The internet’s free-wheeling spirit is dying, and we have malware to thank


mac malware dos email drafts malwarebytes mail

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Malware has a lot to answer for. It’s filled our browsers with nonsense advertisements, stolen our banking credentials, locked up our files, and caused the widespread crashing of countless systems. But malware is also having another unintended effect that’s just as problematic: It’s making the internet a centralized, monopolistic place to be.

That might seem hyperbolic but malware intentions are typically quite clear: Make the author money.

It’s been a long time since worms, trojans, and viruses were used to stroke the digital egos of the world’s greatest hackers, no matter what hat they wore. But the best practices to protect ourselves from malware can send us down well-trodden paths, leading to increasingly limited software solutions for everyone.

Don’t trust the outliers

As much as we all rely on the big players like Google, Microsoft, and Apple, one of the joys of the internet is the diversity of options. But when speaking to digital security professionals, the advice they almost always give is to stick to official app stores, popular search engines, and tried-and-tested browsers. It keeps you safe by virtue of there being plenty of oversight and budget to protect those platforms and services.

“We recommend using official platforms,” Jerome Segura, Malwarebytes’ head of investigations, told Digital Trends. “The non-official areas […] are very dangerous unless you know what you’re doing. It’s similar with app stores. There are a number of portals out there that offer sideloading for Android in particular. And people that want to get apps for free may want to download from those services. They bypass the security mechanisms that are in place to install from nontrusted sources and will typically end up with trojanized apps.”

This is legitimate, good advice. From a security standpoint, we all know it’s a bad idea to download torrents, or open links or attachments in unsolicited emails. When you acquire something from a source that isn’t vetted and proven to be secure, you run the risk of being infected with malware. But increasingly, even choosing software that’s just a bit off the beaten path, is considered a security risk.

Earlier this year, Microsoft’s Bing search engine served up sponsored links to sites infested with malware.

“Traditionally, we would advise people to stay away from the smaller players because they may not have the resources to assure that there are proper security measures,” Segura continued, highlighting the problem now faced by those looking to stay safe online and still enjoy the convenience and speed of the modern web’s access to information and media.

As we’ve seen from security scares in recent months, even those trusted sources aren’t perfect. When it comes to knowing who to really trust with your data and security, there isn’t much choice out there. Even some of the platforms and services offered by some of the biggest companies in the world aren’t necessarily safe, simply because they don’t receive quite as much attention as their contemporaries.

Vulnerability on the edge

In the case of spaces as limited as web browsers or search engines, options for the security-minded are tighter than ever. Being a “major player” isn’t enough here.

Microsoft’s Edge browser was its most recent attempt to take on the likes of Chrome and Firefox, and its search engine, Bing, has been hoping to claw back some of Google’s market share for years. Despite the backing of such a major company, both platforms have been part of some serious security gaffs in recent months. That’s at least partially thanks to malware.

Earlier this year, Microsoft’s Bing search engine served up sponsored links to malware infested sites when users ran the Edge browser to try and download Chrome.

“Protecting customers from malicious content is a top priority, and we have removed the ads from Bing and banned the associated account,” a Microsoft spokesperson told Digital Trends. “We encourage users to continue to report this type of content so we can take appropriate action.”

As that same spokesperson made clear to us, the malware made it past technologies in Edge that are meant “to ensure you are protected while surfing the web, and are talking to the website you think you are talking to.” Bing also supports “a variety of automated malware-scanning technologies within its indexing and crawling pipeline,” we were told.

“Browser vendors have known about these issues for years … “

To Malwarebyte’s Segura, though, the fact that malware was still served up to Bing users isn’t surprising. Although there are a plethora of security technologies in place in the Edge browser and in the Bing search engine, this is a problem inherent in the current model of profit-driven search advertising.

“Browser vendors have known about these issues for years, but there always seems to be ways for malicious advertisers to kind of game the system and still come up on top,” he said. “The problem is that unless search engines really say they are not going to use any ads, then the problem is always going to be there to some degree.”

But it’s not just search engines that face difficulties with malware slipping through the cracks of large organizations. Even Apple’s famously insular and closed-off Mac App Store has been used by malware authors to spread their dangerous software. As recently as September 2018, a paid-for application that claimed to be able to protect your Mac from spyware actively collected browser information and sent it to a server in China.

Adware Doctor
Adware Doctor in the Mac App Store was stealing users’ sensitive information and sending it to a server in China for at least a month before Apple pulled it off the app store.

With far fewer people using it than the populous iOS App Store, it receives far less attention from Apple and is more vulnerable to malware attacks. Despite that concern, the Apple name resides on it just as it does the iOS App Store, suggesting to Mac owners that it receives the same scrutiny and therefore making it more vulnerable to attack.

Being a “major player” in one space doesn’t necessarily translate to others. And unfortunately, that’s where malware tends to sneak in and force even near-trillion-dollar companies to succumb. Microsoft’s Edge, again, is the best example of this.

Limited and flawed options

As of the end of 2018, more than 60 percent of all web users now use the Chrome browser. That’s a good thing when we’re talking about security. No longer are we faced with a world dominated by Internet Explorer and its Swiss cheese security, or Flash Player’s similarly porous defenses. But it’s not a great thing when it comes to providing options and alternatives.

Stick to software that’s well-known, has been well-vetted, and is well-funded enough to protect itself and its users.

This was exemplified by Microsoft’s recent announcement that Edge, its flagship Windows 10 browser, was to be replaced by something else built on the Chromium engine that’s used in Google’s Chrome browser. It was something a company like Firefox immediately saw as a bad decision for the future of the internet.

“Microsoft is officially giving up on an independent shared platform for the internet,” Firefox said in a recent address. “By adopting Chromium, Microsoft hands over control of even more of online life to Google, [which is] so close to almost complete control of the infrastructure of our online lives.”

Firefox is one of the few alternative browsers left in the fight. Despite it being possibly more secure and certainly more private than Chrome, it only commands a few percent of the web’s user base. It’s not hard to see why its developers see the rapidly contracting market as deeply troubling.

Firefox
Firefox Quantum

If security isn’t the only reason that Chrome dominates the browser landscape, it is a major part of it. Microsoft has never truly recovered from the ballooning public sentiment that its browsers with an “E” logo just weren’t secure or bug-free enough to consider using as anything other than a download tool for a better browser.

Combine our tendencies with an (often deliberately encouraged) limited landscape of viable software options, and it’s easy to see that there is a real snowball effect of the most common platforms only increasing their hold on our service choices. In turn, due to their popularity, those services become even greater targets for malware authors.

The exceptions to the rule

We, and our sources for this article, stick to the stance that to be as safe as you can be online, you should stick to software that’s well-known, well-vetted, and well-funded enough to protect itself and its users.

However, there’s a caveat. Some products are being developed to offer an alternative to the typical options, and they are built with security in mind from the ground up. They have the potential to become big players in various software markets. Their desire to move away from some of the profit models that make traditional software and services so susceptible to attack could make for more secure choices for consumers in the future.

For example, the Vivaldi browser hopes to bring back some of the most popular technological features of classic Opera web browsing. The Brave Browser is built on Chrome’s Blink engine, but is created with privacy and security in mind, automatically blocking web trackers and advertisements. It’s also exploring a pay-to-browse scheme that would see users rewarded with cryptocurrency for time spent looking at advertisements while browsing.

In the search engine space, there are more privacy-focused options than ever. DuckDuckGo continues to grow in popularity, while alternatives like Search Encrypt, StartPage, or the blockchain-powered BitClave provide even greater breadth of choice.

The power to decide how we access the online world in all its guises still resides with us. It’s our choices that shape the future of the internet. If we want more varied options, we have to vote with our fingertips and download those apps and run those services. Malware is indeed scary and we should be wary of it enough to be smart with how we use online services, but there are better options out there than the few that we’re already familiar with. We just need to be willing to search them out.

Computing

Intel gives a peek at what its Arctic Sound GPU could look like

A new set of concept images shown at GDC 2019 is providing a peek at what Intel's upcoming modern discrete GPU, code-named. Arctic Sound, could end up looking like when released in 2020.
Computing

Still miss Windows 7? Here's how to make Windows 10 look more like it

There's no simple way of switching on a Windows 7 mode in Windows 10. Instead, you can install third-party software, manually tweak settings, and edit the registry. We provide instructions for using these tweaks and tools.
Computing

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials and other data, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.
Computing

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.
Computing

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.
Deals

Here are the best Chromebook deals available in March 2019

Whether you want a compact laptop to enjoy some entertainment on the go, or you need a no-nonsense machine for school or work, we've smoked out the best cheap Chromebook deals -- from full-sized laptops to 2-in-1 convertibles -- that won't…
Deals

Looking for a Chromebook? The Google PixelBook just got a $200 price cut

Once relatively obscure, Chromebooks have come into their own in a big way in recent years. One of our favorites is the super-sleek Google Pixelbook, and it's on sale right now from Amazon for $200 off, letting you score this premium laptop…
Deals

From Chromebooks to MacBooks, here are the best laptop deals for March 2019

Whether you need a new laptop for school or work or you're just doing some post-holiday shopping, we've got you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.
Computing

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up Speech Recognition in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.
Computing

Get the most out of your high-resolution display by tweaking its DPI scaling

Windows 10 has gotten much better than earlier versions at supporting today's high-resolution displays. If you want to get the best out of your monitor, then check out our guide on how to adjust high-DPI scaling in Windows 10.
Mobile

Got gadgets galore? Keep them charged up with the 10 best USB-C cables

We're glad to see that USB-C is quickly becoming the norm. That's why we've rounded up some of the better USB-C cables on the market, whether you're looking to charge or sync your smartphone. We've got USB-C to USB-C and USB-C to USB-A.
Computing

Nvidia’s GTX 1650 graphics card could be just a slight upgrade over the 1050 Ti

Rumors suggest Nvidia might soon launch the GTX 1650, and a leaked benchmark listing from Final Fantasy XV suggests that the new graphics card could be just a slight upgrade over last generation's GTX 1050 Ti. 
Computing

Get ready to say goodbye to some IFTTT support in Gmail by March 31

If This Then That, the popular automation service, will drop some of its support for Gmail by March 31. The decision comes as a response to security concerns and is aimed to protect user data.
Computing

Get the new Dell XPS 13 for $750 with this limited-time deal

Dell is currently running a limited time deal lasting through Thursday, March 28, where you can bring home a version of this year's new XPS 13 for around $750 with the use of a special coupon code.