Can malware be prevented?

[brian_d_fink]

I skimmed through the posting "So, how did I get infected in the first place?" and learned a few things. As a network admin and consultant for small and medium businesses, I'm trying to learn a bit more about malware because my co-workers, clients and I can end up spending a lot of time not just removing this stuff but the aftermath as well.

For example, my boss's son's laptop got one of the "PC Antivirus 2010" versions. It took me a couple hours to find out that MBAM would remove it, I had to change the default names of MBAM as well as make a registry hack to allow *.exe files to run. The aftermath was much more time consuming. I was unable to browse the internet in normal mode, only in Safe mode. Finally I discovered that this malware does something to Symantec 360 which affects its firewall, basically turning it on. Then in trying to remove Symantec, I found out that I had to download a Symantec Removal tool to remove it. Finally I got it working completely again with AVG as the AV software. This was time consuming, frustrating and made for a lousy weekend. But, I did impress my boss, so there is some good in that.

How does this stuff get by AV software in the first place and more importantly, is there a regular AV package (Trendmicro, Kapersky, etc.) that stops this stuff before it begins?

Sincerely,

Brian Fink

[srtools1980y]

It's Cat & Mouse Game. hehe

[swagger]

No A/V or A/S program is perfect. That's why these companies are constantly working to keep definitions up to date with the newest threats. AVG in my opinion is "okay" at best. The resident shield can use a lot of resources, especially on computers that I've used in the past and detection is not the greatest. If you are interested in a free A/V, I would steer you in the direction of Avira Antivir Personal or Avast Home Edition. As far as paid A/V software packages, Avira Antivir, Kaspersky, ESET, & Trend Micro are all decent options.

srtools said it as simply as it could be said. It's a cat and mouse game. Malware writers write new malware and anti-malware companies find these threats and create rules to detect and remove them. Not all threats are found quickly and not all threats can be removed simply. Also, computer users play a big part in the big picture as well. Becoming educated on safely browsing the internet and what to open and what not to open as far as e-mails are concerned go a long way.

[Firefox]

Some folks install Anti-Virus software on their computers, but then leave it, they don't bother to update it, or they let it expire and it no longer gets updated. This leaves the user exposed to the latest threats.

Also a lot of malware and viruses out there are designed to disable your antivirus software, and turn off the notifications that it has been turned off, they do this even before you get infected. Then it infects your computer and takes over.

Short of disconnecting form the Internet and never surfing again, there is no sure way to stop it. Safe surfing habits and education are the best ways as well as keeping your AV and AS software updated.

[whatmeworry?]

For example, my boss's son's laptop got one of the "PC Antivirus 2010" versions. It took me a couple hours to find out that MBAM would remove it,

I don't know how old your boss's son is, but he should probably be required to pay for your services. That will give him more incentive to surf more safely and keep his anti-virus and anti-malware software running and up-to-date. Perhaps there should be a "course" that people whose computers become infected because of carelessness or stupidity would be encouraged to take--sort of like the classes some people convicted of drunk driving are required to take by the judge.

This is not to say that everyone whose computer becomes infected is guilty of negligence or stupidity--far from it! But I think malware infections could be substantially reduced if people just followed the advice Firefox offered above: "Safe surfing habits and education are the best ways as well as keeping your AV and AS software updated."

[Firefox]

@ whatmeworry? LOL that would be interesting if they had to take classes like that.

I will tell you on thing though, I have had some parents start making their kids pay for repairs, cause I have fixed the kids computer more than twice for the same issue. The parent got tired of paying for the fix, so they had the kids pay. For those kids that had to pay for the repair, they have been more careful since it came out of their pockets....

I have some folks that bring me their computer in for repair every other month. I am not complaining ifs only more money for me, but you think they would eventually find out what it is that is causing them to get infected and have better surfing habbits.

[srtools1980y]

Malware writers are mostly students. They just do it for fun & thrill.

Most porno. sites give u pleasure+malware.

So please don't visit porno. sites.

Then #2 is crack sites, that gives you cracks for paid software+malware off course.

Easier said than done.

[swagger]

Perhaps there should be a "course" that people whose computers become infected because of carelessness or stupidity would be encouraged to take--sort of like the classes some people convicted of drunk driving are required to take by the judge.

This is not to say that everyone whose computer becomes infected is guilty of negligence or stupidity--far from it! But I think malware infections could be substantially reduced if people just followed the advice Firefox offered above: "Safe surfing habits and education are the best ways as well as keeping your AV and AS software updated."

You're right, not everyone is negligent or stupid when it comes to having malware on their computers. Someone could have plugged in an infected USB thumb drive or a social media site like Facebook could have been hijacked and infected with a drive by download. A class would be helpful, I just don't see that happening in the short term. Too much money is being made on all sides in the computer security realm.

I have some folks that bring me their computer in for repair every other month. I am not complaining ifs only more money for me, but you think they would eventually find out what it is that is causing them to get infected and have better surfing habbits.

I hope you aren't taking advantage of your clients by not trying to educate them on how to become safer in their browsing habits and overall computer use. That would be a crime in itself. They are ignorant which is why you, I, we get paid, so it's our job as technicians to try to educate them the best way we know how.

[brian_d_fink]

I realize that private owners might not be keeping AV definitions up to date, but Ive had to remove this type of malware from a corporate environment that runs Trendmicro SMB edition (this is our company's preferred AV corporate recommendation). In one instance, one of our clients had about 10 people get infected in a 3-4 day period both at the main office and one of their branch offices. They have firewall filters turned on to prevent porn surfing and the user base is a fairly computer literate crowd.

How does this kind of malware bypass the AV system? Is it that it is "installed" unknowingly by a user, that AV software simply lets it through? I know in the one case where I infected myself (even AFTER I had removed it from other systems a couple of times), that the pop up looked so much like a Windows Update, that I instictively started to download it.

I'm responsible for our company's newsletter for our clients so I was going to put together a "malware" edition before the end of the year so I was hoping to have some additional information on how these things work in the first place.

Brian

[swagger]

It's not just porn surfing that you have to worry about. E-mails also play a major part in corporate settings. Here at the Department of Education, we get 2-3 major epidemics a year where around 10-15 computers become infected because of these stupid Hallmark card e-mails or airline ticket e-mails that have the .exe file embedded or attached. We have firewalls and spam filters but something always manages to get through. That's why these companies make the money that they do. Nothing is 100% fullproof.

[Serious]

The only thing to never get infected permanently is Deep Freeze or Returnil etc.

There is such thing as 100%

[calintexas]

Peer to peer file sharing can cause issues; so, be on the lookout for that too.

There's lots of money to be made by stealing information. Viruses and malware are increasingly created by rouge professionals funded by criminal organizatons. It is a war.

[Swandog46]

Malware writers are mostly students. They just do it for fun & thrill.

No. In this day and age most malware writers are professionals backed by syndicates of organized criminals. Between identity/credit card theft, spam, and pay-per-click hijackings, this is a billion-dollar industry -- Billion with a B. Please do your research. You might start by reading about the Russian Business Network.

[swagger]

Following up on what Swandog said... Long gone are the days of little script kiddies messing around, trying to have fun at other people's expense. Most malware writers these days are professional coders who want to make money. They want that easy, fast money that they know they can get through other people's ignorance. Someone will click a link or open an e-mail or visit a malicious website intentionally (porn). It happens everyday. Just look at the amount of posts in the Malware Removal section of this forum alone. It's outrageous. I am not an expert in malware but I do know a little and I know for a fact that this is a big industry both for the good and the bad.