Date: Tuesday, August 5th, 7 p.m.
Location: Danbury Hospital Auditorium
By Bruce Preston
It used to be so simple. In the ‘early days’ of DOS you booted from a floppy diskette in the A: drive. You then ran programs either from that diskette or replaced the media in the A: drive with a program diskette. Your data were typically on the B: drive.
Then someone discovered that they could modify the boot tracks on the system drive and install a virus. The virus would load into the system memory and then ‘infect’ any other bootable media put into the A: drive. At first the ‘payload’ of the virus was somewhat innocuous: self-replication to other media. And so began the antivirus industry and the cat-and-mouse battle between the virus authors and the antivirus software publishers.
Originally the only way to get a virus was to introduce it via removable media and replicate. But eventually it went to ‘the dark side’ with payloads that could alter or destroy data. Malware could be injected in ways other than via the boot sector – for example there was a macro virus that appeared in Microsoft Word. It changed the operation of Word such that files could only be saved as templates (.DOT) rather than regular documents (.DOC). Now, with the ubiquitous availability of broadband access to the internet, web pages and/or e-mail with active content, it wasn’t long before Microsoft Outlook (and Outlook Express) got the nickname of “Microsoft Petri Dish” as they never met a virus they wouldn’t nourish. Other avenues of introduction included opening up machines for peer-to-peer file sharing, especially music sharing – remember Napster, etc.? There are now many paths to getting unwanted and malevolent objects into your computer. Organized crime has recognized easy money and has gotten involved, for example a whole new category has appeared called “ransomware.” If you visit an infected site a drive-by install of malware encrypts your files and you are given a limited time to pay a ransom (typically $300) to get the decryption key. If you don’t pay within the payment period, the decryption key is deleted and your files can never be restored unless you have a backup on other media not connected to the infected computer.
On August 5th at our general meeting Bob Gostischa will return to talk on the topic of “Protecting Yourself, Your Computer and Your Identity.” Some of you may remember him from his presentation in August, 2011 when he introduced the Avast! product line. Much has changed since then – Avast! now protects devices (computers, smartphones, etc.) for more than 219 million users. Bob will discuss safe computing and communications practices, many of which are applicable no matter which product line you use. However I suspect that he will use Avast!’s products as examples. They have three tiers:
Avast! “Essential Antivirus” is a free package. It provides basic real-time protection against viruses, spyware such as key loggers, root kits, browser hijackers etc. These attacks on your computer can lead to identity theft. If you are unfamiliar with some of these terms:
- Key loggers track your activity, looking for such things as account names, numbers, login credentials, etc. and send the information to the hacker’s site.
- Root kits attach themselves to the operating system in a stealth mode and thus may make changes to components of the operating system, including providing remote access.
- Browser hijackers change the operation of your web browser, often re-directing you to sites other than you intended. This can include changing search results to a site where the attacker can further infect your machine with really malicious code.
Moving up to the subscription “Internet Security Suite” adds a secure connection layer for use when making on-line payments, visiting a financial institution, etc. It also adds a firewall capability, as well as anti-spam and anti-phishing components.
The “Premier” subscription adds an updater for third-party software, i.e. it periodically looks for patches or new releases of software on your machine. It adds a remote access capability and a military-grade data ‘shredder’ for complete removal of data from storage media.
I have used Avast! products for years and am quite happy with them. Some of the things that I like are:
- They have a small footprint. They don’t consume large amounts of RAM.
- There is no perceptible delay in opening or saving files.
- Avast! updates the ‘signature’ database frequently. In some cases it updates several times a day. This is important because there are many ‘zero-day’ exploits, where malware is created as soon as Microsoft issues a patch. The virus authors write exploits that attack machines that have not yet had the Microsoft patch applied. The sooner you get the signature database updated the better your chances of blocking a zero-day exploit.
- They are easily configurable.
- For basic protection the price (free!) is right.
But nobody is perfect. There are very few things about Avast! that I don’t like. For example it periodically tells me that there are plug-ins in Firefox that it doesn’t like. I know what they are and I need them. I would like to be able to tell Avast! that I don’t want to be told about them again. That way if/when something new gets in there I will see that it is new and decide what to do about it. It also installs the Google Chrome web browser without giving me the opportunity to decline. It is easy enough to remove it I suppose, I just prefer Firefox. So I intend to be at the meeting to broach the subject during the Q&A, if needed. See you there?