My 10/26/08 Missoulian column
If you’ve been Web browsing at all, you’ve gotten pop-up windows and have seen flashing ads on Web sites that say your PC is infected with spyware and you need to scan it right away. The scan and removal is free – just “click here” they say – and the spyware and viruses will be removed. You’d better do it now, the ads warn, or you risk losing your personal information to the malware.
Some ads try to be flashy and feature bugs that crawl over the browser window, or the edge of the window will appear to “peel” back and reveal the imminent risks to your personal information by malware. Sometimes the scam involves a fake message that covers your screen and looks like a real error message with buttons to automatically “scan and repair” the problem.
But the real malware can be that free software and the free offer to fix your PC. Those ads and warnings can be fake, and you’ll do more damage to your PC and the security of your personal information if you fall for the offers. That fake software can itself install malware, or at least snatch personal information from your PC and send it to the bad guys.
Everyone’s PC runs slow some of the time, freezes up or otherwise acts strangely, and that can make one worry. Error messages can by cryptic and unhelpful, too; you think – just what exactly is happening to my PC?
But fake software makers play on your fears of your PC getting hacked or breaking down. They read the news, too, and that computer users are afraid of malware. Fake software makers also depend on you to trust it enough to install it and run it. They will make a convincing case to get you to install the software.
And fake software is common, possibly because it works and makes money for the scammers. Arstechnica cites a study by PandaLabs that says possibly 30 million people a year are hit by more than 7,000 different varieties of fake antivirus programs.
Fake software can easily harvest your personal information because if you you install and run it, it has system permissions to most everything on your PC. And if you enter your credit card information to buy it or pay for the scan or virus removal, then the scammers win without having to work for it.
If you’re not sure about a name or brand of virus of spyware remover, search for antivirus software reviews at a reputable news site, such as Cnet.com (antivirus review).
Only “real” software from legitimate security companies gets reviewed for quality by well known Web sites like Cnet.com.
Fake software isn’t limited to spyware and virus scanners. There are some fake video and audio players out there. For instance, a Web site will suddenly tell you that you need a special audio player or video “codec” to see the movie on that site. Don’t do it. Or at least investigate via Google if that codec is legitimate and not malware.
Much fake software – in the form of spyware scanners and the like – is advertised and downloaded directly via the Web. But some fake software appears to be legitimate by being advertised like an on-the-shelf product in a box that is for sale. The Web site might have the option to order the boxed product or download it right away, but don’t fall for either option.
Most fake software advertised by pop-ups and fake error messages is for different varieties of Windows operating system. Windows is the ruler when it comes to computer user market share, and that market share dictates much of the virus and malware development. What’s the point in developing a virus or a trojan for a computer system that has less than 10 percent of the market?
But because of recent market share gains, Macs are not alone anymore, and some of the latest fake software scams target Mac OS X. Although Mac’s have unix under the hood and it has more inherent strengths to withstand many types of malware, one open vector is fake software.
One of the newest scams is fake software called MacGuard. According to Integro, the Web site that advertises the Mac version is an exact copy of the Windows variety, which is both a scam and fake software that is really malware.
What about errors? How do you know the difference between fake and real error messages? It can be difficult sometimes. Windows XP errors will mostly say you need to restart with a control-alt-delete. They won’t say “click here” for a virus scan or to “repair your PC.” According to lots of blogs, a surprising number of fake error messages that are connected with malware have improper English and/or misspelled words.
The bottom line is to not trust those pop-ups and Web ads that say you need a spyware or virus scan. There are thousands of them, and they well get more convincing as the makers learn more about how to win the game of psychological antispyware warfare.
If you run Windows, also look into running under a user account with limited rights. That way, even if you do click on an ad or fake error message and download malware, chances are good it won’t be able to run because it won’t have enough system permissions. Check Microsoft’s page on using limited-rights accounts for Windows XP.
Get your own quality antivirus and antispyware and use it. That Cnet antivirus is here. When in doubt, Google the name or brand of the software and even the error messages you get. You’ll likely find all kinds of information and be warned away from fake software and scams.
Follow-up: I covered a story last month about United Airline’s billion dollar stock crash due to an old bankruptcy news story that erroneously appeared to be current news on Google News. The glitch was compounded by several mistakes and the story was tagged current when in fact it was years old. Interestingly enough (and possibly part of Google’s remediation of the issue), Google has recently added this disclaimer to the bottom of their news page: “The time or date displayed reflects when an article was added to Google News.”