Thanks to all of the hackers, script
kiddies, virus writers, and worm developers, Internet security is one of the
hottest topics going. The trouble is, most of the primary targets for these
criminals are unknowledgeable, under-skilled, or completely oblivious to the
danger. This condition makes the “victims” unwitting accomplices of the
criminals.
Knowledge is power, so in this installment
we will identify the threats, and discuss various methods of securing a system
against them.
Viruses
Most people are familiar with the term
“computer virus”, but the vast majority does not know how they work. In the
simplest definition, a virus is a computer program that is designed to
replicate itself. This sounds like a pretty benign thing, but the normal method
of replication for a virus is via email. This means that every time a computer
is infected, the virus will attempt to replicate itself, and this results in a
blizzard of email flying through cyberspace, clogging mail servers, and
generally slowing Internet traffic to a crawl.
If a virus’ activities were limited to
replication, the damage would be bad enough. However, most viruses are designed
to damage the infected system to the point where the system can only be
recovered by deleting everything on the hard drive and reinstalling the
operating system. This means that all of the data on that computer is
permanently lost. More insidious viruses can steal data by logging all of the
user’s key strokes and sending it back to the virus writer, thus giving the
criminal access to bank accounts, credit cards, and other personal information.
Fortunately, viruses are the easiest threat
to stop. All that is required is a copy of anti-virus software from a reputable
manufacturer, and a little vigilance on the part of the computer user. The table below contains information on some
excellent products.
Vigilance comes in two forms:
Insure
that the anti-virus software is updated frequently.
New viruses, and new variants of existing
viruses, appear almost daily. Installation of the antivirus software is not
enough. All antivirus software comes with a “dictionary” of known viruses
called “virus definitions”, and this dictionary must be constantly updated to
insure reliable protection.
- If the software manufacturer offers an update service,
subscribe to it.
- If the antivirus software has an automatic update function, use
it.
- If automatic update is not available, run the manual update a
minimum of three times each week.
- If the PC has not been used for several days, run the manual update
BEFORE downloading or opening any email or other type of file.
This point cannot be made strongly enough.
The VirtualNerds office automatically updates our PCs every hour, and we still
have the occasional virus try to sneak in before the antivirus software has
been updated. These sudden attacks are stopped by the second principle of
vigilance, simple paranoia.
Email has greatly enhanced communication
between friends, relatives, and business associates, but like the common cold,
one person with a computer virus can bring down everyone. The solution? Simple,
watch what lands in your in-box.
- Viruses normally travel as attachments or embedded in attached
documents.
- Set your email application so that it does not automatically
open attachments.
- Look at the file extension of every attachment you receive. The
file extension is the portion of the file name after the period. In the
file name “MyFile.txt”, the “txt” is the file extension. Common virus file
extensions are “exe”, “scr”, and “pif”. This list is far from complete,
and sometimes these same file extensions are used on completely harmless
files.
- If you receive an unexpected attachment or an attachment with
an unknown file extension, do not open the attachment until you have
checked with the person who sent you the file.
This may all sound like common sense, but
failure to follow these simple safeguards results in an unbelievable amount of
stress and aggravation, not to mention lost productivity each year.
Some of the more creative virus writers have
designed their pet monsters with the instructions to attack any existing
antivirus software on the target PC. This makes detecting and removing the
intruder exponentially harder for the layman because the antivirus software
will appear to be working normally when, in fact, it has been lobotomized.
Trojans
Trojans are malicious programs that operate
in a similar manner to viruses, and just like the soldiers of history, trojans
travel by hiding in other programs. Some viruses are designed to carry numerous
trojan applications as additional “payload”, so the PC user is hit with
multiple types of infections simultaneously.
The good news is most antivirus software is
capable of identifying and removing trojans from email in the same manner as
viruses, provided that the virus definitions are current.
The bad news is that some trojans travel
through downloadable files including music, games, and other materials that are
commonly traded or downloaded from the Internet. This makes “family” PCs
extremely vulnerable to attack.
The potential attack patterns for trojans
are varied, but include things like data theft, damage to the system, and
keystroke loggers. Keystroke loggers store all of the keystrokes entered into
the keyboard by the user, and then broadcasts this information to the trojan’s
creator. This allows the criminal to obtain login and password data, credit
card data, and other personal information that could be used to steal the
user’s identity, or perpetrate other forms of fraud.
Since trojans often enter the system as
downloaded files instead of email, it is possible for them to bypass the normal
virus scan process. The user should set the antivirus software to scan all
files each time the file is opened, and to manually trigger the scan when any new
file is downloaded before it is opened.
Your best friend may not mean to send you
an infected file, but the best of intentions will not help recover your hard
drive.
Worms
Worms are nothing new, but they are rapidly
becoming the preferred method of attack for many criminals.
Viruses travel by email or file download,
but worms travel by themselves. Once a worm infects a computer, the worm begins
to scan the Internet for other vulnerable computers. Once an open computer is
found, the worm copies itself to the new system and then both copies of the
worm begin scanning for new victims.
In addition to the scanning, the worms will
be performing other activities either on the host system or on other systems.
Some of the most common activities are:
- Denial of Service Attacks are often
made against large corporate or government web sites. A denial of service
attack is made when one of more computers begin sending more messages to a
given computer than the targeted computer can answer. Eventually, the computer
is overwhelmed and shuts itself down. Worms allow the criminal to harness the
power of multiple computers spread out over the Internet. This tactic increases
the effectiveness of the attack, and helps to hide the attackers from law
enforcement.
- Spam Relay Point - The worm allows the
spammer to use the victim’s computer to send out his email garbage while hiding
his own location. This method also aids the spammer in avoiding the spam
filters currently being installed on many networks.
- Remote Control - The worm allows the
criminal to take remote control of the victim’s PC granting the criminal full
access to the victim’s data and network.
The best defense against worms is a
personal firewall. Firewalls can be in the form of hardware or software, and
both are designed to stop unwanted access to a protected system. Most home
users will want to obtain a software version of a firewall. The following table
lists the two most common software firewall products.
Additional Resources:
Firewall products http://www.firewallguide.com/
Viruses & Worms http://securityresponse.symantec.com/
Spyware
The new frontier of online marketing is
called “Adware” by its proponents and “Spyware” by its detractors. The reality
is, companies are secretly installing software on consumer’s PCs for the
supposed purpose of gathering market intelligence on the consumer’s online
activities. Some government agencies have also gotten into the act, raising
concerns over the rapidly vanishing right to privacy in the United States.
Spyware is pervasive and aggressive. If a
user has visited any search engine or website and seen a pop up advertisement,
chances are that user’s PC has been invaded by Spyware.
The marketing angle behind Spyware is by
tracking the sites a user visits, companies can offer advertising messages
custom tailored to that individual’s preferences. In the past this was done by
companies using “cookies” installed secretly on the consumer’s machine. After
the “Double-Click” scandal of the late 90’s, cookie use has dropped off, and
been replaced with Spyware.
The damage potential for Spyware is varied.
The differences between what constitutes Spyware and what constitutes a Trojan
are exceedingly thin, and mostly revolve around the motives of the creator and
the function of the software.
The author’s personal position is that the
only software that belongs on a system is the software installed by the owner.
Any person or company that installs software on a system without asking the
owner’s permission is just as much a criminal as the creators of malicious
viruses, worms, trojans, etc.
The following products are specialized
tools for removing Spyware from a system. The Spybot product operates similar
to antivirus software, while Ad-Aware is a manually triggered scanner. As with
antivirus software, these products must be updated frequently for best
protection.
