Addressing Malware Detection from the Outside In
Editorial note: I originally wrote this post for the Monitis blog. You can check out the original here, at their site. While you’re there, have a look around at the different types of production monitoring that they offer.
I worked as a software engineer for almost the entire decade of the 2000s. While I was earning a living this way, computers were making their way from CS student dorm rooms to Grandma’s den. Like so many other programmers of the time, I thus acquired the role of unofficial tech support for computer illiterate friends and family. I do not miss those days in which malware detection became an involuntary hobby.
Back in 2005, everyone had computers with Windows XP or Windows 98. And every computer with Windows XP or Windows 98 seemed to attract malware like flies to flypaper. So I found myself sitting in front of CRT monitors next to dusty towers, figuring out why nothing worked.
I still kind of remember the playbook. For instance, Lavasoft had a product called Ad Aware. I also seem to recall something called MalwareBytes. I favored these because I could download them for free. At least, I could download them for free assuming the victim’s computer was even capable. With those tools in place, and with a heaping helping of googling from my own laptop, I would painstakingly scan, sweep, remove, tweak, and repeat. Eventually, I won. Usually.
It seems strange to think about now. Ten or twelve years ago, consumers compared brands of antivirus software the way we compare music apps on our phones. Malware detection dominated our computing consciousness, even for casual users. But today? I can’t remember the last time I ran an antivirus scan on my laptops. I suspect you can’t either. So what happened to all of this malware? Did it simply disappear?
The Silencing of Malware
Well, no. Malware didn’t disappear. The criminals and spammers of the world didn’t just one day decide to do something better with their lives. In fact, you might argue that they became more effective.
Most of the pieces of malware from my younger days had lots of bark and little bite. They’d install themselves on your computer and hijack your browser with obnoxious graphics or spew error messages until your machine crashed. Some came from would-be vandals, while others tried unsuccessfully to do things sneakily.
But causing some computer neophyte to say “this doesn’t seem right” and call up a young me to fix things — well, it hardly constitutes successful sneaking. It always seemed, in those days, that malware authors sought mainly to annoy. And malware detection and removal sought to fix the inconvenience.
In more recent years, however, the consumer annoyance factor has mostly disappeared. Why? Because there’s no profit in it. Today’s malware instead aims to help its authors and users make money. It does this by quietly gathering data, sending out spam, gaming search engines, and stealing information. And it does all of this under the radar.