Friday, March 14, 2008

Off the shelf viruses

"I'll take these socks, a chocolate bar, and a computer virus, please"

What? Not quite what you had in mind?

I've dealt with my fair share of virus outbreaks experienced by friends, family, and clients. They're never a fun thing, although they can get the adrenaline going.

In this day and age, you've got to be more careful than ever when it comes to such things. It used to be that you'd run the risk of your system misbehaving -- you might wind up with a variety of colourful pop-ups, you may unknowingly become a host for file-sharing, or you could lose valuable data. Nowadays, though, you can wind up with your identity stolen, erroneous charges on your credit card, or even have money taken from your bank account. Some corporations are even finding that their systems will be compromised and data key to their operation is encrypted or copied, and held hostage for ransom.

There are a variety of ways to fall victim to such things. In future posts I'll go into more detail about what can happen, some ways to try to avoid being a victim, and some things that you can do if you've already been affected.

For the time being, though, I simply want to bring another potential source of infection to your attention. In reading the Globe and Mail's AP article at http://www.theglobeandmail.com/servlet/story/RTGAM.20080314.wvirus14/BNStory/Technology/home?cid=al_gam_mostview , we can see that it's not sufficient to worry about being infected from the internet.

According to the article, some products with software components to them (digital picture frames, iPods, and so on) are shipping with viruses or password stealing trojans already in the software package. You could buy that digital picture frame from Best Buy or Target, install the software that comes with it, and that's all it would take.

The easiest (and perhaps kindest) explanation is that the manufacturer of the affected products doesn't have sufficient quality control -- one of their employees may have wound up accidentally bringing a virus to their workplace that was passed on to the installation image for a product. Their are more ominous possibilities, of course -- that it was intentional, and done for future profit through one of the means mentioned above.

Although it's one of the more common ways, you don't even have to launch an attachement in an e-mail to become infected, either -- you can become a victim simply by going a web page that contains malicious code.

It's a broad topic, and so I'll go into further detail in later posts. For now I'll simply state:
- if you don't have antivirus software, consider getting some (McAfee and Symantec are common, although there are a few good free ones out there -- I'll try to make the time to review some of the options)
- if you do have antivirus software, make sure you keep it up to date -- new viruses and trojans come out all the time
- apply critical updates to your operating system -- some of them actually plug some of the security holes that viruses and trojans exploit

No comments:

Post a Comment