Frequently Asked Questions

There are a lot of different questions that people want to know about malware and the anti-malware industry. Here I will try and answer the questions I get asked most frequently. They are primarily focused on end user questions, as these are the ones I most frequently encounter.

Help, i have a virus!

Creative Commons image by eviltomthai on Flickr, edited - license here: http://creativecommons.org/licenses/by/2.0/First, don't panic! If your data is all still there chances are you'll be okay. First, go out immediately and get some quality anti-virus software. Follow the instructions. Call tech. support if it doesn't fix it! I know that all sounds remarkably unexciting.

How can I protect myself from viruses/worms/spyware?

Creative Commons image by eviltomthai on Flickr, edited - license here: http://creativecommons.org/licenses/by/2.0/There are a number of different things you can do to protect yourself from malicious code. Each of the steps is synergistic, and I strongly recommend you follow them all:
Back up your computer. Yes, it's that simple. If your data is nicely backed up on a CD or DVD, while Malcode can ruin your day, it's not going to destroy your favorite picture of Aunt Rita or your memoirs. I can't stress this enough. Backup.
Buy some decent anti-virus software. Use it and keep it up to date. Some anti-virus vendors don't do a very good job of catching non-replicating malware. If that's the case, enhance your protection with some quality anti-spyware software (or better yet, get a new anti-virus vendor!).
Protect your computer from the rest of the Internet. Use a firewall of some kind. Don't rely on your Wireless router to protect you.
Be careful what you run. Carelessly running executables you find online can be very dangerous if they're not from reputable sources.
Patch your machine. If you run a modern Microsoft Operating System, turn on automatic updates!
In addition to these steps, there are a couple of tools that I personally use - both are free for non-commercial use, but I'll leave it up to you to read the license agreements and make sure you are complying. First, you can get a pretty good free antivirus product from AVG at free.avg.com. Second, Secunia makes a fantastic tool for patch management that is also free for home users. While it may appear a little complicated to use at first, I highly recommend you take a look here.

How can I get a job in Security?

Creative Commons image by eviltomthai on Flickr, edited - license here: http://creativecommons.org/licenses/by/2.0/Work hard! Some people believe that the best way to land a security job is to be a hacker but that's not true in the modern sense of the word. Instead, study security, contribute to some of the security lists and open source projects and hone your skills. While a degree is Computer Science or Software Engineering is helpful, it's certainly not a requirement.

Don't you researchers write all the malware anyway?

Creative Commons image by eviltomthai on Flickr, edited - license here: http://creativecommons.org/licenses/by/2.0/No. Even if we wanted to, we simply don't have time. More seriously, it's simply not the case. Yes, anti-virus vendors make money from the virus problem, but assuming that means they're actually writing the malcode just doesn't make sense. It's like suggesting doctors make people ill deliberately to create business.

How did you get involved in computer virus research?

Creative Commons image by eviltomthai on Flickr, edited - license here: http://creativecommons.org/licenses/by/2.0/Simple. I got a virus - Spanish Telefonica, I think. It triggered on my computer at Oxford, and I "lost" a whole bunch of data. Instead of crying onto my keyboard, I fired up DEBUG and pulling the whole thing apart. A good deal of luck got me in front of Jan Hruska and Peter Lammer at Sophos, and I was hired by Virus Bulletin. The rest is history.

What do I need to study to be "Good" at security?

My personal beliefs here are perhaps horribly at odds with what the rest of the world is telling you. I don't really hold too much faith in the educational value of certifications; these qualifications show you have particular knowledge and/or skills, but are not designed to give you mastery of a domain. I believe that the way to learn security is to truly understand how the computer - or, more broadly, the system - works. When you know the RFCs and the low-level architecture of a machine, when you understand how it really works

Need Help Fast?

If you're an end user, I'm not your guy - it's not that I don't care, but that I probably have the wrong skill set to get your computer up and running (and I'm a little bit too expensive for you). If you are looking to retain me for a professional matter, please use the email address shown below. 

Pictures on this page edited from Flickr, user eviltomthai, under a Creative Commons license. Thanks for sharing, Tom!