Monday, March 30, 2009

60 Minutes: "The Internet is Infected"

60 Minutes is a great show, for the most part (and let's not forget it has Andy Rooney!), but a report Sunday night on the Conficker worm titled "The Internet is Infected" is probably the definition of hyperbole.

The report, a full transcript of which is here, and a video below, was designed to alarm, and I'm sure it did. The title alone is alarming, but what it doesn't address, and what the report fails to mention is the following:
  • Conficker only affects Windows PCs
  • It exploits a vulnerability in Windows that Microsoft patched in October (in an emergency patch, no less). If you have patched your PC, you are safe.
  • If you are running a current, up-to-date antivirus (AV) software, you will be safe, for the most part.
  • If you aren't running running an antivirus application, or are running one that's expired, there are standalone programs by reputable vendors such as McAfee that will remove Conficker.
Conficker.B was detected in February and added the ability to spread through network shares and via removable storage devices, like USB flash drives.

Conficker.C, which surfaced earlier this month, is set to receive instructions, download an updated copy of itself, or other malware on April 1st; security vendors aren't sure just what.

I have to admit, there was useful information for those (like my mother-in-law) who simply don't understand the threats that are out there and the need for effective antivirus software (at least for Windows PCs, more on that later).

In fact, Lesley Stahl spoke to Steve Trilling, a Symantec vice president. He said (and it's true) that too few people have up-to-date security software:
"As soon as you clicked on that link and you had security software, you would immediately get an alert. 'This is a bad Web site.' And it would have blocked the attack. You would have never been hit. Putting on that software, you’re preventing yourself from becoming a victim."
On the other hand, the report later told the story of Mary Rappaport, who apparently had AV software and a firewall, and yet had her system compromised to the point that they were able to get into her bank account, even after she changed the password.

A key logger perhaps? If so, how was she infected with up-to-date AV software?

Well, that's the problem with AV software and why I earlier said "for the most part" in terms of AV protection: it relies on virus signatures and if something new comes on the scene, it may not be able to detect it. That's why an AV program with strong heuristics to detect previously unseen malware. The downside: a potential for false positives.

Some people (like me) run multiple layers of protection, including anti-trojan software in addition to antivirus software.

As I previously said, this is a Windows only problem, and many Mac users tend to crow about it. The reason the Mac is, heretofore, invulnerable is that there are simply many more Windows users than Mac users. When trying to target a group of people, you go after the biggest group.

But with the recent upsurge in Mac adoption, that may be changing. Mac users need to be a little less cocky than they currently are. While Macs aren't currently a large target of hackers, they are not inherently safe: witness the fact that a researcher hacked into a Mac in 10 seconds during a contest at a recent convention.

Watch the 60 minutes report:



No comments: