Tech Talk: ITS Newsletter

October, 2017

Question 1: What do Viruses, Trojans and Other Malware Actually Do?

Malware is the overarching term used to describe any malicious software. You may have heard of viruses or even trojans, but malware also encompasses malicious software types like bots, rootkits, spyware, adware, ransomware, worms and more. Defining malware can be complex, but here is a short guide that may help:

  • Bot – A malicious bot is a self-propagating malware that infects your computer and gets instructions from the bad guys. It uses your computer's resources to do the bad things it is told to do. Get enough of these infections working together and they form a botnet.
  • Rootkit – This software attempts to hide itself by pretending to be part of the operating system or other necessary files or services that your computer needs to operate. They generally deliver other malicious software to the user in a stealthy way.
  • Spyware – This is malicious software designed to covertly spy on the user.
  • Adware – This is software that delivers ads to the user, usually in the form of unwanted pop-ups, sometimes when you aren’t even browsing the Web.
  • Ransomware – This software kidnaps your data and asks for payment in order to give it back to you.
  • Viruses, Worms and Trojans – These labels generally describe the methods used by malware to spread itself. A virus infects files or drivers and needs to be shared by a human; worms spread without human interaction; and a trojan hides itself in what seems to be legitimate software.

Remember, malware is malicious. All malware is attempting to do something bad on your device.

Here are a few steps you can take to help secure your devices:

  • Stay up to date. Update your operating systems and your software regularly. Malware often targets vulnerabilities in out-of-date software that needs to be patched.
  • Only download and install software from trusted sources. Trojans and viruses often like to catch a ride on software delivered from sketchy sites and services.
  • Run anti-malware or anti-virus from a reputable company. Check out the links on https://uncw.edu/ITSD/help/antivirus.html for some ideas, if you need them.
  • Be safe. Safe browsing, safe sharing, safe storing and safe passwords are all important to help protect you and your devices from harm.

Question 2: What’s Wrong with Using Public Wi-Fi?

The simplest answer is that public Wi-Fi is not secure.

When you connect to public Wi-Fi all of your communications are sent “in the clear” or in plain text. So, every website you go to, every site you log in to, and every transaction you do could be watched. You may hear this referred to as snooping.

If that isn’t scary enough, a public network is a mix of every device on that network. If someone connects to public Wi-Fi and their computer has malicious software on it, that software will generally reach out and try to attack every computer it can reach.

Another issue is called a "man in the middle attack." This type of attack is composed of a malicious network pretending to be a good network in order to snoop on everything you do and steal passwords, personally identifiable information and financial data, or even install malicious software on your device. To make matters worse, if you generally connect to open or public Wi-Fi services chances are your device is set to automatically connect. This makes it easy for someone to set up a hotspot and have your device connect to the Internet through them without your input.

I recommend you handle sensitive transactions only on trusted networks. If you must connect to public Wi-Fi or you would like added security on private connections, I highly recommend you use a virtual private network (VPN). In short, a VPN uses simple software to encrypt or hide your communication and secure your connection. There are many sites out there that can help you sort out the best of the bunch to keep yourself safe. Here is a quick search that may generate some leads: https://www.google.com/search?q=what+are+the+best+vpn

For an even higher level of protection look into supporting HTTPS everywhere (https://www.eff.org/https-everywhere).

And just to add, not all private networks are secure. If you have ever seen or heard people discussing WEP, WPA and WPA2 they are referring to the security protocols used in Wi-Fi. Here is the short list from most to least secure:

  1. WPA2 + AES
  2. WPA + AES
  3. WPA + TKIP/AES (TKIP is there as a fallback method)
  4. WPA + TKIP
  5. WEP
  6. Open Network (no security at all)

The best rule is to only handle sensitive data on trusted networks.