When you've been writing about security for as long as I have, you develop a following. I'm grateful to my readers -- without them, my editor would need to find another security writer. But I can't help but notice that among those who consume my content is a small but tenacious group of people who can only be termed as paranoid.
Yes, I mean that in a clinical sense. Typically, they come to me looking for a way to detect and remove what they believe is supersecret spyware plaguing their electronic devices. In their internet searches to find eradication advice, they come across Security Adviser and write for help.
The emails tend to be quite long and suggest a life filled with horrors. Yet the stories tend to share several common features: the fixes they've tried, what happened as a result ... and claims that they're being spied on. People spy on them at work, apparently, even in the bathroom.
Neighbors or friends they went to for help in removing the spyware claimed to find nothing -- but secretly installed more spyware and became part of the larger conspiracy. These poor folks sometimes write me from public library computers using false names, but nearly as often, they give their real names and email addresses. On some level most seem to be informed and intelligent, but as you read, the writing becomes more jumbled and repetitive. The confusion exposes itself.
Whenever I receive a letter from an obviously paranoid person, I try to answer as honestly as I can. I give useful advice. For example, if you think your computer is infected with malware you can’t get rid of, go buy another computer -- for a few hundred bucks you can leave the old problem behind. I also gently suggest they discuss their concerns with a loved one and/or a mental health professional, although many openly state that they have been that route and are certain they're completely sane (even if they have been involuntarily committed multiple times).
The truth is any good computer security person is a bit paranoid. So how do you separate healthy from unhealthy paranoia? As it turns out, pretty easily. Here's a sampling of complaints that simply can’t be true:
1. Malware that does things no one else can see or hear
Common paranoid imaginings include complaints that someone seizes control of the cursor or program when the victim is alone or weird sounds emanate from the computer that only the victim can hear. Granted, it’s conceivable that malware writers could create a program that only did obvious things when the victim was alone (using a camera, for example), but it would be nearly impossible for the attack to be perfect and never happen when someone else was watching.
Ask any teenager watching illicit material -- it’s hard to guarantee privacy. All real-life malware does things that other people can readily experience as well. I know of no malware program that is coded to care about whether the victim is alone. If you can’t get anyone else to confirm the "symptom," you're the bad kind of paranoid.
2. Malware that works on any device
Here, the victims claim that the same evil spyware has infected their computers, cellphones, wireless routers, and sometimes other devices such as TVs. Not only that, it immediately infects any new device they get, no matter what the platform.
One guy even sold every device he owned that had a computer chip in it. He got rid of his phones, TVs, speakers, alarm clocks, and air conditioning systems, as well as his car. He bought a 1966 car model to replace it. He also mentioned he had a new fiancée. I’ve always wondered how she liked their new lifestyle.
It's almost impossible for one malware program to infect multiple platforms. It has happened on a few occasions, but the malware turns out to be so buggy it never spreads far or lasts long. Yes, you might fight a malware program that spread between Microsoft Windows and Apple products, but it cannot simply jump from a Windows computer to an iPhone to your TV, and it’s certainly not going to infect your wireless router, TV, and car. The code base and sophistication to create that sort of program don’t exist yet.
Yes, attackers could be using many different programs to infect each device and platform, but if they already have complete control of your main computer or cellphone, why would they need to infect everything else?
3. It can’t be found
This is another huge clue to being overly paranoid. Almost every questionable writer tells me what they have can’t be found by anyone. It’s so sophisticated that signs of it can’t be detected by any antimalware program or any forensic expert they take it to. I have news for you: If that's true, what you're worried about doesn’t exist.
Yes, we have malware programs hiding in weird places that are difficult to find, like nontraditional volumes on USB keys, file slack areas, firmware, and so on. But in every case they can be found. The most sophisticated hidden programs, when looked for, were found. There is no such thing as a malware program that can hide itself so that no one can find it -- doesn’t exist, isn’t possible.
4. Reasonable explanations are summarily dismissed
People write to me complaining that hackers are causing their speakers to make strange noises, taking control of their cursors, or causing their computer to crash. I want to say: Welcome to the world of computers!
Your computer could be doing all that for lots of reasons, but supersecret malware sits at the bottom of the list. First, if it was trying to be secret, why would it reveal itself? Second, those symptoms are among the most popular legitimate complaints by most computer users.
In fact, as I wrote this post, my cursor stopped working for 10 seconds, then suddenly “did a lot of things by itself” before it “released control back to me." It’s a normal computer issue, probably relating to a malfunctioning keyboard or mouse. It could be two dozen legitimate items. Why suspect that it could only be supersecret malware?
5. The motive for secret attacks is missing
Let’s suspend disbelief for a moment and assume that these incredibly sophisticated programs actually exist. To code them would take teams of people years and cost tens of millions of dollars. Why are they using it on you?
Why are they taking the chance that their sophisticated program will be discovered by a seemingly normal citizen and risk early discovery? What state secrets do you know that they want? Why would they use a new, secret program when nearly anyone can break into anyone else’s computer using other well-known exploits?
Diagnosing the problem
Those who persist in believing they're the target of sophisticated malware the world has never documented before should seek the guidance of loved ones, show them this article, and/or speak to a mental health professional.
If you’re reading this article because you're searching for a way to remove malware only you can detect, I’m talking to you. You came looking for expert advice and I’m giving it.
You may think that I’m part of the conspiracy. I’m not. I care about you.