Security

Cyberspace is not a safe place. Just like the real world, there are all too many people who will steal or hurt you for a variety of reasons. Software which is designed to attack people's computers is commonly referred to by the broad term Malware"Mal" means "bad," or is short for "Malicious"; the "-ware" suffix is used to describe most software by their category..

Infection Is Easy

Let's say that you get an email from a friend's address. The email has an attached file which is labeled, "Photos from the Party." Since you had a party a few weeks ago, you think it's about that, and so you open the file. However, nothing seems to happen when you double-click on it. You try again a few times, but nothing. So you figure that it is just another one of those things that doesn't work on computers. You maybe don't even mention it to your friend later on.

What the attachment did, in fact, was to silently install malicious software on your computer. This malware works invisibly in the background; you are not even aware that it exists.

This is not the only way malware can get on your computer, but it is one of the most common ways. Malware can get onto your computer via the network, through infected programs a friend gives you, or even from using commercial software from a company you might trust.

Are You Protected?

Most people don't think about computer security, or they think it doesn't concern them. However, if you are using a Windows PC, then you absolutely must think about security.

When you buy a new PC, it usually comes with anti-virus software included--so most people think they are protected and just forget about it. However, the antivirus software is almost always a trial versionA "trial version" or "demo" will only work for a few weeks or months, and then it will stop., and only operates for a few months. When the trial period is ended, then you are unprotected.

Are Macs Safe?

Nothing is 100% safe, but Macs are almost completely safe from infection--for now. While there are a few trojans (see "Kinds of Malware" list below) which work in Mac OS X, 99.9%+ of all malware is aimed at Windows. The only malware that can affect the Mac today is (a) a trojan hidden inside "video codec" software offered by pornography web sites, and (b) another trojan hidden inside a pirated version of Apple's iWork suite. None of the Mac malware so far does any serious damage. However, you must still be cautious: new malware could appear any day. However, most Mac users don't need or use anti-virus software.

Why are Macs safer? Many assume that Macs are "immune" or naturally safe from malware, but this is not true. The Mac OS is more secure than Windows in general, but many believe that the main reason Macs are safer is because of their smaller numbers. More than 90% of computer users worldwide use Windows; Macs are less than 10%. Therefore, if a hacker creates a virus, they will usually aim it at the larger target.

Why Make Malware?

A common question is why anyone would want to make viruses and harm other people's computers. There are many different reasons. Some people do it as a prank, a practical joke to cause trouble. Some do it as a test of their skills. Other enjoy seeing people in trouble and panic, and get excited by seeing their work having a widespread effect.

However, there are more serious reasons as well. Quite a bit of malware is used to take control of a large number of computers and to use them for various purposes. Many create malware to make money, either by inserting advertisements or by directly stealing from the victims. And malware can even be used as a military weapon or even as a terrorist device.

What Will Malware Do to You?

What does it do? It could be doing any one of several things:

  • The malware could steal all of the email addresses in your address book, sell them to spammers, and then send copies of the virus to all of your friends, classmates, coworkers, and family--everyone on the list.
  • The malware could be a "keylogger"--a program which secretly records everything you type on your keyboard, and then sends the data back to the malware's owner. This could allow it to steal credit card information, personal data, passwords, etc.
  • The malware could be "adware"--a program that shows pop-up ads, making money for the malware owner. These programs may record data on what sites you visit to decide which ads to show you. These programs can take over some control of your browser, causing ads to pop up uncontrollably. The worst types will show porn, and will open several new windows every time you close an existing window.
  • The malware could turn your computer into a "zombie"; such software takes control of your PC without you knowing it, and uses your computer to send thousands of spam emails to other users. If the computer is not cleaned, this could continue for some time. Zombie computers are also used in DoS, or Denial of Service attacks, where popular web sites are attacked and shut down by thousands of zombie computers attacking them at the same time.
  • The malware could detect when you visit your bank's web site, and substitute a fake site which will collect your login information.
  • The malware could shut down your computer at random times, and/or interfere with the network you are using. Some malware will force your computer to shut down every few minutes.
  • The malware could erase files one your computer, or allow the malware owner to steal your files.
  • The malware could take images of your computer screen, or even images using your web camera and send them to the malware owner.
  • The malware could pop up and deliver harmless yet annoying, confusing, or alarming messages on your screen.

Some malware is downloaded from web sites, but email malware seems more common.

There are various kinds of emails which contain malware files. Some claim to be a delivery company with a package waiting for you. Others claim to be system administrators offering a program to protect your computer. Some say they are automatic emails sent by your own email system, with messages claiming to be from your own account. Sometimes they claim that you have done something illegal, and threaten to take action against you--with the details inside the attachment.

Whatever the trick, they always try to get you to open an attachmentAn "attachment" is a computer file sent along with an email message. to the email which contains the malware.

The attachment is usually a file which, if opened, is given access to your computer and can do almost anything it is programmed to do.

Executables

An executable file is one which opens like a program. Just by double-clicking on the icon, you are giving it permission to do things which could damage your computer. The most common executable is the file type with the extension .exe.

Because many email systems will block email attachments with the ".exe" extension, virus writers started using the .zip filename extension. Open one of these up, and you'll find the malware .exe file inside. Some computers are set up to automatically execute the program files inside a "zipped" archive, thus immediately infecting your computer should you open the attachment.

Alternate methods of infection include imitating other executable files, like .scr (screen saver) files, or .pif (program information) files. There is a long list of file types which can infect your computer if they are double-clicked.

ADVICE: NEVER open an attachment to an email unless you are certain it is from a real person you know. Email addresses can be faked, and viruses can come from computers of people you know, so don't be fooled by a friendly name or address. You must especially suspect attachments ending in .exe, .zip, .scr, and .pif, but you should suspect others as well. Use these two tests to decide whether it is safe:

  • The attachment must be expected. If you didn't know it was coming, then don't trust it.
  • The message must be specific: it should contain information which can only apply to YOU and no one else. For example, anyone could have a party or expect photos. But if the email has a personal message and mentions specific events that can only apply to a few people. then you are probably safe.

Do not be shy about waiting and asking the apparent sender about the email. Also, make sure you are running up-to-date anti-virus software.

What Kinds of Malware Are There?

You probably mostly just hear the word "virus," but there are a variety of different malware types, and the virus is just one of them. The different types often overlap, and the definitions are not 100% clear. Here's a list of the more common types:

  • Virus: malware which attaches itself to a program (executable file), making copies of itself; it requires a human user to run the infected programs in order to spread.
  • Worm: a type of virus which can spread without human action.
  • Trojan: software which appears useful or interesting, but contains malicious code which can harm your computer. A trojan does not copy itself, and usually relies on social engineering"Social engineering" usually means "tricking someone." For example, causing someone to release a harmful program on their computer by disguising it as a game. to spread. For example, you might visit a web site which says that you need special software to watch videos--but the "video software" instead takes over your computer and uses it to email spam. The name comes from the ancient story of the "Trojan Horse," in which the Greeks defeated the city of Troy by hiding soldiers inside a statue of horse, given as a gift.
  • Rootkit: A rootkit is malware which traditionally was installed by a hacker in person, and which loads before the OS has finished booting, making it difficult to detect and defeat. Recently, the term "rootkit" might just refer to the way malware hides itself.
  • Spyware: malware which collects information about you.
  • Adware: malware which shows you unwanted advertisements.

Here are a few examples of malware inside emails. Hold the mouse over each one to see in detail (but do NOT click on them!):


Scams

Many computer attacks today are not in the form of malware, but instead are attempts to steal money by using social engineering. Social engineering simply means that the user is tricked into doing something which harms them. You may have received a number of such emails in the past. The most famous one today is known as the "Nigerian" or "419" scam.

In the classic Nigerian scamMost of these seem to originate from the country of Nigeria, but you could receive them from people claiming to be from almost any country., you receive an email from someone who claims to have a large amount of money. The person might say they are an oil executive, the widow of a rich businessman, a government official, or even the member of a royal family. They usually say that they have millions of dollars in a bank account, but they need help moving it to another country. They say that in exchange for your assistance, they will let you keep some amount of the money, usually 10 to 30%. They often use references to religion, tragedy, or other appealing situations to gain your trust.

Of course, the claim is not real. If you answer the email, they will say that before they can send you millions of dollars, you must help pay a processing fee or other cost, usually under $100 or so. They explain that they would like to pay the fee, but all their money is locked up in the bank. The victim will feel that the fee is relatively small, and so will send the money. The scammer will then take the money, and likely claim there is another fee, and they promise to send the millions of dollars after the new fee is paid. They will continue to do this until the victim stops sending money. Of course, the promised millions never arrive.

The same scam is played in a variety of different ways; another variation is the European Lottery scheme, in which you receive an email telling you that you have won a huge lottery prize. The message informs you that your name was entered into the lottery by someone else, or randomly using your email address. Again, before you receive your millions, you must pay a processing fee. Again, if the victim pays the fee, more fees suddenly appear, and of course, the "prize money" never appears.

Here are a few examples of Nigerian and European lottery scam emails; hover your mouse over them to see at full size (do NOT click!):







Here's a tip about scams: if someone is offering you easy money, then it's not real. There is no such thing as "easy money." It is always someone trying to take money from you. If you get such emails, just ignore them, or better yet, feed them to your spam filters.

How to Get Scam Emails

One last note: the best way to get scam emails is to publish your email address on a web site. Scammers use special software to scan the Internet for email addresses. When the software gives them an email address, they start automatically sending Nigerian/Lottery/other scam emails to that address.

How do I know? I tested it. First, last July, I created a "virgin" email account--nobody knew about it, and I never used it. On my blog web site, I printed the email address in a color almost identical to the background color. To the human eye, the address is all but invisible. Can you see it in the screenshot below?

In order to see it, you'd have to select the text:

The chances of any live human seeing the address were almost 0%. However, within a few days, I started getting emails at the address. Almost all of them were scam emails--Nigerian, European lottery, or offers to promote my web site. Since then, I have received an average of 35 emails a month, almost all of them scam emails.

The lesson: Don't print your email address on any public web site!