Skip to main content

The internet’s free-wheeling spirit is dying, and we have malware to thank


(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Recommended Videos

Malware has a lot to answer for. It’s filled our browsers with nonsense advertisements, stolen our banking credentials, locked up our files, and caused the widespread crashing of countless systems. But malware is also having another unintended effect that’s just as problematic: It’s making the internet a centralized, monopolistic place to be.

That might seem hyperbolic but malware intentions are typically quite clear: Make the author money.

More (in)Secure

It’s been a long time since worms, trojans, and viruses were used to stroke the digital egos of the world’s greatest hackers, no matter what hat they wore. But the best practices to protect ourselves from malware can send us down well-trodden paths, leading to increasingly limited software solutions for everyone.

Don’t trust the outliers

As much as we all rely on the big players like Google, Microsoft, and Apple, one of the joys of the internet is the diversity of options. But when speaking to digital security professionals, the advice they almost always give is to stick to official app stores, popular search engines, and tried-and-tested browsers. It keeps you safe by virtue of there being plenty of oversight and budget to protect those platforms and services.

“We recommend using official platforms,” Jerome Segura, Malwarebytes’ head of investigations, told Digital Trends. “The non-official areas […] are very dangerous unless you know what you’re doing. It’s similar with app stores. There are a number of portals out there that offer sideloading for Android in particular. And people that want to get apps for free may want to download from those services. They bypass the security mechanisms that are in place to install from nontrusted sources and will typically end up with trojanized apps.”

This is legitimate, good advice. From a security standpoint, we all know it’s a bad idea to download torrents, or open links or attachments in unsolicited emails. When you acquire something from a source that isn’t vetted and proven to be secure, you run the risk of being infected with malware. But increasingly, even choosing software that’s just a bit off the beaten path, is considered a security risk.

Earlier this year, Microsoft’s Bing search engine served up sponsored links to sites infested with malware.

“Traditionally, we would advise people to stay away from the smaller players because they may not have the resources to assure that there are proper security measures,” Segura continued, highlighting the problem now faced by those looking to stay safe online and still enjoy the convenience and speed of the modern web’s access to information and media.

As we’ve seen from security scares in recent months, even those trusted sources aren’t perfect. When it comes to knowing who to really trust with your data and security, there isn’t much choice out there. Even some of the platforms and services offered by some of the biggest companies in the world aren’t necessarily safe, simply because they don’t receive quite as much attention as their contemporaries.

Vulnerability on the edge

In the case of spaces as limited as web browsers or search engines, options for the security-minded are tighter than ever. Being a “major player” isn’t enough here.

Microsoft’s Edge browser was its most recent attempt to take on the likes of Chrome and Firefox, and its search engine, Bing, has been hoping to claw back some of Google’s market share for years. Despite the backing of such a major company, both platforms have been part of some serious security gaffs in recent months. That’s at least partially thanks to malware.

Bing Pushing Malware when Google Chrome is Searched

Earlier this year, Microsoft’s Bing search engine served up sponsored links to malware infested sites when users ran the Edge browser to try and download Chrome.

“Protecting customers from malicious content is a top priority, and we have removed the ads from Bing and banned the associated account,” a Microsoft spokesperson told Digital Trends. “We encourage users to continue to report this type of content so we can take appropriate action.”

As that same spokesperson made clear to us, the malware made it past technologies in Edge that are meant “to ensure you are protected while surfing the web, and are talking to the website you think you are talking to.” Bing also supports “a variety of automated malware-scanning technologies within its indexing and crawling pipeline,” we were told.

“Browser vendors have known about these issues for years … “

To Malwarebyte’s Segura, though, the fact that malware was still served up to Bing users isn’t surprising. Although there are a plethora of security technologies in place in the Edge browser and in the Bing search engine, this is a problem inherent in the current model of profit-driven search advertising.

“Browser vendors have known about these issues for years, but there always seems to be ways for malicious advertisers to kind of game the system and still come up on top,” he said. “The problem is that unless search engines really say they are not going to use any ads, then the problem is always going to be there to some degree.”

But it’s not just search engines that face difficulties with malware slipping through the cracks of large organizations. Even Apple’s famously insular and closed-off Mac App Store has been used by malware authors to spread their dangerous software. As recently as September 2018, a paid-for application that claimed to be able to protect your Mac from spyware actively collected browser information and sent it to a server in China.

Adware Doctor
Adware Doctor in the Mac App Store was stealing users’ sensitive information and sending it to a server in China for at least a month before Apple pulled it off the app store. Image used with permission by copyright holder

With far fewer people using it than the populous iOS App Store, it receives far less attention from Apple and is more vulnerable to malware attacks. Despite that concern, the Apple name resides on it just as it does the iOS App Store, suggesting to Mac owners that it receives the same scrutiny and therefore making it more vulnerable to attack.

Being a “major player” in one space doesn’t necessarily translate to others. And unfortunately, that’s where malware tends to sneak in and force even near-trillion-dollar companies to succumb. Microsoft’s Edge, again, is the best example of this.

Limited and flawed options

As of the end of 2018, more than 60 percent of all web users now use the Chrome browser. That’s a good thing when we’re talking about security. No longer are we faced with a world dominated by Internet Explorer and its Swiss cheese security, or Flash Player’s similarly porous defenses. But it’s not a great thing when it comes to providing options and alternatives.

Stick to software that’s well-known, has been well-vetted, and is well-funded enough to protect itself and its users.

This was exemplified by Microsoft’s recent announcement that Edge, its flagship Windows 10 browser, was to be replaced by something else built on the Chromium engine that’s used in Google’s Chrome browser. It was something a company like Firefox immediately saw as a bad decision for the future of the internet.

“Microsoft is officially giving up on an independent shared platform for the internet,” Firefox said in a recent address. “By adopting Chromium, Microsoft hands over control of even more of online life to Google, [which is] so close to almost complete control of the infrastructure of our online lives.”

Firefox is one of the few alternative browsers left in the fight. Despite it being possibly more secure and certainly more private than Chrome, it only commands a few percent of the web’s user base. It’s not hard to see why its developers see the rapidly contracting market as deeply troubling.

Firefox
Firefox Quantum Image used with permission by copyright holder

If security isn’t the only reason that Chrome dominates the browser landscape, it is a major part of it. Microsoft has never truly recovered from the ballooning public sentiment that its browsers with an “E” logo just weren’t secure or bug-free enough to consider using as anything other than a download tool for a better browser.

Combine our tendencies with an (often deliberately encouraged) limited landscape of viable software options, and it’s easy to see that there is a real snowball effect of the most common platforms only increasing their hold on our service choices. In turn, due to their popularity, those services become even greater targets for malware authors.

The exceptions to the rule

We, and our sources for this article, stick to the stance that to be as safe as you can be online, you should stick to software that’s well-known, well-vetted, and well-funded enough to protect itself and its users.

However, there’s a caveat. Some products are being developed to offer an alternative to the typical options, and they are built with security in mind from the ground up. They have the potential to become big players in various software markets. Their desire to move away from some of the profit models that make traditional software and services so susceptible to attack could make for more secure choices for consumers in the future.

For example, the Vivaldi browser hopes to bring back some of the most popular technological features of classic Opera web browsing. The Brave Browser is built on Chrome’s Blink engine, but is created with privacy and security in mind, automatically blocking web trackers and advertisements. It’s also exploring a pay-to-browse scheme that would see users rewarded with cryptocurrency for time spent looking at advertisements while browsing.

In the search engine space, there are more privacy-focused options than ever. DuckDuckGo continues to grow in popularity, while alternatives like Search Encrypt, StartPage, or the blockchain-powered BitClave provide even greater breadth of choice.

The power to decide how we access the online world in all its guises still resides with us. It’s our choices that shape the future of the internet. If we want more varied options, we have to vote with our fingertips and download those apps and run those services. Malware is indeed scary and we should be wary of it enough to be smart with how we use online services, but there are better options out there than the few that we’re already familiar with. We just need to be willing to search them out.

Jon Martindale
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
The next Snapdragon X chip will be even more powerful than we thought
The Qualcomm Snapdragon X Plus

As part of Qualcomm's latest Investor Day, the company confirmed that its next PC chip, the Snapdragon X Elite Gen 2, will use the Oryon v3 CPU. This comes as a surprise to many, as the Oryon v2 was just announced last month alongside plans to use it with the Snapdragon 8 Elite chipset for smartphones.

Since the current Snapdragon X Elite chip uses an Oryon v1 CPU, many assumed that the 2nd-gen chip would use the 2nd-gen CPU -- but it seems the PC chips will be skipping over this generation entirely.

Read more
The Windows 11 24H2 update is causing even more problems
Windows 11 logo on a laptop.

The Windows 11 24H2 update had already been giving users a real headache with problems such as bugs for visual layouts and flaws for certain wallpaper apps. And now, as Microsoft confirms in a support document, some people without administrative privileges can't change the time zone in the Date & Time view, among myriad other issues related to the important Windows 11 update.

A Feedback Hub post also reports a time issue after exiting Sleep Mode, specifically after about one out of every five overnight sleep cycles. There is also a report that the time is not syncing correctly following daylight saving time. Put differently, the update doesn't break the time zone, but only affects the toggle or makes it very difficult to modify it.

Read more
The 10 best monitors for 2024: tested and reviewed
OLED demo on the Asus ROG PG27AQDM.

Editor’s note: You should expect to see tons of great monitor deals on Black Friday and Cyber Monday this year. It's pretty much a guarantee that you'll find something that suits your needs at a discounted price, so long as you keep an eye out and pay close attention to what you're buying. Whether you're looking for a killer gaming monitor deal, a high-end 5K monitor deal, or even an OLED monitor deal, or something more on the budget side, we've got your covered. Make sure to check out our other Black Friday deals for even more bargains on TV, headphones, and more.

For those seeking a superior computer setup, a cutting-edge monitor is non-negotiable. As we move into 2024, the monitor market offers a wide range of options tailored to various needs, from immersive gaming displays to high-resolution panels for creative professionals. Whether you're looking for top-tier gaming performance with fast refresh rates, crisp visuals for productivity, or a versatile all-rounder, this year’s monitors bring cutting-edge features like OLED panels, high refresh rates, and enhanced connectivity. In this guide, we'll explore the best monitors you can buy in 2024, ensuring you find the perfect fit for your setup.

Read more