I Got a Malware Infection and It’s YOUR Fault!

Your lack of Internet security awareness hurts both you, and me.

image What you don’t know can’t hurt you, right? If you believe that, I have a bridge in Brooklyn you might be interested in buying.

Arguably, there are people who actually believe this nonsense statement, and that’s fair enough. For those who do believe this old truism, I have news for you. Bad news.

It’s simply this – if you are an unaware computer user, you simple don’t know, what you don’t know, when it comes to adequately protecting yourself – and by extension, me – on the Internet.

Fact: The majority of computer users are undereducated when it comes to recognizing the dangers and threats that the Internet poses to their computers, and to their personal privacy.

Fact: If your computer is inadequately protected while you surf the Internet, you increase the probability that at some point, I will be victimized!

Fact: The more infected computer systems that are attached to the Internet, the larger the attack surface is for cyber-criminals to use these infected machines in an attempt to infect my system.

While the results of a survey completed by security provider McAfee Inc, are slightly dated, nevertheless the results continue to be consistent with my personal anecdotal evidence.

The fact remains – a significant number of computer users lack adequate security knowledge, operate computers with security software that is incomplete, or dangerously out of date.

Highlights of the McAfee survey:

Ninety-two percent of those surveyed believed their anti-virus software was up to date, but in fact, only 51 percent had updated their anti-virus software within the past week.

Seventy-three percent of those surveyed believed they had a firewall installed and enabled, yet only 64 percent actually did.

Approximately 70 % of PC users believed they had anti-spyware software, but only 55 percent actually had it installed.

25% of survey participants believed they had anti-phishing software, but only 12 percent actually had the software.

60% lacked software to protect their privacy.

52% were unaware of their browser’s security/privacy settings.

Where do you fit in all this?

Computer security, on or off the Internet, but especially while surfing the Internet, has to be a priority; it cannot take a back seat. It needs to be first and foremost in computer users’ minds as they interact with the Internet.

Governments worldwide, now seem to be addressing this issue, since the potential for mass disruption of critical services, which by extension would/could have severe consequences on national security, are potentially impacted by unsafe practices, or inadequate security, at the home computer level.

Richard Harknett and James Stever, both political science professors at the University of Cincinnati, recently wrote in the Journal of Homeland Security and Emergency Management

“The general population must be engaged as active security providers, not simply beneficiaries of security policy, because their practices often create the threats to which government responds.”

I’m not in the business of forecasting the future – I deal with present day realities, but I’ll say this – unless there are substantial voluntary changes in personal computing behavior, governments will be forced to enact rules governing that behavior. They’ll have no choice.

In the meantime, it may well be that you need to take the time to survey your computer to insure that all relevant security applications have been installed, are up to date, and are operating correctly.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

26 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Interconnectivity, Internet Safety, Online Safety, System Security, Windows Tips and Tools

26 responses to “I Got a Malware Infection and It’s YOUR Fault!

  1. Pingback: Tweets that mention I Got a Malware Infection and It’s YOUR Fault! « Bill Mullins' Weblog – Tech Thoughts -- Topsy.com

  2. It would seem to me that if the internet would just provide more than a monthly bill, say a bit of education about security when you come aboard, perhaps an adequate virus protection/firewall, and most important, some english-speaking support, 90% of the spammers and virusi could be eliminated. Most users know how to turn their computer on/off, read emails, and perhaps read the daily news. Anything else is beyond comprehension.

    • Bill Mullins

      Hi Winteridge,

      That’s one of the most sensible solutions I’ve heard all day.

      Thank you.

      Bill

  3. Pingback: » I Got a Malware Infection and It's YOUR Fault! « Bill Mullins … RWPS

  4. Liam O' Moulain

    Hi Bill,

    Have to agree with winteridge – it just makes makes sense.

    Of course, because it makes sense it won’t happen.

    Liam

    • Bill Mullins

      Hey Liam,

      I agree a simple corrective solution like this is unlikely to happen. Go figure.

      Bill

  5. Mal

    Hey Bill,

    I think those that have an interest and/or hobby with computers are security aware. Most people I know don’t care how it works, as long as it works. They seem to think if they can’t see anything wrong, then nothing is. There are simple solutions out there, but the problem remains that if people don’t actually take an interest, the problem won’t go away.

    BTW, I am trying out Microsoft Security Essentials, primarily because you have given it a big tick. It is very good, but I can’t get the damn scheduler to work, something I’m going to work on today. Might have something to do with running XP, I’m not sure. I was close to buying ESET, one of the best AV’s I have ever tried out, but I thought I might give MSE a run for a month.

    Have a great day (or night as the case may be lol).

    Cheers

    • Bill Mullins

      Hey Mal,

      Totally agree. The people you know, are perfect targets to be botted and then spread the crap. With the high power system we have today we wouldn’t even know.

      Stick with MSE for a bit longer. I have problems as well with the autoupdater – sometimes it works and sometimes not. I can’t figure it out. I’ve quit worrying about it since I update everything manually every day anyway.

      Best,

      Bill

  6. Even though almost everyone has some sort of anti-malware protection installed we still see an enormous number of malware infestations, and most of these are “out of date” related.

    Because it gives you a false sense of security, having an outdated anti-malware program installed on your PC is arguably worse than having no security installed at all.

    It’s a fact of life that most free anti-malware programs are ads promoting the paid full version, and to encourage punters to buy a license they have one or more functions crippled.

    One of the most commonly crippled functions is auto-updating, and if you don’t keep on top of manual updates (and some anti-malware programs are updated several times an hour) then you’re at risk.

    Anti-malware protection MUST be kept up to date at all times … and in my opinion, freebies that don’t auto-update should be avoided like the plague!

    • Bill Mullins

      Hey Rod,

      Couldn’t agree more.

      In fact, if a freebie AV doesn’t auto update, I only recommend it as an on demand scanner – and that includes Malwarebytes, and SuperAntiSpyware.

      Trialware AVs, should be banned, in my view, since they are a common cause of that “false sense of security”, that you mention. One of my tech friends, down in New Hampshire, frequently works on machines, on which the trialware has expired and not been replaced.

      As usual, your comment is on point and thoughtful.

      best,

      Bill

      • Hi Bill,

        I don’t agree that *fully functional* trialware AVs should be banned, but banning *crippled* anti-malware freebies may not be such a bad idea … many of the “out of date” related malware infestations we see every day might have been blocked if the installed crippleware had been kept up to date.

        A *crippled* trial of any type of program is a waste of your time. “WYSIWYG” is what you need to make an informed decision about the program you’re thinking about buying.

        A *fully functional* trial is a horse of a different color … it lets you see exactly what the licensed version will and won’t do on your own computer, and apart from being time-limited, very few anti-malware *trial* versions are crippled these days.

        Having said all that, I do think fully functional trialware AVs that become crippleware after the trial period are BadBadBad and that trial periods are generally way too long … you don’t need 6 months, 3 months, or even 1 month to make up your mind whether or not an anti-malware program is worth paying for.

        IMO, the ideal anti-malware trial is a 15-day fully functional version that becomes totally non-functional when the trial period expires then gets in your face every few minutes telling you that it’s no longer working at all … that way you know exactly where you stand.

        Computer security is a duty of care to yourself. If you’re an “all I need is a crippled freebie” freak and you don’t keep on top of it with religious fervor then you’ve failed in that duty of care… and you *will* pay the price for your complacency sooner or later.

        rod

        • Bill Mullins

          Hi Rod,

          Well, we’re going to have to agree to disagree, on certain of these points.

          First, the “awareness level” of computer users is so broad, that making a definitive judgement is something I shy away from. I will agree, that In the proper hands, trialware is advantageous overall, just as you point out. However, in the undereducated users hands (the largest percentage of users), they can be a time bomb. Most technicians, that I know, would support this view.

          There are many free AVs available where the only limitation is the lack of scheduled updates – I’d hesitate to call this limitation “crippling”. Used properly, as a secondary scanner, this type of app has value. For example, I use free Avira on one of my machines, which does include updates, and the only things lacking are a few esoteric features that an average user couldn’t even begin to understand. There is nothing unusual in an average user not understanding anti-malware applications – I know experienced users who can’t understand them, they’re so complicated today.

          Trialware or freeware that has limitations, I agree, are virtually worthless. On the other hand, assuming that a typical user can determine the value of of an application by trial, is a non-stater. Most users aren’t interested, and choose applications based on personal referrals – just as they choose their Doctor, Dentist, Insurance Agent, Accountant, etc.

          Best,

          Bill

          • Hi Bill,

            > First, the “awareness level” of computer users is so broad, that making a definitive judgement is something I shy away from. I will agree, that In the proper hands, trialware is advantageous overall, just as you point out. However, in the undereducated users hands (the largest percentage of users), they can be a time bomb.

            If undereducated users make up the largest percentage of users then making a definitive judgement is easy. 🙂

            Lack of user education/understanding *is* a problem, and it’s getting worse. The days when you had to build your own computer and modem from the scraps you dug out of the rubbish bin behind your local pizza parlor to get yourself online are long gone. The “all you have to do is plug it in” black box rules in the 21st Century, and it’s much more fun for newbies to go social networking than to learn about their new toys.

            > There are many free AVs available where the only limitation is the lack of scheduled updates – I’d hesitate to call this limitation “crippling”.

            My view is the exact opposite. I consider the lack of scheduled updates to be extremely crippling.

            Humans (generally) don’t update anywhere near as often as auto-updaters, and the number of infections/infestations we see that are directly attributable to the installed protection being out of date (sometimes *months* out of date!) is nothing short of astronomical.

            > Used properly, as a secondary scanner, this type of app has value.

            “as a secondary scanner” says it all. Your primary anti-malware protection MUST auto-update!

            > Trialware or freeware that has limitations, I agree, are virtually worthless.

            Worse than worthless, IMO.

            > On the other hand, assuming that a typical user can determine the value of of an application by trial, is a non-stater.

            Would you buy a new car without taking a test drive, Bill ? 🙂

            I never buy software without trialling it first. If a program doesn’t meet my requirements it’s easier to uninstall it than to get my money back.

            > Most users aren’t interested, and choose applications based on personal referrals – just as they choose their Doctor, Dentist, Insurance Agent, Accountant, etc.

            Most users don’t know anyone personally who is qualified to authorititively recommend anti-malware so they often take third rate advice from “professional review websites” which tout products from the vendors who pay them the most in affiliate referrals or from some self-proclaimed “malware expert” computer magazine journalist.

            Serious and credible anti-malware advice is out there, but you’ll need to look hard to find it and carry a big shovel to dig your way through the mountains of BS blocking your path to it.

            (http://antivirus.com.au/quick/snakeoil.html dates back to 1991 with a few edits and updates over the years … it’s worth a read.)

            rod

  7. dar

    G’day All,
    -if the PC vendors had the tiniest bit of ethics
    & realisation that a five minute show& tell of basic steps of pc securitymight result in repeat sales from grateful customers, we’d be halfway there
    [but then the stores would lose the guaranteed bucks that come from cleaning/fixing them…]
    cheers

    • Bill Mullins

      Hey Dar,

      Something I hadn’t thought about, but definitely worth considering.

      Best,

      Bill

  8. Bill,
    A great big loud AMEN!! on your article. I couldn’t agree more. We must continue to inform and educate ignorant and careless users on this issue and this article is an excellent example of that.
    Well done.
    Paul

  9. Ranjan

    Hi Bill,
    Regarding Trialware AV’s and Botnets, I’ve a live example..
    A friend of mine browsed the net for over a month with an expired AV, and as a result, when he installed another AV and updated it, it caught 27 rootkits and whole lot of backdoors.. I told him repeatedly to have a full format as this will be good for you and others too but since his AV reports that it’s clean now, he denied..
    I even explained him in detail as how stealthy these rootkits can be causing total system compromise but he didn’t… Moreover, he just uses a AV, no other security program.. Can you believe that?
    Phew, some people wont understand ever..
    Having issues with my connection, may not be able to join discussions for some days..

    • Bill Mullins

      Hey Ranjan,

      Unfortunately, your friend’s attitude is more than familiar.

      Finding 27 rootkits demands a drive wipe, and reformat. I can guarantee you, your friend’s machine is still compromised.

      Very informative comment.

      Bill

  10. Owel

    Hi Bill,

    You mentioned Trialware AVs, how about making sure that these types of AVs are actually installed on new PCs as fully licensed AV instead of 30 day trials. Would that help or would that spring up a monopoly market?

    Thanks.

    • Bill Mullins

      Hi Owel,

      Your suggestion makes sense. There are many competitively priced AVs (less than $40 US) that offer “lifetime” licenses e.g. AntiMalwarebytes, SuperAntiSpyware, as opposed to subscription licenses (good for one year), that cost an arm and a leg ($70 – $110 US).

      But the real problem is, computer manufactures and distributors get paid for each, so called, premium AV trialware installed. So, I don’t see this stopping anytime soon.

      Best,

      Bill

  11. Ranjan

    Hmmm.., when i bought my pc, i got a licensed copy of McAfee with 1 year validity..

    • Bill Mullins

      Hey Ranjan,

      Since the marketing and selling of computers is extremely competitive, it’s unusual to get anything another than the OS on a new machine. Sometimes not even an OS is included at discount sellers.

      Bill

  12. Pingback: Anonymous