Be On Guard Against "Insecurity Software"
By Joe Moran
If I had a nickel for every time I've found myself attending to the malware-plagued computer of a friend or family member recently--it wouldn't be enough to retire on, but I'd sure have an awful lot of nickels. What has struck me about the infected systems I've encountered lately is how many (lots) had some form of fake, or "rogue", security software running on them.
Rogue security software is a program that pretends to be a legitimate security utility--usually an anti-virus or anti-spyware scanner--but really isn't. This type of software can worm its way onto your system behind the scenes without your knowledge, but as often as not its entree is aided and abetted by the actions of a well-intentioned user.
Not What They Seem
You're most likely to encounter rogue security programs through advertisements on questionable Web sites and via browser pop-up windows-- particularly after following search links. After grabbing your attention by "discovering" an infection or vulnerability on your system, you're coaxed you into installing these programs (and usually paying for the privilege) in order to fix the alleged problem.
Of course, in the vast majority of cases these so-called security tools don't actually fix or protect you from anything, and they usually carry with them the very kinds of malware infections you were hoping to remedy or avoid in the first place.
Once bogus security software makes it onto your PC, it can be extremely difficult to remove. Often it will disable any existing anti-virus software you might have and/or prevent you from reaching the Web sites of legitimate security vendors by redirecting attempts to access them (usually by modifying the system's HOSTS file, which can override DNS by mapping URLs to specific IP addresses).
Rogue security software has been around for a long time but it's become especially prevalent lately, more than doubling in volume over the past year according to data gathered by Microsoft for its most recent semi-annual Security Intelligence Report (SIR).
There are countless security tools floating around on the Internet these days, and unfortunately there's no cut-and-dried way to differentiate between the bona-fide and the B.S. The best way to protect against the fake stuff is not to panic when presented with unexpected warning messages, to carefully examine anything before clicking on it, and perhaps most important, to be aware of the tactics that purveyors of this fraudulent "scareware" use to make their programs look legit.
For example, fake security tools almost always co-opt logos and icons that are used by Windows or genuine security tools-- a favorite target is Windows Security Center's familiar four-quadrant shield (sometimes the colors are changed, sometimes not). Another graphical trick these programs frequently employ is resizing browser windows and mimicking the look and feel of the Windows interface to make you think that a warning message is coming from an operating system dialog boxes rather than a Web site.
Rogue software programs also tend to use deceptive labeling to suggest legitimacy-- terms like MS, XP, or 360 can imply that software is coming from Microsoft or perhaps Symantec (makers of the well-known Norton 360 security suite).
Be Careful What You Click On
In a nutshell, legitimate security software will not try to cajole you into a download, so if you're presented with an unexpected and unrecognized security "warning" that seems suspicious, it probably is. If you see one, simply close the window--don't bother clicking negative choices like "No" or "Cancel", as they often don't function as labeled and may not get rid of the window. Your best bet is to use Windows Task Manager (CTRL-SHIFT-ESC, then the Applications Tab) to close the window or shut down your browser, if necessary.
When you do go looking for anti-virus/anti-spyware software (preferably well before you need it), stick with known and reputable vendors including AVG, Avast, Avira, ESET, McAfee, Symantec, TrendMicro, Webroot and ZoneAlarm.
For more help, check out the PracticallyNetworked Forums.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|