VIRUSES
What is a computer virus?
A computer virus is a small software program that spreads from one computer to another computer and that interferes with computer operation. A computer virus may corrupt or delete data on a computer, use an e-mail program to spread the virus to other computers, or even delete everything on the hard disk. Computer viruses are most easily spread by attachments in e-mail messages or by instant messaging messages. Therefore, you must never open an e-mail attachment unless you know who sent the message or unless you are expecting the e-mail attachment. Computer viruses can be disguised as attachments of funny images, greeting cards, or audio and video files. Computer viruses also spread by using downloads on the Internet. Computer viruses can be hidden in pirated software or in other files or programs that you may download.
Symptoms of a computer virus:
If you suspect or confirm that your computer is infected with a computer virus, obtain the current antivirus software. The following are some primary indicators that a computer may be infected:
•
The computer runs slower than usual.
•
The computer stops responding, or it locks up frequently.
•
The computer crashes, and then it restarts every few minutes.
•
The computer restarts on its own. Additionally, the computer does not run as usual.
•
Applications on the computer do not work correctly.
•
Disks or disk drives are inaccessible.
•
You cannot print items correctly.
•
You see unusual error messages.
•
You see distorted menus and dialog boxes.
•
There is a double extension on an attachment that you recently opened, such as a .jpg, .vbs, .gif, or .exe. extension.
•
An antivirus program is disabled for no reason. Additionally, the antivirus program cannot be restarted.
•
An antivirus program cannot be installed on the computer, or the antivirus program will not run.
•
New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs.
•
Strange sounds or music plays from the speakers unexpectedly.
•
A program disappears from the computer even though you did not intentionally remove the program.
Symptoms that may be the result of ordinary Windows functions
A computer virus infection may cause the following problems:
•
Windows does not start even though you have not made any system changes or even though you have not installed or removed any programs.
•
There is frequent modem activity. If you have an external modem, you may notice the lights blinking frequently when the modem is not being used. You may be unknowingly supplying pirated software.
•
Windows does not start because certain important system files are missing. Additionally, you receive an error message that lists the missing files.
•
The computer sometimes starts as expected. However, at other times, the computer stops responding before the desktop icons and the taskbar appear.
•
The computer runs very slowly. Additionally, the computer takes longer than expected to start.
•
You receive out-of-memory error messages even though the computer has sufficient RAM.
•
New programs are installed incorrectly.
•
Windows spontaneously restarts unexpectedly.
•
Programs that used to run stop responding frequently. Even if you remove and reinstall the programs, the issue continues to occur.
•
A disk utility such as Scandisk reports multiple serious disk errors.
•
A partition disappears.
•
The computer always stops responding when you try to use Microsoft Office products.
•
You cannot start Windows Task Manager.
•
Antivirus software indicates that a computer virus is present.
Note These problems may also occur because of ordinary Windows functions or problems in Windows that are not caused by a computer virus.
Introduction to How Computer Viruses Work
Strange as it may sound, the computer virus is something of an Information Age marvel. On one hand, viruses show us how vulnerable we are -- a properly engineered virus can have a devastating effect, disrupting productivity and doing billions of dollars in damages. On the other hand, they show us how sophisticated and interconnected human beings have become.
For example, experts estimate that the Mydoom worm infected approximately a quarter-million computers in a single day in January 2004. Back in March 1999, the Melissa virus was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be contained. The ILOVEYOU virus in 2000 had a similarly devastating effect. In January 2007, a worm called Storm appeared -- by October, experts believed up to 50 million computers were infected. That's pretty impressive when you consider that many viruses are incredibly simple.
When you listen to the news, you hear about many different forms of electronic infection. The most common are:
· Viruses - A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
· E-mail viruses - An e-mail virus travels as an attachment to e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Some e-mail viruses don't even require a double-click -- they launch when you view the infected message in the preview pane of your e-mail software [source: Johnson].
· Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.
· Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.
In this article, we will discuss viruses -- both "traditional" viruses and e-mail viruses -- so that you can learn how they work and understand how to protect yourself.
Virus Origins Computer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from person to person.
Unlike a cell, a virus has no way to reproduce by itself. Instead, a biological virus must inject its DNA into a cell. The viral DNA then uses the cell's existing machinery to reproduce itself. In some cases, the cell fills with new viral particles until it bursts, releasing the virus. In other cases, the new virus particles bud off the cell one at a time, and the cell remains alive.
A computer virus shares some of these traits. A computer virus must piggyback on top of some other program or document in order to launch. Once it is running, it can infect other programs or documents. Obviously, the analogy between computer and biological viruses stretches things a bit, but there are enough similarities that the name sticks.
People write computer viruses. A person has to write the code, test it to make sure it spreads properly and then release it. A person also designs the virus's attack phase, whether it's a silly message or the destruction of a hard disk. Why do they do it?
There are at least three reasons. The first is the same psychology that drives vandals and arsonists. Why would someone want to break a window on someone's car, paint signs on buildings or burn down a beautiful forest? For some people, that seems to be a thrill. If that sort of person knows computer programming, then he or she may funnel energy into the creation of destructive viruses.
The second reason has to do with the thrill of watching things blow up. Some people have a fascination with things like explosions and car wrecks. When you were growing up, there might have been a kid in your neighborhood who learned how to make gunpowder. And that kid probably built bigger and bigger bombs until he either got bored or did some serious damage to himself. Creating a virus is a little like that -- it creates a bomb inside a computer, and the more computers that get infected the more "fun" the explosion.
The third reason involves bragging rights, or the thrill of doing it. Sort of like Mount Everest -- the mountain is there, so someone is compelled to climb it. If you are a certain type of programmer who sees a security hole that could be exploited, you might simply be compelled to exploit the hole yourself before someone else beats you to it.
Of course, most virus creators seem to miss the point that they cause real damage to real people with their creations. Destroying everything on a person's hard disk is real damage. Forcing a large company to waste thousands of hours cleaning up after a virus is real damage. Even a silly message is real damage because someone has to waste time getting rid of it. For this reason, the legal system is getting much harsher in punishing the people who create viruses.
Patch Tuesday
On the second Tuesday of every month, Microsoft releases a list of known vulnerabilities in the Windows operating system. The company issues patches for those security holes at the same time, which is why the day is known as "Patch Tuesday." Viruses written and launched on Patch Tuesday to hit unpatched systems are known as "zero-day" attacks. Thankfully, the major anti-virus vendors work with Microsoft to identify holes ahead of time, so if you keep your software up to date and patch your system promptly, you shouldn't have to worry about zero-day problems.
.
Virus History Traditional computer viruses were first widely seen in the late 1980s, and they came about because of several factors. The first factor was the spread of personal computers (PCs). Prior to the 1980s, home computers were nearly non-existent or they were toys. Real computers were rare, and they were locked away for use by "experts." During the 1980s, real computers started to spread to businesses and homes because of the popularity of the IBM PC (released in 1982) and the Apple Macintosh (released in 1984). By the late 1980s, PCs were widespread in businesses, homes and college campuses.
The second factor was the use of computer bulletin boards. People could dial up a bulletin board with a modem and download programs of all types. Games were extremely popular, and so were simple word processors, spreadsheets and other productivity software. Bulletin boards led to the precursor of the virus known as the Trojan horse. A Trojan horse is a program with a cool-sounding name and description. So you download it. When you run the program, however, it does something uncool like erasing your disk. You think you are getting a neat game, but it wipes out your system. Trojan horses only hit a small number of people because they are quickly discovered, the infected programs are removed and word of the danger spreads among users.
The third factor that led to the creation of viruses was the floppy disk. In the 1980s, programs were small, and you could fit the entire operating system, a few programs and some documents onto a floppy disk or two. Many computers did not have hard disks, so when you turned on your machine it would load the operating system and everything else from the floppy disk. Virus authors took advantage of this to create the first self-replicating programs.
Early viruses were pieces of code attached to a common program like a popular game or a popular word processor. A person might download an infected game from a bulletin board and run it. A virus like this is a small piece of code embedded in a larger, legitimate program. When the user runs the legitimate program, the virus loads itself into memory and looks
Floppy disks were factors in the
distribution of computer viruses.
around to see if it can find any other programs on the disk. If it can find one, it modifies the program to add the virus's code into the program. Then the virus launches the "real program." The user really has no way to know that the virus ever ran. Unfortunately, the virus has now reproduced itself, so two programs are infected. The next time the user launches either of those programs, they infect other programs, and the cycle continues.
If one of the infected programs is given to another person on a floppy disk, or if it is uploaded to a bulletin board, then other programs get infected. This is how the virus spreads.
The spreading part is the infection phase of the virus. Viruses wouldn't be so violently despised if all they did was replicate themselves. Most viruses also have a destructive attack phase where they do damage. Some sort of trigger will activate the attack phase, and the virus will then do something -- anything from printing a silly message on the screen to erasing all of your data. The trigger might be a specific date, the number of times the virus has been replicated or something similar.
In the next section, we will look at how viruses have evolved over the years.
Virus Evolution As virus creators became more sophisticated, they learned new tricks. One important trick was the ability to load viruses into memory so they could keep running in the background as long as the computer remained on. This gave viruses a much more effective way to replicate themselves. Another trick was the ability to infect the boot sector on floppy disks and hard disks. The boot sector is a small program that is the first part of the operating system that the computer loads. It contains a tiny program that tells the computer how to load the rest of the operating system. By putting its code in the boot sector, a virus can guarantee it is executed. It can load itself into memory immediately and run whenever the computer is on. Boot sector viruses can infect the boot sector of any floppy disk inserted in the machine, and on college campuses, where lots of people share machines, they could spread like wildfire.
In general, neither executable nor boot sector viruses are very threatening any longer. The first reason for the decline has been the huge size of today's programs. Nearly every program you buy today comes on a compact disc. Compact discs (CDs) cannot be modified, and that makes viral infection of a CD unlikely, unless the manufacturer permits a virus to be burned onto the CD during production. The programs are so big that the only easy way to move them around is to buy the CD. People certainly can't carry applications around on floppy disks like they did in the 1980s, when floppies full of programs were traded like baseball cards. Boot sector viruses have also declined because operating systems now protect the boot sector.
Infection from boot sector viruses and executable viruses is still possible. Even so, it is a lot harder, and these viruses don't spread nearly as quickly as they once did. Call it "shrinking habitat," if you want to use a biological analogy. The environment of floppy disks, small programs and weak operating systems made these viruses possible in the 1980s, but that environmental niche has been largely eliminated by huge executables, unchangeable CDs and better operating system safeguards. E-mail viruses are probably the most familiar to you. We'll look at some in the next section.
Other Threats
Viruses and worms get a lot of publicity, but they aren't the only threats to your computer's health. Malware is just another name for software that has an evil intent. Here are some common types of malware and what they might do to your infected computer:
· Adware puts ads up on your screen.
· Spyware collects personal information about you, like your passwords or other information you type into your computer.
· Hijackers turn your machine into a zombie computer.
· Dialers force your computer to make phone calls. For example, one might call toll 900-numbers and run up your phone bill, while boosting revenue for the owners of the 900-numbers. [source: Baratz and McLaughlin]
E-mail Viruses Virus authors adapted to the changing computing environment by creating the e-mail virus. For example, the Melissa virus in March 1999 was spectacular. Melissa spread in Microsoft Word documents sent via e-mail, and it worked like this:
Someone created the virus as a Word document and uploaded it to an Internet newsgroup. Anyone who downloaded the document and opened it would trigger the virus. The virus would then send the document (and therefore itself) in an e-mail message to the first 50 people in the person's address book. The e-mail message contained a friendly note that included the person's name, so the recipient would open the document, thinking it was harmless. The virus would then create 50 new messages from the recipient's machine. At that rate, the Melissa virus quickly became the fastest-spreading virus anyone had seen at the time. As mentioned earlier, it forced a number of large companies to shut down their e-mail systems.
The ILOVEYOU virus, which appeared on May 4, 2000, was even simpler. It contained a piece of code as an attachment. People who double-clicked on the attachment launched the code. It then sent copies of itself to everyone in the victim's address book and started corrupting files on the victim's machine. This is as simple as a virus can get. It is really more of a Trojan horse distributed by e-mail than it is a virus.
The Melissa virus took advantage of the programming language built into Microsoft Word called VBA, or Visual Basic for Applications. It is a complete programming language and it can be programmed to do things like modify files and send e-mail messages. It also has a useful but dangerous auto-execute feature. A programmer can insert a program into a document that runs instantly whenever the document is opened. This is how the Melissa virus was programmed. Anyone who opened a document infected with Melissa would immediately activate the virus. It would send the 50 e-mails, and then infect a central file called NORMAL.DOT so that any file saved later would also contain the virus. It created a huge mess.
Microsoft applications have a feature called Macro Virus Protection built into them to prevent this sort of virus. With Macro Virus Protection turned on (the default option is ON), the auto-execute feature is disabled. So when a document tries to auto-execute viral code, a dialog pops up warning the user. Unfortunately, many people don't know what macros or macro viruses are, and when they see the dialog they ignore it, so the virus runs anyway. Many other people turn off the protection mechanism. So the Melissa virus spread despite the safeguards in place to prevent it.
In the case of the ILOVEYOU virus, the whole thing was human-powered. If a person double-clicked on the program that came as an attachment, then the program ran and did its thing. What fueled this virus was the human willingness to double-click on the executable.
Phishing and Social Engineering
While you may be taking steps to protect your computer from becoming infected by a virus, you may very well run into another, more insidious type of attack. Phishing and other social engineering attacks have been on the rise. Social engineering is a fancy term for someone trying to get you to give up your personal information -- online or in person -- so they can use it to steal from you. Anti-spam traps may catch e-mail messages coming from phishers, but the U.S. Computer Emergency Readiness Team says the best way for you to beat them at their own game is to be wary. And never give out your personal or financial information online.
In the next section, we'll look at patching your system and other things you can do to protect your computer
How to Protect Your Computer from Viruses
You can protect yourself against viruses with a few simple steps:
· If you are truly worried about traditional (as opposed to e-mail) viruses, you should be running a more secure operating system like UNIX. You never hear about viruses on these operating systems because the security features keep viruses (and unwanted human visitors) away from your hard disk.
· If you are using an unsecured operating system, then buying virus protection software is a nice safeguard.
· If you simply avoid programs from unknown sources (like the Internet), and instead stick with commercial software purchased on CDs, you eliminate almost all of the risk from traditional viruses.
· You should make sure that Macro Virus Protection is enabled in all Microsoft applications, and you should NEVER run macros in a document unless you know what they do. There is seldom a good reason to add macros to a document, so avoiding all macros is a great policy.
· You should never double-click on an e-mail attachment that contains an executable. Attachments that come in as Word files (.DOC), spreadsheets (.XLS), images (.GIF), etc., are data files and they can do no damage (noting the macro virus problem in Word and Excel documents mentioned above). However, some viruses can now come in through .JPG graphic file attachments. A file with an extension like EXE, COM or VBS is an executable, and an executable can do any sort of damage it wants. Once you run it, you have given it permission to do anything on your machine. The only defense is never to run executables that arrive via e-mail.
Open the Options dialog from the Tools menu in Microsoft Word and make sure that Macro Virus Protection is enabled. Newer versions of Word allow you to customize the level of macro protection you use.
By following these simple steps, you can remain virus-free.
For more information on computer viruses and related topics, see the links on the next page.
An Anti-Virus Virus?
As we've discussed, worms attack known vulnerabilities in computer operating systems. Someone came up with the idea of turning worm tech around and created a variation of the MSBlast worm that would automatically patch the hole in the operating system and send itself out to other computers to do the same. Sounds like a good idea, right? Not so fast. MSBlast.D, Nachi or Welchia, as it was known, turned out to be more trouble than good. As it multiplied and scanned corporate networks for the vulnerability, it clogged network traffic[source: Lemos].
Lots of Information
How Firewalls Work?
Firewalls have helped protect computers in large companies for years. Now they're a critical component of home networks as well. What are they protecting you from?
If you have been using the Internet for any length of time, and especially if you work at a larger company and browse the Web while you are at work, you have probably heard the term firewall used. For example, you often hear people in companies say things like, "I can't use that site because they won't let it through the firewall."
If you have a fast Internet connection into your home (either a DSL connection or a cable modem), you may have found yourself hearing about firewalls for your home network as well. It turns out that a small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.
Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next. As you read through this article, you will learn more about firewalls, how they work and what kinds of threats they can protect you from.
What It Does
A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.
If you have read the article How Web Servers Work, then you know a good bit about how data moves on the Internet, and you can easily see how a firewall helps protect computers inside a large company. Let's say that you work at a company with 500 employees. The company will therefore have hundreds of computers that all have network cards connecting them together. In addition, the company will have one or more connections to the Internet through something like T1 or T3 lines. Without a firewall in place, all of those hundreds of computers are directly accessible to anyone on the Internet. A person who knows what he or she is doing can probe those computers, try to make FTP connections to them, try to make telnet connections to them and so on. If one employee makes a mistake and leaves a security hole, hackers can get to the machine and exploit the hole.
With a firewall in place, the landscape is much different. A company will place a firewall at every connection to the Internet (for example, at every T1 line coming into the company). The firewall can implement security rules. For example, one of the security rules inside the company might be:
Out of the 500 computers inside this company, only one of them is permitted to receive public FTP traffic. Allow FTP connections only to that one computer and prevent them on all others.
A company can set up rules like this for FTP servers, Web servers, Telnet servers and so on. In addition, the company can control how employees connect to Web sites, whether files are allowed to leave the company over the network and so on. A firewall gives a company tremendous control over how people use the network.
Firewalls use one or more of three methods to control traffic flowing in and out of the network:
· Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
· Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
· Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
Making the Firewall Fit
Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are:
· IP addresses - Each machine on the Internet is assigned a unique address called an IP address. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.
· Domain names - Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, it is easier for most of us to remember www.howstuffworks.com than it is to remember 216.27.61.137. A company might block all access to certain domain names, or allow access only to specific domain names.
· Protocols - The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol. Some common protocols that you can set firewall filters for include:
· IP (Internet Protocol) - the main delivery system for information over the Internet
· TCP (Transmission Control Protocol) - used to break apart and rebuild information that travels over the Internet
· HTTP (Hyper Text Transfer Protocol) - used for Web pages
· FTP (File Transfer Protocol) - used to download and upload files
· UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video
· ICMP (Internet Control Message Protocol) - used by a router to exchange the information with other routers
· SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-mail)
· SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer
· Telnet - used to perform commands on a remote computer
A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines.
· Ports - Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the server (see How Web Servers Work for details). For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company.
· Specific words and phrases - This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, you could instruct the firewall to block any packet with the word "X-rated" in it. The key here is that it has to be an exact match. The "X-rated" filter would not catch "X rated" (no hyphen). But you can include as many words, phrases and variations of them as you need.
Some operating systems come with a firewall built in. Otherwise, a software firewall can be installed on the computer in your home that has an Internet connection. This computer is considered a gateway because it provides the only point of access between your home network and the Internet.
With a hardware firewall, the firewall unit itself is normally the gateway. A good example is the Linksys Cable/DSL router. It has a built-in Ethernet card and hub. Computers in your home network connect to the router, which in turn is connected to either a cable or DSL modem. You configure the router via a Web-based interface that you reach through the browser on your computer. You can then set any filters or additional information.
Hardware firewalls are incredibly secure and not very expensive. Home versions that include a router, firewall and Ethernet hub for broadband connections can be found for well under $100.
What It Protects You From
There are many creative ways that unscrupulous people use to access or abuse unprotected computers:
· Remote login - When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer.
· Application backdoors - Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program.
· SMTP session hijacking - SMTP is the most common method of sending e-mail over the Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users. This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace.
· Operating system bugs - Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of.
· Denial of service - You have probably heard this phrase used in news reports on the attacks on major Web sites. This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to the server to connect to it. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash.
· E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages.
· Macros - To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer.
· Viruses - Probably the most well-known threat is computer viruses. A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data.
· Spam - Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer.
· Redirect bombs - Hackers can use ICMP to change (redirect) the path information takes by sending it to a different router. This is one of the ways that a denial of service attack is set up.
· Source routing - In most cases, the path a packet travels over the Internet (or any other network) is determined by the routers along that path. But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from inside the network! Most firewall products disable source routing by default.
Some of the items in the list above are hard, if not impossible, to filter using a firewall. While some firewalls offer virus protection, it is worth the investment to install anti-virus software on each computer. And, even though it is annoying, some spam is going to get through your firewall as long as you accept e-mail.
The level of security you establish will determine how many of these threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, then begin to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall so that only certain types of information, such as e-mail, can get through. This is a good rule for businesses that have an experienced network administrator that understands what the needs are and knows exactly what traffic to allow through. For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it.
One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network. While this is a big deal for businesses, most home networks will probably not be threatened in this manner. Still, putting a firewall in place provides some peace of mind.
Proxy Servers and DMZ
A function that is often combined with a firewall is a proxy server. The proxy server is used to access Web pages by the other computers. When another computer requests a Web page, it is retrieved by the proxy server and then sent to the requesting computer. The net effect of this action is that the remote computer hosting the Web page never comes into direct contact with anything on your home network, other than the proxy server.
Proxy servers can also make your Internet access work more efficiently. If you access a page on a Web site, it is cached (stored) on the proxy server. This means that the next time you go back to that page, it normally doesn't have to load again from the Web site. Instead it loads instantaneously from the proxy server.
There are times that you may want remote users to have access to items on your network. Some examples are:
· Web site
· Online business
· FTP download and upload area
In cases like this, you may want to create a DMZ (Demilitarized Zone). Although this sounds pretty serious, it really is just an area that is outside the firewall. Think of DMZ as the front yard of your house. It belongs to you and you may put some things there, but you would put anything valuable inside the house where it can be properly secured.
Setting up a DMZ is very easy. If you have multiple computers, you can choose to simply place one of the computers between the Internet connection and the firewall. Most of the software firewalls available will allow you to designate a directory on the gateway computer as a DMZ.
Once you have a firewall in place, you should test it. A great way to do this is to go to www.grc.com and try their free Shields Up! security test. You will get immediate feedback on just how secure your system is!
For more information on firewalls and related topics, check out the links on the next page.
How Cell-phone Viruses Work
Today's cell phone technology is advancing at a rapid pace while prices are getting lower. We’ll explore everything from the advanced -- the iPhone or the future of the Google phone -- to cell phone viruses and ring tones.
Introduction to How Cell-phone Viruses Work
The first known cell-phone virus appeared in 2004 and didn't get very far. Cabir.A infected only a small number of Bluetooth-enabled phones and carried out no malicious action -- a group of malware developers created Cabir to prove it could be done. Their next step was to send it to anti-virus researchers, who began the process of developing a solution to a problem that promises to get a lot worse.
Cell-phone viruses are at the threshold of their effectiveness. At present, they can't spread very far and they don't do much damage, but the future might see cell-phone bugs that are as debilitating as computer viruses. In this article, we'll talk about how cell-phone viruses spread, what they can do and how you can protect your phone from current and future threats.
Cell-phone viruses currently target
Symbian Series 60 phones with
Bluetooth and MMS capabilities,
like this Nokia 6620.
Cell-phone Virus Basics
That Thing With Paris Hilton's Phone
Remember when someone got his hands on Paris Hilton's star-studded contact list? It was not the result of a virus, and nobody hacked into Hilton's phone.
Mobile phone servers hold on to certain types of information, such as contact lists (in case the user's phone locks up) and recent calls (for billing purposes). The enterprising hacker got into T-mobile's servers and stole the information from there.
A cell-phone virus is basically the same thing as a computer virus -- an unwanted executable file that "infects" a device and then copies itself to other devices. But whereas a computer virus or worm spreads through e-mail attachments and Internet downloads, a cell-phone virus or worm spreads via Internet downloads, MMS (multimedia messaging service) attachments and Bluetooth transfers. The most common type of cell-phone infection right now occurs when a cell phone downloads an infected file from a PC or the Internet, but phone-to-phone viruses are on the rise.
Current phone-to-phone viruses almost exclusively infect phones running the Symbian operating system. The large number of proprietary operating systems in the cell-phone world is one of the obstacles to mass infection. Cell-phone-virus writers have no Windows-level marketshare to target, so any virus will only affect a small percentage of phones.
Infected files usually show up disguised as applications like games, security patches, add-on functionalities and, of course, pornography and free stuff. Infected text messages sometimes steal the subject line from a message you've received from a friend, which of course increases the likelihood of your opening it -- but opening the message isn't enough to get infected. You have to choose to open the message attachment and agree to install the program, which is another obstacle to mass infection: To date, no reported phone-to-phone virus auto-installs. The installation obstacles and the methods of spreading limit the amount of damage the current generation of cell-phone virus can do.
How They Spread
Cell phones can catch viruses when they download an infected file.
Phones that can only make and receive calls are not at risk. Only smartphones with a Bluetooth connection and data capabilities can receive a cell-phone virus. These viruses spread primarily in three ways:
· Internet downloads - The virus spreads the same way a traditional computer virus does. The user downloads an infected file to the phone by way of a PC or the phone's own Internet connection. This may include file-sharing downloads, applications available from add-on sites (such as ringtones or games) and false security patches posted on the Symbian Web site.
· Bluetooth wireless connection - The virus spreads between phones by way of their Bluetooth connection. The user receives a virus via Bluetooth when the phone is in discoverable mode, meaning it can be seen by other Bluetooth-enabled phones. In this case, the virus spreads like an airborne illness. According to TechnologyReview.com, cell-phone-virus researchers at F-Secure's U.S. lab now conduct their studies in a bomb shelter so their research topics don't end up spreading to every Bluetooth-enabled phone in the vicinity.
· Multimedia Messaging Service - The virus is an attachment to an MMS text message. As with computer viruses that arrive as e-mail attachments, the user must choose to open the attachment and then install it in order for the virus to infect the phone. Typically, a virus that spreads via MMS gets into the phone's contact list and sends itself to every phone number stored there.
In all of these transfer methods, the user has to agree at least once (and usually twice) to run the infected file. But cell-phone-virus writers get you to open and install their product the same way computer-virus writers do: The virus is typically disguised as a game, security patch or other desirable application.
The Commwarrior virus arrived on the scene in January 2005 and is the first cell-phone virus to effectively spread through an entire company via Bluetooth (see ComputerWorld.com: Phone virus spreads through Scandinavian company). It replicates by way of both Bluetooth and MMS. Once you receive and install the virus, it immediately starts looking for other Bluetooth phones in the vicinity to infect. At the same time, the virus sends infected MMS messages to every phone number in your address list. Commwarrior is probably one of the more effective viruses to date because it uses two methods to replicate itself.
So what does a virus like this do once it infects your phone?
The Damage Done
The first known cell-phone virus, Cabir, is entirely innocuous. All it does is sit in the phone and try to spread itself. Other cell-phone viruses, however, are not as harmless.
A virus might access and/or delete all of the contact information and calendar entries in your phone. It might send an infected MMS message to every number in your phone book -- and MMS messages typically cost money to send, so you're actually paying to send a virus to all of your friends, family members and business associates. On the worst-case-scenario end, it might delete or lock up certain phone applications or crash your phone completely so it's useless. Some reported viruses and their vital statistics are listed below.
Cell-phone Viruses
Cabir.AFirst reported: June 2004Attacks: Symbian Series 60 phonesSpreads via: BluetoothHarm: noneMore information (including disinfection): http://www.f-secure.com/v-descs/cabir.shtml
Skulls.AFirst reported: November 2004Attacks: various Symbian phonesSpreads via: Internet downloadHarm: disables all phone functions except sending/receiving callsMore information (including disinfection): http://www.f-secure.com/v-descs/skulls.shtml
Commwarrior.AFirst reported: January 2005Attacks: Symbian Series 60 phonesSpreads via: Bluetooth and MMSHarm: sends out expensive MMS messages to everyone in phonebook (in course of MMS replication)More information (including disinfection): http://www.f-secure.com/v-descs/commwarrior.shtml
Locknut.BFirst reported: March 2005Attacks: Symbian Series 60 phonesSpreads via: Internet download (disguised as patch for Symbian Series 60 phones)Harm: crashes system ROM; disables all phone functions; inserts other (inactive) malware into phoneMore information (including disinfection): http://www.f-secure.com/v-descs/locknut_b.shtml
Fontal.AFirst reported: April 2005Attacks: Symbian Series 60 phonesSpreads via: Internet downloadHarm: locks up phone in startup mode; disables phone entirelyMore information (including disinfection): http://www.f-secure.com/v-descs/fontal_a.shtml
As you can see from the above descriptions, cell-phone viruses have gotten a lot more harmful since the Cabir worm landed in the hands of researchers in 2004. But on the bright side, there are some steps you can take to protect your phone.
Protecting Your Phone
The best way to protect yourself from cell-phone viruses is the same way you protect yourself from computer viruses: Never open anything if you don't know what it is, haven't requested it or have any suspicions whatsoever that it's not what it claims to be. That said, even the most cautious person can still end up with an infected phone. Here are some steps you can take to decrease your chances of installing a virus:
· Turn off Bluetooth discoverable mode. Set your phone to "hidden" so other phones can't detect it and send it the virus. You can do this on the Bluetooth options screen.
· Check security updates to learn about filenames you should keep an eye out for. It's not fool-proof -- the Commwarrior program generates random names for the infected files it sends out, so users can't be warned not to open specific filenames -- but many viruses can be easily identified by the filenames they carry. Security sites with detailed virus information include:
· F-Secure
· McAfee
· Symantec
Some of these sites will send you e-mail updates with new virus information as it gets posted.
· Install some type of security software on your phone. Numerous companies are developing security software for cell phones, some for free download, some for user purchase and some intended for cell-phone service providers. The software may simply detect and then remove the virus once it's received and installed, or it may protect your phone from getting certain viruses in the first place. Symbian has developed an anti-virus version of its operating system that only allows the phone's Bluetooth connection to accept secure files.
Although some in the cell-phone industry think the potential problem is overstated, most experts agree that cell-phone viruses are on the brink of their destructive power. Installing a "security patch" that ends up turning your phone into a useless piece of plastic is definitely something to be concerned about, but it could still get worse. Future possibilities include viruses that bug phones -- so someone can see every number you call and listen to your conversations -- and viruses that steal financial information, which would be a serious issue if smartphones end up being used as payment devices (see Bankrate.com: Paying by cell phone on the way). Ultimately, more connectivity means more exposure to viruses and faster spreading of infection. As smartphones become more common and more complex, so will the viruses that target them.
For more information on cell-phone viruses and related topics, check out the links on the next page.
No comments:
Post a Comment