In this text you will not find the description of the absolutely safe security procedures for protecting your computer - because the absolutely safe protection does not exist. The usual official answer to those questions are usually just a bunch of talk without any theoretical or practical significance.
The article will explain what the real situation is in the world of computer viruses and what are the odds that the owner of the personal computer will succeed protecting his computer.
There is no problem, right?
What is the crucial point when dealing with computer viruses? Where is the problem there, aren't we going to obtain antivirus program and finish with the problem for good? What are we talking then about, and why should we care about viruses if they are taken care by AV program? What are we defending ourselves from?
Forget the theoretical categories you learned about. Those theories are useful for magazines to collect it's monthly income profit, or for "intellectuals" to get their diploma. Common folks face computer viruses from three very basic categories. Those are warms, classical viruses and trojans. This categorization is not based according to consequences those viruses bring to their victims, but according to spreading mechanism.
Warms are self contained applications that need no application for executing. Warm is sort of virus spreading not to the same but multiple computers by means of computer networks. Warm is naturally hidden deep in computer resources.
Classical virus or virus in narrow meaning of that word is virus connected to executable program, usually an application. In this manner the classical computer virus lives on host (application) similarly to the virus from real world and on the living host. Viruses are able to transfer its own copy to other application and that is how computer infection is augmenting.
Trojan is similar to classical virus but it does not expand. So it executes similarly only when it's application or host are started to execute.
Virus categories by action are very large group, but for our consideration here are the most important: classical action viruses, spyware, disinformation viruses, adware and ultimate viruses. Four of them are self explanatory. The last of them, the ultimate virus sends a threatening or demanding popup message; e.g. demand to pay ransom for deciphering your computer files and let you continue working on computer.
Illegally changed programs - cracked programs
Cracked program is the program that typical computer user in Serbia and most countries in the world has to deal with. For all sorts of reasons this topic is neglected or blurred in popular and official articles. In that manner the reality is neglected because the cracked programs are the most import category of computer applications generally.
Using illegal software is the reality that comes from the necessity in less developed countries. Without illegal software the poor populations of lots of countries in the world would not be able to obtain software nor knowing about it's existence. Actually cracked software has caused the popularity and spread of personal computers in the world. The broad availability of cracked software had dramatic influence on personal computers demand. Other then that computers became popular among children so they do not feel any repulsion towards computers and need no adoption period for approaching them. The broad proliferation of cracked software lead to increase of purchasing legal versions of those software because the people got to know the usability of those, so they wanted to have the more comfortable legal version of cracked software.
On the other side illegal software has taken a part of legal software market and caused a number of other concerns which are out of the scope of this text. We also do not consider the legal aspects of whole matter in this text.
The cracked software has a crucial feature from the point of our considerations - it is carrier of specific group of viruses, mostly: spyware, disinformation viruses, adware and ultimate viruses.
Two groups of AV programs are available for users. One group of AV programs are classical AV programs. The other group are anti-spyware. In lots of cases anti-spyware also include classical AV program.
Now let me tell the simple truth right away. Common user in Serbia or anywhere in the world do not have absolutely any real means for protecting his own computer against computer viruses, despite all those AV programs. That is the real truth which is not (jet) told to users. How is that possible?
Chances a user can avoid a virus
On a hard disk partition of a small computer we can rarely find less then half a million files today. Number of operating systems code lines in a small computer is estimated to about 50 million lines. Number of code lines of Google software is estimated to 2 billion lines.
Even in the case of small personal computer, virus is relatively safely hidden in the bunch of those code lines. Although viruses do leave some specific traces by which an AV virus could possibly detect them, in lots of cases virus has a large number of techniques on it's disposal to cover it's existence and actions. If we take into consideration that viruses are often changing their shape either by human intervention or automatically, then we can comprehend the fight between virus and AV software actually resembles the police-and-thief paradigm. In this paradigm by it's own nature a thief (virus) is always ahead of police officer (AV software).
Shortly put the vast majority of computer users have no chance avoiding computer viruses.
Viruses, so what?
Computer users got used to their computers and the virus stories, so the whole virus saga seems to be a nuisance or even nonsense. People constantly chew virus stories and albeit everything is functioning just fine, is it not? But that's the point. The whole market of cracked programs is made to seem naive.
American and other specialized advertising agencies have made the aforesaid market of cracked programs which are given for free on countless Internet locations. The criminal cyber groups joined forces with those agencies. Both groups formed enormous market where everyone acquire clear profit. Both groups hire hackers all over the world to design viruses which are afterwords distributed to the naive Internet users, just like yourselves, who are happy to obtain "the free software".
Advertise agency receives commissions from companies or individuals for aggressive campaign of certain goods, services or aims. E.g. agency should provide additional clicks on some web site for the benefit of ordering party, or enlarge the traffic flow on a certain telecommunication line. Agency will be offered profit on the basis of measured increase of market reaction. Or someone abuse the vote system on certain site by using remote control of various infected computers.
The possibilities are enormous. To conduct those and similar activities, the agencies resort to legal as well as illegal means of bringing under control as large number of computers on Internet as possible. This is accomplished by using all sorts of viruses which are inserted into legal software and distributed illegally all over the world as cracked programs. When user install and use the cracked program, they will actually activate virus and put into action the agency control over your computer.
One of the most frequent and most insolent agency activity on your own computer is reforming the relusts of Internet search you conduct into fabricated i.e. implanted misinformation. What does that mean? For example, imagine yourself searching Google or use some other search engine for some specific piece of information. Amont search results that you will get on infected computer will be what you have asked for... But just with a small implant of information that could make a profit for the agency that infected your computer! Information result that you get will actually be economic misinformation, political misinformation, links will direct you to some sites where even worse virus will infect your computer, or whatever.
Not only adding misinformation is possible, but bandits can change the original search result, e.g. Google site. This case of intellectual banditism is similar to the situation when original letter addressed to you by realiable source, is opened by a third party, changed, added or editied in any way, then cunningly sealed again; the letter is then delivered to your mailbox as if it is genuine one. The agency bandits practically want to control and conduct your view of the world! Does that sound familiar to you?
Criminal groups, on the other hand offer services to those agencies, or those groups work for their own profit. Most commonly the spyware is implemented by them. E.g. they will record your personal data and passwords for entering bank account; they they will patiently wait for the proper time to clean up the slate. Or some affair you documented on personal computer during your jurnalist investigation job will suddenly appear in somebody's newspaper, but not yours. Or group will simply use your computer for attacking other computers, for probing network nodes, or covering up their illegal activities, or whatever.
Maybe they decide to gather your computer with other 999 other computers to synchronize group network attack to the large bank central computer for the benefit of some other competing bank....
In all cases with no exception the agency-criminal groups will take away a part of your computer resources, either be it taking CPU clocks, or space in your hard disk, or part of Internet network bandwidth of your line, and your computer will get slower and slower. And all that in the most innocent case. These programs with negative effect are generally called malware.
Learn to recognize the problem
Although I said already the viruses are the problem for which advanced level of expertise is needed, let me make mention of just a few signs your computer is infected.
- Screen resulting from Google search or any other search engine are exceptionally colorful. These screens apart from having what you asked for also have somewhat unusual additional information with additional external links. Note any peculiar digressions to what you have asked for.
- Your computer gradually slows down - that is something user often do not consider important! The point is the slow down occurs step by step, lasts for months and user gets used to it and usually understand that situation as if new software consuming large resources and loads already outdated computer. When slow down gets painfully large, and when operating systems crashes occasionally, even professional user is keen to estimate the whole matter as dis-adjustment of computer and need for software repairing or operating system and software reinstalling. However after reinstalling the same (cracked) software, you will get the same virus again and the slow down situation starts all over.
- The frequent sound of hard disk operation, even in the absence of any other considerable computer activities. If that occurs all day long, beware that is not automatic update of your AV software or any update of operating system. That is with large probability - virus!
- You turned on network activity indicator that flashes in the lower right part of your screen: you make notice long and frequent network traffic. They you should turn off browser and other programs, disable your AV software for a while, and watch that network activity icon again. If the network traffic is not stopped - you have a virus of a sort on your computer and that is a probable fact.
- Launching an executable with double click: you get the message the program does not exist. There are exactly two non-trivial reasons: either AV program has removed the infected program to stop it from doing evil matter, or the virus itself has erased the executable. In both cases - your computer is infected.
- You got the message originating from respectable site that your computer is put on IP blacklist. This is almost sure sign your computer is compromised.
- You find out that AV program is disabled and you did not do that yourself. Also that is almost sure sign of computer infection.
Once again let me stress this out - system software repairing is not for dilettantes, similar as the repairing of your car breaks are not for an amateur
Legal user protection from agencies and other cyber criminals
You have no legal protection against cyber criminals of the sort. There are numerous factors why protection does not exist or does not function. Without going into details, one of the simplest reasons for non existing protection is the very fact that you are the user of illegally changed software that you have not even bought. From legal perspective you are the accomplice in the legal offense/felony. This is quite enough to make any possible law prosecution hard. When you take into account that some of the largest world companies are involved into this felony, an individual or even groups of individuals have no practical means of protection against agency criminal misinformation, robbing, spying and abusing of personal data.
If you are up to consuming the real honey, you should have your own beekeeper -maybe one of my articles in future will be just that topic :-). In the same way, if you want the good protection for you computer, you must have your expert. However you also must have some specific knowledge or at least keep yourself precisely to the prescribed procedures of operating your computer explained by "your" expert. Then too the errors are possible, because even the smallest error in procedure can lead to computer virus infection with all the consequences.
This is how it ought to be at least! You are mostly destined to live with computer viruses. What is the purpose of this article, if there are no solutions and if AV programs are useless to keeping viruses away from your computer.
The purpose of this text is for you to understand better the your own situation. It is necessary for you to comprehend that you are mostly helpless and that the whole matter is to learn to lessen the virus consequences to the least possible extent.
AV program quality
First of all you should understand the quality of AV protection. These facts you will not find on any Internet site! Look carefully thou the following table, which is one of my analysis of a specific software. That software has been analyzed by a number of AV programs during the two year period:
|time of analysis absolute||time of analysis relative|
|e3b26c||0/46||2013-04-03 07:38:19 UTC||2 yr 9 months ago|
|b4103cd||0/46||2013-04-19 10:26:55 UTC||2 y 9 m ago|
|67708c||0/46||2013-05-06 13:04:50 UTC||2y 8m ago|
|b70a96||0/57||2013-12-30 04:39:51 UTC||2y ago|
|86f92||0/57||2015-05-12 21:26:19 UTC||8months 1 week ago|
|1fa4ee9||0/57||2015-07-25 15:23:25 UTC||5m 3w ago|
|74e7f8||1/55||2015-10-28 13:26:09 UTC||2m 2w ago|
|902760||1/54||2015-11-16 02:15:35 UTC||2m ago|
|b03c3||15/56||2015-11-17 14:27:29 UTC||2 m ago|
|ecce36||35/56||2015-12-29 01:51:41 UTC||2 weeks 5 days ago|
|726647a||1/55||2016-01-17 11:12:48 UTC||now|
In each row there is one analysis with a number of AV programs scanning the same software. So in the first row there is experiment with id e3b26c where we got that no alarms were fired from 46 AV programs. That case was 2 years and 9 months ago.
If we analyze the table we can see the alarms happening on the very same software during period of two years. There we see that after initial recognizing a virus by majority of AV programs of different software companies, after some period of time we see that by the same decision of those companies the same threat is recognized as false alarm and canceled as such!
How should we understand this? If the virus has really been present it would be logical that newer versions of AV programs keep that reaction to the very same software, and not to cancel the alarm. It seems evident that the authors of AV programs concluded, all together, that the alarm is false and they collectively decided to cancel that alarm for good. Although some AV programs use the same AV engine for it's analysis, it is very symptomatic that all AV programs turned off detection of something that previously they all considered a virus.
Sometimes the reasons for this is as follows.
You should understand that AV programs are under huge influence of it's own market. Namely by receiving a lot of email or calls from the users of their AV program, the authors of AV programs are under the constant pressure to make their AV program acceptable for their users. Consequently if the authors of AV programs are flooded by user calls claiming the AV program disrupt them by constant alarm with innocent looking application with no apparent negative effect on their computer, the author of AV program is under heavy pressure of unsatisfied users and he will surely accept to remove alarm from the AV program if his users want him to do.
So we came to the peculiar situation - the users of AV programs themselves can have the influence to the wrong detection of AV programs! Imagine now a usual user relaying on his AV program, supplied by the program with perplexing information, with no comprehension of the situation.
There is also a strong influence of one AV program to the other. A lot of rumor goes about stealing database information of one AV program from the other! That way when one AV program changes it's alarms, possibly the whole bunch of AV programs goes the same way. You see?
Protection mechanisms - serious complication
As you (probably) understand now, the computer protection has very little with the choice of AV program. A computer user would probably be happy with the statement: "User the AV program XYZ and you will be on the safe side". But nothing would be further from the truth! It will probably be interesting for you to hear that advertisement you noticed or recommendations of your fallows for obtaining this or that AV program, in 99% of cases are not worth the molecules of air by which those words reached your ears. Simply - they are wrong.
Commercial AV program advertisement are very biased and unrealistic. In the case of your friends persuading you into this or that AV program: who among them have a slightest clue that some installed program contains a virus in it or does not, and knows for sure that his AV program detected it correctly. Actually viruses are changing their shape on weekly bases regularly. Once infected, the computer will be the home for a virus offering millions of lines of code for hiding, so even the updated AV programs database will usually not be helpful once the virus finds it's way into interiors of operating system and applications.
As we told here, the whole cracked software uses mostly spyware like viruses, which are predominantly distinguished by very silent work, namely completely opposite of classical viruses, and user mostly have no clue about virus existence in his own computer. How many times have you heard: "What is it you want; I am using this cracked program for years with not a slightest problem!" But that is the case thou - with not a slightest obvious problem, because they are meant to be that way!
The following table illustrates one of my results produced these days for the purpose of analysis of current state of AV software. Table is just one part of analysis where rows describe certain AV programs and their reactions to various situations (applciations) I created. From those tables one can get a serious of practical conclusions that would allow the optimum protection for a certain user profile. That would not be ideal protection, but optimal one.
The table is again not for you to analyze it deeply: it is here merely as illustration of one side of work performed by professional to ascertain the current state of AV programs on the market and estimate their possibilities to resist various forms of attacking the user.
The problem for end computer user is that not even with best AV programs he cannot decide what to do when AV software detects or not detect a virus on some new software that he wants to install. Is it the false alarm or the AV program informed you correctly?
Practically said: in professional approach, as should be e.g. in serious companies, a computer user is only a user, following very stringent working procedure on computer as instructed, and absolutely unacceptable to even think of AV software or any installations whatsoever.
It is not bad to know the basics at least: certain AV software are only useful as classical AV programs, and some are used as anti-spyware. Certain AV software have very short timing window: they do not detect older viruses, ones that I call classical viruses; the purpose for that is they get the speed boost, which is a large mistake.
Further some AV software are characterized by unstable operation: they let the important viruses pass through but give a considerable number of false alarms then other AV programs. Then you should not forget the men stuff quality of AV producer, their capacity, their dedication for this type of job that really need a good motivation.
Your IT security expert who analyses this should take all into consideration. As is easily understandable, this estimation demand certain experience and specialization that is surely missing by usual computer user. That is why I mentioned that for the real protection - you need an expert.
Legal (paid) software
If you legaly obtain your application then theoretically you should be safe from virues - not! Naimely application producer uses in most cases legally obtained development software in order to make his legal software that you are going to buy. The more sofisticated the application the more third party libraries, code generators, specific scripts, licensed drivers or whatever software will be used by application producer to make the application. Any single mistake, even the transfer of clean software by insecure communication channel (e.g. FTP protocol), and the application producer would get the unwanted newcomer in his software - quiet spyware for example. By the way, recall what recently the huge automobile manufacturers have deliberately done on the software in their cars to make bogus report on pollution emission. Then you try to imagine what the huge software companies can do, with their enormous possibilities to implant any user-unwanted codes or spyware, when they already have all means and power to cover up their felony if discovered. About their mistakes, accidental ones as well as deliberate, the companies never report as if the banks never report that someone has breached the security of their computer system!
The practical example is due at this point for you to understand how legal software is basically uncertain. The producer of one well known software for PDF files editing has the official web location at the address that we shall designate as www.Аxxx.com. When you type in that web address you will get the web page for downloading the free version of official program by pressing the button for download. When you click the button you will be redirected to the site say www.Bxxx.com for downloading, but that is intercepted with your AV program, say program XAV with the message about "this web site is blacklisted as a fraud cite". How should you judge about this?
You have actually the following basic possibilities:
- Your computer is already infected and that is why you are redirected to the site for further development of virtual decease.
- the producer site is infected or deliberately assist to the criminals, spreading the decease to everybody which download and install the software.
- both sides of communications are clean, but XAV software gave false alarm.
All options are possible to some extent and real. In this specific case it would be interesting for you to know what happened: the user's computer was clean... Believe it or not, this situation could be further solved by adequate procedures on the side of user, which is out of topic because, as we already told you this would engage a professional.
Open source software
In the case of small software producers, often individuals with patched personal site where you will find his biography, cheerful picture of him and maybe his girl going to disco, or whatever, there is a link to well known download site where you should pick up the well known open-source but compiled program. This program is very well known and popular, used for considerable number of years. The same program is often recognized by telco companies and sometimes recommended to their users. One example is the program putty. And if you think that is the only case you are wrong, similar case is one similar software Filezilla, quite popular one. These examples are numerous. On the other side, that does not mean all versions of those programs are infected - there is a small chance you can find the clean version.
As you can see, legal software, open code or bought software, although definitely most secure is not unconditionally safe. All it needs is the company producer brings into his legally bought software some advertisement for his new product, and you have got unwanted software that uses precious CPU clocks to pop up screens or to remind you that you still didn't buy something that you do not need at all. If that is so with legally bought software imagine now the endless illegal cracked programs you installed - they will all add up more negative effects to your computer over time. Finally in Serbia as well as in lot of other countries the level of wages and anything-doers practice in computer business is such, that buying the large number of legal software in practice is economically impossible. The same risk of downloading lots of popular free software even more goes for the enormous number of sites for downloading open-source software, which are almost all deliverers of infected software.
At the end you see why I have told you at the beginning that this text cannot help to personally protect your computer. However I should say that in this moment you are seeing the virus problem with different eyes then when you started reading. That means your are closer to the truth, because that is what you probably searched for.