Long ago, the dynamics of viruses and malware changed drastically. Gone are the days when crackers released crippling viruses with the sole aim of breaking PCs and gaining notoriety through the media fuss it would create.
But are the media panics around malware and their associated malicious software a load of hot air designed by the anti-virus companies to sell more products through fear, or is there a genuine risk out there to users of the internet?
It’s a simple economic and marketing fact that fear sells. There are lots of studies into human psychology that show one of the best ways to sell products is to position it as something that can protect you from fear. But the problem with selling through fear is that it can cause scepticism and apathy towards the products.
One of the most common things we hear from the retailers we speak to is that often, when purchasing a new PC, customers are sceptical about the need for security software. Indeed, these days the threat of malware is even greater, since fewer new varieties are emerging, and websites are employing ever more sophisticated security methods that are creating a false sense of security.
"We are seeing surprisingly few brand new examples of malware being introduced into the wild," states Joseph Benning, channel manager at AVG. "Instead, it is old favourites such as Storm or Netsky that are constantly being disguised by the bad guys in an attempt to fool the main internet security software products."
"Hackers are no longer operating to achieve notoriety; rather they are after victims’ money, or details that can earn them money," says Dominic Hoskins, Panda Security’s country manager for the UK. "Many are creating silent malware, so that there are no alerts or epidemics – it simply isn’t in their interest to do so – and because of this, users don’t realise they have been infected and so don’t take action."
The silent nature of modern malware means it isn’t just the computer illiterate and ‘the stupid’, as one retailer referred to them when speaking to PC Retail recently, that see their PCs become infected with malware.
"The most dangerous malware are exploits that have been deliberately placed on legitimate websites," says Benning. "Recent examples of sites that have become infected include those run by the Government, education and small businesses, as well as popular consumer sites such as music and social networking portals."
"Drive-by downloads are some of the most dangerous malware applications currently. Users encounter these attacks when they visit an infected web page or a page with an infected ad server," adds Laura Yecies, vice president and general manager of Check Point’s consumer division. Benning expands on Yecies’ point, adding: "Visitors to these poisoned pages are exposed to malware that attempts to collect their personal data or infect their computer." Yecies agrees: "The malware will install something like a keystroke logger on the user’s PC in the background without the user’s knowledge. The key logger will then log keystrokes and ‘phone home’, potentially with private data."
However, all of the experts we talked to were in agreement with each other over the main motivation behind the change in malware trends, from those that are written specifically to damage PCs, to those that that are intended to steal information from those infected PCs.
"The key trend is the monetorisation of threats," argues Trend Micro’s European online manage, Keith Reed. "While internet security previously evolved around protecting PCs against viruses which could cause havoc, delete files and generally disrupt systems, the emerging threats tend to be geared towards achieving financial gain for malware writers. This applies to specifically phishing techniques and web threat such as identity fraud, which is increasingly gaining momentum with the advent and rise in social networking."
One of the biggest problems a lot of our experts were keen to highlight was what they saw as a growing disparity between what PC users think they know and what they do know – and that it is driving up massive levels of apathy towards security software, just as they need it more than ever.
Yecies believes everyone, regardless of knowledge is at risk. "Today, almost anyone who surfs the internet is vulnerable to malware infections. The effects of malware infections can vary, but the worst case is that a hacker will use the information provided by the malware applications to steal a user’s money and/or identity."
Reed echoes Yecies’ point, but suggests that it is those who believe they know enough about computers, and which sites are safe, who are the ones most at risk: "Generally, internet users who believe they do not need security, as well as those who do not think they need to ensure the security they have is current and functional are most at risk.
"Going online without sufficient internet security can ruin the contents of a PC, or more likely nowadays it can lead to a stage where PCs are sending hackers information, such as user’s pass codes and screen grabs of bank details," she added.
Dr Gopal Kutwaroo, head of marketing for Microsoft’s security products agrees: "The vast majority of consumers are using PCs without basic protection technologies such as anti-virus, anti-spyware or firewalls, or if they have these protections, are not keeping them up to date. Consumers need simple, comprehensive solutions to keep their PCs ‘healthy’ and running well."
Microsoft’s Window’s Live commercial product manager, Ian Moulster agrees: "Malware flourishes due to two main reasons: lack of robust anti-malware software such as Windows Live OneCare; and customers dropping their guard or being tricked into allowing malware onto their computer.
Retailers can help address both of these points by ensuring that their customers include anti-malware software on their PCs, either when buying a new PC or getting it repaired. Microsoft offers a generous 90-day trial of Windows Live OneCare and will be more than happy to work with retailers to help ensure that customers receive a copy of either the trial or the full product at time of purchase.
Keen highlighted results from a recent study conducted by Panda, which showed that over half of the 1.5 million PCs checked either had outdated anti-virus software, or didn’t have any installed.
"A lack of knowledge of the current threat landscape can also contribute malware risk [through a sense of false security], especially with malware being designed to be opened using social engineering methods."
Microsoft’s chief security advisor, Ed Gibson agrees: "2008 will be all about the social engineer – internet miscreants getting the end user to do something they would not otherwise do online had they been given all the facts. For example, clicking on a link in an email from someone they don’t know, giving out personal details that they wouldn’t give to their next door neighbour, wire transferring money in reply to a ‘get rich quick’ scheme, text messages that link them to premium rate calls, and many other variations."
It was a point echoed by Computer 2000’s Software Business Unit’s security business manager, Simon Cable. "There is no one most dangerous piece of malware, it’s really a question of what is most likely to catch people out. The social engineering tactics used by the Storm worm are a classic example of virus writers attempting to outwit the unwary PC user."
However, there is one group of people, above all, that are at a higher risk to becoming infected by malware than anyone else, according to ESET’s managing director, Paul Brook. "There are still those who claim that Mac users are smarter than Windows users and won’t be fooled by social engineering tactics, like those seen frequently with Storm Worm outbreaks. However, Mac users with no particular security knowledge may be vulnerable if they believe that their systems are so intrinsically secure out of the box that they don’t need to know or to do anything about security."
Another issue that Hoskins’ brings up is the risk, not only to those infected by malware but also to, those that that aren’t affected by malicious software. "One of the growing trends we’ve seen is hackers producing much more malware software than ever before, with the intention of essentially overwhelming anti-virus labs in the same way that denial of service attack in order to increase response time and leaving more people at risk for longer."
But in the grand scheme of things, there is a form of malware far more vicious, dangerous and damaging to the contents of a PC out there than those aimed purely at farming information for financial purposes.
It’s an area that CTO and co-founder of BullGuard, Theis Søndergaard was particular keen to point out. "Ransomware is still quite rare, but worryingly, it is on the rise. It is a type of malware used for data kidnapping, taking your data hostage by encrypting it using a supposedly unbreakable encryption algorithm. It then demands payment in exchange for the decryption key."
There is but one piece that is more dangerous though, but it doesn’t have a name as Brook explains: "The most dangerous piece of malware out there is the one we don’t yet know about. If a piece of malware is already known, providing you use a reliable anti-virus product, keep it up-to-date and patch your computer regularly, then it shouldn’t be an issue.
Not all is lost though. "Protecting a computer against unknown malware is almost entirely dependent on how good the heuristics are in the protection software you use. An added complication is that malware is frequently coming through other vectors not just email, so users need to make sure that web traffic is monitored too," he adds.
When it comes to what retailers can do to help their customers avoid these risks, the overriding theme from our security experts was to inform customers of the threats that malware poses, but not to over sell, otherwise they risk making them think they are selling it to make more money.
"Retailers have an important role to play in helping to educate their customers about the potential threats and exploits online and the most appropriate way to protect themselves," argues Benning. Hass agrees, adding: "They should stay informed and take every opportunity to educate their customers about the dangers of surfing the web. They should also advise PC users to install security software and keep it up to date."
"They can include ‘already-on security’, which is pre-set to auto-update the latest pattern files when a customer buys a new PC or laptop, so they don’t have to," echoes Reed.
"Retailers should all stress to customers how important it is to have reputable and reliable security software and to keep it installed up to date," adds Cable. "Most vendors offer ‘OEM’ versions of their internet security packages that enable you to supply up to three years of protection at the point of sale of a new PC.
"For customers that don’t have antivirus software yet, they can look to purchase retail box products that will provide at least a year of protection to their machine. It’s worthwhile pointing out to consumers that when a subscription expires, the customer will cease to receive updates of the latest virus pattern files, and will become vulnerable to infection by any new viruses," he adds.
Thomas Parsons, product development manager at Symantec suggests: "Retailers can help protect customer PC’s by ensuring they have access to the most up to date product information, training and knowledge that will enable them to understand their customer’s needs, advise on potential threats and recommend the latest internet security software that meets their requirements."
Indeed an example of this is the firm’s ‘reasons to sell’ initiative (PC Retail 50) – part of its Norton Partners scheme – which is a website aimed at retailers and resellers to help them sell its products. "We’re committed to working closely with out Channel partners through programmes like Norton Partner and Norton Partner Rewards. Norton Partner is a new online resource and loyalty scheme for unmanaged resellers of Symantec’s consumer range of products."
Retailers should also consider the different types of security software that are available to stock.
"There are three key areas that retailers should look to stock software in, in order to help provide the most complete protection possible," states Gerhard Eschelbeck. chief technology officer at Webroot. "The first is anti-virus/spyware/malware packages that not only protect the PC, but also have the ability to remove any that manages to get through.
"Secondly, retailers should look to stock a range of firewall software, and communicate the benefits of having the software on their computers to stop malicious software from getting on to them in the first place. Lastly, they should also look to stock encryption software to help their customers protect themselves from programs such as key loggers," adds Eschelbeck.