|
|
|
Viruses, Trojan Horses and other Evil Things-
Out of all the current threats to your computer's security, probably none is more common than a virus. Starting back in the 1960's, scientists created small viruses in attempt to gauge the effect that they would have on computer systems. Then, in 1987, the first publicly known virus "Brain" was created. Brain infected Boot sectors of floppy disks in order to propagate. Later that same year, "Stoned" was released and was important as this was the first virus to infect the Master Boot Record (MBR) of a hard drive thus preventing the computer from booting. As the years went by, many more viruses were created and of those original viruses, many more variants were created by skilled and some not-so-skilled programmers. These not-so-skilled programmers, often called "Script Kiddies" due to their lack of skill and knowledge, are the biggest contributor to the world of viruses and their many variants. These individuals use virus writing programs and scripts created by other, more skilled virus writers to do their dirty work. Often, they will append known viruses with new changes and thus create a new variant.
What is a virus?
The alt.comp.virus newsgroup FAQ tells us what a computer virus is :
"A virus is a program (a block of executable code) which attaches itself to, overwrites or otherwise replaces another program in order to reproduce itself without the knowledge of the PC user". Misguided individuals interested in causing damage or receiving notoriety typically write viruses. To see Microsoft's overview of viruses, go here.
How do viruses spread?
The most obvious way that viruses spread is because someone haphazardly ran an infected file or opened an attachment in an Email or newsgroup posting. This is due to several factors including the fact that most of the current viruses are .VBS based (many created with the "kit" we discussed on the ethics page) and due to the lack of knowledge on the part of the end user regarding proper security practices.
Viruses can also spread by floppy disk, network, e-mail, by themselves or through infected files downloaded from the net. Occasionally, they are accidentally and even intentionally spread within packaged software products. E-mail is currently the most prolific way of spreading a virus. .VBS Script based viruses are often attached to outgoing E-mail (as part of an infection routine) and then, once an infected computer is created, replicate through mailing themselves out usually to people in the infected persons address book. These viruses are also considered Mass Mailer Worms.
Boot sector viruses spread when a user inadvertently boots his or her workstation from an infected floppy disk. This is one reason why many companies and "at risk" computer users often disable booting from the A drive in the CMOS / BIOS settings. Boot sector viruses are probably the most rare type of infection. Macro viruses can spread by simply opening an infected Excel or Word document. Of course, the most potent way of spreading is due to users opening unknown files they receive in their mail. If it wasn't for the users opening these files haphazardly, the virus would not spread.
What damage can viruses cause?
There is no virus or other malicious program currently in existence that can physically damage your hard drive, monitor, modem or any other piece of hardware in your computer. Viruses and programs are software. Be warned however, there are currently attempts being made to create viruses that *do* damage hardware such as video cards.
Once a virus has infected a machine it can impact memory, affect performance, modify data, overwrite CMOS settings, and simply replicate itself or delete files among many other things. Some of the more destructive viruses, scripts and batch files are designed to wipeout / erase hard disks or make them inaccessible. It has been said that the goal of a virus writer is to spread the virus and not so much to harm the machine...and viruses don't spread very well if the machine is disabled. Of course, many viruses actually do cause harm and many virus writers look down on those individuals that create the destructive viruses. If it was a perfect world, viruses wouldn't be a problem...just a nuisance. Viruses, Trojan programs and other forms of malicious software (also known as "malware") are responsible for millions of dollars in damages to corporate America and the cost is multiplied when the rest of the world is included in the sum.
How serious is the virus problem?
A survey of large organizations conducted by the International Computer Security Association indicated that over 99% have experienced a computer virus. The current chance of being infected is about 31 in every 1000 PCs per month. The growth of the Internet has aided the spread of viruses. Some people believe that the idea of viruses is overblown or a marketing ploy by anti virus manufacturers to "scare up" new business. While the large majority of viruses are not harmful, many do enough damage to warrant attention by you, the computer user.
What are the most common viruses?
This question is probably the hardest one to answer since so many viruses are reported to the various organizations that track this information. One such organization is The Virus Bulletin Homepage which publishes a prevalence list. This list is comprised of the reported instances of viral infections by users and anti-virus companies that choose to pass on their statistics to the VB Homepage. This is *not* a definitive or final number. This is only representative of what the VB Homepage has been notified about.
How can I prevent a virus from infecting me?
One of the best things you can do is to become educated about viruses, and Trojans. There are steps you can take to become better prepared on line and these are considered "Safe Hex Guidelines." The best site I can recommend for Safe Hex Guidelines and general information is Claymania.com. The number one way to avoid an infection is to not open that file you just downloaded or open that email attachment without scanning it first.
Ensure that your system receives the needed security updates. This can be accomplished through use of the Windows Update Feature located on the Start menu button.
Removal of the Windows Scripting Host is also recommended as it is a program needed by .VBS scripts in order to execute on your system. For instructions on how to remove the Windows Scripting host, go here.
NOTE: Removal of the Windows Scripting Host will cause the Microsoft Automatic Update feature to stop working, so if this is something that you use, you may want to consider other alternatives such as a script blocking program like Script Defender from Analog X.Recommended products for anti-virus needs are as follows :
EZ Anti Virus (Formerly InoculateIT Personal Edition)
F-PROT Anti Virus (DOS based version. You should have both a Windows based and a DOS based anti-virus program)
NOD32 Anti Virus
F-Prot is free to use and free to update. EZ Anti Virus costs $6 USD for a one year license and this price is good for those that currently are using InoculateIT. NOD32 has a 25 day trial period.
A Trojan horse is not a virus. A Trojan horse is a program in which malicious or harmful code is contained inside an apparently harmless program. These programs can be anything from a screensaver to a chat client to anything in between. Many types of Trojans "phone home" to their creator, a web site, a news group, etc. with specific user information such as passwords or credit card information. Other Trojans secretly open ports on your computer to allow an external user access to your computer. This can include access to files, your programs such as Email clients, your bandwidth, or your phone line. Several so-called "remote administration tools" such as Back Orifice are in actuality, Trojan programs. While these programs *can* have legitimate uses, most are abused. It is recommended that you use a specific scanner program for Trojans alongside your anti-virus scanner. I recommend using "The Cleaner." The Cleaner has a free trial period but you should consider purchasing it. For an excellent overview of Trojan Horse programs go here.
Spyware
One of the biggest concerns that computer users currently have is the battle for privacy. Many companies utilize files included in their products that report back your activities online. This can include the sites you visit, any purchases you make, how long you are online, etc. Steve Gibson of Gibson Research (aka GRC) is one of the leading privacy advocates on the net today. His research into alleged spyware and his dedication to maintaining your privacy is indispensable. To learn more about spyware, what it does and how it does it, check out Steve's research.
Hackers and Crackerz and Phreakers, O My!
Some of the most famous crackerz, phreakers and hackers
What the hell is a Phreaker anyway?
Firewalls
Firewalls used to only be valuable to you if you were on a network or had a constant connection to the Internet. Now, it is highly recommended that you use one to protect your system and its files even if you have a simple dial up connection. Zone Alarm, probably the most popular firewall in existence today, garnered much of its success due to being able to monitor outbound communications from your computer to a remote location. This was helpful if you had unknown spyware on your system or a when Trojan was trying to "call home." While Zone Alarm wasnt the first firewall to implement this technology, it was the first to go mainstream and bring firewalls into the homes of millions of users...at no cost. Zone Alarm as well as the other firewalls available log all attempts, probes, attacks, etc. to your system. You can then check the IP addresses for repeat offenders and contact the appropriate people should you encounter problems. I recommend the following firewalls and accessories :
Zone Log Analyzer (this program compliments Zone Alarm and is excellent for evaluating contacts caught by Zone Alarm)
Tiny Personal Firewall TPF is for advanced users.
Both Zone Alarm and Tiny Personal Firewall are free for personal use. Zone Log Analyzer is shareware and the author encourages you to register the product, and you should :-)
Common Sense
Common sense plays a large part in any form of computer security. Here are some tips:
First and foremost...Never, ever open an Email attachment that you did not expect. I cannot stress this enough. Remember that many viruses come to you disguised as normal attachments from people you know.
Ensure that your operating system is properly patched against all announced security issues. The Security Bulletin page at Microsoft will keep you informed of known issues. A good example was the latest "Code Red" worm that has affected almost 500,000 users. Microsoft had announced the exploit and offered a patch to prevent this worm for over a month prior to the release of "Code Red". Users simply failed to patch their servers.
Obtain and use a good antivirus program. I recommend EZ Anti-Virus (formerly Inoculate IT) for Windows and F-PROT for DOS. The links were presented earlier on this page. Once you obtain your preferred anti-virus program, make sure you update it on a regular basis. It cannot help you if it's database is not current.
Use passwords to log on to your system or network. Passwords consisting of letters and numbers, referred to as alphanumeric passwords, work best for security. Avoid using your name, your significant others name, your birthday, etc. These are often the first passwords tried by would-be crackers. Change your password often and never, ever give your password to a co-worker. Be aware of attempts by miscreants to obtain your passwords via email. Never, ever give anyone your passwords for any reason. Some miscreants will try to fool you into thinking that they are from your ISP, such as AOL. They will Email you with what appears to be a valid request for information. This is bogus.
Use a personal firewall anytime you are online even if you do not have a static connection. Dialup connections are being targeted more and more. Personal Firewalls essentially make your computer "invisible" to passing scans looking for vulnerable machines.
Do not download files or programs from sites you know nothing about. Warez sites are infamous for being a good source of infection. In theory, any program you download could contain a virus, Trojan horse, or spy ware. Of course, this isn't real practical so its recommended that you scan your downloaded files with at least two different up to date virus scanners and a Trojan scanner. Despite this, it is still possible to become infected with a virus or Trojan, but a lot less likely.
Do not give out your actual Email address to people you do not know personally. Avoid using your primary Email address in news groups as well. Have a web based Email at Hotmail, Yahoo or any of the other free sites for these purposes. It is also advisable to MUNGE your Email address so that programs known as "harvesters" do not pick it up and use it to send spam or other unwanted mail. An example would be whoever@REMOVEyahoo.com. If you were to send an Email to whoever@REMOVEyahoo.com, it would come back to you as unable to be sent. Take out the REMOVE and its a valid address. One caveat though, some news servers such as CIS.DFN.DE will not allow you to have a MUNGED address. You can, however, simply insert a fake email address or one of your web based accounts.
If you do not have a network, check your configuration and your bindings to ensure that it is set properly to prevent unauthorized access from outside. To do this, go here.
When in chat rooms, ensure that your IP address is not part of your profile.
Read and learn about viruses, Trojans and the many, many hoaxes that are out there. You will likely learn what is possible and what is not.
All images and text are copyright 2000, 200, 2002 by
Steve Sprague. No part of this site can be reproduced without my consent.