THE GREAT MAL­WARE MIS­CON­CEP­TION

De­mys­ti­fy­ing mal­ware myths with Mal­ware­bytes.

HWM (Malaysia) - - DIALOG - By Peter Chu

“MacOS is more se­cure than Win­dows” – a say­ing that you prob­a­bly would have heard about nu­mer­ous times be­fore. In fact, Ap­ple them­selves even pro­claimed that Macs “doesn’t get PC viruses”, and that it “isn’t sus­cep­ti­ble to the thou­sands of viruses plagu­ing Win­dows-based com­put­ers” as part of its ‘Why you’ll love a Mac’ mar­ket­ing cam­paign back in 2010.

But have you ac­tu­ally won­dered if there was ever any truth to these adages, es­pe­cially in this day and age? To help us sep­a­rate fact from fic­tion, we con­sulted Thomas Reed, the Di­rec­tor of Mac and Mo­bile at Mal­ware­bytes. It has long been said that Mac users need not worry about their sys­tems be­ing in­fected by spy­ware or mal­ware. Has this been a grave mis­con­cep­tion all along? Or has there been a sud­den in­flux of Mac-spe­cific mal­ware threats over the re­cent months?

Many be­lieve that the Mac is im­mune to mal­ware, but that’s far from true. It’s been a mis­con­cep­tion from day one. For the Mac, mal­ware is still a far smaller prob­lem than it is on Win­dows, but it is grow­ing at an alarm­ing rate. In 2017, we’ve seen that mal­ware has in­creased by 220 per­cent over last year, and we’re not even done with the year yet.

We see ad­ware and PUPs (po­ten­tially un­wanted pro­grams) as be­ing the big­gest prob­lem on the Mac these days. Es­pe­cially for PUPs, they are in­creas­ingly be­ing ex­ploited lately, and the num­bers are grow­ing rapidly. We’re al­ready see­ing quite a num­ber of them on the Mac App Store.

Peo­ple be­lieve the Mac App Store is a to­tally se­cure and safe en­vi­ron­ment from which to down­load soft­ware. That is no longer the case. There are lots of “bad soft­ware” out there that prom­ise to do things which they can’t. For ex­am­ple, there are a num­ber of fake anti-virus pro­grams read­ily avail­able on the Mac App Store.

The av­er­age con­sumer would be none the wiser, but we have a whole bunch of mal­ware sam­ples to test them with, and what we found is that they don’t pro­tect you from any­thing.

So, why go through the has­sle of de­vel­op­ing mal­ware specif­i­cally for Mac when there are sig­nif­i­cantly more consumers and busi­nesses out there that are run­ning on a Win­dows op­er­at­ing sys­tem?

While more consumers and busi­nesses are run­ning on a Win­dows op­er­at­ing sys­tem, the mar­ket share of Mac has been in­creas­ing over the years. Go back 10 years, and the Mac was more of a niche mar­ket and not as com­mon as it is to­day. While the Mac has more se­cu­rity fea­tures to­day than it did 10 years ago, it is also fac­ing far more mal­ware than it used to.

At Mal­ware­bytes, we be­lieve ev­ery­one has a fun­da­men­tal right to a mal­ware-free ex­is­tence, no mat­ter the plat­form they are us­ing, whether it be An­droid, Win­dows, or Mac. We look to­wards cre­at­ing spe­cific so­lu­tions for each plat­form, as dif­fer­ing op­er­at­ing sys­tems face dif­fer­ent se­cu­rity prob­lems.

Cy­ber­crim­i­nals are known to go where the money is, and see­ing that Macs are get­ting more pop­u­lar – with quite a num­ber of peo­ple be­liev­ing there are no viruses on the Mac, and are there­fore not tak­ing any pre­cau­tions – it is only a mat­ter of time be­fore Macs be­come big money for hack­ers.

Whilst the mag­ni­tude of the threats that Macs are en­coun­ter­ing to­day is still some ways off from be­ing as se­vere as Win­dows, they are on track to be­ing a big prob­lem in the fu­ture. As such, at Mal­ware­bytes, we con­tinue to look at build­ing out our ca­pa­bil­i­ties to en­sure our Mac users are ad­e­quately pro­tected to­day, as well as in the fu­ture. Can you pro­vide some ex­am­ples on how mal­ware can wreak havoc on a Mac sys­tem? A worst-case sce­nario, per­haps?

The worst thing that mal­ware can do to most peo­ple is to de­stroy or steal their per­sonal in­for­ma­tion. Un­for­tu­nately, do­ing so is al­most triv­ially easy. Such at­tacks re­quire no spe­cial per­mis­sions, so any ap­pli­ca­tion that the user al­lows to open could ex­e­cute such an at­tack in­stantly. This means that us­ing so­cial en­gi­neer­ing to trick a per­son into run­ning a piece of mal­ware may be the only bar­rier be­tween that per­son and a nasty in­fec­tion, un­less there is some­thing like Mal­ware­bytes for Mac in­stalled to ac­tively pro­tect against this kind of thing. Mal­ware­bytes re­cently dis­cov­ered that the num­ber of An­droid mal­ware cases be­tween Q1 to Q2 2017 in coun­tries like Thai­land and Sin­ga­pore have in­creased ex­po­nen­tially, but not so much in Malaysia. Why is this the case? What do you think An­droid smart­phone users in Malaysia are do­ing dif­fer­ently com­pared to their Sin­ga­porean and Thai coun­ter­parts?

We did see a sig­nif­i­cant quar­ter-on-quar­ter per­cent­age in­crease in Sin­ga­pore, with about 23,000 in­stances of mal­ware de­tected in Q1, ver­sus about 29,500 in­stances in Q2. How­ever, it might be mis­lead­ing to say that this is an ex­po­nen­tial in­crease, be­cause in this par­tic­u­lar con­text, a 28-per­cent in­crease trans­lates to 6,000 in­stances, whereas in Malaysia, we are see­ing more than 160,000 in­stances of mal­ware per quar­ter. Un­for­tu­nately, we are cur­rently un­able to pro­vide a dis­tinct causal­ity for the in­crease in mal­ware we are see­ing in var­i­ous coun­tries, and this is some­thing that will re­quire fur­ther study. Why should An­droid users be con­cerned about their de­vices be­ing in­fected by mal­ware? Or, in other words, what’s the worst that could hap­pen?

On An­droid, about half of what we have de­tected are mal­ware and tro­jans. Of those tro­jans, the ma­jor­ity of what we’re see­ing are screen locker and ran­somware pro­grams. Both can ren­der your An­droid de­vice use­less, or what we like to term ‘brick­ing’. Once in­fected with ran­somware or screen lock­ers, users are ef­fec­tively locked out of the de­vice, un­less one has the proper re­me­di­a­tion tools, or pay a ran­som to the hacker and are lucky enough to have their de­vice un-en­crypted or un­locked.

We don’t rec­om­mend pay­ing the ran­som, as there is no guar­an­tee that you will have your files re­turned. For many in­di­vid­u­als who en­counter such mal­ware and do not have the right re­me­di­a­tion tools, the only op­tion ends up be­ing ditch­ing their de­vice and buy­ing a new one. They say due dili­gence (and a lit­tle com­mon sense) goes a long way when it comes to keep­ing your sys­tem or mo­bile de­vice safe from mal­ware. But is this no longer the case?

In the fu­ture, we ex­pect that PUPs will be­come a big­ger prob­lem than mal­ware. This is be­cause hack­ers be­lieve that not many cy­ber­se­cu­rity com­pa­nies are will­ing to take risks as­so­ci­ated with de­tect­ing PUPs, as the com­pa­nies that cre­ated them have phone num­bers, ad­dresses, and even lawyers.

In ad­di­tion, un­like cre­at­ing mal­ware, once the hack­ers have built a PUP, they can put it on the in­ter­net and have it do noth­ing for a cou­ple of years while the PUP con­tin­ues to gen­er­ate good money for them.

An­tivirus soft­ware with ma­chine learn­ing tech­nolo­gies can de­tect mal­ware au­to­mat­i­cally, as there are cer­tain be­hav­iors mal­ware ex­e­cute, mak­ing them eas­ier to de­tect and block. With PUPs, hu­man in­ter­ven­tion is re­quired to make a judg­ment call on whether the app is bad. For ex­am­ple, the app may not be able to per­form tasks it claims to be able to do such as ‘clean­ing your sys­tem’, or ‘re­duc­ing bat­tery drain’. There­fore, hu­mans of­ten have to make a de­ci­sion on whether or not the pro­gram is le­git­i­mate, and it’s hard to teach peo­ple how to do that.

So even in terms of avoid­ing mal­ware, the age-old ad­vice of not click­ing on sus­pi­cious links is def­i­nitely great ad­vice. But then again, even the most shrewd cy­ber­se­cu­rity re­searcher can have a bad day and make a bad de­ci­sion. Hack­ers are also get­ting more so­phis­ti­cated and are dis­guis­ing their meth­ods of de­liv­ery bet­ter. Some phish­ing at­tempts look so much like the real thing, that it is al­most im­pos­si­ble to dis­tin­guish them. As hack­ers get more so­phis­ti­cated, it makes sense to rely on re­al­time pro­tec­tion that can ac­tively de­tect and block at­tacks even should one click on the wrong link – mak­ing it all the more nec­es­sary for peo­ple to move on from tra­di­tional anti-virus soft­ware to next-gen­er­a­tion so­lu­tions such as Mal­ware­bytes for Mac and Mal­ware­bytes for An­droid.

Thomas Reed

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.