US vs. Spyware: the war goes on

A home computer that has a spyware infection—and 72 percent do—hosts an average of 24 spyware programs. Popping up ads and reporting its user’s behavior to distant Internet sites, they threaten to bog the machine down to the point of uselessness. Eight percent of office PCs are similarly infected.
Meanwhile, during the autumn the number of rogue websites that intentionally circulate spyware rose beyond 360,000. Many collect money through affiliate advertising programs for each infection they produce, and if respectable companies increasingly shy away from advertising like that, there are others (such as pornosites) that only want results.
These figures, from the latest quarterly report issued by Webroot Software, don’t indicate that we are winning the war against spyware—although the rate for infections on home PCs was 92 percent as recently as last year. But they don’t show we are losing it either—although the number of malicious websites rose nearly 27 percent since summer. Actually, the big news is that the war goes on, since there were moments recently when the total triumph of spyware seemed assured.
For instance, a little-noticed development during the past year was the rise of infections that use polymorphic code technology. The infections consist of multiple files with random names (seeded by the system clock) in different parts of memory, making each infection unique and requiring a unique counter-action. Meanwhile, the files monitor each other, and if one is deleted the others will download a replacement from the Internet.
But even these can be fought - the experts say that you should suspect files whose names show no hits when searched through Google. On top of that, you just have to know which file to remove first. Just how the average user can be expected to know that is a mystery, but a Webroot spokesman says that anti-spyware software can stop polymorphic infections. Older anti-virus packages, however, may not know what to do.
A spokesman for anti-virus vendor McAfee said that anti-virus software can indeed counter polymorphic infections. The trick is to identify them and isolate them. While polymorphic infections were spreading, another problem - rootkit technology - was suddenly made famous by Sony BMG Music. That music company had placed rootkit files on as many as 20 popular CD titles so that, when placed in a PC, the PC would not be able to make more than three copies. But the technology alters the operating system so that files that begin or end a certain way will be invisible to the operating system. Anti-virus or anti-spyware programs that use the operating system to examine the file list will never see them. Therefore, spyware or viruses that adopt the naming conventions of a Sony rootkit infections will never be seen by the infected machines. The only answer is for anti-spyware and anti-virus programs to have their own built-in skeletal operating system so they won’t have to reply on an infected copy of Windows to get the file list.

Hasta la Vista
As this is written, the big news is the spread of the Kama Sutra worm, which relies of human gullibility rather than technology. Users get an email promising dirty pictures if they click on the enclosed link to a certain web site. Once there, their machines are infected with a virus that will erase most user files on the third day of each month. About a million machines have been infected so far.
And there doubtless will be another wave of infections next week. And the week after that. It is said that an unprotected PC with a broadband Internet connection will get an infection within 12 minutes. The war goes on.
And that’s the problem. The fact that so much effort has to be spent fighting off cyber parasites indicates that the situation is out of hand. Basically, the Internet now amounts to an artificial environment in which artificial life-forms can flourish. There are those who place their hope on the creation of a new environment. Perhaps Microsoft Vista, the upgrade for Windows XP that is supposed to come out late this year, will be the answer. More likely, it will just be another environment, such as a mammal instead of a reptile. True, mammals may not be very vulnerable to reptile germs—but that does not mean they don’t have their own germs.
So it seems more likely that we will gradually fall into behaviors designed to protect ourselves from infectious dangers in the cyber world, just as we do in the ‘real’ world. We don’t eat food without cooking it, and we won’t open email without scanning it. Water intended for drinking is carefully kept separate from sewage, and in the future we may adopt the practice of trusting only software and files that are stored on read-only discs. Anything that has been loaded into the computer will not be trusted, and will be strictly kept on separate media.
It seems sad, but it was probably inevitable all along. The time may come when we are amazed that we were ever so innocent as to think otherwise.

Lamont Wood