paulchinonline.com

Users Play a Role in Malware Prevention

By Paul Chin

Originally published in Intranet Journal's Chin Music (19-Mar-2008)

back back to portfolio


Malware—viruses, trojans, worms, spyware, bots—is a lot like that loudmouth jerk in your office. He's always lurking around some dark corner or loitering where he's not wanted. He has a tendency to strike when you're most vulnerable such as on the eve of a big presentation or crucial deadline. Although you do everything you can to avoid bumping into him in the hallway, sooner or later your paths are going to cross. And you know that once he latches onto you, he's going to be almost impossible to get rid of.

The difference here is that there's plenty you can do to prevent malware from affecting your computer or network, but there's little you can do to get rid of that loudmouth jerk—at least nothing legal. So, what are you doing to keep yourself from getting hit by malware, and are you doing your part to help keep malware from spiraling out of control?

Last month, a huge computer hacker ring was uncovered in my neck of the woods. The Quebec provincial police and the RCMP dismantled the largest computer-hacking network in Canadian history. It was a ring that affected close to a million computers in 100 countries, and caused an estimated $45 million in damages.

This high-profile story led to the inevitable question by some of my non-IT friends: Why can't security software makers do a better job at preventing the spread of malware? Knowing full well that many of these same people regularly turn off their firewall and cancel full-system virus and spyware scans midstream because it slows down their computer, I wished I had a mirror to hold up to their faces. "This is why," I wanted to tell them.

Malware is propagated by negligent users who don't bother to apply the most basic of preventative measures, and partake in risky computing behavior. They click on suspect and unsolicited e-mail messages or attachments from people they don't know, they visit shady Web sites, they fall for phishing scams spoofed as PayPal or a bank, and they download and install bootleg software cracked by unsavory characters.

Hackers and malware authors do what they do because they know it works. They send out copious amounts of lures to trick users or to seek out unprotected systems. All they need is for one person or system to take the bait to see payday. Unfortunately, there are hundreds of thousands who unknowingly take the bait, whether by actively doing something or by failing to take the necessary precautions. And despite repeated calls for caution and action by IT professional and security experts, many users still don't get it.

Some users have an "it will never happen to me" attitude, treating anti-malware software and system patches as an inconvenience. Others, at the other end of the extreme, rely too heavily on the software and believe that they can do whatever they want as long as the software is there to protect them. But anti-malware software is only the first step in a well-rounded security solution.

Anti-malware software isn't a panacea. It can help prevent you from getting hit by malware, but it can't eliminate it entirely. Regardless of how sophisticated an anti-malware software solution is, it can't prevent ignorance or downright stupidity on users' part from undermining its goal. Software needs to be coupled with basic safe computing knowledge and plain old common sense. After all, you can create the world's toughest lock, but what good is it if you keep the door wide open?

It has always been a footrace between those seeking to compromise our computers and those seeking to protect them. We, as computer users, need to do our part to help the latter in order to prevent ourselves from falling prey to the former. Malware is not an individual's problem; we all have a part to play. Negligent users are fodder for malware authors. Why give them the opportunity?

Malware authors, like loudmouth jerks, are who they are. You can't do anything to stop them from being who they are and doing what they do anymore than you can stop a duck from quacking. Their behavior is inherent in them. It's up to you to prevent them from adversely affecting your productivity and mental well-being, or at the very least, minimizing their effects. So the next time that loudmouth jerk comes into your office and goes on and on about his "totally boss" weekend, ask yourself if you did anything to bring it upon yourself.


Copyright © 2008 Paul Chin. All rights reserved.
Reproduction of this article in whole or part in any form without prior written permission of Paul Chin is prohibited.