We know there are bad guys out there who write nefarious programs and attempt to get them on our computers and phones via wide ranging methods.  This bad code is known generally as “Malware”, “mal” literally meaning ‘Evil’ or ‘Bad’ in Latin- and is at the root of words like “Malicious”.  It is indeed just that, evil code.  We know Malware/Viruses equals bad, but there are many myths around them which you should really be aware of. Read on for just a few of the myths which you should keep in mind.

Malware, like taxes, is inevitable.

Only Windows- The most written about computer malware myth is that it is just a Windows problem.  The root of that falsehood is that about 65% of all computers run Windows and Microsoft is historically a widely attacked company.  The bad guys are smart, and they will go after the largest target, which is Windows.  Apple’s MacOS and iOS have been the subject of many attacks over the years but at about 25% of the computers out there it just does not make the news. As for the rest it is basically UNIX and Linux of which there is not just one official version, which both helps and hurts.  If you are running a well-supported version such as RedHat Linux bugs are likely to be addressed fast but lesser-known versions (aka Kernels) might not ever be patched.  So, the lesson is the same here- patch your systems, use whatever automatic updates which are available as all the major operating systems: Windows/ Apple based/ UNIX/LINUX.     

It is just a new problem- Another myth about malware is that it is a new thing. Would you believe the first noted virus is 50 years old?  The forerunner to today’s Internet was called ARPAnet which was a way to connect via networked research institutions across mostly North America in the mid 1960’s.  In 1971 a programmer named Bob Thomas wrote an innocuous little program that simply displayed “I’m the Creeper, catch me if you can!” on the terminals of users of ARPAnet.  While never intended to do any harm, it was annoying, and Thomas was sneaky insofar as he wrote it that it would make copies of itself to run on different machines thus the first virus was specifically a Worm which is a virus which makes copies on different machines thus making it harder and harder to squash.  Creeper then gave rise to “Reaper” which was in a sense the first anti-virus software as its tarted Reaper to delete copies found.  Clearly viruses are not a new dance in the tech world.   For those who read the Michael Crichton book Westworld (of which the HBO Series and movie from the 70’s came from), it names the bad code acting like a “Disease of machinery”- Michael Crichton was in fact an MD before becoming an author.   As a slight side note I re-read “Andromeda Strain” as COVID-19 started to grip the world last year, scary and on point!

My phone is fine- Only computers are at risk is another huge misconception.  Phones and tablets are the new target of opportunity. As they are effectively small computers using variations of the existing operating system their “large siblings” use they are at risk of many of the same or variants. Unlike where computers have Windows as the most used Operating System, in the world of phones Android is the big dog.  From many embarrassing issues in the past Microsoft learned how to define world class patching and both Google and Apple have adopted much of the rigor to keep software updated.  Having worked in big tech, I can absolutely say the number of engineers working on current operating systems is huge. Everyone wants to work on the next big thing but the whole nature of “sustained engineering” is critical. Again, use reputable anti-virus/anti-malware software to protect them. Other devices such as security cameras, baby monitors, doorbells, lights, refrigerators or even beds can be connected to the internet to allow you to get useful information from them. They also become attack surfaces for bad guys. These “Internet of Things” devices (or IoT) are more and more popular.

I am working on a campion article to this one, focusing on a summary of the different types of Malware and attacks to keep in mind as well as a deeper discussion of IoT risk.  As a reminder always keep passwords strong – see my post on Passwords here:     

https://ericcrichardson.com/2021/01/14/the-gist-of-passwords/amp/  The big takeaway here is to not assume too much, plan on everything that touches the internet being attacked and take precautions as you cannot be overly careful.

@Ericcrichardson