Categories: SecurityWorkspace

Tooling Up To Beat Malware

I walked into my office on Sunday afternoon to pay some bills and look at real estate listings that I can’t afford, but when I sat down at my computer, I found a message on the screen telling me that I might be the victim of counterfeit software.

Inside the dialogue box, which had opened in the center of the screen, was a link inviting me to click and resolve the problem. I put my hand on my mouse, but before I clicked, I stopped.

Hang on – what counterfeit software?

I knew that the copy of Windows 7 on my computer was installed by Hewlett-Packard when I bought it, so it was highly unlikely that there was anything wrong with that. My copy of Microsoft Office 2013 was new, but that came directly from Microsoft, so that wasn’t counterfeit, either.

Since the message on the screen implied that the counterfeit software came from Microsoft, I started to really wonder. What made me very suspicious of the message was the repeated use of the ® registered trademark symbol. Microsoft rarely uses that symbol in its communications.

So I grabbed my mouse again, and this time I hovered the pointer over the link. Nothing appeared, so I right-clicked it. Normally that would have led to a choice to copy the Web address, but nothing happened there, either. By now I was satisfied that I was seeing activity that was somehow related to malware on my system. Problem was, I’d just run Symantec’s Norton Internet Security, and it hadn’t found anything besides tracking cookies.

Then I remembered Malwarebytes, This is one of those products that I’ve known about for years, but for whatever reason never thought about. My daughter, a tech support engineer for a major technology company, has been singing its praises recently. Then I remembered that I’d downloaded the free version a while back, so I opened it and tried to run it. That try failed, but it occurred to me that it had been a few years. Maybe even pre-Windows 7.

It turns out that Malwarebytes still has a free download available, so I got a current version and tried again. The company said in its product information that the product is compatible with most antivirus applications, so I just left Norton running. I launched Malwarebytes’ free version, and let it run in its quick scan mode.

Once the scan was finished, the results showed that Malwarebytes had eliminated seven pieces of malware, most of which seemed to have ended up in the directory for the Chrome browser.

This remains a mystery since I rarely use Chrome. But it’s entirely possible that there’s only a tangential connection.

How does Malwarebytes work?

Still, Malwarebytes was free, and it worked. The next question was, how does it do this, and why is it that NIS missed them? I asked Doug Swanson, Malwarebytes CTO, to explain what was going on. “We have a couple of highly heuristic technologies,” he said.

Swanson noted that Malwarebytes was at least 10 years newer than most other antivirus and antimalware vendors. “We have the benefit of history,” he said. “We have time to look back at the kinds of malware that weren’t being found.”

Swanson said that while Malwarebytes uses definitions for known malware, it doesn’t treat them as signatures. “As a practical matter we go after the malware that isn’t being found by other products. To some degree this is a scale problem. It’s part technology, part prioritisation of zero-day stuff that others aren’t getting. That’s our niche.”

The other reason that the product works so well against malware is that’s all it does. Malwarebytes doesn’t have a firewall; it doesn’t look for viruses; and it doesn’t fight spam. When the product performs a scan, it starts with the malware that eludes AV software, and leaves the viruses for the AV products.

But of course, the fight against malware works best when you catch the bad stuff before it does real harm. While the Pro version of Malwarebytes will monitor your system and prevent malware from running, everything works better if it’s not there in the first place.

This is where training comes in. Many people, perhaps most, would have clicked on the link that I first got offering to resolve the problem. But doing so would have surely opened the door to the worst evils of the Internet. I needed to catch the malware before it could complete its mission.

Because I know that I should never click on an unexpected or unknown link, I knew to confirm that I had a legitimate message first. This is the lesson that needs to be taught throughout your organisation and by all computer users everywhere. When something unexpected happens, don’t just click.

Take the time to confirm it’s legit, even if that means calling your support team. That means that you need to have someone in your organization who can be called, and who will respond. If you’re going to ask your staff to hesitate before all is lost, they need someone who can take the necessary action or the teaching you do will be wasted.

Originally published on eWeek.

Wayne Rash

Wayne Rash is senior correspondent for eWEEK and a writer with 30 years of experience. His career includes IT work for the US Air Force.

Recent Posts

Intel ‘Playing Politics’ Over Delayed Ohio Chip Factory, Alleges Governor

Ohio Governor Mike DeWine alleges Intel's Ohio factory delay is a negotiating tactic, despite Pat…

2 hours ago

Steve Jobs Posthumously Awarded US Medal Of Freedom

President Joe Biden has named Apple co-founder and former CEO Steve Job, as a posthumous…

3 hours ago

Twitter Seeks Judicial Review Of Indian Takedown Order

Clash continues, Twitter court challenge against Indian government order to remove certain content it deems…

4 hours ago

TikTok ‘Halts E-Commerce Expansion Plans’

TikTok reportedly scraps plans to expand TikTok Shop livestream commerce in Europe and US after…

23 hours ago

European Parliament Passes Landmark Tech Regulations

European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…

24 hours ago

Indian Economic Police Raid Offices Of Smartphone Maker Vivo

Indian economic crime agency Enforcement Directorate raids dozens of locations across India belonging to China's…

1 day ago