This list includes:

…deceptive installations, unclearly [sic] identification, causing harm to other computers, modifying other software, transmitting user data, interfering with computer use, and being difficult to uninstall completely.

You can see one of the warnings in action by doing a search for “seriall” and clicking on the first result (SeriAll.com is a website that publishes serial numbers for pirated software). After clicking on the link, you should see a screen similar to the one shown at the top of this post. (continue reading…)

Your computer is hopelessly lost to adware and spyware and viruses. I know because I’ve seen computers like yours. If you upgraded to Firefox as I suggested in the last post, you’re headed in the right direction, but there is more to be done.

Now you need to download two programs (free, of course) that will kill anything that manages to get by your defences. (continue reading…)