Keeping Computer Systems Clean: Antivirus Software Industry - Research Paper Example

 Since the dawn of medicine, doctors have been telling their patients to eat right and get enough exercise to avoid many health issues. Computer consultants have been giving their clients much the same advice: avoid computer viruses, worms, and spyware by giving computer systems regular checkups, by never opening unknown files, and by never responding to junk emails and phishing scams. These precautions would either prevent or fix a lot of troubles yet ordinary computer users do not do these simple things on a regular basis. Just as diet and exercise take some effort and concentration, keeping computer systems clean takes the latest scanning software and the dedication to at least use the built-in auto scanning protocols. In 1997, practically at the dawn of the computer era, Jelinski offers this advice: “You avoid viruses by following simple rules…. You detect viruses by installing virus-scanning software…. The trouble is that new viruses are always being developed, and the virus-scanning software is always slightly out of date” (para. 7). Twelve years later, that exact advice is common knowledge—yet somehow, viruses and spyware still find their way onto computers and remain there, tearing down systems, destroying files, and frustrating computer users. Whether they are called viruses, malware, spyware, Trojan horses, botnets, or any other name, these programs cause damage that can be avoided through proper use of antivirus software and firewalls. Though it may seem to the victim that there is no purpose in this type of software, malicious developers have their reasons. The Purpose of Viruses and Spyware Why do malware developers do what they do? Goldsborough (2009) comments, “In the old days, hackers just did mischief for the challenge. These days, more likely than not they are after your money” (p. 8). However, there are actually legitimate uses for some types of software which have been subverted by hackers, providing an interesting puzzle about the ethics and legalities of such software. How virus developers make money off their viruses. Some types of spyware and malware gather sensitive information from platforms which can then be sold to others, used to leverage the system for financial gain (stealing), or held for ransom (Rozas, et al., 2009). Code has been developed to send out bulk spam emails through personal computers and email accounts as well (McCartney, 2005). Phishing is one of the newest forms of malicious email in which spam disguised as legitimate email asks users for personal information ad passwords. Malicious software developers make money directly from the effects of the software, or they sell it to third parties. Spyware’s legitimate purposes. Spyware is installed with many legitimate types of applications to monitor the user’s activities, such as with browsers to detect the IP address of the computer to send local ads to the user or to encourage registration of software. Keystroke loggers are often installed by parents and employers to monitor computer activities, which is quite legal though the ethics of using such programs to record activity is doubtful (Stafford and Urbaczewski, 2004). These legitimate (or at least currently legal) uses for spyware keep the line between malicious and useful blurred. When viruses and malware were first developed in the early 1990s, they were usually transmitted on floppy disks and by piggybacking on files that a user would deliberately open (such as word processing documents or .exe files). Now, viruses can be transmitted simply by visiting formerly legitimate websites. Bradbury (2009) notes that BusinessWeek.com was hacked, and this is not the only website which has been brought to its knees by virus-spreading malware. Visitors to the site were exposed to the virus as well, causing problems not only for the website but also its users. It may seem that viruses are a minor annoyance in most cases, but the problems they cause can escalate. How Students View Security Practices A 2007 study from Teer, Kruck and Kruck looked at the security perceptions of students at James Madison University in Harrisonburg, Virginia. A total of 86 undergraduate students in three different course tracks were surveyed (computer information systems, art, and integrated science and technology). The students were asked questions about antivirus programs, firewalls, email attachments, passwords and operating system patches (p. 107), which covers a variety of security issues and several areas where personal computer users should be watching their security carefully. Although the study was not designed to be extended to the general population, the findings allow relevant assumptions to be made. Students should actually be more aware and more faithful about using security measures than the general public. Survey results regarding antivirus software. More than 90 percent of the students had antivirus software on their personal computers, but only 71 percent said they regularly update this software. Nearly half scanned their systems weekly, but 14 percent said they never use the antivirus software to scan for viruses. A total of 47 percent had experienced viruses in the past 12 months (with 6 percent experiencing 10 or more); the lack of scanning by a significant minority is a clear problem. Firewalls, security patches, and passwords. About half of the students reported that they use firewalls on their personal computers, and 71 percent stated they download patches through automatic updating. Regarding passwords, 53 percent of the students reported sharing their password with others, and about one-quarter of their personal computers were unprotected by passwords. Firewalls protect personal computers from unwanted downloads by asking the user before installing software. Security patches are regularly updated by antivirus software developers and are vitally necessary to keep the software current. Passwords are always a sticky problem for users; it seems everything requires a password, so users reuse the password for multiple purposes. If a password is hacked, all other uses of the password must be changed too. Verifying emails. Three-quarters of the students reported they did not verify the sender of an email before opening attachments, although automatic scans were in place on the university email system which scanned attachments before opening. There is much laxness in scanning attachments because students trust the senders and there is little understanding that bad emails can come from addresses or names which look familiar, or icons in emails may not match the actual items downloaded. This small study shows that though the technologies are available, most people don’t use them properly. The authors noted that students on the campus were required to go through a computer security course every six months, meaning that they should have been aware of the importance of security and how to use it. Free Anti-Virus Software Compared with Paid Subscriptions Why do so many software companies give antivirus software away for free? The antivirus software industry is extremely competitive; convincing consumers that innovations are cutting-edge is extremely important to developers. Once they have hooked the customers they can often keep them for many years with continual updates, new versions released every six months, and side products. Computer users can often be convinced to upgrade to paid services on the basis of free products as well, creating money making streams for developers. However, if the free versions are ineffective for users who are dedicated about updates and upgrades, they will be less inclined to purchase anything from that company. There is the danger that free versions have not gone through rigorous testing before release; Panda CEO Juan Santana even commented recently on this issue: “Let’s have the world test this [new antiviral software delivery method], so we can steal market share from traditional players” such as AVG and Microsoft (Acohido, 2009, para. 17). Comments such as this might make a consumer wary—if consumers are turned into guinea pigs, the free software might not deliver as promised, putting computers at risk. This is something developers must carefully consider as they churn out free products. Bradbury (2009) compared free versions of anti-viral software with their commercial counterparts, particularly Microsoft’s AVG. Microsoft offers a basic free version of AVG which contains the same scanning capabilities as their paid subscription, but the paid version offers enhanced features and additional components such as identity theft protection. The free version is perfectly serviceable, but the subscription offers extra value for a few dollars. Consumers tend to accept the basic functions as sufficient; a survey of Microsoft customers found that only half of their customers used the paid subscription (para. 3). The fact that half of AVG users invest in paid subscriptions has allowed the company to grow revenues in this arm more than 75 percent annually since 2005 (Acohido, 2009, para. 14), so giving away good software has been a money-maker, at least for AVG. The issue of commercial use of a free product is also important: software licensing agreements specify that free-version users must not use the software for commercial purposes, which even includes a sole-proprietor entrepreneur. The argument that free versions don’t offer the exact same protections as paid-for versions is valid to an extent, and consumers must balance protection against spending a few dollars for a subscription. When consumers choose preserving their pocketbooks over protecting their computers, they may find themselves with problems. Cloud computing is being developed for a variety of purposes, but it can be used to hold antivirus software on a separate platform which personal computers then access remotely. Acohido (2009) discusses a new innovation from Panda Securities Corporation in which a secure data server holds the antivirus scanning software and the end user downloads a popup dashboard application. The service is free and is most useful for computer users with always-on or DSL Internet connections. Using cloud computing reduces the load on the personal computer’s resources and allows developers to make very sophisticated malware detectors that are stored in the cloud (Rozas, et al., 2009). Whether a personal computer user chooses freeware or a paid subscription, integrated packages are probably the best way to go overall (Garcia, 2006). These multipronged approaches include antivirus, antispyware, firewall protection, identity theft protection, and so on. Integrated packages provide users with easy management from one application and easy updates. They simply need to turn on the automatic download capability, make sure to connect to the Internet on a regular basis, and they have good protection. Recommendations for Individual Computer Users Signs that malicious software has been introduced to a personal computer include slow running systems, long load times for applications, changes in the usual appearance of icons or files, weird graphics popping up on the screen, system crashes and difficult reboots, or even strange sounds coming from the computer (JAMM, 2003). Using software that diagnoses problems on the system and cleans up storage is a good maintenance technique to use along with regular virus scans. Basically, whether the personal computer user downloads free antivirus software, pays for a subscription, or taps into the new cloud computing methods of delivery, methods to avoid problems are available if they are used (Goldsborough, 2009; McCartney, 2005; Matthis, 1991; Garcia, 2006; JAMM, 2003). Recommendations gathered from various sources boil down to: Be proactive. Use security software. Update security software regularly (meaning more than once a month). Automatic updates are best. Update your browsers, software applications, and operating systems regularly as well, because patches are often added on with updates. Change your passwords no matter how much of a pain it might be, especially on bank accounts, PayPal accounts, and your main email address. Scan email attachments even if they come from a sender you trust. Watch downloads from the Internet. Never download something which could contain a virus, and scan anything that is downloaded. Back up your system and important files regularly. How regularly depends upon your use of the computer; daily might be in order for some people, monthly for others. If you have a home network and discover a virus on one of the machines, immediately disconnect it from the network. Fix the problem before you reconnect to your other machines. Every once in a while, pick up a trade magazine or do an Internet search to find out the latest information about malicious software. It pays to be cautious and to educate yourself about what’s out there—anyone could be affected, even if your own personal computer isn’t right now. Back in 1997, Jelinski noted that we had finally figured out how to detect and isolate infected parts of computer systems, which was a great leap forward in the war on viruses and spyware. He nostalgically reflects that in the early days of computers, “infected floppy disks could not be cleaned and had to be destroyed” (para. 10). (A modern reader of this article must stop and figure out what a floppy disk is!) The point is that technology to battle computer infections has very nearly kept pace with those who develop the infections, and using the most current scanning software keeps computer systems clean. References Acohido, B. (2009, April 29). Panda puts antivirus service on Net for free. USA Today. 6b. Retrieved September 23, 2009 from Academic Search Premier EBSCO host. Bradbury, D. (2009, May 26). Free security software vs commercial. Computer Weekly, 19. Retrieved September 23, 2009 from Academic Search Premier EBSCO host. Garcia, E. (2006, January 9). Fighting spyware is a never-ending battle. eWeek, 23(2), 41-45. Retrieved September 23, 2009 from Academic Search Premier EBSCO host. Goldsbourgh, R. (2009, March 20). Avoiding glitches is better than fixing them. Business Journal (Central New York), 23(12), 7-8. Retrieved September 23, 2009 from Regional Business News EBSCO host. Avoiding computer viruses. (2003, April). Journal of Audiovisual Media in Medicine, 26(4), 172-173. Retrieved September 23, 2009 from Academic Search Premier EBSCO host. Jelinski, J. (1997, June 9). Can your computer get sick? Business Journal Serving Southern Tier, CNY, Mohawk Valley, Finger Lakes, North, 11(12), 12SB. Retrieved September 23, 2009 from Academic Search Premier EBSCO host. McCartney, L. (2005, December 15). Avoiding worms and viruses. Baseline, 53, 29-30. Rozas, C., Khosravi, H., Sunder, D., & Bulygin, Y. (2009, June). Enhanced detection of malware. Intel Technology Journal, 13(2), 6-15. Retrieved September 23, 2009 from Academic Search Premier EBSCO host. Stafford, T. & Urbaczewski, A. (2004, September). Spyware: the ghost in the machine. Communications of AIS, 2004(14), 291-306. Retrieved September 23, 2009 from Academic Search Premier EBSCO host. Teer, F., Kruck, S., & Kruck, G. (2007, Spring). Empiracal [sic] study of students’ computer security practices/perceptions. Journal of Computer Information Systems, 47(3), 105-110. Retrieved September 23, 2009 from Academic Search Premier EBSCO host. Read More