With all the recent media flutter about Conficker [1,2,3,4] and the advice by security software vendors to patch and update, it’s no wonder that the FakeAV crowd are doing good business, as detailed by Paul Ducklin.
It is no surprise, then, that users, tech savvy or otherwise believe the fake warnings (and they are often quite believable) and polished interfaces, and give the latest AntiVirus2009 a chance. After all, they are just following “good security practice”!
So where has it all gone wrong? Are our fears of an unsafe net being exploited by the malware authors to their own financial gain? Do the computer users among us need our own patch for the old grey-matter?
Here is a good start to hot-patching the old noggin. Let’s first start with addressing the “is this even a legitimate security product” issue – VirusTotal (who provide a malware scanning service by utilizing a number of anti-virus products) have a reasonable list of the major players (free and otherwise) available on their website. If the FakeAV’s name isn’t on their list of vendors it’s probably not worth the bandwidth.
If its name looks like it wants to draw your undivided attention, consider why it may be doing this. All that glisters is not gold!
If it claims to find lots of malware yet requires a fee to eradicate it, consider this suspicious (evaluation versions should allow evaluating the cleanup and disinfection facility as well).
If it nags you for a registration more than your significant other nags you to take the garbage out, its probably time to trash it.
Generally practice safe hex and avoid spreading malware by unsafe removable media.
Consider these rules of thumb as a hot-patch to your brain and avoid getting pwned by the latest FakeAV as it exploits your sense of doing the right thing – or you could be driving away with those brand new square wheels :-P