Tooling Up To Beat Malware

I walked into my office on Sunday afternoon to pay some bills and look at real estate listings that I can’t afford, but when I sat down at my computer, I found a message on the screen telling me that I might be the victim of counterfeit software.

Inside the dialogue box, which had opened in the center of the screen, was a link inviting me to click and resolve the problem. I put my hand on my mouse, but before I clicked, I stopped.

Hang on – what counterfeit software?

I knew that the copy of Windows 7 on my computer was installed by Hewlett-Packard when I bought it, so it was highly unlikely that there was anything wrong with that. My copy of Microsoft Office 2013 was new, but that came directly from Microsoft, so that wasn’t counterfeit, either.

Since the message on the screen implied that the counterfeit software came from Microsoft, I started to really wonder. What made me very suspicious of the message was the repeated use of the ® registered trademark symbol. Microsoft rarely uses that symbol in its communications.

So I grabbed my mouse again, and this time I hovered the pointer over the link. Nothing appeared, so I right-clicked it. Normally that would have led to a choice to copy the Web address, but nothing happened there, either. By now I was satisfied that I was seeing activity that was somehow related to malware on my system. Problem was, I’d just run Symantec’s Norton Internet Security, and it hadn’t found anything besides tracking cookies.

Then I remembered Malwarebytes, This is one of those products that I’ve known about for years, but for whatever reason never thought about. My daughter, a tech support engineer for a major technology company, has been singing its praises recently. Then I remembered that I’d downloaded the free version a while back, so I opened it and tried to run it. That try failed, but it occurred to me that it had been a few years. Maybe even pre-Windows 7.

It turns out that Malwarebytes still has a free download available, so I got a current version and tried again. The company said in its product information that the product is compatible with most antivirus applications, so I just left Norton running. I launched Malwarebytes’ free version, and let it run in its quick scan mode.

Once the scan was finished, the results showed that Malwarebytes had eliminated seven pieces of malware, most of which seemed to have ended up in the directory for the Chrome browser.

This remains a mystery since I rarely use Chrome. But it’s entirely possible that there’s only a tangential connection.

How does Malwarebytes work?

Still, Malwarebytes was free, and it worked. The next question was, how does it do this, and why is it that NIS missed them? I asked Doug Swanson, Malwarebytes CTO, to explain what was going on. “We have a couple of highly heuristic technologies,” he said.

Swanson noted that Malwarebytes was at least 10 years newer than most other antivirus and antimalware vendors. “We have the benefit of history,” he said. “We have time to look back at the kinds of malware that weren’t being found.”

Swanson said that while Malwarebytes uses definitions for known malware, it doesn’t treat them as signatures. “As a practical matter we go after the malware that isn’t being found by other products. To some degree this is a scale problem. It’s part technology, part prioritisation of zero-day stuff that others aren’t getting. That’s our niche.”

The other reason that the product works so well against malware is that’s all it does. Malwarebytes doesn’t have a firewall; it doesn’t look for viruses; and it doesn’t fight spam. When the product performs a scan, it starts with the malware that eludes AV software, and leaves the viruses for the AV products.

But of course, the fight against malware works best when you catch the bad stuff before it does real harm. While the Pro version of Malwarebytes will monitor your system and prevent malware from running, everything works better if it’s not there in the first place.

This is where training comes in. Many people, perhaps most, would have clicked on the link that I first got offering to resolve the problem. But doing so would have surely opened the door to the worst evils of the Internet. I needed to catch the malware before it could complete its mission.

Because I know that I should never click on an unexpected or unknown link, I knew to confirm that I had a legitimate message first. This is the lesson that needs to be taught throughout your organisation and by all computer users everywhere. When something unexpected happens, don’t just click.

Take the time to confirm it’s legit, even if that means calling your support team. That means that you need to have someone in your organization who can be called, and who will respond. If you’re going to ask your staff to hesitate before all is lost, they need someone who can take the necessary action or the teaching you do will be wasted.

Originally published on eWeek.