Brace yourself against Malware & Use of Antivirus

 

Brace yourself against Malware & Use of Antivirus

The malware, short for "malicious software" is software used to affect people who use computers. It has a wide range of capabilities including:

• interrupt the operation of the computer
• collection of sensitive information
• impersonate a user or a user to send spam or fake messages
• Get access to private computer systems

Most malicious programs have a criminal profile and are most often used to obtain banking information or login credentials for email or social media accounts. Governments, law enforcement agencies, and even private individuals use malware to bypass encryption and to spy on others. With malware, an adversary can record from a webcam and microphone; disable the notification settings of certain antivirus programs, record keystrokes, copy emails and other documents, steal passwords, and much more.

How can an adversary use malware to attack me?

The best way to deal with a malware attack is to avoid getting infected in the first place. But that can be difficult if your adversary has access to zero-day vulnerabilities. that is, attacks that take advantage of a previously unknown vulnerability in a computer application. Think of your computer as a fortress; a zero day would be a hidden secret entrance that you do not know, but that your adversary has discovered. You cannot protect yourself from a secret entrance whose existence you do not know. Governments and law enforcement agencies store zero-day exploits for use in targeted malware attacks. Criminals and other actors can also gain access to zero-day vulnerabilities that they could use to covertly install malware on your computer. But zero-day feats are expensive to buy and costly to reuse (once the secret entrance is used to enter the fortress, it increases the chances of other people finding it).

For example, in Lebanon, hackers targeted civilians with malware that was hidden in fake software, trojanized versions of secure communication tools like Signal and WhatsApp. Ethiopian dissidents, students, lawyers and human rights lawyers were being targeted with spyware disguised as Adobe Flash updates and politically themed PDF files. And the Tibetan activists were being attacked with malware hidden in a PDF file that was maliciously made to look like it had been sent by another Tibetan activist.

So how do I protect myself against malware?

Use Antivirus Software

Antivirus software can be effective in fighting cheap, "undirected" malware that can be used by criminals against hundreds, or even thousands, of targets. However, antivirus software is often ineffective against targeted attacks, such as those used by Chinese government hackers to compromise the New York Times. EFF recommends the use of antivirus software on your computer and Smartphone, although we cannot recommend any one antivirus product as superior to the others.

Be wary of suspicious attachments

The best way to avoid getting infected with targeted malware is to avoid opening suspicious documents that might install the malware in the first place. People with more computer and technical experience will have somewhat better instincts about what can and cannot be malware, but well-targeted attacks can be very forceful.

If you use Gmail, open suspicious attachments in Google Drive instead of downloading them, this can protect your computer from infection. Using a less common computing platform, such as Ubuntu or Chrome OS, significantly improves your odds against many malware delivery tricks, but does not protect you against more complex adversaries.

Run software updates

As new vulnerabilities are discovered in software, companies can fix those problems and offer solutions such as a software update, but you won't get the benefits of your work unless you install the update on your computer. It is a common belief that if you are running an unregistered copy of Windows, it cannot or should not accept security updates. This is not true.

Write down indicators of vulnerability

Sometimes antivirus software will not detect malware on your device, especially if the malware is new or unknown to the antivirus authors. If this is the case, you may still be able to find indicators of compromise. Indicators of compromise are signs or clues that your computer has been infected with malware. For example, you might notice that the light near the webcam is on, even though you haven't activated it (although advanced malware can turn off the webcam light). Another example: Facebook, Twitter, Microsoft, and Google sometimes inform users if they believe their account has been attacked by state-sponsored attackers.

Other indicators are less obvious; You may notice that your email is being accessed from an unknown IP address or that your settings have been altered to send copies of all your email to an unknown email address. If you have the ability to monitor your network traffic, the timing and volume of that traffic may indicate a compromise. Another example: you might notice that your computer is connecting to a known command and control server - computers that send commands to computers infected with malware or that receive data from infected computers.

What should I do if I find malware on my computer?

Every keystroke you make may be being sent to your attacker. You may want to take your computer to a security expert, who can discover more details about the malware. If you have found the malware, removing it does not guarantee the safety of your computer. Some malicious programs give an attacker the ability to execute arbitrary code on the infected computer, and there is no guarantee that an attacker will not have installed additional malicious software while in control of your computer. You may want to reinstall the operating system on your computer to remove the malware. This will remove most malicious programs, but some particularly sophisticated malicious programs can persist. If you have any idea when your computer was infected, you can reinstall files older than that date. If you reinstall files after the date of infection, it may re-infect your computer.

What should I do if I find malware on my computer?

Go into computers that you think are safe and change their passwords; Every password that you have entered while your computer was infested can be considered compromised.

You may want to re-install your computer's operating system in order to remove the malware. This operation removes most malware, but especially sophisticated ones may persist. If you have an idea when your computer was infested, you could re-install the files from before that day. Re-installing files that existed after the day of infection can re-infest your computer.