Internet Security 4
Malicious and Irritating
You've updated Windows; you've installed a firewall. You're using safer browsing and e-mail software. You re-check for updates on all these things regularly. Nothing evil can get in, right? Why should I do more? Am I not safe now?
Yes and no. If you've taken care of all the things above, it is very unlikely a malicious person or software program will be able to FIND your computer on the Internet, much less attack it. That's at least half the battle. But even the most heavily secured computer or network still gets infected occasionally. Why does this happen?
In order for the Internet to be usable at all, your security software has to make some assumptions: it has to trust the Internet 'client' programs that you use. These include your browser, your e-mail program, your instant messaging program, Napster/iTunes clients, etc. etc. Using safer clients helps, but that can only go so far; even they have to trust another link in the system: yourself. The vast majority of successful 'malware' infections happen because you, the user, are tricked into opening an attachment to an e-mail or clicking on an enticing ad in a web page. Everyone has probably done this at least once, at least by accident. Let's not dwell on blame <smirk> at this point, and deal with the mess. What could happen, and how will we fix it?
First, the damage. There's a lot of overlap between the various categories of malicious software; and also a lot of range of intent, so to speak.
Viruses are small programs that attach themselves to software you already have, using those programs to propagate themselves. Trojans are stand-alone programs that some how trick the user into running them; they are often attached to an e-mail message. The damage is done when the e-mail user opens the attachment. Both viruses and trojans may exhibit other bad behaviour beyond reproducing themselves, such as installing spyware or bots, or even actually damaging your computer in some way. The creation of viruses and trojans is obviously malicious.
Spyware and adware are a little different. Internet Explorer and other browsers are explicitly designed to be as flexible as possible, giving web-designers and their clients more ways of presenting information as new techniques are invented. Browsers can allow web pages to install plug-in software, change menus, add controls and features, etc. All of these things were originally intended to be beneficial rather than annoying, and reasonable management these features does make the Internet more useful. But this flexibility is easily exploited to serve the purposes of the web-designer, not always for the users benefit. The first spyware was designed simply to gather information about a web site's customers, for marketing purposes or to trade to other companies. Adware had the similarly benign purpose of leveraging advertising, either through pop-up ads or by customizing your browser or e-mail program.
But this type of software can quickly get out of hand, in a lot of ways. The 'enhancement' may simply badly written, so that it clogs or even breaks your browser. It may be shareware that annoys you with obnoxious messages after the trial period is up. It may be gathering information the makes your computer more vulnerable to attack. Your browser may become so riddled that it monopolizes all you connect time juggling a hurricane of pop-ups, search bars, and animation. And all of these may have originally written for good purposes! Inevitably, though, many are not; this is when spyware and adware behavior is pretty much indistinguishable from that of a virus.
If these annoying or malicious programs are allowed to run unchecked on your computer for long period of time, they can badly damage the system software, to the point where the you may have to install the system again from scratch. You may or may not be able to save any valuable data on your computer at this point, depending on how bad the damage is. So you must have a way to detect these programs, remove them, and repair the damage before it becomes to extensive to fix.
Most new computers come with pretty good security software already installed, but there's often a catch: it's a commercial product (like Norton Internet Security or McAfee Security Suite) that is bundled with the machine. In a year or 15 months or 2 years you will get nasty messages on your computer asking you to pay the company more money. If you don't do this, the program may simply turn off. At best, it will no longer update itself regularly and, sooner or later, some new threat will come along that it can't handle. Many users experience NO virus/spyware infections during the registration period and derive a false sense of security; they figure they can do without it for 'a little while'. This 'little while' may stretch into months or years, with obvious consequences.
And whether it is active or not, very poplular Windows-based software also tends to suffer from the same disease as Windows itself. As the program get older and the market share gets larger, the software company gets complacent. New features are added; bugs are ignored with the hope that the next version will cure them; the program gets larger and larger and harder and harder to maintain; bugs proliferate. The very popularity of these programs can make them a specific target for viruses and spyware. Bugs and 'features' can be exploited to sneak by, turn off, or even cripple your security software.
What alternatives are there? When the license on your commercial product runs out, you could use one of the many *free* security programs that are available on the Internet:
Antivirus-
avast! Home (www.avast.com) -- 60 day trial, 1 year free with web registration, renewable. Runs fast and includes background scanning of the activity of many web clients, including browsers and e-mail.
AVG Free (free.grisoft.com) -- free with registration, same features as avast! and a little easier to use.
Spyware-
Spybot Search & Destroy (www.safer-networking.org) -- cleans up spyware and repairs a lot of the damage it causes. Free, donations accepted. Use it in tandem with:
SpywareBlaster (www.javacoolsoftware.com) - blocks sypware from damaging Internet Explorer and Mozilla Firefox. Free; with a donation will also automatically update.
Adware-
Ad-Aware SE (www.lavasoft.com) -- To remove adware and other unwanted browser plugins, Ad-Aware is much more thorough than Spybot S&D. Free, updates automatically when you upgrade to commericial version.
The free versions of these products all enjoy excellent reviews from a wide array of experts, including non-profit web sites specializing in security. All of them are upgradable to more comprehensive commercial packages, and they generally refrain from bothering you with ads and upgrade notices. Excellent software speaks for itself, and needs no advertisement.
Back to top -- Back to Main Page
Internet Security 3
Broken in the Box
Nothing fails like success. In my previous article, I talked about some simple ways to secure your computer from direct security threats from the Internet. Both strategies relied on the same basic idea: if they can't find you, they can't get you. Disconnecting from your service provider when you are not using the Internet, and running some kind of firewall when you are online, will do that. Or at least they OUGHT to...
One of the biggest headaches computer users have come to tolerate in recent years is the system crash. The screen freezes, the keyboard and mouse lock up, you stifle a strong urge to break the keyboard in half and cram it in the... Anyway, we've all been there. You turn the computer off, restart it, watch the scroolling gibberish while praying fervently to whatever computer deities exist that your work has not disappeared forever.
Why does this happen? Why do we put up with it? The blame lies in at least two places: with all of us (the huddling computer masses) and with the Evil Empire of Bill (i.e. Microsoft).
Microsoft operating systems have been temperamental and buggy since Bill Gates and Paul Allen first sold IBM the first version of MS-DOS back in the early 80's. The original DOS was extremely primitive; its main rival, CP/M, had more features and was certainly more stable. But by making their first big sale to the largest seller of personal computers in the universe (at that time, anyway), Gates and Allen gained instant market share. And to keep it, they adopted a cynical but successful design strategy.
This strategy was both clever and diabolical: instead of fixing the existing bugs in their software, they would simply introduce a new version of the software, with 'new' features ('new' to DOS, anyway). With any luck, the rewrite of their software and the gullability of their customers would take care of any complaints. After all, if noone's complaining, there's nothing wrong, right? Pay us more money and we might fix it, eh?
The advent of the Windows operating system in the earlier 90's only made the bait-and-switch marketing tactics of Microsoft more obnoxious than ever. As the Windows system software became larger and more complex, with more 'features', it also found more ways to crash. A reliable backup system became a neccessity rather than a luxury. Only when Microsoft began to compete in the business network market did it finally introduce a reasonably 'crash-proof' operating system: Windows NT. The release of NT finally convinced Microsoft that it must at least attempt to fix some of the most glaring flaws if it was to convince businesses that Windows was reliable enough to be used as a server platform.
The release of Windows 95 coincided with the Internet 'boom' of the mid-90's; '95 was particulary designed to take advantage of this by including all the basic tools needed to connect to and use the Internet. Outlook Express (an e-mail client) and Internet Explorer (a web browser) were the most successful of these programs, and they worked better than most third-party programs because they enjoyed priveleged access to deep parts of Windows, as well as close ties to Microsoft's bestselling Office software (i.e. Word, Excel, Access, Powerpoint, etc.).
So what? Deep integration of a software package into the operating system is wonderful for performance, but it also opens up a huge potential security hole: if that software can be crashed or subverted, it can compromise the entire operating system; a rogue program can do anything and see anything it wants to. This is exactly the situation with Internet Explorer. Since the newer versions of Windows are not perfect either, and since there is still no way to PERMANENTLY remove IE from the equation, we're stuck with the same old buggy garbage that we've been putting up with for years. Right?
Not exactly. Windows XP and 2003, the most recent Micosoft operating systems, are actually based on NT, not the old bug riddled 95/98 system. They actually ARE more crash-proof than previous products, even though you may have to buy a new computer to run them. But there is still a problem; Internet Explorer, Outloook and other products still have deep access to the system. What are we to do?
First you need to make sure that the few problems Microsoft DOES acknowledge are fixed. Run Windows Update, regardless of the version of Windows. It first upgrades Internet Explorer to the latest version (required, not optional!) and then downloads and installs the available security fixes. This at least puts your computer in the best shape that Microsoft can get it, security-wise.
Next, dump Internet Explorer. Mozilla Firefox (www.mozilla.org) and Opera (www.opera.com) are both free, easily downloaded from the Internet, and come with a ton of security features. Neither of these run in a 'privileged' mode in Windows, nor do they rely on the dangerous ActiveX-based extensions that most spyware and malicious ads use to subvert Internet Explorer.
Then get rid of Outlook. Mozilla Thunderbird (see above) and Eudora Light (www.eudora.com) are excellent free e-mail programs, with the same basic features as Outlook. An even safer option, if you are willing to do without off-line access to your mail, is to use your ISP's web-based e-mail system. This puts a lot of the burden for virus/spyware scanning and spam blocking in the hands of your ISP's system rather than yours. If you are also using a secure web browser, you are pretty safe from most e-mail based attacks.
Lastly, make sure you check for updates on ALL these programs at least monthly, particularly Windows; new threats are always coming down the pipe. My next article will cover the various free and commercial virus, spyware, and adware deterrents that are available.
Back to top -- Back to Main Page
Internet Security 1
Rules of the Road
Comparing the Internet to the highway system certainly isn't original, but I find it interesting how helpful it can be to adapt the tactics of surviving on our roads to avoiding security problems on the "Information Superhighway".
I recently began teaching one of my nephews how to drive, and it became apparent to me immediately that it wasn't enough to say: "Do this. Don't do that." A good driver needs to develop an 'attitude' toward driving; a fallback position that will give a driver time to make decisions in those emergency situations that no single 'rule' fits.
This leads to two polar driving philosophies: offensive and defensive. Offensive drivers 'own the road'; it is the job of other drivers to abide by the rules and not create a hazard by getting in their way. An offensive driver takes solace in the fact that, if an accident does occur, HE was obeying the letter of the rules, if not the spirit. And he certainly wasn't obstructing traffic.
Defensive drivers realize that most accidents occur regardless of righteous adherence to the orderly progress of traffic flow. Accidents are inevitable whether they follow the rules or not, and since they HATE the messy state of affairs that results from even a minor fender-bender, their attitude is entirely different. A defensive driver expects every curve, vehicle, and intersection to present a hell of body-mangling trauma. Whereas a driver of the first sort barrels blithely through congested intersections and residential areas, blameless and free, the second kind of driver creeps along in near-paranoic anxiety.
Regardless of blame, the difference in effect is obvious. Offensive drivers are involved in more accidents because they don't think it is their duty to avoid them. The frantic alertness of a defensive driver, on the other hand, helps him to anticipate traffic situations that may turn ugly. Due diligence alone makes him a safer driver, even if he is not a 'better' one. Neither approach to driving, at its extreme, is healthy; but it should be clear that it is better to err on the side of caution than to depend on one's insurance company to be sympathetic.
What does this have to do with Internet use? A 'defensive' user probably would get little done, but by the same token would be unlikely to harm anyone but himself. An 'offensive' web-surfer, on the other hand, might wonder: "How can my negligence endanger other users?" The answer is simple: "Viruses need hosts."
In order to spread themselves, computer viruses and similar threats need a stable base from which to attack. They exploit vulnerable operating systems, unsecured networks, insufficiently diligent e-mail and web users. Evil or not, these threats exist. They become more numerous and their attacks become more sophisticated every year, and they have more potential targets.
With all the benefits and privileges the Internet provides, there is a price. One also has a duty to secure his personal system so as to deny malicious software a foothold.
Teenagers, presented with the awesome responsibility of driving for the first time, are often overwhelmed. Patience, experience, and a few simple 'rules of the road' eventually give them the confidence to become confident, careful drivers without being meek ones. And a few 'rules of the road' will help you avoid the hazards of the Internet while still getting the benefits you 'deserve':
1. Shut down your Internet connection when you are not using it.
2. Install virus, spyware-, and adware-killing software, scan often, and update signatures and programs regularly.
3. Install a firewall, and use it.
4. Exercise due diligence in surfing and e-mail use.
5. Obtain and install security fixes for your operating system (Windows 95/98/XP etc., Mac OS, Linux) if they are available.
6. Last and hardest: insist on responsible Internet behaviour in others.
In later articles I will explain each of these basic rules in more detail. None of them are expensive or strenuous to follow, nor will their use ruin the usefulness and enjoyment you get from the Internet.
pat struthers consulting
198 W. Willow Street P.O. Box 56 Heppner, OR 97836 (541) 676-0989
www.wyrdchao.com
pat struthers consulting
198 W. Willow Street P.O. Box 56 Heppner, OR 97836 (541) 676-0989
www.wyrdchao.com
These are a series of articles I wrote for the Heppner Gazette-Times during the summer of 2005. I've done some editing since then but not much has changed. Personal computer security is no longer something you ignore; even if you aren't worried about your own privacy, good security practices help the Internet user community as a whole...
Internet Security part 2
Hiding in Plain Sight
There's a lot of overlap in the various methods of securing your computer from security threats on the Internet. For convenience I've re-ordered the list I gave at the end of my last article to group related strategies. Here are the first two:
1. Shut down your Internet connection when you are not using it.
2. Install a firewall, and make sure it's working when you are connected.
If you've been using a dial-up Internet connection for years, the first is familiar to you, even if you haven't been doing it for reasons of security. Most households and many businesses share their dial-up line with a voice or fax line. Disconnecting the modem connection to the Internet is necessary just to free up the phone line for other use.
But the risks multiply when you graduate to a DSL or wireless connection. Since you are no longer tying up a phone line, you don't have that squealing noise on the extension to remind you that your modem is still on. The user of such a service is more likely to forget to shut down the connection when it's not in use. So when you obtain such a service it's important to know how to shut it down.
Unattended, unsecured, high-speed connections to the Internet are a bonanza for digital criminals: they can easily break into and install stealth software to assist them in their exploits. Such a corrupted computer, called a 'bot', can maintain its own connection with similarly corrupted machines on the Internet. Such a network, a 'botnet', forms a pool of computing power that the criminal can use for a wide variety of attacks, including spam-based password hacking ('phishing'), denial-of-service (DoS) attacks on large web sites, or even scanning the Internet for other vulnerable computers.
Obviously, to minimize the risk you should be connected to the Internet as little as possible, right? "But, but..." (you say) "I need to get WORK done (eBay trading, Internet poker, Counter Strike...)! There must be some way to HIDE my presence on the Internet so that the evil hordes can't get me!" And indeed there is; it's called a firewall.
ALL personal computers, out of the box, have security "holes". This true of any machine with any version of Windows, and to a lesser extent those with some version of Unix, Linux, or a Mac OS. A firewall is simply a hardware or software system that tries to close these holes without walling you off from the Internet completely.
Windows XP and 2003, along with most DSL and wireless modems and routers, have built-in firewalls. These are very effective at blocking incoming traffic and hiding your computer's location on the Internet, but they have to be turned on in order to work. XP and 2003 will annoy you with irritating messages if their firewalls aren't on, but this is not necessarily the case with DSL and wireless equipment. This hardware, usually provided by your ISP, may well be delivered with the firewall turned off. It is very important that you read the documentation that comes with your modem or router and make sure you know how to check the firewall settings. Your ISP can answer such questions also.
While the above are very good at preventing attacks on your computer from the outside, they are of little use once your computer is infected by 'malware'. Most computers are compromised NOT by direct attacks from the Internet, but through indirect means: e-mail attachments that install viruses when you open them or tainted web sites that use your browser (Internet Explorer, usually) to install spyware.
For any Windows machine, a more comprehensive firewall package such as ZoneAlarm (free from www.zonelabs.com), Norton Internet Security, or McAfee Firewall is recommended. These block incoming traffic and also can be trained to allow 'good' programs to reach the Internet, while blocking unauthorized ones. They are more tricky to configure but they often include spyware/adware protection and e-mail scanning. While it may be convenient to have anti-virus, firewall, and spyware protection in one package, such as Symantec and McAfee offer, in my experience these programs are much more difficult to configure, particularly in a network environment.
Unix and Linux-based machines come with a variety of extremely effective and flexible firewall programs; in fact, many Internet service providers have a Linux/Unix-machine specifically designed to act as a dedicated firewall.
While the security risks described above are relatively rare compared to those arising from poor e-mail and web-browsing habits, they are more dangerous because they allow criminals to easily subvert computers to their own use. If you have a DSL/Wireless connection and/or a current version of XP, use the firewall provided, and think seriously about getting a better one. Minimize your footprint on the Internet by shutting down your connection when it is not in use. These rules are both easy and cheap to follow, and will drastically reduce your vulnerablity to casual attacks.
Back to top -- Back to Main Page
