Why
Spyware is Replacing Viruses
Version 2005-05-30.
Copyright 2005 by Terry Bollinger.
Where's
the Real Problem?
I recently
analyzed a laptop computer for a friend, and found
104 traces of minor spyware -- which qualifies it as the cleanest
Windows system I've seen yet in terms of spyware infections. The system
had zero viruses.
In one of
my own systems, I deinstalled my virus checker months ago,
and have been relying instead on Trend Micro's
excellent online virus checker, Housecall (but see Note 1). After delaying
several weeks from using
Housecall again due to hacker attacks that made using IE too risky to
use, I
ran it again and found no viruses. During the same period I have had
repeated serious hacker attacks that have attempted (and in some cases
briefly succeeded) in placing hardcore spyware back onto my system, and
before that I had found literally thousands of traces of spyware on my
various home systems, back when I had been relying only on virus
checkers for cleaning my systems.
On other
systems it has been the same story: Hundreds to thousands of
spyware traces, and few or no viruses. While most TV, radio, and
magazine ads harp on and on about the danger of viruses, the blunt
reality is that on most home and small business computers, it is the
spyware that is exploding while viruses are dropping down to the noise
level.
In short:
I don't think we're not in Kansas anymore, Toto... with
Kansas being that place where the viruses once thrived.
What Happened?
I would
like to propose that this switch from viruses to spyware
is both real and inevitable, and the reason is money.
A question
can help explain the situation: Quick, why exactly do virus
writers write viruses?
Did you
find yourself hesitating there? Followed by something like, "to
that they show they can," or "to flaunt their power?" Did you notices
that when you get right down to it, it really is a bit hard to explain
why
someone would write a virus whose only purpose is to show the world
that you can "get away with it." Sure, some people will do it, but it's
not exactly a blockbuster motive for the vast majority of coders, even
in the hacker world. It has, at best, a strong flavor of defiant
teenagers trying to show how important they are to an oblivious world.
The "Maturing" of
Virus Writers
Now,
another
question: Quick, why do spyware writers write spyware?
Now that
one's a lot easy, if you are familiar with the history of
spyware. They do it to make money.
More
specifically, softcore spyware (mostly adware) is very
specifically targeted at making money through advertising. Hardcore
spyware, the kind that flaunts the law and launches no-holds-barred
attacks against you and your systems, is more complex. However,
hardcore spyware is very much about acquiring power, resources, and,
when possible, hard cash.
In short,
the teenage-like pranks of the virus writers of old are being
replaced by a much more specific and easy to understand motive, which
is to make money. I mean this more literally than you might think,
since viruses often really are written by teenagers who don't need to
worry much about money and support. As such young virus writers get
older, the need to prove themselves decreases and the need for
real-world income increases. A certain number of them will inevitably
succumb to the temptation to apply their earlier virus-writing skills
to more profitable undertakings and... Voila! a spyware writer is born.
The Eclipsing of
Viruses
The bottom
line of this argument is quite simple: Viruses will fade --
and in fact have already largely
faded -- as the thrill of producing software that does nothing more
than show off programming skills declines. Viruses will be replaced by
a new generation of highly networked malware whose only purpose is to
steal, build power, and remove cash from your wallet -- in short,
spyware. The skills of spreading viruses will be applied not to showing
off programming skills, but to building powerful distributed networks
of stolen computer resources that have enough to hack into poorly
protected systems and then make them part of that same network, Borg
style. Once they are large enough, such networks will then get on with
their real business of stealing you and your friends blind, both in
terms of valuable data and in terms of real cash from bank accounts and
transfers.
The Wild West of
Cyberspace
There is
an analogy that helps explain what is going on here:
the fastest-gun ethic of the old American west. Increasingly, and often
with out it being adequately recognized by authorities or computer
users, cyberspace is being taken over by the electronic equivalent of
the fastest guns. That is, the true rulers of the common person's
cyberspace are increasingly whichever spyware writers can write the
most powerful, most devious, and most treacherous software for removing
you from your rights, property, and finances. Large corporations with
dedicated security resources -- hired gunfighters with special
expertise in how to use their own weapons -- often can fight off these
desperados, but the average person at home or in a small busines is
often almost defenseless, even if they have their own guns.
An Unstable Situation
Obviously,
this is
not a stable situation. As an informal guess, there are likely hundreds
of thousands of Windows PCs and laptops around the world that are more
under the control of spyware networks than they are under the control
of their own owners. As the fastest guns duke it out in cyberspace, one
of the more immediate consequences is that such systems simply freeze
up and stop working, either because they have been fully taken over or
because they are victems of spyware networks fighting with each other
to control them. If you find that implausible, trying this: Ask
yourself and your friends if you have seen any cases of PCs that
mysteriously stopped working, yet still seem to be exchanging data
furiously over their DSL connections. Ask around for anyone who has had
a mysterious bill appear on their bank account, such as the person who
asked my son what to do about th $400 bill that had been charged on
dialup connection for locations she never heard of. Look at your own PC
or laptop as you use it, and ask whether those mysterious pauses you
keep getting while typing or using the Internet are really normal. In
most cases, they are not. People have become so accustomed to Windows
computers slowing down, getting "old," blue screening without reason,
and exhibiting all sorts of odd behaviors that they do not realize that
none of these are normal. A
Windows system that is fully free of spyware is almost frighteningly
stable. Once you have seen and used a truly spyware-free Windows
systems, you begin to realize just how much you were overlooking -- and
you will likely never again trust the odd behaviors seen in most
untreated Windows PCs.
What
is Needed
More than
anything else, the computer and communications industries
need to realize what is happening is cyberspace, and start taking it
very seriously. A heartening trend is Microsoft's
recent acquisition of GIANT AntiSpyware, which was a
perceptive
purchase that bodes well for Windows to provide some serious protection
against spyware.
In the
long term, however, we need the entirety of cyberspace to move
to something more akin to the rule of law, instead of to the rule of
the fastest gun. This is not an easy transition, and it's not clear
that we even know how to do it. But knowing we need to get there is the
first step.
Note
1:
Although Housecall is a great product, it requires ActiveX and thus can
be used only through the always-risky Microsoft Internet Explorer
browser. For this reason, Housecall should be used only after you have
thoroughly cleaned your system of spyware, installed a solid firewall,
and used Windows
Update to update both Windows and Internet Explorer. For a solid and
easy-to-use firewall, I recommend the outstanding and free-for-home-use
Sygate Personal
Firewall.
If you have a history of persistent hacker attacks, you may need the
additional protection features of the for-purchase (roughly US$50 or
less) Sygate Personal
Firewall Pro,
which I have so far found to be much better than the free version at
stopping more subtle but increasingly common forms of hacker attacks
used to install spyware on your system.