Recently in Avast Category

The Conficker worm: What should you do about it?

By Steven Rosenberg on April 1, 2009 11:50 AM | Permalink | Comments (0) |

Not just the Internet but newspapers, TV and just about everybody you see on the street with just a little speck of geek in them is abuzz about the Conficker worm.

This malicious piece of code was supposed to get all medieval on us ... right about now, meaning April 1, with all sorts of nasty consequences, including the transmission of logins, passwords and other sensitive information out of our very own PCs and into the arms/hard drives of those who seek to harm us.

Could happen. Probably won't happen to you, but the danger persists.

For help on Conficker, I turned to my usual go-to source, ZDNet, where I perused the following:

The "no bull" guide to Conficker by Adrian Kingsley-Hughes
Are you ready for Conficker? by Christopher Dawson
Conficker tracking — all's quiet, so far by Elinor Mills

Here are the high points:

Conficker, also known as Downup, Downandup, Conflicker and Kido, has been around for awhile in various forms — since last year, in fact. If you want to know much, much more about the worm, go to the Conficker Working Group wiki.

According to the Conficker Working Group, the worm can do some nasty things:

Block system services on Windows PCs that include Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting
Connect to another computer or computers and begin infecting them
Collect sensitive information
Install additional malware
Attach itself to internal Windows utilities/services that include svchost.exe, explorer.exe and services.exe

And one of the main forms of entry for Conficker in its various forms are those ubiquitous USB flash-memory drives that we've all been using for the past many years ...

Also from the Conficker Working Group:

Experts say (Conficker) is the worst infection since the SQL Slammer. Estimates of the number of computers infected range from almost 9 million PCs to 15 million computers, however a conservative minimum estimate is more like 3 million which is more than enough to cause great harm.

OK, so it's bad.

What do you do about it?

Well if you don't run Windows, you're OK. While it's possible to spread Conficker via a Mac OS X or Unix/Linux computer, the worm itself won't affect those machines because like almost all malware, it's aimed at Windows PCs.

The way to protect yourself from Conficker and all manner of malware/worms/viruses/trojans/what-have-yous is to have a fully patched Windows system with all of Microsoft's security updates as well as an antivirus program with all of its current updates.

So if you're running, say, Windows XP or Vista, and if you have the Microsoft updates set to download and install automatically, you're OK on the first count, and Conficker probably won't hurt you.

And if you're running Norton Antivirus, McAfee Total Protection, AVG Internet Security or any number of competing products from reputable, well-known vendors, you'll also know about anything harmful before it affects your Windows installation.

For Windows users, I recommend Avast Home Edition, which is free for personal use, or Avast Professional Edition for the workplace.

But right here, right now, you can download Microsoft's Windows Malicious Software Removal Tool for free and do either a quick scan or full scan of your system. If you have Conficker and somehow don't know it, this tool should throw up a bunch of red flags sooner rather than later.

I downloaded the tool to try it. Once I ran it, a message in the window said that if you did have an infected PC, a quick scan (which takes only a few minutes) will tell you that you need to do a full scan — which could take several hours. I ran the quick scan, which didn't find anything amiss. So the antivirus on my work-supplied PC, which is Computer Associates' eTrust, seems to be doing its job.

Here's the bottom line: If your Windows box has all the latest Microsoft patches, if you have current antivirus software, and if you're not prone to downloading and running random .exe software files from all over the Web ... and if everything seems to be working fine, you're probably OK.

If you are running an unpatched version of Windows, don't use antivirus or haven't kept your "subscription" to its updates going, and if you regularly Google for free software from less-than-reputable sources, you might have a problem. If not now, then soon.

The last time I had to clear an XP machine of malware, there was no question that the machine was infected — it was barely functional. After a full day of scanning and malware-removal with Avast, all was well.

What we can learn from Conficker is that when there's a lot of publicity for a malicious attack on computers, the eventual outcome of that infection is usually not as bad as first thought. It's all those other times when you personally have a malware-infected PC that keeps you from using your computer and imperils your data. That's when you should really worry (and have more than one backup of your data).

And like my colleague Steven J. Vaughn-Nichols of Computerworld says, you could always avoid all of this angst by not running Windows.

Do you have an unnatural attraction to Internet Explorer? ... and I perform a PC exorcism (cue the green vomit)

By Steven Rosenberg on December 17, 2008 11:00 AM | Permalink | Comments (2) |

What role does the Internet Explorer Web browser play in your life? In recent days, new vulnerabilities in the flagship Windows browser have come to light.

Alas, the fix is in, but pundits continue to suggest that running IE is just asking for trouble.

I'm not ready to say IE is such a security risk that instead browsing the Web with Firefox, Google's new Chrome, the super-quick Opera or even Apple's cross-platform Safari is enough to save your digital bacon.

Nope, it's all about what you do, where you go and what computing platform you choose to do it with.

The fast is that i386-based Windows PCs continue to be the most vulnerable platforms out there because of both their ubiquity and relative lack of built-in security when compared to Macintosh OS X and the vast number of Unix-like OSes out there (including Linux, the BSDs and Sun's offerings).

If you make a habit of downloading executable files (they're easy to spot in Windows because they end in .exe) without being absolutely sure they're totally legitimate and then double-clicking on them, bad things may very well happen.

Don't get me wrong. Searching for free software for Windows computers is something I do, too. Not often, but I do it. That's how I found some of my very favorite applications on any platform, including the terrific image viewer/editor IrfanView, the fast AbiWord word processor and Notepad++, the best Windows-native text editor ever.

Continue reading Do you have an unnatural attraction to Internet Explorer? ... and I perform a PC exorcism (cue the green vomit).

Main Index | Archives | Conficker worm »

New ways to sign in to comment: I just added the ability for prospective commenters on this blog to sign in using their AOL, Yahoo! and Wordpress.com accounts (for the past 200 posts anyway ... more than that will take an extensive, middle-of-the-night rebuild). That's in addition to the other sign-in choices, which include starting a Movable Type account on this blog, Typekey, OpenID, Live Journal and Vox. If you have trouble getting your Movable Type account verified, or any of the other sign-in options are not working properly, please e-mail me. With these added ways of signing in, there's more reason than ever for you to make a comment (or several!).