A very, very basic look at security

Viruses are in the news a lot these days, but, just as sinister and not usually mentioned are Spyware and Worms.

If you have a broadband connection, Spyware can scan your computer for passwords, credit card numbers, personal data and pass this back to the Spyware creator. This unseen crime netted around £1.5bn in 2004 ... do you want your personal data on the Internet ? Since I wrote about Free AVG and AdAware in 2001, spyware is now more rampant and aiming to take over your computer and steal information from it. In my introduction to AdAware, I gave the Sophos definition of Spyware - it is worth repeating here as I cannot emphasise enough that there are hackers on the Internet who would just love to break into your computer. This is how Sophos describes Spyware. "Spyware includes keyloggers, backdoor Trojans, password stealers, and botnet worms, which can cause data theft, financial loss and network damage. Spyware installs itself onto a user's computer by stealth, subterfuge and/or program engineering and sends information from the hacked computer to a third party without the user's permission or knowledge". Clearly then, spyware can be very dangerous, hence I would like all my friends to keep their computers as clean as possible from this silent attack on your privacy.

Let us look at some of these threats. Keyloggers are self explanatory in that they monitor your every keystroke and send them back to a third party who can then use the information to defraud you as do password stealers.

Botnet worms may be the least understood of the group. A botnet is a robot network worm. Used by a hacker, it will join many compromised computers together to form a super computer. This super computer could then be used to launch a DOS or DDOS (Denial of Service attack or Distributed Denial of Service attack) against banks or any other important computer system, eventually causing them to close down under the weight of repeated requests from the hacked super computer. Compromised computers are known as zombies. Not very nice is it ? Do you want your computer known as a zombie ?

Remember, the three basic attacks to your computer, viruses, spyware and worms. So, in addition to an anti virus program, you need an anti spyware program and a firewall to protect from Worms.

 

Antivirus software

There are scores of Anti Virus programs to be bought or downloaded for free. Generally, the bought one's are best, but, not always. You could choose from Avast 4 Home Edition, F-Secure Internet Security, Grisoft AVG Free Edition, Kaspersky Anti -Virus Personal, McAfee Internet Security, Panda Titanium, PC-Cillin Internet Security, Trend Micro, many others and the grand father of them all - Norton. Norton will usually come installed on a new computer, but, it is not necessarily the best. It takes a lot of system resources compared with some of the others. In the past I have advocated Free AVG and it has served it's purpose well. I feel now we have to beef up our defences and start to pay for more complicated programs. AVG Professional or SoHo will take care of one computer or more computers for two years. For this you get priority updates and an e-mail to warn you an update is available. Also, with an excellent track record, AVG does not hog system resources and should not slow down your system. For free or purchase see AVG

 

Anti malware software

Malware or Spyware is now emerging as the dark horse. It is well known but very seldom mentioned by the media, yet Spyware can easily do as much damage as viruses. Again there are many programs both free or to be bought. You could choose from Aluria Spyware Eliminator, Bulletproof Soft Spyware, Lavasoft AdAwareSE Plus,McAfee Antispyware, Microsoft Antispyware (beta), Noadware 3, Paretologic Xoftspy, PCTools Spyware Doctor, Spybot Search and Destroy, Sunbelt Software CounterSpy, Symantec Norton Antispyware, Webroot Spy Sweeper, Yahoo Toolbar with Antispy and many more. It is interesting that this list is much longer then the anti virus list. To cope with spyware, I used to advocate AdAware Free Edition, but again, a bought product cuts the ice better. CounterSpy, which, unlike AdAware, but like AVG is always on duty looking for spyware intrusion, gets a lot of votes. It doesn't catch all spyware, but normally what gets through is tiresome rather than dangerous. For free AdAware see AdAware and for CounterSpy see CounterSpy

 

Firewalls

Lastly, most of us run a firewall to protect against Worms (don't we ??). Free Zone Alarm is the favourite and the only one I would recommend at Free Zone Alarm. But a software firewall is not always good enough. A hardware firewall is far superior. An old computer can be pressed into service running Unix, Linux or BEOS, but it is simpler is to buy a router for around £50. Most routers have NAT (Network Address Translation) which means your actual computer address is not visible on the Internet. If you are running a WiFi router ensure you have MAC enabled and WEP or WPA encryption set with a 128 bit key. If not, you run a great risk of someone stealing your broadband usage or worse.

 

Program to counter srv-SSA malware

The spyware keylogger, named Srv.SSA-KeyLogger, secretly steals data from users' Internet sessions, including logins and passwords from online banking sessions, eBay, PayPal, and other programs that use html forms to collect personal information say Sunbelt Software who publish the counter to SSA-Keylogger. NOTE: Since the SSA-KeyLogger spyware cannot be installed on the following platforms: Windows 95, Windows 98, Windows 98SE, Windows ME or Windows NT4, it is not necessary to run the SSA-KeyLogger Clean software on these Operating Systems. The SSA-KeyLogger spyware should only be installed on Windows XP, Windows 2000/2003. If you do find your PC to be infected, please call Sunbelt Software tech support dept at 001 877-673-1153. You may use this hotlink Srv.SSA Cleaner and get the anti Srv.SSA program from Sunbelt Software. There, you can enter your email address which will subscribe you to CounterSpyNews, a newsletter to keep you up to date on spyware risks. You can always unsubscribe in the future. Or click here for local copy Local Srv.SSA Cleaner and click RUN

 

Program to counter CWS worm

Trend Micro™ CWShredder™ Version 2.15 is the latest defence against the new Cool Web Search variants, and it is included in the new Trend Micro Anti-Spyware 3.0.

What is CWShredder? CWShredder™ finds and destroys traces of CoolWebSearch. CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to coolwebsearch.com and other sites affiliated with its operators.

What's New With CWShredder?

CWShredder is now owned and maintained by Trend Micro. CWShredder now cleans the CWS.Cassandra variant that includes a desktop hijack as well as a browser hijack.

Originally developed by Merijn Bellekom of the Netherlands, CWShredder™ was owned and maintained by InterMute until June of 2005 when InterMute was acquired by Trend Micro.

Click here CWS Shredder and click RUN, RUN and SCAN ONLY to check your computer. At the end of the scan click EXIT.

 

External Anti Virus Programs

You can do an independent check of your computer for viruses (not virii) here - Symantec on-line anti virus. Select "Go" and on the next page under Virus Detection, select "Start". It will take some time and it is not as fast as the anti virus program on your hard drive, but, it does give you another check in case your onboard virus checker has missed something.

 

Open, closed or stealth ?

So, with an anti virus program, an anti spy ware program and a fire wall, that's that - or is it ? Let's go back to school days and Hide and Seek. Your computer may have all the "Anti" programs, but, if it is visible on the Internet, it can be attacked. In Hide and Seek, we always tried to choose the best place to hide so we were not the first one caught. The same applies to a computer. If it cannot be seen on the Internet, it is much harder to attack by a cruising hacker. So, you "hide" your computer. If your firewall is working properly, your computer should be in STEALTH MODE. Basically, this means that you can see the Internet, but other Internet users cannot see you, hence you are a harder target to attack than someone, without a good firewall who will stand out among Internet users. Here I would recommend the site of my Internet friend Steve Gibson of The Gibson Research Corporation. Follow this link Sheilds Up to do a Shields Up test. Navigate down the page to the box titled "The text below might uniquely identify you on the Internet". This in itself should make you take note of Internet security. When you are ready click the "Proceed" box on Steve Gibson's page. Through a Security Alert, this will take you to "Shields UP!!". The idea here is to see if your computer is visible on the Internet - remember we are aiming at complete Stealth Mode. Under "Shields Up Services", click on "Common Ports". This checks mail in and out ports, FTP, browsing etc. You MUST get Stealth Mode here. Scroll right down the page to the bottom and now click on "All Service Ports". This will check the first 1055 ports on your computer. If these are all stealth mode, you have passed the first test. Remember, every port should be in Stealth mode, if any are open or closed, you should investigate the problem.

 

Sources of information for security threats.

If you have not already joined the government run scheme, subscribe to The UK Alerting and Advisory Service for Information and Communications Technologies (ICT) Security at IT Safe. Another site is the BBC News Technology page BBC Technology.

 

I started with "A very, very basic look at security".

This page was very basic in that it could have run to 10 or more pages, so it has been condensed to get most, or all, of the important points in a readable space. However, never, never be complacent over security. Hackers come up with new tricks every day. Some get reported, others just happen and do not rate a mention. The only thing I can promise you is that if your computer is attacked in any way, the problems you suffer will ensure that you will be extremely vigilant in the future. Take good precautions now and try to prevent any problems in the future and do remember the basic building blocks of security - NEVER open an attachment to an e-mail unless you are sure it is safe and keep to safe and clean web sites. Venturing from the straight and narrow can cost you dear.

 

On going project - still being built 1/10/2005 - contents subject to change.

 

Iger Home Page

Hints and tips

BBC

PlusNet

© 2005 Iger
All quoted sources acknowledged and credited
All trademarks and copyrights acknowledged.