It may have happened to you. A small message pops up on your computer screen alerting you that your computer is infected with a nasty bug and that you must scan your PC right away. The message box usually offers a handy link to scanning software. At the end of the scan, the software will advise you that the computer is infected and you’ll even be offered antivirus software, sometimes at a special price.

Savvy computer users ignore the message box and the “scareware” — just clicking close on the browser window. But the less well-informed, even frightened PC users, will often pay the money, grateful that they’ve saved their machine from catastrophe. The software downloaded might be effective or it could be carrying a malware or spyware payload.

“Once the download starts doing malicious activity, a legitimate anti-virus program would detect it. But the ones that are really nasty are the criminals that don’t do anything apart from putting a Windows message box claiming, ‘We’ve found malware.’ Of course they haven’t found any malware, they just want their victims to fork out the money. If these criminals were actually attempting to install malware it would be easier in terms of technology to catch them,” said Melih Abdulhayoglu, CEO and chief security architect of Comodo.

Abdulhayoglu founded the Common Computing Security Standards Forum (www.ccssforum.org), whose first initiative is a simple white list. “The CCSS Forum will help all PC users by providing an unshakable reference list of valid, legitimate software packages so they can separate the reputable ones from the rogues,” he advised.

The antivirus companies on the CCSS Forum list either sell or distribute legitimate software intending to protect PCs from viruses, Trojans, zero-day attacks, worms, buffer overflows and other malware. The list aims to help the public distinguish between beneficial software and online scams. The Forum does not discriminate between paid or free software. Its focus is on legitimate software vs. scams and giving consumers the ability to verify programs and publishers before buying or installing security software.

Abdulhayoglu advised that the CCSS Forum white list of security vendors is already being distributed in the UK and Japan and the group is hard at work trying to get the word out about the new initiative. He admitted that a list of known security vendors is not the “ultimate solution” to stopping the proliferation of fake security software. If widely disseminate though, it could become an effective tool to try and shut down the criminals who are using scare tactics to dupe people out of their hard earned cash. To see the list of legitimate software vendors, visit www.ccssforum.org/software-vendors.php.

The CCSS Forum held its first meeting in Miami in March. Large vendors such as Microsoft and Apple have joined the organization and Abdulhayoglu feels that the Forum already has enough traction to make a difference. That noted, he has issued an open invitation to IT security companies worldwide, including the Middle East, to sign up. For consumers, Abdulhayoglu advises that there are a number of antivirus/antispyware programs available and there is “no good reason” why people aren’t using them. Even though antivirus programs have been published for decades, unfortunately many consumers just don’t know about the free or low cost protection that is available for their computers. Abdulhayoglu hopes that the white list will help publicize the companies and products which can offer consumers peace of mind.

For the future, the goal is that the CCSS Forum will evolve into a means for the antivirus and network security industry to get together to work on finding solutions to the security issues that continue to grow and evolve with the proliferation of the Internet.