Watch out for the Honda Accords

Why watch out for the Honda Accords?  Well, automobile accidents are one of the leading causes of injury and death and Accords are very common cars. This sounds pretty silly, doesn’t it? I mean, wouldn’t it make sense to drive like any car is a potential threat and drive as best as you can to avoid accidents with all cars? Of course it makes sense. Do you eat or take vitamins only to avoid scurvy, or do you not worry about scurvy because you are taking the steps to prevent all kinds of diseases through proper nutrition?

There is a lot of talk about the Conficker worm. A worm that “triggers” on April 1st, except it doesn’t really do too much that is special or of importance to most users on April 1st.  Highly irrational thinking, concerning the Conficker worm is rampant. People see the hype and start to focus on “How do I know if I have Conficker and how do I prevent it?” when the rational approach is how do I make sure I am not infected with anything and how do I make sure I don’t get infected? There are far worse problems out there than Conficker and if you only focus on Conficker then you are diverting attention away from truly being secure. Do you cross the street despite the fact that 1,000 cars that are not Honda Accords are going through the intersection and each can kill or maim you, or do you wait until it is safe, regardless of the make and model of the cars?

OK, for those of you who are taking hype intravenously and no amount of rational thought will bring you comfort, go to control panel and open the Windows Security Center. If it is working you are not infected with Conficker.C. If the Security Center is not working then you may be infected with any of a number of different threats, many may be worse than Conficker. If you are an ESET customer, then call us for free tech support. If you are a customer of another vendor call them for tech support.

April 1st your computer is not going to melt down due to Conficker. The only thing that Conficker is going to do on April 1st is re-route communications links between Italy and France causing worldwide pizza orders to be delivered with snails instead of pepperoni. OK, if I said that on April 1st you would have known it is a joke :)

Yeah, Conficker is a serious problem, but not for home and corporate users who employ best practices already. The real problem is for the security professionals trying to prevent the worm from impacting the millions of people who fail to learn anything about security.

So, you still want to protect against Conficker? Here is what to do.  Make sure that the Windows Security center is functioning and you are up to date on your Microsoft security patches. You can go to http://update.microsoft.com to manually check for updates. Make sure you’re antivirus product is up to date. Your antivirus product should be tested by Virus Bulletin (www.virusbtn.com) and/or certified by ICSA Labs, or have West Coast Labs Checkmark certification. Send me an email at askeset@eset.com if you need help determining this. Exercise caution in what websites you visit and never open attachments unless you have verified that you know the person who sent them and that they really meant to send the attachment and that they also know what it is.  These instructions are not specifically for Conficker, this is simply part of how you protect against all of the threats out there.

It doesn’t much matter what I drive…if I don’t know how to drive safely, no car out there is as big a threat to me as I am to myself.

Get over the hype and practice security, not irrational fear.

Randy Abrams
Director of Technical Education

Author ESET Research, ESET

  • jcanto

    Aaaaaamen.

  • Pat Hill

    I don’t want to seem disrespectful,but I don’t want to deal with all that. I have eset software because I know nothing about security software, I need to focus my attention on other work, and I want to have the best security software I can at a reasonable cost, that updates my protection frequently enough to cover these issues.

    So all I want to know is this:

    Does the automatic eset virus update protect me from current viruses, including this one? And if not, how do I keep my computer protected the way it should be? That’s all I need to know.

    • Randy Abrams

      With all due respect Pat, you can’t be secure online without education. ESET protects against millions of threats, including Conficker, but every day there are brand new ones that the bad guys are testing to make sure that they will bypass all security software. There is always a window in which you will be vulnerable. It is a fantasy to believe you can be safe without learning some security basics. It really is required. I hate to be the bearer of bad news, but despite years of antivirus industry marketing, no product makes oyu completely safe. You brain is the best tool you have for security if you feed it knowledge.

  • Robin Jackson

    Randy,

    I don’t disagree with you.

    However, Pat’s point is THE POINT. Many, many customers trust ESET or another anti-virus company to keep them safe. Companies tout heuristics and all sorts of other buzzwords to assure customers that their products keep them “safe.”

    The latest CanSecWest results show just how safe we are. You can be as cautious as possible, and as educated as possible and still be infected, in a heartbeat by a zero-day. You’re brain cannot keep you safe if you cruise a reputable website that has had a SQL injection that you don’t know about and a drive-by hits you.

    One of the greatest scams today is AV software (and yes we are a customer of yours). Google has the best idea in creating a browser from the ground up…God only knows how long that will last.

    Could ESET have stopped the Firefox or IE exploits?

    Inquiring minds want to know.

    • Randy Abrams

      I think THE POINT is that you do have to pay attention, even with antivirus. There is no such thing as security, there is only risk management. I use SandBoxIE to help manage risk. I couldn’t use it effectively if I didn’t have some level of computer education though. AV Software is not a scam, it is over-hyped though. It is quite wrong that marketing in the industry leads people to believe that they are more secure than is actually the case, but knowing the limitations and the benefits, I conclude it is not a scam.
      Could ESET have stopped the exploits? Anything is possible, it comes down to “You can have it good, you can have it fast, you can have it cheap… pick any two”. Exploit detection is possible, but to do so efficiently and accurately within the confines of an anti-virus engine has varying degrees of difficulty and it is entirely exploit dependent. Our friends, parents, brothers, sisters, etc. use our software, we have a vested interest in making it as good as we can.

  • JT Mares

    What I’d like to know is what ESET (or any computer security firm, for that matter) is doing to prevent compromise and takeover by hacks of CPU hardware virtualization (such as “Blue Pill,”) et al. As I understand it, if the Operating System can’t even tell it’s running on virtualized hardware, detection of malicious hypervisors is essentially impossible, let alone trying to remove something running in CPU-exclusive on-die memory.

  • http://www.coffeerama.com caffeine head

    even if someone used Conficker to steal my credit card info, there wouldn’t be any credit there for them to exploit or spend

    • Randy Abrams

      yes, but bot nets can also send spam from your computer, attack other computers using your computer and download and store illegal content on your computer and put oyu at legal risk.

  • Andrew P.

    As any flight student quickly discovers while learning to fly by instruments, SCAN THE PANEL. If one concentrates on just one instrument, the plane will soon go upside down or into a steep “graveyard spiral” toward the ground. This is also true of using computers and most other endeavours in life. Mind the Big Picture and don’t get wrapped up in the details.

  • Goytá F. Villela Jr.

    Pat, you are not alone: there are many people out there who have no interest in the inner workings of computing and just want to do their word processing, browsing, gaming, etc. However, one thing that many people fail to understand is that some computing skills are necessary in today’s world, and in order to do that, some basic knowledge *is* necessary.

    I often make an analogy with driving cars. Humankind survived very well until the late 19th or early 20th century without cars, but our lifestyles have changed a lot since then, and now a lot of people drive cars (and often *have* to). Do they have to understand car mechanics to do that? Certainly not, but there is a minimum of things they have to know: for example, that fuel is needed, that you need to change the lube once in a while, and that car theft is a reality and one has to be aware of the available ways to protect one’s car.

    Personal computing is no different – it is a skill required for anyone to be inserted in the modern world, lifestyle and even labor market. You don’t have to be an expert to do your job (unless that *is* your job), but there are some basics that one needs to know. And some of them are related to security.

    I have a friend who thought just like you and complained that it was all too boring and he was too busy. But he is a translator and works all day on MS-Word, translating texts. I replied that anything that directly involves and affects the way he earns his bread and spends all his day just had to be very, very interesting! Now he surprises me at how well informed he is about all trends in hardware, software and networking – far more than necessary for his basic needs.

    So, Pat, keep your “driver’s license” current, so as to say. You won’t regret it.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

7 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.