The malware assault on our PCs escalated in 2008, according to antivirus vendor F-Secure. The company's threat summary for the second half of 2008 reports that F-Secure added 1 million virus definitions to its database this year, a threefold increase from the number of viruses the Finnish security vendor detected in 2007.
Today's malware authors aren't just looking to cause trouble; they're after your money and personal information, which these days are synonymous. Attacks are only going to increase in number and sophistication. If you thought you could avoid an infection by staying away from questionable sites, downloads, and e-mail links, you're mistaken.
The only way to play it safe is to assume the worst. That's why I spent several hours last week disinfecting a notebook computer that probably wasn't infected in the first place.
It all started when I decided to run a free online virus scan on my notebook. I use a top-rated security suite that's set to update its virus definitions and other settings automatically, so I was confident that the scan would come up empty. (I'm not going to name either product because I don't want this post to be construed as a recommendation one way or the other.)
Unfortunately, after a complete system check, the online virus service told me it found two suspicious files on my notebook. The scanner's option to remove the files was grayed out, and the option to "skip" them was recommended.
It appears that the files were flagged as potential problems because they included the word "trojan" in their names. I acknowledge the "hide in plain sight" approach, but I doubt that many malware authors would be so kind as to identify their creation in the file name itself.
Still, the scan had introduced the possibility of an infection, so I immediately closed the notebook's Internet connection, updated the virus definition database of the antivirus software installed on the machine itself, and performed a full system scan using that program.
I wasn't surprised when the scan came up clean--several hours later--but I was relieved that I didn't have to go into full wipe-out mode, doing a complete system scrub and changing all my passwords. (Come to think of it, I should probably sanitize the system and refresh my passwords, anyway.)
Three years ago, I wrote a story called 10-Step Security that promised to lock down your PC in only an hour. The tips in that article are beginning to show their age, so this week, I'll be updating them here to reflect the new reality of computing in dangerous times.