Sunday, February 13, 2011

Beware: Ninja Attack Imminent!


I have been on the internet for about 14 years now. That's quite a long time. Not the casual, "Just check my email once a week," internet denizen either. I'm more the, "On at least once a day every day," sort of person. I instant message people, I'm active on several forums, I game, I google any thought that crosses my mind, and I do a lot of downloading (Ahem. Of the legal kind -- I assure you). For 14 years! During all of that time I have never, ever had an anti-virus program installed. During all of that time, I have never, ever gotten a computer virus.

When I was in the PC sales & repair business I would boggle at the outrageous prices people were willing to pay for McAfee and Norton. Highway robbery. The fact that they were paying anything at all for virus protection boggled my mind. In 99.9% of all instances, you can avoid infection by simply not being an idiot. When random mysterious .exe files try to launch themselves, just click no. Never click on an url from untrustworthy sources. Just as you aren't supposed to accept candy from strangers -- don't accept downloads from them either. This is all common sense I thought... like not biting lepers or tonguing someone with tuberculosis.

But that isn't the case. At least half of the work I did on PCs was virus removal. To the point that it was ridiculous. The other half was typically people who were 100% certain they had a virus but it turned out they just hadn't performed any maintenance for as long as they've owned their computer. You should defrag at least bi-weekly and you should totally reformat every 6 months, amongst other things. No, the 2 inches of dust on your motherboard is not supposed to be there. No, the spiders living on your sound card aren't supposed to be there either. The fans inside should be spinning, yes.

To me, virus protection software is a big scam. A scare tactic used to frighten you into spending more money than necessary. "Beware the big spooky viruses! They will destroy the thousands of dollars you spent on your computer in an instant!" Like they're trying to convince you your computer will get e-AIDS if you don't invest in a virtual computer condom.

There is no reason to pay for something you more than likely will never need so long as you're not being careless. Even if you are careless, there are more than enough completely free anti-virus programs endorsed by Microsoft (read: not a Trojan in disguise) to cover your ass.

Today I was careless. I found a stow-away while downloading something otherwise benign. My very own computer virus! First one ever. At first I was a little annoyed, not by the virus but by my nonchalance. With a roll of my eyes I launched Microsoft's Malicious Software Removal tool because that's about the extent of effort most viruses take to be rid of. And if that doesn't do the trick, you can always just reformat. What a dull lesson in tedium, I thought.

Then something exciting happened. The virus scanned the program I was trying to launch, deemed it a threat to itself, and disabled it completely. Rendering it useless to me for anything other than a desktop icon. As a test I launched Windows Defender to see what would happen. Sure enough the virus scanned it and disabled it completely. This was now far more entertaining. Perhaps even a challenge.

Sure, I have encountered viruses that travel to escape deletion, but never one that actively takes out other programs it deems threatening.

I opened Windows Task Manager to see what the processes running were, identified the guilty ones, noted what directories they were occupying and made an attempt to end them for removal. The virus was fine with my perusal of Task Manager up until that point -- after which it immediately disabled Task Manager too.

Giggle. This was far more interesting than I had thought it would be. At this point I could've simply reformatted, it's about that time anyway, but now I was determined to triumph. To see how far this thing would go.

I went to Mr. Owl to ask him about my stow-away. The virus intercepts my search query and blocks all of the websites with any information useful to me. I manage to jump through some hoops and get to a page, from Microsoft's own, where I can download a third party task manager-like program with which I can kill the virus' processes and effectively download a new removal tool.

When I try to download the program from its actual website, the virus cancels the download and closes my browser. Not one to be thwarted, I go to a mirror site and download the program there. However when I install it, the virus recognizes the file name and disables it. Ha! Tricky devil. I'll have to be trickier. I download it again, from another mirror, and rename it. Rkill is now Bob. Innocent, totally nonthreatening Bob. I launch Bob and in a matter of minutes have killed my virus' processes.

Now is my chance to grab Malwarebytes and finish this. Which is essentially what I do, only I know that every time I run a new program, my stow-away awakens. I have to time it with Bob perfectly, or the virus will just disable MWB too. I manage this and after a restart, the whole ordeal is done with. Purgality!!!

Is it wrong that I was hoping my persistence would awaken some latent AI in the thing and Skynet would be born? I mean, self preservation programmed or not is pretty cool. Not even all animals have that level of awareness.

3 comments: