Hi-Tech 101: Scary computer stories

Welcome to the world of ‘scareware,’ the fastest-growing segment of the rogue software population out there.

By DAVID SHAMAH
March 26, 2010 16:45
4 minute read.
computers 88

computers 88. (photo credit: )

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user uxperience almost completely free of ads
  • Access to our Premium Section and our monthly magazine to learn Hebrew, Ivrit
  • Content from the award-winning Jerusalem Repor
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later Don't show it again

Once, girls were girls and men were men; you knew who you were then. And you knew who the bad guys and the good guys were; the viruses the former, and the virus-fighting programs the latter. No more, though. Nowadays, the very programs you were counting on to fight viruses might be nothing more than viruses themselves. Time to learn a new word. You’ve heard of malware, spyware and virusware? Now welcome to the world of “scareware,” the fastest-growing segment of the rogue software population out there.

Disguising itself as a solution, scareware actually creates a problem, prompting you to voluntarily install it by scaring you into believing that you’re “infected.” It’s happened to anyone who’s surfed the Internet – especially Windows users, who are most vulnerable – at one time or another. You’re checking out a site when all of the sudden, a message flashes on the screen. “Security scan in progress! Your system could be infected with bad viruses!” And as the scan progresses, the list of infections on your PC gets longer.

Be the first to know - Join our Facebook page.


To solve the problem, says a notice at the end of the scan, you need XYZ Virus Killer, which you can install by clicking on a button. Naturally, you do so – but are then told that the program will only actually remove those viruses if you pay them $49.95, right now. That’s how scareware works; shocking and scaring you with identifiable threats, scareware is basically a shakedown.

But it gets even worse; you may have installed not just an annoyance, but a rogue application that will hijack your computer for use as a spam forwarder (a popular function of viruses today), for example. Remember, a virus is just another application, as far as your computer is concerned, and you probably have anti-virus programs installed to keep out rogue programs, preventing them from installing themselves without your permission. How much easier it is for the hackers if you do the installation work voluntarily.

Because it appears legitimate – and because you need to consciously fight it in order to prevent it from taking over your machine – you need to form a strategy to fight scareware. It’s not enough to rely on anti-virus applications you may have installed on your machine, because, as mentioned, with scareware you’re basically giving permission for the application to install itself. What’s needed is a two-fold approach; one, gaining a knowledge of what to avoid, and two, developing a way to identify and avoid installing these bad guys.

The lists

An interesting place to start is at the Bad List – the Spyware Warrior list of Rogue/Suspect Anti-Spyware Products, which you can see at http://tinyurl.com/yslol. Although a few years old (meaning that more recent applications are not included), the list is a useful guide to the many scareware applications that are still floating around. The names of many of the programs – AlertSpy, Dr. Adware, Privacy Defender – cleverly mock the names of legitimate anti-virus and anti-spyware applications, making your clicking on the install button more likely in a moment of pressured crisis (like when you think you have a dozen viruses on your computer).



A related, more up to date list of problematic software of all types (not just scareware) can be seen at http://tinyurl.com/2sjb, which lists 2,346 pieces of spyware, adware, malware, keyloggers, trojans, dialers and other rogue programs. To really make sure you’re not getting duped, check out the list of legitimate anti-virus programs at http://www.virustotal.com/sobre.html, which is run by (legitimate) file scan site Virustotal.

Filters

One way to avoid problematic installs of any kind is to avoid sites that are known to install them, and users of Internet Explorer 8 have an edge with Smartscreen Filter (http://tinyurl.com/yebnme8), which maintains a thorough and constantly updating blacklist of sites to avoid, known to attempt to install things like scareware. When the filter is turned on, IE8 will warn you that the site is unhealthy, giving you the opportunity to avoid surfing there. Firefox has a similar function, but it’s more limited than IE8’s.

However, Firefox users have what is perhaps an even more effective tool. NoScript (http://noscript.net/) is a Firefox extension that will basically prevent any executable from running off a Web page, unless you okay it. Instead of a blacklist, banning only certain sites, NoScript considers all Web sites suspect, and to access JavaScript, Java and Flash and other plugins, you have to approve sites to a whitelist. How do you know what to approve? Easy – if a site you know and trust doesn’t work properly, you can probably feel safe approving script activity; if the site isn’t so “kosher” (like a torrent download site), you might want to take a more conservative stance.

‘Patrols’

Another program you’ll find indispensable is Winpatrol (http://www.winpatrol.com/), a free program (upgradeable to a pay premium version) that will alert you when something tries to install itself on your PC, whether you’re aware of the installation or not. In the world of Windows, “installation” means that your computer’s registry is adjusted to utilize an executable, and Winpatrol, when it gets installed, examines your registry and takes a snapshot of it.

Anything you try to install henceforth will set off alarm bells (actually, Winpatrol’s mascot, Scotty the Dog, will bark). You can then decide whether or not you want to continue with the installation. If an installation shows up when you surf to a Web site, then you know you’re in the wrong place (file scans, which many scareware sites claim to be running, do not require you to install anything, so if you get an install alert, run). With Winpatrol, the tools for IE8 and Firefox I mentioned, and a little common sense, we don’t have to be scared of scareware anymore.

Related Content

[illustrative photo]
September 24, 2011
Diabetes may significantly increase risk of dementia

By UNIVERSITY OF MICHIGAN HEALTH SYSTEM