Gallery

The spam is out, but the viruses are in

Posted on 3 Mar 2009 at 17:50

This month, Steve Cassidy offers his take on spam, and finds that version 2 of VMware doesn't live up to first appearances.

?? No, having an 18-month-old expired copy of Norton doesn't mean you're well protected, nor indeed protected at all.

?? No, it isn't the case that any antivirus program will detect any virus. In particular, you can't expect a daily file scan to pop up a warning about some web page you're looking at right now. Daily file scans on the vast majority of PCs these days take hours to complete: a typical Windows XP PC contains upwards of a quarter of a million files that the scanner has to pick through, and so - like my old school chum Willy Archer, who ran round and appeared twice in our long school photo - that takes long enough for a new virus to deposit itself somewhere that the file scanner has just reported as clean.

?? No, running two antivirus scanners on the same machine isn't better than one. They're quite good at making it run like a 15-year-old 286 PC with 256MB of RAM, though. And when you swap from one AV product to another, please don't completely remove the old one before you put on the new one: this error accounts for a fat slice of the home and small-business callouts for all those guys who charge by the hour, and I'd not want them to fall on hard times by telling everyone the trick of seeing off the old software before restarting and installing the new...

?? Once a virus is inside your system (and this applies to entire networks or to single PCs), a number of nasty things start happening. The first thing it does is to disable your virus detector; the second thing it does is to let in a load of less stealthy, less well-written crap in behind it. These components may turn up later in your disk scan, and you may feel aggrieved that your memory and activity checker didn't spot this or that old chestnut, but thinking this way is a waste of effort. Something far smarter than those dumb bouncing-window or spam-relaying trojans performed the initial infection, and it was only after your machine had been rigged as a trojan or a bot that all this other stuff arrived.

?? This isn't an automated process. People are driving these infections. They're not all that interested in your personal data, but are far more interested in battling with one another - masking their traffic stream inside yours, and using other fake identities they've paid for mostly to download porn and mainstream feature films. Your machine's infected, open status is a commodity to be sold on the open market to someone who may re-sell it again and so on, over and over, until 40 or 50 people of varying competence are passing through your PC and incidentally infecting you with yet more rubbish viruses.

Live viruses have been out there in the wild and run by people with high motivations for so long now that we have, I think, all been napping a bit. It naturally follows that the virus that eventually infects you is one that doesn't get spotted by the single antivirus utility you're obliged to settle for in the interests of stability. But this is a networks column, and you're on a network, and this is the fact that gives you the protection you need: while you can't run more than one antivirus on a lone PC, you can run multiple AV products on your network. It's awkward to have more than one operating system on a home PC (unless it's a Mac running Parallels or VMware Fusion), but it's trivially simple to keep two or more operating systems on your LAN, and the chance that a galloping, virulent infection will take out two operating systems is very much smaller than the risk of losing all your data with only one.