E-cigarettes can be bad for the health – of your computer

It’s fair to say that the first person to stick leaves in their mouth and set fire to it wasn’t really thinking ahead. But who could’ve foreseen this? It is reportedly possible that your e-cigarette is just waiting for you to plug it into your PC or Mac so that it can do some damage. Deliberate, malicious, profitable damage:

Many e-cigarettes can be charged over USB, either with a special cable, or by plugging the cigarette itself directly into a USB port. That might be a USB port plugged into a wall socket or the port on a computer – but, if so, that means that a cheap e-cigarette from an untrustworthy supplier gains physical access to a device.

A report on social news site Reddit suggests that at least one “vaper” has suffered the downside of trusting their cigarette manufacturer. “One particular executive had a malware infection on his computer from which the source could not be determined,” the user writes. “After all traditional means of infection were covered, IT started looking into other possibilities.

“The made in China e-cigarette had malware hardcoded into the charger, and when plugged into a computer’s USB port the malware phoned home and infected the system.”

Health warning: Now e-cigarettes can give you malware | Technology | The Guardian

If this were chocolate, I’d be talking about having some perspective and how this is surely a tiny proportion of all e-chocolate systems. But since it’s just smoking, what the hell? Go crazy, panic, stop smoking, it’s fine. Read the full piece.

More viruses, no more anti-virus

SYM_Vert_RGB-72dpiSo this guy, right, he rings me up to ask what I think of him installing anti-virus software on his PC.

“Have you got the box there?” I asked.

“Yes.”

“Read the back to me.”

He did. Rattled off every detail on the back and said: “So what do you think, William?”

“I think you now know ten times more about anti-virus software than I do.”

I’m not blind to the problems of viruses and security on computers but I am on a Mac, it is true that I don’t have to think about it so much. I’ve grappled with the issue when setting up people’s PCs enough that viruses are one reason I stopped ever doing that: I can’t tell whether you’ve got a virus because I did something wrong or because nobody could’ve stopped it.

Apparently nobody could’ve stopped it. Symantec, long-time maker of anti-virus software, says that there’s no point to it: anti-virus doesn’t work. Brian Dye, Symantec senior vice president for information security told the Wall Street Journal that anti-virus “is dead”. Now, he then went on to say: “We don’t think of anti-virus as a moneymaker in any way.” That’s a significant difference: I’ve no reason to wish Symantec stops making money, but your lack of cash income doesn’t equal my having to give up on anti-virus.

That Journal interview is focused on what the company is doing with its business and it’s true that Symantec is moving away from anti-virus software. It’s also true, unfortunately, that it’s because such software isn’t working any more. Says the Wall Street Journal:

Symantec Corp. SYMC -0.05% invented commercial antivirus software to protect computers from hackers a quarter-century ago. Now the company says such tactics are doomed to failure.

Antivirus products aim to prevent hackers from getting into a computer. But hackers often get in anyway these days. So Mr. Dye is leading a reinvention effort at Symantec that reflects a broader shift in the $70 billion a year cybersecurity industry.

Symantec Develops New Attack on Cyberhacking – Wall Street Journal

Very broadly, anti-virus software works by recognising virus code – and it recognises it by comparing it to a database of existing viruses. That always meant that a brand-new virus would get by because it didn’t match any previous one and this is, again very broadly, why you’d have so many updates to anti-virus software. Now viruses and other malicious code tend to be new. According to the Wall Street Journal, “Mr Dye estimates anti-virus now catches just 45% of cyberattacks”.

What this means for Symantec is that fewer people are buying its software. What this means for users is harder to tell: Symantec, McAfee and Norton are reportedly moving to software that detects suspicious activity more than it does this code-comparison.