|
Cancel Cable: How Internet Pirates Get Free Stuff |
Chapter 4 – Malware
File-sharing networks are infested with nasty bits of software that will wreak havoc with your computer and perhaps your well-being. If you’re thinking “My kid takes care of that”, “That’s a background task for my computer”, or “I own a Mac”, then you lack healthy paranoia.
About Malware
Malicious software, or malware, includes viruses, spyware, adware, trojan horses, worms, keyloggers, and rootkits, whose attacks range from mild (slowing your machine) to irritating (spewing pop-up ads or crashing your system) to transforming (destroying your data or stealing your identity). Most malware conceals itself. If your PC is a malware-infected zombie, it secretly obeys a remote server, typically sending spam in the background by using your bandwidth and processor. (A collection of zombies is a botnet, which third parties can rent from the infector for spam campaigns, remote attacks, or click fraud.)
Malware spreads via email attachments, networks, USB flash drives, rogue antimalware programs, social engineering, and websites that push installable “add-ins”. Pirates are threatened mainly by malicious links and infected files.
Malicious Links
A poker-book torrent has no reason to contain but one file: the book. But some payloads also contain links to no-name poker rooms, dodgy rakeback programs, online casinos, and other places best avoided. Such links, which can be part of any torrent, come as separate URL (.url), MHTML (.mht, .mhtml), or HTML (.html, .htm) files. Double-clicking one of these internet shortcuts opens your browser to a particular webpage. These links almost always lead to spammy, crooked, useless, or for-pay sites. And you risk a drive-by download: malware that exploits browser security holes to secretly self-install when you simply visit a website. Fortunately, these threats can be easily sidestepped:
- If the links come as separate files, turn them off when you first open the torrent (see Chapter 10).
- If the links are bundled in an archive (.rar or .zip file), download the archive and extract only the files of interest (see Chapter 5).
- If a password-protected archive requires that you visit a website to get the password, don’t visit the site. Either delete the download or, if your alarm bells aren’t ringing, scan the torrent’s user comments for the password (see Chapter 10).
- If you’re unsure about a link file (say, instructions.url or readme.html), open it in a text editor rather than in your browser.
Infected Files
Download and double-click the wrong file, and you’re infected. Wary beginners have rules of thumb to protect them:
- Text files that don’t contain scripts are always safe.
- Video, picture, and audio files are rarely unsafe.
- PDF and HTML files can link to malicious code. PDF and CHM files can also be infected with malicious code (but usually aren’t).
- The default security settings for Microsoft Office stop macro viruses embedded in Word (.doc, .docx), Excel (.xls, .xlsx), and PowerPoint (.ppt, .pptx) documents.
- Applications, games, screen savers, scripts, key generators, cracks, disk images, and other executable files are where danger lies. Program-support files (.dll, .vbx, .vxd) can also be dangerous.
- Popular torrents aren’t a threat (hundreds of savvy peers quickly spot subterfuge). Lots of piracy groups, identified by their aliases, have popular reputations for providing safe, quality downloads.
- Pirate sites let users post comments about torrents and flag their quality. Antimalware false positives result in often-ignorable user comments like “This torrent has a trojan horse.”
Vigilance
These rules soon will coalesce to a feel for suspicious torrents. It’s a step toward vigilance. The only way to protect yourself online is to act like everything on the internet is a scam; that people are always trying to trick and rob you by playing on your ignorance, loneliness, greed, empathy, guilt, or stupidity.
True vigilance is rare in cultures grounded in the idea that people don’t have to live with the consequences of their actions. But humans are built to be vigilant. You see it in soldiers, pilots, loggers, athletes, cops, roofers, and hunters. It kept your ancestors from being shredded by lions, and keeps your kids from being pounded by bullies. Online, threats abound:
- Microsoft didn’t take security seriously until Windows Vista in 2006 (far too late).
- At this writing, no viable Mac OS X malware has emerged. But Apple issues security updates regularly, so weakness is there should malware writers attack.
- The web was designed to be open (specifically, to share academic research). Implementations for banking and other secure transactions are bolted to an architecture made for sharing.
- Data and executable code occupy contiguous memory (that is, they share the same address space). This security hole lets code self-modify and lets data execute as code, permitting common and destructive code injection attacks.
- Other offenders: unauthenticated email, WEP, ActiveX controls, permissive C compilers, null-terminated strings, Flash cookies, evercookies, unencrypted IP packets, plaintext passwords, FTP, backward compatibility, security through obscurity, statelessness, invalid certificates, and misleading user interfaces.
Prevention
The best way to avoid malware is to behave safely and develop a sense of what the real risks are. A few tips:
Operating system. Use the current release of your OS and keep it updated with the latest security patches. Always update immediately. Windows and OS X auto-update by default. Don’t use Windows XP — Microsoft’s XP security updates have become rarer over time.
Programs. Uninstall any old versions of your software and keep the latest versions up to date. Programs usually let you update from the Help menu, the Options or Preferences dialog box, or (in OS X) the application menu.
Firewall. A firewall is a gatekeeper that can block internet traffic, usually based on its source or destination. Windows and OS X have built-in firewalls that are turned on by default. Your router/modem probably has its own firewall and network address translation (NAT) enabled by default, protecting even ancient OSes from outside threats. (Not sure? Ask a geek.) Third-party software firewalls often cause problems with BitTorrent clients.
Wireless network. Change your router’s default password and enable WPA or WPA2 security (don’t use now-compromised WEP security).
Filename extensions. Always show them (see Chapter 3). If extensions are hidden, the file love-letter-for-you.txt.vbs appears without the .vbs, looking like a harmless text file while actually carrying a hostile Visual Basic script. Millions opened this file in 2000, infecting themselves and millions more via email with the ILOVEYOU worm, forever convincing system administrators that ordinary users will click anything. Even with extensions showing, the file
FreeMP3s.txt .exe
will appear to be harmless if the embedded spaces hide the .exe extension in a narrow column.
Browser. Browse with Mozilla Firefox 
, not Internet Explorer or Safari. Use Firefox’s Adblock Plus, FlashBlock, and BetterPrivacy extensions. More-advanced users can look at NoScript. Other privacy and security extensions are at addons.mozilla.org .
Hosts file. Instead of using a browser extension, you can use a hosts file to block ads and third-party cookies. A hosts file is a text file that doesn’t use system resources and isn’t browser-dependent. Try mvps.org/winhelp2002/hosts.htm or hosts-file.net .
Education. Read Wikipedia’s article about social engineering . For current threats, read RISKS Digest and Bruce Schneier’s Crypto-Gram Newsletter . For Windows-specific threats, visit Microsoft Security . Browse the lectures at the Chaos Communication Congress .
Backups. If you back up an infected file, it’ll reinfect you when you restore it to your computer.
Ads. Never click them, including those disguised as “sponsored results”.
Passwords. Use a different password for each account. Write them down or use a program like Password Safe . Cormac Herley writes critically of common password advice; for starters, try “So Long, And No Thanks for the Externalities” and “Do Strong Web Passwords Accomplish Anything?”
Antimalware. Don’t use it.
Antimalware
That’s right. Don’t use it. Like a gated community, antimalware makes you no safer and may prompt you to take more risks through a false sense of security (the Peltzman effect). Vigilant pirates are paranoids who don’t use antimalware and yet rarely, if ever, get infected.
Antimalware publishers can’t keep up with the enormous number of malware variants in the wild, and independent tests show low rates of malware recognition (even for malware hidden by rudimentary techniques). Still, if you notice suspicious disk, network, desktop, or browser activity, scan your machine for malware. For Windows, try Microsoft Security Essentials, Avast, and Kaspersky (in tandem if necessary). For other OSes and products, read Wikipedia’s list of antivirus programs . If an infection or threat is recognized, it’s deleted or quarantined; otherwise, you must wait for a fix, hire a geek, reinstall your OS, or live with the infection.
Antimalware programs tend to be bloated resource-suckers that increase startup and load times, and assert themselves throughout your workspace. Their frequent warnings, self-updates, and pop-up messages will interfere with your workflow, program installations, routine internet transactions, and peace of mind. But they’re popular BitTorrent downloads, so pirates do use them. If you use one, keep in mind that its barrage of cry-wolf warnings will eventually cause you to regard all warnings as false positives, and you’ll blandly click “Yes” when a real threat finally comes along. Also, antimalware often causes problems with BitTorrent clients (Chapter 6). In my brief tests, Microsoft Security Essentials was easiest to live with; it’s free via Windows Update or at microsoft.com/security_essentials .
A few more tips:
- Antimalware is popularly called “antivirus software”, a term too specific for marketers, who say “internet security suite”.
- Media files (movies, photos, music, and so on) are almost always benign. The Bloodhound.Exploit.13 trojan horse (2004), however, involved .jpg images and flaws in Windows, which have since been fixed. Even so, these types of threats are so unlikely that you’re better off worrying about more-common vectors of infection.
- To turn off Windows antimalware alerts, open the Start menu, choose Control Panel > System and Security > Action Center > “Change Actions Center settings” (in the left pane), and then turn off the security messages for “Spyware and related protection” and “Virus protection”.
- See also “Spotting Fakes” in Chapter 8.