Tag : rootkit

Malware Terminology

The Information Technology world has a definite jargon of its own, which can be confusing to both the end users and (sometimes) to the IT people themselves. One of our biggest problems these days is Malware (mal meaning “bad”) infections on our users’ computers. In the interests of making the problem a little clearer, here is a basic (if not necessarily complete) dictionary of terms, in plain English.

Adware: Advertising-supported software. This is software that automatically plays, downloads or displays advertisements to a computer. A classic example would be a “helper toolbar” that causes advertising pop-ups on your screen.

Backdoor: Some spyware can install a credential and password that make unauthorized and unexpected entry into a computer possible by an outside user, who can then plant more malware and/or harvest available data.

Bot: A piece of software designed to grant an outside user complete control of your computer at will. A computer affected by bots is called a zombie, and “armies” of like-infected machines can be used to launch simultaneous attacks on other systems, or send out spam email messages.

Browser Hijacker: Code that replaces search pages, home pages or error pages with its own, allowing further browsing to be redirected to wherever it wants you to go (as opposed to where you wanted to go).

Rootkit: Code designed to gain root-access to your computer and manipulate it into allowing viruses or spyware to install and operate, while hiding from anti-virus scanners by appearing to be a part of the operating system.

Spyware: Differing from viruses in that they are not out to wreck your system, but to gain from it – controlling functions or accessing data for financial gain. Spyware might include keystroke loggers, backdoors, or browser hijackers, among other things.

Trojan: A disguise for malicious software, which may be brought into your computer as something apparently safe, but which can drop one or more harmful programs once inside. For example, an image file might contain code that operates only when the image is viewed, which installs backdoors, bots or viruses at that time, but which is otherwise inert.

Virus: A self-replicating program, intended to cause damage in computers. Pretty much pure vandalism, there is generally no gain for the perpetrators…

Worm: A program that looks for holes in your computer’s security, to get itself inside your computer where it can drop its payload (viruses or spyware). It is not, itself, either a virus or spyware, but may be thought of as something like a trojan. It scans IP addresses, opportunistically looking for entry points to exploit.

Microsoft Security Essentials

Having good anti-virus is a must, it is not a benefit.  That being said there are a several on the market right now that you cannot trust.  Microsoft has done a  soft-released Microsoft Security Essentials 2.0 (free, direct) last month with little fanfare.  Technically the product name is still just Microsoft Security Essentials, but the box shows a version number beginning with 2.0. This version has a few new features which is okay I suppose, nothing out of the ordinary. It can automatically ensure firewall protection by enabling Windows Firewall if necessary. In Windows Vista and Windows 7, Microsoft Security Essentials’ new network inspection system adds specific protection against network-based attacks. The app also claims better malware-fighting skills, though in my testing it seemed little improved.  Last year AV-Test (http://av-test.org) evaluated a collection of antivirus products under Windows XP and under Windows 7. They rated each product for protection, usability, and ability to repair malware damage, with six points available in each area and a total of 12 needed for certification. Under Windows 7, Microsoft Security Essentials made the cut with 14 points, not far behind the 16 points achieved by top scorers Norton AntiVirus 2011 ($39.99 direct, 4.5 stars), Kaspersky Anti-Virus 2011 ($59.95 direct for three licenses, 3.5 stars), and Panda Antivirus Pro 2011 ($50.95 direct for three licenses, 3.5 stars).  Windows XP test, Microsoft took just 11.5 points, not enough for certification. It score high for usability but low for protection and repair.

Installation and Cleanup: Installing an antivirus on my thirteen malware-infested virtual machines can be an arduous task. Some products take a long time to install and update; others won’t even install due to self-defense by malware. Microsoft Security Essentials didn’t give me any trouble; it installed quickly and smoothly.  Microsoft Security Essentials’ real-time protection system detected active malware right away and popped up a simple warning box with a button offering to clean the computer. There’s a link to get details; clicking it also offers a chance to change the disposition for the found threat.

The real-time cleanup involves a mini-scan that frequently ends with a request to reboot. The product necessarily turns on automatic updates, so if for some reason you’ve been putting off updates you’ll be in for a lengthy session during that first reboot.  At installation, the product schedules a weekly quick scan. You can change the schedule and the type of scan, if desired. By default the scheduled scan restricts itself to using 50 percent of CPU resources. That doesn’t affect on-demand scans, though. In testing, a full scan took over 50 minutes regardless of the CPU setting, which is about twice the average of recent products. A repeat scan came in under 25 minutes.  For most found threats, Microsoft Security Essentials simply takes the necessary remediation action, though it will occasionally ask permission to remove low-risk items like adware. At the end of a scan it reports that it finished; you can click the History tab to see what it did.  Microsoft Security Essentials detected 89 percent of the rootkit samples. That’s good, but more than half of the recent antivirus products detected 100 percent.

I would rate this product a 6 out of 10 for performance and accuracy.