A client recently asked me, “What’s the difference between ‘malware’ and a ‘virus’? Is ‘spyware’ still a thing? Are these pop-ups a virus, or something else? Was I hacked?!?” As a computer user who could easily remember the earliest days of computer viruses, his confusion was understandable, especially when the media and sometimes even industry pros have a tendency to use those terms interchangeably when they really aren’t. The complexity of today’s malware landscape is complex enough to fill multiple textbooks, but I’ll try to boil it down to the things most professionals should know.
The term “hacking” is probably the most mis-appropriated term in use today. Originally, the true purpose of hacking something was to make alterations to how a device (or system) operated in order to achieve results different from the originally intended purpose of the hacked object. This could take just about any form: the brilliant, life-saving hacks used to return the Apollo 13 crew safely to earth in 1961, all the way to subverting computer security systems to paralyze a giant corporation in 2014. The important qualifier in determining if something was “hacked” is identifying actual, human-driven intent. In most cases, malware-compromised systems are the result of an “infection” versus a purposeful hacking.
The term “malware” is a portmanteau of the two words “malicious software” which, as you might imagine, is used to describe any sort of non-native programming or code loaded into a device that subverts the device’s original purpose, with the result that its activities cause some form of harm (hence the “mal” part). Malware covers a broad range of code including the annoying pop-ups and browser redirects that take control of your internet searches to show you advertising (aka “adware”), to the incredibly disruptive (and effective) malware that encrypts your data and holds it for ransom (aka “ransomware”). “Spyware” still exists – though it has taken a dark turn from it’s original advertising roots of harvesting your demographics to now harvesting your sensitive personal information for the purposes of identity theft.
Though a computer “virus” is still considered malware, most malware found today are not considered actual viruses. In keeping with the spirit of its biological predecessor, a true computer virus distinguishes itself by insinuating itself into or altering the host’s code with the express purpose of multiplying and spreading, something that is relatively rare at the moment in most malware, even the ones that spread via email. Though they exhibit virus-like infection patterns, their methods of spreading are more akin to poisoning or parasitic infection.
How it all comes together
It’s important to note that malware is often a primary tool in any computer hacking effort. It can be used to weaken or subvert security systems, usually by installing other programs that facilitate other activities that can range from gathering passwords, data and opening security backdoors to erasing hard drives and crippling critical network infrastructure. Though they find little comfort in it, I tell my clients that most malware infections are akin to getting the flu: it’s highly unlikely someone set out to get you sick. Typically you got it from someone who didn’t even know they were contagious.
However, similar to their biological counterparts, other digital pathogens may take advantage of your computer’s compromised immune system to cause further damage. At best, these malware infections take the form of a symbiotic parasite that may surface relatively innocuous symptoms (pop-ups, Google doesn’t work, etc.), but those redirects can lead you to further infection by more harmful malware. At the extreme, they can lead to the digital equivalent of metastatic cancer, usually with fatal results. Suffice it to say, any form of malware infection should not be tolerated, regardless of the host machine’s primary purpose, and should be taken care of immediately.
Bromium, a new startup by the same braintrust that founded Xen – a popular virtualization platform now owned by industry giant Citrix – is promising their new product, “vSentry” will return computer users to the heady days of pre-virus computing. The basic idea behind this product is basically a combination of virtualization and hardware/software compartmentalization that creates agents called “microvisors” that act as a disposable “mini-computer” that are fired up to do things like read email, surf the web, play games, etc. and are then discarded completely once you have finished with that task. Conceptually, if, during the course of that task, the microvisor was attacked and infected by malware, the malicious code would end up going nowhere in the end, as the agent was dismissed from use. Think of the microvisor as a pair of impermeable, disposable gloves, tossed into the waste bin after every use, without the landfill aftermath.
What this means for you:
Based upon what I could tell, the product is still in the very early stages, and not yet readily available to the average computer user. It’s nice to imagine an internet where you can open an email from a friend, click a strange attachment and not worry about utterly destroying your computer. Even with the best-in-industry anti-malware software installed on your computer, the weakest link is still the operator at the keyboard. Until this product becomes a reality, and gets installed on every computer, vigilance is still your best defense against the wild internet. Always make sure your anti-malware software is installed, updated and WORKING. Always back up your data, and make sure those back ups are good. And if you are ever in doubt about your computer’s security, give us a call!