Threats to your PC’s security
Threats to your privacy and security come in many shapes and forms these days. Let’s start by taking a brief tour of the different types of malware around to provide you with a better understanding of what to look out for.
Virus/worm
Traditionally malware was conflated with the term ‘virus’. However, viruses are a specific form of malware: code inserted into other files (such as macros in Microsoft Office documents, which is why macro supported is now disabled by default in Office). Along with worms – standalone programs rather than malicious code hidden inside other files, viruses are primarily a mechanism for delivering so-called malicious ‘payloads’, and are designed to replicate themselves as far and wide as possible, such as through copying to shared network folders or hiding inside emails.
Trojan horses
These days, a more common form of malware comes under the ‘Trojan horse’ heading. As the name suggests, they’re called Trojans because they attempt to sneak on to your PC under false pretences, typically by masquerading as legitimate software. Once installed, they can deliver different kinds of payloads, from changing system settings to prevent you from detecting and removing the threat to spying on your activities and downloading more malware to your PC.
Zero-day exploits
The never-ending release of security updates for Windows, web browsers and other software are a constant reminder that security holes are constantly being discovered – these holes make it possible for hackers to inject malware or take control of compromised systems using zeroday exploits. The ‘zero day’ is a reference to the time it takes between discovering a hole and patching it. People’s reluctance to install security updates, thus increasing the risk from zero-day exploits, is one of the reasons why Windows 10 makes such updates mandatory.
Zero-day exploits can carry all kinds of malware payloads, and your best bet for protecting yourself in the interim
between discovery and patching is to ensure your security software has built-in protection against them using heuristics, which acts on suspicious behaviour that may indicate the presence of malware.
Backdoor
An infection that allows hackers – typically automated scripts or other infected computers (known as zombies or ‘bots’) to remotely access and control your PC. Delivered by worms and Trojans, they can do anything from use your computer to deliver spam, steal personal information or act in conjunction with other infected PCs (collectively known as ‘botnets’) to attack major online services through Distributed Denial of Service (DDoS) attacks.
Spyware
While traditional viruses aim to replicate themselves far and wide, spyware tends to exclusively focus on the computer it’s been installed on. Its primary aim is typically to collect information about you
– through spying on your usage
– often to target you with ads and other material for financial gain. It’s also often used to steal sensitive information such as financial data and passwords through the use of a keylogger, which monitors keystrokes and mouse movement.
Like other forms of malware, spyware also attempts to change computer settings – particularly internet-based settings. This is to both protect itself by making it impossible to visit securitybased websites, plus make use of whatever information it’s gathered.
Rootkits and ransomware
Rootkits are a special form of malware that’s designed to conceal its own presence – in the form of tell-tale processes and running programs – and actively protect itself from being removed by security software. Thus hidden, the rootkit can then introduce payloads that can steal user information or even hijack the computer for use as part of a larger botnet network.
Ransomware is even more insidious. It seizes control of your PC and demands you pay to restore control (or decrypt personal data). It’s delivered in many different ways, from regular infections and other vulnerabilities (such as backdoors) to phishing – tricking users into running programs. Unlike other malware, it makes no attempt to hide.
Once triggered, you’re either locked out of your entire PC or key parts of the system, and you may find all personal files are encrypted, spreading to any connected network shares and backup drives. You’ll receive regular prompts – and a deadline – to pay an online ransom in return for an unlock code that (in theory) removes the restrictions and restores control or your data.