The Future of Malware
Despite efforts by security researchers, malware is still an ever-present problem for anyone who uses a computer. Although most users who follow good security practices will not be infected, it’s only possible to exercise those practices if you know what the threats are. And they’re not static.
Mobile malware, advanced phishing scams, and browser exploits are problems that have only recently started to become a serious issue. In 2012, their prevalence will only increase.
Mobile Security Exploits
In the early days of mobile operating systems such as Android, there weren’t many security threats. This makes sense. The new mobile operating systems were built with a better awareness of security issues, and because they have fewer features, there’s less to exploit. In addition, they had relatively small install bases and were unfamiliar to hackers, who need time to explore new software.
All of this is slowly changing. Android and iOS both continue to grow quickly, and malware is starting to catch up. According to a report by Juniper Networks, malware targeting Android has ramped up dramatically in the latter half of 2011. Though it’s impossible to see the future, there’s no reason to suspect 2012 will see a reversal of this trend.
So what can you do? One step is to buy a security app. Yes, I said buy. There’s lots of free options, and as such many people are allergic to spending money on any app, but here’s the thing – those free apps are largely untested, and when AV-Test did put some of them up against real malware, the free options generally failed.
My recommendation for now is Kaspersky Mobile Security. It’s $9.99, and when tested by both AV-Test and AV-Comparatives, it was recommended.
Another step is to be careful about the apps you download. Google does not scrutinize the apps that it allows on the Android Market for malware. Sure, it removes them if a problem is detected, but by then the damage may already be done. Try to download only apps from well-known developers or apps that have been on the market for several months.
Advanced Phishing Scams
Phishing scams have been around for years, but they’re still a serious threat. The main reason for this is that protection against them is not near as wide-spread as protection against traditional viruses. Some security apps do offer anti-phishing features, but they are generally found only in the more expensive versions, and they’re not as effective as anti-malware detection.
Many phishing scams come in email, but increasingly they are coming via social networks. The common use of shortened URLs on Twitter and Facebook makes it easier to disguise links. I recommend downloading a browser extension (like ViewThru for Chrome) that allows you to see the full link when you hover your cursor over it.
Also watch for phishing scams that use mobile sites or telephone calls. Mobile devices can fall prey to phishing scams more easily because their browsers usually don’t predominately display a site’s URL (to save screen space) and because security software generally does not include anti-phishing features. Meanwhile, some phishing scams exist that actually call random phones and encourage them to return a call or visit a site. I recently received a call claiming that my debit card had been locked, for example.
Web browsers are a fundamental tool on every computer. It’s not surprising, then, that a lot of effort is put into finding ways to exploit them. Like phishing, exploiting browsers is not a new tactic. It is, however, a threat that requires significant attention going forward.
The reasons are largely the same as those related to phishing. Security software can help protect against browser exploits, but often it’s a feature found only in more expensive versions, and the protection has not been proven to be as effective.
Protection against browser exploits boils down to using the latest version of your browser and the latest version of any important plugins, like Java and Flash. If you use a calendar application, set a reminder for yourself to check for updates every month. Some browsers, like Chrome, will update automatically – but others require user action.
The More Things Change…
Of these threats, those targeting mobile products will be the big story going forward. That’s where the real unknown lies. The operating systems are new, the methods of protection are largely untested, and the potential damage is significant.
Still, the basics of protecting yourself will remain the same. Use security software. Keep your operating system and web browser up to date. Don’t download software from sources that have not proven themselves legitimate. Be skeptical of links, in any form. Follow these rules, and you’ll find most threats will not be an issue.
- MakeUseOf: Android Malware Has Increased 472 Percent Since July http://www.makeuseof.com/tag/android-malware-increased-472-percent-july-news/
- AV-Comparatives: Mobile Security Review http://www.av-comparatives.org/en/comparativesreviews/mobile-security
- AV-Test: Are free Android malware scanners any good? http://www.av-test.org/fileadmin/pdf/avtest_2011-11_free_android_virus_scanner_english.pdf