RSS
Home
Malwarebytes Anti-Malware is Aces at fighting "scareware." (Don't get fooled into turning it off!)
Print
Email
RSS
Subscribe
Ever seen one of those popup browser windows that announces your PC has been infected? Ads like this can pop up from nowhere, offering to scan your PC and solve all of your "problems."
Many people are smart enough to avoid clicking OK and accepting "candy" from a complete stranger. But you don't want to click the X in the corner to close the window, either. Unfortunately, the "Close Window" button in these scareware dialog boxes is usually just as phony as the OK button. The OK button may launch a scan of your hard disk that announces your only hope of becoming virus-free is to buy an unknown Brand-X antivirus cleaner. But clicking the close button in the window will initiate a script that downloads an entire suite of rogue applications and system files to your hard disk. Your web browser goes to junk-ad pages instead of the URLs you want to visit and you suddenly see a bunch of "access denied" messages if you attempt to remove suspicious-looking files.
You might think that conservative web browsing habits will spare you from ever seeing one of these ads, but two weeks ago, a malicious ad managed to infiltrate the website of the New York Times!
If a "scareware" ad pops up on your Windows computer, what you probably want to do is immediately suspend your Internet connection and press Ctrl+Alt+Del to open the Windows Task Manager. Find the web browser in the programs listed on the Applications tab and click the "End Task" button. Either that, or buy some real protection with an application like Malwarebytes Anti-Malware.
The basic thing you want to remember about Anti-Malware is that the free version can save your Windows setup from a wide variety of known malware infestations after you catch them, but it doesn't include real-time protection. So effortless cleanup is not a certainty. The commercial version, at $30 for a single-user license, does include real-time protection.. The real-time protection monitor stops you from shooting yourself in the foot by closing an infected popup ad window—and it also shields your computer from attack scripts that would be downloaded to your hard disk from a compromised website. (If the New York Times isn't safe, what is?)
Anti-Malware is not a traditional antivirus application like Norton Antivirus, Trend, or McAfee. It won't warn you if someone sends you an infected Word document in an email message or clean the Word document. Instead, Anti-Malware specializes in detecting and removing Internet malware transmitted through web browsers. Last year's "scareware" menace was a nuisance ad for something called "XP Antivirus 2008." Unwarned users who clicked the red X to close the window soon found their web browsers hijacked and their computers loaded with rogue system files that could not be removed by the standard A-V products from industry heavyweights like Norton, Trend, and McAfee.
Usually-reliable freeware products like Grisoft AVG, Avira Antivir, Lavasoft Ad-Aware, and Spybot Search and Destroy were also powerless to undo the damage. Malwarebytes Anti-Malware came to my attention last year because a) it was able to do the job (removing "XP Antivirus 2008," and leaving the entire Windows XP configuration intact, and b) it was distributed as a freeware product. In the months after I learned about Anti-Malware I recommended it to a number of friends who had abandoned hope of rescuing their computers with traditional antivirus programs. Anti-Malware came through every time,
I became curious about this miracle "Windows cleaner." Where did it come from? Who owned the company? The Malwarebytes website forums were full of people asking for help with unstoppable infections, and the forum support staff did due diligence in replying to every question. But the Malwarebytes website showed no street address and no listed telephone number. A bit of googling produced some interesting rumors: Malwarebytes was founded by a group of A-V industry professionals who had left their original companies in the hopes of putting out a product that really worked. They were determined to develop a product without the feature bloat and performance slowdown inherent in well-known security protection suites.
In the past year, the reputation of Malwarebytes has grown, as Anti-Malware has gained quiet acceptance in the IT community as the tool of choice for averting and removing Windows rootkit invasions spread through infected websites.
Anti-Malware is well-known enough, now that one of this year's "scareware" nuisances (called "Protection System") specifically targets Anti-Malware. The "Protection System" rogue popup warns that your computer is infected. It searches for Anti-Malware on the hard disk and, if the program is found, reports it as a virus, asking for permission to remove it. If the user clicks OK, the "Protection System" rogue app calls the Anti-Malware uninstaller and removes Anti-Malware from Windows. Needless to say, you don't want to do this!
Addendum (10/1/09): After a little bit of geek persistence, I was able to contact and speak with Marcus Chung, an Executive Vice President at Malwarebytes. I learned that the company is actually in the middle of a relocation from the Midwest to here to the San Jose/South Bay area. Marcus, who worked for Symantec and Sygate before coming to Malwarebytes, told me that Anti-Malware was designed to address a gap in antivirus protection. In his opinion, web-based malware and spyware applications are undergoing a transaction from hacker nuisances into a criminal industry. One future feature coming up for Anti-Malware is a “rogue-website blocker,” that can update its list of dangerous URLs several time a day.
Marcus wanted to stress the point that Anti-Malware isn’t an all-in-one solution for protecting Windows computers from attackers. The programmers are believers in a layered security approach—rather than trusting in one product. In a series of tests I ran, I confirmed that while Anti-Malware is great at blocking and removing applications that try to take over your computer through a web browser, it does little to identify and remove milder “nuisance adware” cookies or more conventional viruses that are typically sent as e-mail attachments (infected Word and PDF documents, screen savers, and executable programs).
Coming up here in future weeks: looks at Webroot Spysweeper and Avira Antivir, two applications designed to address those problems (+ more tips and tricks like these, on how to block malware the antivirus programmers haven't even identified, yet).
Related Articles:
Comments
