UTILITY SOFTWARE refers to a type of system software that manages the resources of a computer and ensures a proper run time sequence. Antivirus and repair programs aside, the average user rarely notices when such processes are running on their device. This is because most utility software is executed at the operating system level and lacks an interface for simple human interaction.
However, as users become more advanced, the need for interfacing with such programs increases. This is especially true when facing complex performance and security issues. Tweaking the right lower-level programs can lead to faster access to file systems as well as an overall improvement of the device’s speed.
Back up programs, diagnostic tools and antiviruses are all considered utility software. Even automatic update programs fall within this category. Utility software may don a graphical user interface (GUI) for easy use, or a terminal window for issuing commands.
Utility Software and Malware
Some utilities are vulnerable to misuse and facilitate the injection of malware into computer systems. This is partially the reason for the creation of the Windows Update feature: A constant connection to the Internet spawned the need for pushing critical updates to systems in real time.
Even still, attackers have been able to continue their abuse. It is common knowledge, for example, that Microsoft releases its updates on the second Tuesday of each month (a custom that has become known as Patch Tuesday). Attackers use this knowledge to sneak Trojans into systems that will ultimately spoof the Windows Update tool. A variant of this implementation was popularized around 2013 and aptly dubbed the Windows Update virus. It was unique in that its payload, known as the “flame virus,” would invoke on target computers through man in the middle attacks.
Digitally-signed certificates made the flame virus appear as though its source address was the same as Microsoft’s. But in reality it was different, prompting the downloading and execution of viruses without the end user’s consent. It’s original targets were believed to be residents of the Middle East, but like most computerized threats, it ended up propagating to networks across the world.
Bloatware, Adware and Pre-Installed Malware
It should be noted that some variants of the flame virus were the culprits behind ransomware attacks, while others, remaining true to their form, simply attacked the utility software and bloatware on targeted machines. Bloatware is “low hanging fruit” for most attackers. These programs are installed by manufacturers for the purpose of keeping devices (and their users) up-to-date, but usually just ends up “bloating” a system before it is deployed to market.
In 2015, bloatware installed on Lenovo machines turned out to be malicious. Adware and pre installed malware not only made users vulnerable to man-in-the-middle attacks, but even went as far as spoofing certificates, skewing search engine results and potentially violating Internet privacy laws.
A more recent attack involved AsusTek Computer Inc., more commonly known as ASUS, in 2019. Chinese hackers were believed to have compromised their automatic update feature, leading to the company’s distribution of a corrupted update to millions of its users in Taiwan. The update was riddled with malware—a fact which wouldn’t be revealed until a later time.
Preventing Utility Software Attacks
Threats which target utility software are difficult to identify. Such lower-level programs, although legitimate, are usually not the primary focus when scanning for problems with antivirus (AV) products. Although keeping your system updated with the latest software helps, there are at least two (2) other steps you can take to better protect yourself. First, you should always make sure you upgrade or install genuine copies of operating systems onto your machine. Pirated operating systems have usually been altered and are a den for malicious threats. This leads to the second step, which is to perform a checksum of any download to ensure it matches the official release.