Posted 16 April 2010 - 07:37 AM
Many of us have noticed that, within the past two or three years, the most dangerous malicious software applications appear to have acquired almost supernatural abilities. I know I'm not the only one who has scanned my system, located a trojan horse or spyware program and followed safe-removal procedures to the letter, only to find that upon reboot the malware is not only still there but more destructive and aggressive than before. Removal and detection efforts can be so frustrating and time-consuming that it almost seems like a more productive approach simply to minimize the potential damage from malware, such as by not transacting any credit-card purchases over the Web, or phoning in sensitive information to be stored safely on the e-commerce provider's end. I've got friends who have given up completely on efforts to remove malware, as the malware seems more inclined to leave them alone if they leave it alone. For the most part they can just forget it's there. I even know a guy who frequently uses his PC to scan and "fix" other people's malware-infested PC's, even though his own system is clearly infected with a highly sophisticated backdoor trojan that he has given up on removing. Is that where we're all headed? Toward a future in which we help each other remove the easy stuff while we carry and spread the more complex malware like a bunch of digital Typhoid Marys?
I think it would be totally irresponsible to ignore malware on my system, knowing that I was consciously helping a criminal enterprise attack people and institutions, invading privacy, stealing money and in some cases ruining lives. Have we as free citizens, or those fighting to be free, put our lives on the line over and over again to fend off government intrusion, only to meekly accept intrusion by low-life crooks into our homes and offices? I hope not.
But what of the people whose genuine, repeated attempts to do the responsible thing have led them to the brink of bankruptcy or insanity, or both? Is there a point where those people can surrender to malware infection with a clear conscience? Most of us are wholly dependent upon computers and the Internet to put food on our tables. Should we feel bad knowing our activities are helping to spread this misery, even if the only alternative for us would be to abandon our careers and risk long-term unemployment, bankruptcy and poverty?
Experts now say that millions of PCs and workstations are likely compromised and participating in botnet attacks, while the users of those machines are wholly unaware or indifferent. Is resistance futile at the end of the day? I've been infected multiple times by malware that has torn through my firewall like it was tissue paper. There's a backdoor trojan on my PC right now that can and does spread wirelessly. There's no public authority or free service outside forums such as BleepingComputer that I can turn to for help. I've already tried paying someone to fix my PC, but most PC repair/restoration companies are still pretending it's 2005, when a low-level disk wipe and OS reinstall was considered the extreme, and usually unnecessary, last resort. I paid $150 for an outdated solution that didn't resolve my problem. But the repairman insisted that it MUST have fixed the problem, and therefore it was my fault for contracting the malware a second time. The fact that this supposed reinfection happened immediately, and that I had been following all of the commonly recommended security precautions, did nothing to prevent the burden I had just spent $150 to move from my shoulders to his from landing right back on mine.
Furthermore, I was subjected yet again to scolding and lecturing, this time from a person who had just failed miserably at the task for which I had paid him good money, a task he had assured me he would achieve but did not, and for which he did not offer to refund my money. I am so used to the "it's your fault" lecture that I cringe at the thought of asking anyone else for help. I feel that the vast majority of virus-removal experts, be they for-profit or volunteer, are afflicted with an unfortunate condition I have dubbed "skeptinial" (skep-te-NYE-uhl), because it is basically denial masquerading as skepticism. As well-intentioned as they may be, most threat-removal experts still tell people that it is absolutely not possible for malware to survive a clean Windows reinstall. That opinion provides no comfort to the many of use who have performed clean Windows reinstalls that did not remove the malware. The infection on my PC has outsmarted XP, and then Vista and Windows 7. However, after attempting removals with all three, I'm a firm believer that XP is by far the best OS to have if you're infected. I still have some hope for a better-patched 32-bit Windows 7, but I absolutely will not keep a 64-bit version of Windows on my PC until it is ENTIRELY 64-bit. When backward compatibility is allowed, especially through virtualization and emulation, it merely adds another layer of wool for clever malware to pull over the user's eyes. As of this moment, the enhanced security of a 64-bit OS is still theoretical, because the ones available to consumers defeat their own purpose for the sake of letting all 64-bit users run old 32-bit apps.
So in light of all the above, what are my responsibilities to the community as an infected PC owner? What are the proper ethics of owning and using a computer that you have tried your best to clean, but didn't, and probably won't?