How does malware get access?

March 11, 2010 at 04:10:33
Specs: Windows 7
I'm trying to understand what security I'll need for my new computer.
I've read a handful of articles about security in general, plus firewalls
and virus/worm scanners. I still don't understand how malware could get
access to my computer. So far I have not had any problem with malware,
but I don't know whether that is primarily because I have set up my
computers in such a way that they just aren't open to attack, or
because they have been such low-value targets that no malware
bothers to attack them.

My e-mail provider filters out much spam, but some gets through
the simple filter, so I have seen lots of e-mails over the years which
appear to contain viruses or worms. I simply have never commanded
them to be executed, so they have never done anything.

Firewalls seem pointless. My understanding is that they can either be
set to reject all input from locations that have not been pre-approved
(whitelist), or they can be set to accept all connections that have
not been pre-disapproved (blacklist). For whitelisting, I need to know
before I visit a website that it is safe. I have no way of knowing
whether any particular website is safe before I visit it, and probably
still won't know after I visit it. So unless I want to restrict my web
surfing to sites that I'm already familiar with, whitelisting appears
to be pointless.

For blacklisting, I need to know which websites are dangerous.
I suppose I can get a list of 200,000 sites that have been reported
to be dangerous, but such a list will always be out of date and will
probably be wrong to begin with. If I want to visit a site on the
blacklist, do I just accept that it is bad so I should forget about
visiting it, or what? I don't see what good a blacklist is.

As for firewalls, I understand that they can close Internet ports.
I have read that you can block all incoming connections on all
ports if you are not acting as a server for anything. So, why aren't
all such ports closed by default, and only opened as needed?

Can you explain any of this or provide links to explanations that
make more sense than those I've read so far?

-- Jeff, in Minneapolis

See More: How does malware get access?

March 11, 2010 at 12:35:12
Malware gets on your system through exploits. There systems that install things behind the scenes like Microsoft Automatic Updates, driver updates like printer drivers, and some viruses even exploit anti-viruses.

These are very rare because these companies find the exploit and put out patches to stop them. So the other way it gets on your computer is through trickery (Social Engineering). They will put something up that is downloadable like a free screen saver and when you install the screen saver you install the Trojan and or Malware. I have been to sites where a pop-up says you need to install a specific display driver to properly view the page and gotten Malware by doing that.

The last way is through email and shared pictures. You get this really cool joke which has an Animated GIF picture. You think it is cool so you put it up on Facebook or you Email to all your friends. Animated GIFs can exploit the picture viewer engine to open a backdoor and install an app on your computer.

Also there are exploints in MS-Word and MS-Excel that use the built in VBA Macro engines to install stuff. Again very rare because these are the oldest ways of owning your computer and Microsoft has patched these exploits my letting you know a Word doc has a macro in it before you open it.

So, there is the how. How you protect against it is another thing.

Report •
Related Solutions

Ask Question