The Conficker worm: What should you do about it?

Not just the Internet but newspapers, TV and just about everybody you see on the street with just a little speck of geek in them is abuzz about the Conficker worm.

This malicious piece of code was supposed to get all medieval on us ... right about now, meaning April 1, with all sorts of nasty consequences, including the transmission of logins, passwords and other sensitive information out of our very own PCs and into the arms/hard drives of those who seek to harm us.

Could happen. Probably won't happen to you, but the danger persists.

For help on Conficker, I turned to my usual go-to source, ZDNet, where I perused the following:

• The "no bull" guide to Conficker by Adrian Kingsley-Hughes
• Are you ready for Conficker? by Christopher Dawson
• Conficker tracking — all's quiet, so far by Elinor Mills

Here are the high points:

Conficker, also known as Downup, Downandup, Conflicker and Kido, has been around for awhile in various forms — since last year, in fact. If you want to know much, much more about the worm, go to the Conficker Working Group wiki.

According to the Conficker Working Group, the worm can do some nasty things:

• Block system services on Windows PCs that include Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting
• Connect to another computer or computers and begin infecting them
• Collect sensitive information
• Install additional malware
• Attach itself to internal Windows utilities/services that include svchost.exe, explorer.exe and services.exe

And one of the main forms of entry for Conficker in its various forms are those ubiquitous USB flash-memory drives that we've all been using for the past many years ...

Also from the Conficker Working Group:

Experts say (Conficker) is the worst infection since the SQL Slammer. Estimates of the number of computers infected range from almost 9 million PCs to 15 million computers, however a conservative minimum estimate is more like 3 million which is more than enough to cause great harm.

OK, so it's bad.

What do you do about it?

Well if you don't run Windows, you're OK. While it's possible to spread Conficker via a Mac OS X or Unix/Linux computer, the worm itself won't affect those machines because like almost all malware, it's aimed at Windows PCs.

The way to protect yourself from Conficker and all manner of malware/worms/viruses/trojans/what-have-yous is to have a fully patched Windows system with all of Microsoft's security updates as well as an antivirus program with all of its current updates.

So if you're running, say, Windows XP or Vista, and if you have the Microsoft updates set to download and install automatically, you're OK on the first count, and Conficker probably won't hurt you.

And if you're running Norton Antivirus, McAfee Total Protection, AVG Internet Security or any number of competing products from reputable, well-known vendors, you'll also know about anything harmful before it affects your Windows installation.

For Windows users, I recommend Avast Home Edition, which is free for personal use, or Avast Professional Edition for the workplace.

But right here, right now, you can download Microsoft's Windows Malicious Software Removal Tool for free and do either a quick scan or full scan of your system. If you have Conficker and somehow don't know it, this tool should throw up a bunch of red flags sooner rather than later.

I downloaded the tool to try it. Once I ran it, a message in the window said that if you did have an infected PC, a quick scan (which takes only a few minutes) will tell you that you need to do a full scan — which could take several hours. I ran the quick scan, which didn't find anything amiss. So the antivirus on my work-supplied PC, which is Computer Associates' eTrust, seems to be doing its job.

Here's the bottom line: If your Windows box has all the latest Microsoft patches, if you have current antivirus software, and if you're not prone to downloading and running random .exe software files from all over the Web ... and if everything seems to be working fine, you're probably OK.

If you are running an unpatched version of Windows, don't use antivirus or haven't kept your "subscription" to its updates going, and if you regularly Google for free software from less-than-reputable sources, you might have a problem. If not now, then soon.

The last time I had to clear an XP machine of malware, there was no question that the machine was infected — it was barely functional. After a full day of scanning and malware-removal with Avast, all was well.

What we can learn from Conficker is that when there's a lot of publicity for a malicious attack on computers, the eventual outcome of that infection is usually not as bad as first thought. It's all those other times when you personally have a malware-infected PC that keeps you from using your computer and imperils your data. That's when you should really worry (and have more than one backup of your data).

And like my colleague Steven J. Vaughn-Nichols of Computerworld says, you could always avoid all of this angst by not running Windows.