Why no news is bad news -- at least when it comes to malware
Once upon a time, malware authors wrote code to infect thousands of machines for entertainment and intellectual stimulation. Today, it's all about the money, and the greatest threat may lie in the silence, making a far more dangerous landscape.
Let's look back at the brief history of malware. It is 1986, and the first computer virus has just been released. The "brain virus" -- a benevolent-acting boot sector virus that immediately declares its presence on an infected machine. Ten years later, researchers at Columbia University predict that crypto-enabled ransomware may strike -- the Archiveus Trojan fulfills the prophecy. It encrypts files on infected machines and offers the decryption key for sale. Yet a few years later, keyloggers become part of the everyday threat on the Internet. What has changed? They do not announce their presence. They hide. They spy. This is an important change in functionality, in particular when we talk about security attitudes of typical Internet users. To many, if the malware does not announce its presence, it simply is not there.
With practically no worries, people will install "fun applications" -- games, screensavers, and other cute things that will put their machines in harm's way. Many people do not realize that a game may moonlight as a keylogger, a method of capturing and recording userkeystrokes. People will click "yes" if they are asked to install something time after time after time, and the question just won't go away as long as they click "no". Offer people convenience over security, and security will lose. The average Internet user is more lazy than security aware.
Average Internet users will play full-screen movies sent by friends, even if it means running self-signed executables (these are programs that have been certified to be good -- but not by a trusted entity, but by the person who wrote the program.) They will buy and install pirated software, which of course can have been gently augmented to include malware. Ironically, a large portion of pirated anti-virus software may not help the user too much. And of course, it does not matter whether the original version was made by a respectable anti-virus vendor or not. People will put up their own websites, but not quite know how to manage their security. Many of these sites (unwittingly to their owners) become hosts for malware.
People do not know that their machines have been infected these days because it is not in the best interests of the malware authors that they do.
The silence is deadly. And because money is the main motivator, the term crimeware is increasingly being used instead of malware.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Markus, I think that pretty
Markus, I think that pretty much sums up the nightmares of the internet. Unfortunately even network administrators or local administrators will be just as lazy when it comes to security.