I had the opportunity to talk with Roger Thompson, Chief Research Officer of AVG Technologies, about this problem and possible solutions. He explained that one of these "here today, gone tomorrow" sites could infect my PC as soon as I landed on it, even if I didn't click on anything. Of those sites that attempt 'drive-by downloads' onto visitor's computers, 60% are infective for 24 hours or less. The infections range from the annoying, such as adware, to dangerous malware that could pilfer my passwords, account information, and other personal info that could be used to raid my financial accounts.
Thompson, a man with an obvious passion for the security wars, has been engaged in the battle since 1997, a lifetime in the rapidly-evolving computer field. He explained to me that AVG, having become aware of the problem posed by these short-duration web sites, has taken a new approach to combating this web threat.Its software looks for the results of malicious code, in addition to the code itself, by compiling data from AVG users as well as in-house web research. Hackers have learned to constantly vary the script that executes the invasion (AVG receives 50,000 unique binary samples daily) to dodge detection. Fortunately, the behavior that it triggers is much more consistent. Think of it this way: a thief can find dozens of ways to break into your house, but once in, he'll always act the same way, checking the dresser for jewelry, the desk for checks, and the walls for a safe.
I asked Thompson what we consumers should do to protect ourselves. He advises a three layer approach, which I'll call the scout, the village cop, and the palace guard.
- The palace guard is your basic anti-virus program, in its guard shack by your front door, patting down any information coming in to or out of your system for evil code and watching the house for symptoms of infection.
- The village cop keeps a list of the known bad areas of town and suggests you steer clear of them. This is your web shield, which prowls the Internet compiling lists of bad sites.
- The scout also prowls the neighborhood, but he's keeping an eye on the pawn shops to see who's hocking stolen goods, and how they were stolen, so he can warn you against new theft tactics before you even leave the house. This is your behavioral analysis program. AVG recently purchased Sana Security, which specializes in behavioral analysis tech, which it will incorporate into AVG's Internet Security package.
Finally, I asked Thompson point-blank if he thought the villains were winning. He emphatically stated that he thought not, because, although the bad guys are smart and motivated, so are the guardians. Given that almost every business in the world depends on the Internet today, I certainly hope he's right.
My take on our discussion? I've been using the free AVG anti-virus program on a couple of our home PCs, and I like it, but I can now see that I need a higher level of security, three layers deep. I'll probably upgrade to AVG's Internet Security, which was shown to be competitive to other industry leaders in a recent Passmark.com study.
If you don't have some protection in place, stop reading this and go get some. Until you do, you're a sitting duck.
If you aren't scared enough already, read Googling Security