Malware scanners fail - Train users to minimize the risk

A recent spate of virus-ridden computers has left me feeling philosophical about the state of desktop management. Fortunately for me, these computers were not part of my corporate network, instead they were personal computers or servers maintained by other systems administrators. The cases come from all over. Family, friends, that nice shopkeep with the excellent wonton soup, or a friend of a friend in over his head with a server he maintains for charity.

If you’re a sysadmin you’ve probably noticed the rate of serious infections is on the rise. Not piddly little spambots of keyloggers, but sophisticated rootkits that sneak in through gods only know what vector, establish themselves and then start downloading friends. Regardless of the anti malware (AM) protection you have in place, these little gems blow right past it. If you are fantastically lucky, the attack kit that the malware downloads after getting its bearings will be clumsy enough that your AM software will actually let out a plaintive bleat. Right before it is cruelly and finally silenced by the elegant and sophisticated attacker. More often than not however, the malware will install completely silently. You don’t notice its there until it has connected to a command and control server and been ordered to download something annoying onto your computer. The favourite bits of accompanying downloadable malware at the moment are fraudulent anti-virus or “encrypt your data unless you pay” scams.