One of my pet peeves working in computer security has always been the use of emotive language. I have always felt that using highly emotive terms to discuss malware greatly adds to the already-considerable FUD (fear, uncertainty and?doubt)?that surrounds a lot of malware information. The FUD, in turn, leads users to think that this is a problem that is too big for them ? too daunting,?too scary ? when that simply isn?t true.
Malware are computer programs?just like other computer programs;?what makes them different?is that they have been created with the intent to benefit their author to the detriment of?an affected user.
However, seeing as it?s that time of the year, I thought we?d take a look back at a few of the ?terrifying? terms that have been used to describe malware over the years.?Those of a piquish disposition should look away now and unplug your Ethernet cable.?You have been warned.
- Virus.?The original big bad. Once a useful metaphor to describe programs that replicate by infecting and utilizing a host file (similar in behavior to their biological namesake). These days, more often used as a catchall for any malicious program.
? - Spyware.?This would have to be?my least favorite?descriptor (and by saying ?least favorite?, I?m really?just being polite). Sure, you could say that the creation of a spyware category to describe the behavior of a set of programs that capture?personally identifiable information and send it to a remote location was a necessary evil as the?nature of online marketing became more insidious, and the value of?personal data increased. Or you could say that the term was created and used?indiscriminately by some software purveyors that sought to scare users into thinking that they needed to pay?for additional protection beyond antivirus. Regardless, the term remains in use today (we?detect some programs as spyware)?but perhaps doesn?t instill the same dread it did in the early days of grayware research.
? - Scareware.?Another term for Rogue antivirus software.?These programs?display false and misleading malware infection alerts to scare users into paying to have these so-called infections removed. Not a bad descriptive term, really, when?ultimately they?re?a set of programs that perform fraud via extortion via fear. I doubt?these programs would have?flourished if less fear was used in marketing security software in the past (see above).
? - Ransomware.?Speaking of extortion, here?s another class of programs that stop you from using your computer by either locking your screen or encrypting your files, and then asking for money to unlock your computer or decrypt your files. I don?t like this term as it smacks of sensationalism.?However, it does describe what?s happening pretty well, as affected users? computers are unusable until the ransom is paid. More recent examples of this class of program add additional incentive to hand over the money by masquerading as local law enforcement agencies and telling the user that they have been caught accessing illicit material online ? the ransom becoming a fine.
? - Browser Hijacker.?Was using the term hijacker really necessary? Surely ?redirector? would have sufficed. A browser hijacker (*sigh*) is?a program that?interefers with?your Internet experience by directing your browser to places not of your choosing.
? - Crimeware.?A particularly?unnecessary term that is used to describe malware that exists for the purposes of committing crime. We have another term for this behavior.?It?s ?malware?.
? - Badware.?Aren?t they all?
? - Cocktail threat ? ok, so this isn?t such a scary term, but one I always remember when I think of?possibly inappropriate?security terms. Also known as a ?blended? threat, or rather a threat that combines malware with vulnerability exploitation. It doesn?t scare me, but it does make me think of cool bars and tall drinks. Not really the glamorous image I generally associate with the world of AV Research.
Malware is bad, but FUD is worse. I hope I haven?t scared you too much with these gruesome details.
Hope you all have a safe and happy Halloween online.
Heather Goudey
MMPC Melbourne
Related stories:
- Newly updated MMPC whitepapers now available
- Should anti-spyware programs remove cookies?
- Battle the Bogeyman this Halloween!
- Has Your Computer Found Malware and You Are Worried About the Cost of Virus Cleanup?
- Halloween sites tricking users with malware
Source: http://www.dataprotectioncenter.com/antivirus/microsoft/happy-halloween-from-the-mmpc/
tomb of the unknown soldier HMS Bounty Nexus 4 dominion power nbc news Heather Clem Con Edison
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.