Defending The Kingdom

After buying a new computer last week, I was undergoing the usual process of uninstalling programs that the manufacturer thought would be useful to me but that I don’t care for. One of these was McAfee’s Internet Security suite. Perhaps it does a fine job of protecting computers if you give it the chance, but a few things bothered me:

1. I was pestered several times per day to register the product. The options presented were along the lines of “Yes, register now” or “Remind me later”. Like a clingly salesperson, McAfee would not take “No” for an answer.
2. The program refused to uninstall using the standard Windows uninstall mechanism. A few Google searches suggests that my experience is not exceptional.
3. At least some users who manage to remove McAfee from their machines find that the company leaves behind poison pills in an effort to prevent competitor products from being installed.

These are serious infractions. We’ve got a program that is overwhelmingly concerned with its own survival and is willing to use sneaky tactics to achieve it. That willingness includes sabotaging users’ ability use their machines as they wish (making them unsafe in the process).

What do we call a program like that? I think it’s obvious: McAfee Internet Security is a virus.

Today, almost everyone use antivirus software to protect themselves. So have virus craftsmen given up? Nah, they’ve just adapted to the environment. A 2009 IC3 report warns that the fake virus scan attack is becoming more popular. It doesn’t surprise me, as I’ve seen it in action a fair number of times. Here’s how the attack works:

Victims reportedly receive ads warning them of the existence of threatening viruses and/or illegal content allegedly found on the victim’s computer. When victims click on the fake pop-ups, malicious code is downloaded onto their computers. Victims are directed to purchase anti-virus software to repair their computers, but in some instances this resulted in viruses, Trojans, or key loggers downloaded onto their computers.

The installed software often disables your legitimate antivirus program, allowing the beastly intruder to run wild on your operating system. When this happens, there are usually just a couple options that remain:

1. Install ClamWin Portable on a USB key using an uninfected computer, then scan your computer by inserting the USB key into the infected computer. Just make sure to offload all other files on your USB key to prevent them from getting infected when you insert the USB key into the infected computer.
2. Use Microsoft’s in-built System Restore feature if you’re using Windows XP, Vista, or 7. Restore your system to the farthest date in history you can stomach without fear of losing important system changes or files. The restore feature isn’t supposed to affect your workaday files, but don’t count on it.

Of course, you may want help doing either of these things, so consider taking your computer to a technician. If you’re in this situation right now, I wish you good luck.

If it’s not you, be wary that it could be if you’re not vigilant. The options for recovery are not wonderful, so it’s far better to prevent the infection in the first place. Remember, scan every file that comes onto your computer from another computer (whether by USB stick, email, internet download, or instant message) before opening it. No exceptions.

If spam emails didn’t sometimes encourage people to click through and make a purchase, it wouldn’t exist as a business. The fact that we all get spam means that, despite the costs of doing so, somebody still finds it profitable to send out all of those emails. The truly amazing thing, though, is the number of emails spammers have to send in order to capture a single customer. The Economist had an article a few weeks ago that provided some data:

In 2008 researchers from the University of California at Berkeley and San Diego posed as spammers, infiltrated a botnet and measured its success rate. The investigation confirmed only 28 “sales” on 350m e-mail messages sent, a conversion rate under .00001%. Since then, says Mr Peterson, the numbers have got worse.

Given how good my Gmail account is at filtering out spam and assuming that other email software is rising to that standard, I’m not surprised that the conversion rate is so low. So what are spammers doing now?

Well, Twitter seems to be a breeding ground in rude health:

…researchers from the University of California at Berkeley and the University of Illinois at Champaign-Urbana show that 8% of links published [on Twitter] were shady, with most of them leading to scams and the rest to Trojans.

And I suspect we’ll see Facebook become an increasingly important launching pad for similar threats. The security arms race continues.

Happy holidays, dear readers!

Have you ever heard that free anti-virus programs skimp on their virus definitions so you aren’t as protected as you would be if you were using the paid version? It seems somewhat plausible as an incentive to get the free users to become paid users, right?

I’ve heard that claim from friends, but I’ve always been a bit skeptical. I haven’t seen any published reviews of free anti-virus programs that mention this sort of issue, nor have I seen any anti-virus company highlight advanced threat detection rates as a feature of their paid products that isn’t available in their free products. And if they want people to pay to upgrade to more advanced detection, they would have to actually tell their customers that there is a difference in that realm, wouldn’t they?

Anyway, I thought of that claim when I read this portion of an interview with AVG’s CEO:

The basic detection rates in our free product and our paid product are exactly the same. We’re not giving you less protection. We’re just giving you less functionality. The paid products have antispam and firewall and a few other bits. But the core features–the Web protection, the cloud protection, the virus protection–is all the same between free and paid.

I have no way of knowing for sure if that’s true for all free anti-virus providers, but I’ve used and been very happy with a number of free anti-virus programs including AVG, Avast, and, recently, Malware Bytes. Each of these, incidentally, is currently in the top five of CNet’s most popular downloads list, which is an excellent source of suggestions for high quality software.

If you’re a corporate/business user of McAfee’s Antivirus program, read this before doing anything else today. (Unless you want to destroy your computers’ file systems on reboot.)

Carry on.