A new virus strain pretends to remove malware but actually does just the opposite: it infects your system.
Fortunately, you can use a few simple steps to tell the difference between these rogue antivirus programs and legitimate security software.
Antivirus apps may be malware in disguise
A dangerous new virus is making the rounds in the guise of a legitimate antivirus program. Going by such names as "Antivirus XP 2008" and "XP Antivirus 2009," this malware, as described in a recent Computer Associates advisory, succeeds by looking like a legitimate Windows program.
The Internet security blog Donna's SecurityFlash reports that rogue antivirus programs such as these are being promoted through spam messages that link to an automatic download of a virus installer.
With such aggressive methods afoot to fool security-minded users, how do you know when an antivirus product is legitimate? Use the following guidelines to ensure that the security products you download are legitimate.
Choose your security vendor deliberately
Be careful how you select a security vendor. Just because you see an ad for a vendor or product on a highly reputable site doesn't mean the advertiser is reliable.
Conversely, an ad for a reputable product or service on an unfamiliar site doesn't mean that you can trust the site. Advertisements are often distributed by third parties beyond the editorial control of the hosting site. That's why you may find ads for untrustworthy products on legitimate sites, and ads for legit products on bogus sites.
Services such as the free McAfee Site Advisor and the Web of Trust add-on for the Firefox browser evaluate beforehand the safety of the site you're about to visit. (Windows Secrets contributing editor Becky Waring reviewed Web of Trust in her July 17 column.)
Because the ratings generated by these tools may be based on out-of-date reports, they aren't perfect. But they serve as a useful line of defense.
Another way to evaluate sites before you visit them is with the free LinkScanner Lite application. Rather than rely on second-hand reports, LinkScanner analyzes the code of a given site to check for stealth downloads and other malicious behavior.
The free version of the program requires that you right-click a link manually to get a risk analysis before you surf to the site. If you want your Google and Yahoo search results to be scanned automatically (in addition to other added features), buy LinkScanner Pro for $20.
Published reviews praise LinkScanner for detecting hacked sites, although the program fares less well when rated for detecting phishing sites. CNET's review gave LinkScanner an overall rating of 7.5 out of 10. PC Magazine's evaluation was similar, awarding the program 3.5 out of 5 stars.
Finally, never visit a shopping site by clicking a link in a spam message. Even if the message claims to be pitching a reputable product, such as one from Symantec or ZoneAlarm, the link may actually take you to a counterfeit site.
Color-coding the good guys and bad guys
One site that has been tracking rogue anti-malware products since 2004 is Spyware Warrior. If you're considering a product whose validity is not certain, your first screening step should be to search Spyware Warrior's blacklist. Although Spyware Warrior focuses on identifying fake antispyware apps, the service's blacklist of suspicious sites and products also includes a lot of rogue antivirus applications.
Additionally, consult a whitelist of products that have been certified by a reliable independent organization. One such organization is ICSA Labs (formerly the International Computer Security Association), an independent research and certification division of Verizon Business. On its site, ICSA maintains a list of antivirus products it has certified according to its criteria.
Once you've validated a product to your satisfaction via these resources, you're probably safe downloading it directly from the vendor. But to be extra cautious, consider going to a reputable download source that scans every item before placing it in its library. Such sites include CNET's Download.com, the Downloads page of PCWorld.com, ZDNet's Downloads page, and Tucows.com's security section.
These days, every PC user needs security software to protect against online threats. But when the security software itself becomes a threat, the solution becomes a problem.
Fortunately, with a little care, you can dramatically reduce your risk when shopping for safe and effective security products.
R.F. Brentnall is columnist of the Windows Secrets Newsletter. He has been contributing since 1999 and currently writes for the Here's How section of that magazine.