Subtitle: "All your base are belong to us."
(For an explanation of that phrase, go to http://en.wikipedia.org/wiki/All_your_base_are_belong_to_us.)
Researchers with Matousec.com recently found a way to circumvent some of the most popular security programs for Windows computers, including products from Symantec, McAfee, Microsoft, AVG, Avast, Trend, Kaspersky, Sophos, ZoneAlarm, and others. In other words, viruses and other bad software can hide from all of today's anti-virus programs and similar tools. These malevolent programs can then spread easily with very few restraints. The problem exists only on the Windows operating system; Linux and Macintosh users are not affected.
Matousec.com researchers found a way to allow viruses and other malware to monitor anti-virus programs. Newly-written viruses can monitor the installed anti-virus program to determine if the virus has yet been detected. Once the anti-virus programs discover the virus program and flag it as a problem, the virus (or other bad software) will then automatically change its characteristics so that it is no longer visible to the anti-virus program. If the virus is later discovered a second time, it will change again. And so on. The process is known as "morphing its shape at any time." In the end, Windows PCs are tricked into allowing the infection to spread. At this time, there is no known cure for PCs infected with such a virus.
The process is fully explained on the Matousec.com at http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php. The description is detailed and is also very technical. However, the summary is easily read by non-techies: "This attack represents serious threat because many security software vendors base their security features on hooking. We tested the most widely used security applications and found out that all of them are vulnerable. Today's most popular security solutions simply do not work."
The next few months should be interesting as the anti-virus vendors try to find a solution to these latest findings.
What can the individual computer user do to avoid problems? There is no single, simple answer. Even though this latest finding shows that anti-virus software isn't perfect, I'd still suggest having a recent version of a state-of-the-art anti-virus product installed and then make sure it is updated daily. The latest exploit has only been proven in a laboratory; there are no known viruses floating around yet that use this technique. I am sure that will change someday soon. Until then, a good anti-virus program that is updated daily still provides a lot of protection.
Next, avoid questionable web sites. Never visit web sites that appear via pop-up windows. If a pop-up appears on your screen, immediately close it. Never click on anything inside a pop-up window, simply click on the "X" in the upper right corner to close the window. That won't provide total protection, but it is a method of avoiding many problems.
If any web site asks you to download software that you do not understand, immediately leave that site.
These are not complete solutions but will avoid many problems.
The only complete answer is to switch operating systems to Linux or Macintosh. However, that is difficult for most people and probably is only a temporary solution, at best. Windows attracts all the virus writers simply because it is so popular. However, if everyone switches to Linux or to Macintosh, I am sure the virus writers will also switch. While viruses on Linux and Macintosh reportedly are more difficult to create and are unheard of today, all that could change if dozens of virus writers are attracted to the more secure operating systems.
Changing operating systems appears to be a good move but only as long as the majority of computer users do not do the same.
This is why we should move into a computing environment like android. Each app in its own VM.
Posted by: Dan Sevens | 07/09/2010 at 09:59 AM