My 9/09/07 Missoulian column: Where are we after 25 years of viruses and spyware?
Last week was the 25th anniversary of the first computer virus, one of the facts of hi-tech life that we can’t escape and which shows no signs of easing. There are viruses for computers, cell phones and even Blackberrys, and they cause all kinds of mayhem, while the antivirus software is a multibillion a year industry. Chances are, there’s a virus or some sort of spyware on your Windows PC.
Just what are viruses and spyware? Viruses are bits of programming code in the hidden parts of files and documents, and they replicate somewhat like biological bugs and spread and erase files and muck up systems. The first virus was a joke named “Elk Cloner”; few viruses are jokes now. Spyware, which first appeared around ten years ago, are little programs that make all those pop up windows appear when you’re trying to read websites, or add tool and search bars that you can’t get rid after you installed them, and also might grab your personal information. Trojans are yet another form of mischief, sometimes downloaded as something legitimate, like a game or an system or program add-on, and they run in the background and turn your PC into what’s called a “zombie” that spews spam emails without your knowledge. For the sake of discussion, we’ll call them all malware.
Malware works by taking advantage of the fact that software is exceedingly complex and interconnected, and as a result all operating system software and applications have bugs – even brand new releases – in the rush to get a new or updated product out the door in the face of competition. Some security problems in software have existed for years, because it’s impossible to fix them without breaking something else.
Specifically, malware works by exploiting those vuneralbilities in software, and making use of the different levels privileges in computer systems. A familiar form of a vuneralbility is leaving your front door unlocked. An exploit is someone finding out the door is unlocked and walking into your house. If you have the key to unlock the front door, or the keys for all the locks on the front door, you have the “privileges” to go in. (Privileges are computer-speak for the different levels of access one has on a computer, either as a plain user who can do very little, or as an administrator who can install software and change anything on the PC).
So, on your PC, a vuneralbility is having software that has security problems, an exploit is malware that takes advantage of that vuneralbility, and that vuneralbility has to do with the privilege of a key or all the keys to the front door. But some malware, like trojans, work by what is called “social engineering,” convincing or fooling you into clicking a file and installing it because it can’t get around the administrator privileges (the locked door) of the operating system. So it’s a very good idea to know where all your software comes from, and to be careful about all the games and fun things you come across on the web.
Why do people write viruses and develop spyware? It could be a sense of vandalism or frustration; sometimes it’s criminal, with the aim of stealing personal information. Some malware might simply be what happens when a bunch of very smart kids get very bored in the dark days of winter. All the forms of malware are, in fact, extremely complex puzzles of programing, and they’re fascinating even while they are annoying and destructive.
With the proliferation of virus writing guides and turnkey trojans, it’s easier than ever to develop new malware. Some programmers work to find vuneralbilities and report them as a service to Microsoft, Apple or the developers of Linux so they can be fixed before they are exploited. Some programmers work to find new exploits, and then build new forms of malware and unleash them and watch them spread around the world.
After 25 years of malware, where are we now? It depends on your platform. On Windows, there are around 500 new viruses each month, and possibly 90% of all computers have some sort of spyware. For Apple’s OS X, there are no active viruses or spyware. There are some recognized vulnerabilities, but no viruses in “the wild”.
The reasons for the differences are debated, but the basics are that Windows is inherently insecure and complex, and Apple is built on a more secure backbone that better resists malware. It may also be that Microsoft WIndows has a 90% market share, compared to Apple (7%) and Linux (4%), and that makes them a easy target. It’s possible that if market share were more even, there would be an equal amount of malware for Apple and Linux.
If you run Windows, run an antivirus program and have it automatically update each day. And you should have Windows automatic updates turned on, as Microsoft issues security and update patches once a month or more often. A full security suite is even better, with antivirus, spyware detectors, and a firewall. Don’t run as administrator; run the PC in a less powerful mode as plain old user. If you find a spyware infection, sometimes the only way to get rid of it is to completely reinstall Windows.
Even though there are no Macintosh viruses in the wild right now, it’s still a good idea to run antivirus on OS X in case one appears (it will be big news); in my experience, very few people do. Apple’s OS X can do automatic system updates, too, though Apple issues security updates much less often. Firewalls are on by default on OS X, and you can run OS X as a non-administrator, too, for more safety.
Which antivirus and antispyware programs should you use? There are many out there, and they all have pros and cons. There is an open source antivirus called ClamAV for Windows, Mac and Linux. Search Google for antivirus product reviews; products and capabilities change fast, so be sure the reviews you are reading are current.