Monday, June 20, 2005

Internet Threats & Defense

Considering my handle, it is about time I post some computer advice. In this globally connected, post 9/11 world, you must be observant and be able to defend yourself. It reminds me of when I was stationed in West Texas. My father-in-law gave me a handgun and told me to hide it in my car in case I ever broke down out in the middle of nowhere. EAdd Imageven in the 1970's there was an element of the Wild West still prevalent in remote West Texas. Banditos roamed freely. Considering our current border situation and the massive influx of all sorts of people from Central America, it probably still isn't safe at night in many parts of the South or other remote areas of the US. The rest of the world, especially the Third World, has always been this way but we Americans have been enjoying innocent "Happy Days" since the mid 20th Century. When I was a child we never locked our doors in a town of 10,000 and there were only two or three patrol cars for the entire town and they were often parked at the Office even at night.

Well, anyway, the internet is like the rest of the world, untamed, even a bit wild. All sorts of bad guys are still out there online, some are even organized and well funded. So anyone who connects to the rest of the world and especially those who connect via Broadband needs to take some basic safety precautions.

Microsoft has done a pretty good job on their Windows Update site with their three step plan. Use a firewall, download critical updates immediately or automatically, and use updated AntiVirus software. If you haven't done these three basic steps, please follow the directions at the address above.

Non-Windows users also have automatic security patch updates available from their OS vendor and cooperating mirror sites, usually Universities here in the US. Your anti-virus options are far more limited, but the threats are far fewer. Still, you need to follow the same procedures to be safe. I'll explain firewalls in a minute. Almost all Linux distributions include a configurable firewall, ipchains, and if you are fortunate, some GUI interface or dialog. Linux users should also install and frequently or automatically update anti-virus software, even if you have to pay for it. Perhaps someone will post some good free alternatives.

Firewalls are specialized access lists which filter IP traffic by TCP or UDP port and direction. As a former router administrator I can tell you there are thousands of ports loosely designated for a particular application. Most people only use a handful like TCP port 80, the browser or HTTP port. Incoming POP3 email uses port 110, while outbound SMTP typically uses 25 or these days 25000. The entire list is here: . Most people only need to know to open those two, close 135 outbound (Windows network sharing) and block (drop) every other kind of traffic from the internet. Of course, reply traffic is typically allowed. You want to block unsolicited traffic from outside. If you download a Trojan, macro executable, or other virus and initiate it from your local PC, any traffic it sends and any updates it downloads would still pass through a properly configured firewall. Windows XP SP2 firewall ignores all outbound traffic. That's why you need security updates, AntiVirus and the other stuff I'm about to list. Even XP users need to add an outbound firewall like ZoneAlarm or NetVeda Safety Net. Both are available for free.

The fourth defense you increasingly need is Anti-Spyware software. SpyWare, malware, and AdWare are variants that install some executable on your PC and secretly gather information which is eventually sent back to its creator. While it typically included elements of viruses, trojans, and other malware, the primary objective is to compromise your privacy, security, or both. Amazingly, there are few laws in place to counter this relatively new threat and enforcement is often difficult since much AdWare obtains your tacit agreement when you install some legitimate software it sponsors. Until specific legislation addresses hidden applications, it isn't unlawful in most places to distribute AdWare or even to use it to gather private information about it's users.

Even if the company, much SpyWare or AdWare is created by big companies, doesn't use this information for unlawful purposes, the way it installed, updates, and operates without your control makes it very tempting to abuse and extremely hard to prosecute.
Once a piece of AdWare gets installed on your PC, it runs silently, repairs and updates itself, has no easy means of being removed, and communicates freely with any internet address in the world as often as it is connected to the internet, even if you have all the latest critical updates, current anti-virus software, and a good inbound firewall. That's why we all need to run several of the available Anti-Spyware applications that are available.

This is a new industry and there are several approaches to finding and removing the many thousands of commonly known AdWare or SpyWare components in use. Worse, because malware updates itself frequently, once installed, it can change it's behavior completely on a regular basis, even hourly. Imagine someone at Gator (a major AdWare distributor) downloading a special code update that watches for browse connections to the Bank of America or CitiBank website then captures your keystrokes and sends them to some IP address in China or the Ukraine. After an hour, the code is replaced with legitimate AdWare code and there is no trace left of the deed that captured a few hundred usernames and passwords to bank websites and passed them along to Terrorists. This threat must be addressed immediately by Homeland Security, Congress, and each State legislature. Until the FBI is funded with the staff and tools to defeat this threat, you must play catch-up and hope you don't fall prey to a new segment of code not yet identified by current Anti-Spyware. The bottom line is that even if you have all of the following installed and up to date, you must ASSUME your keystrokes are being captured and forwarded.

Download, install and run the following software at least weekly: AdAware SE Personal Edition by LavaSoft, SpyBot Search & Destroy, and until Summer 2005, the beta of Microsoft's (Giant) Anti-Spyware application. Each has some capabilities the other lacks and all are currently available for free. If you can afford it, especially if you use broadband, buy the full versions. Set your scheduler (in Control Panel) to open all this software at least weekly when you are likely to be online. Get the updates before you scan your system just as you do with your anti-virus software.

Still, there are two other things you MUST continually do to safeguard your private information. Both are somewhat of a pain, but simple things you can do to protect your ability to do online commerce and internet banking with some sense of security. First, configure your firewall to prompt you for approval of all outbound traffic except HTTP. That means each time you send an email, update software other than your anti-virus or anti-spyware which can be exempted, you must give your OK to send information to the internet. If you aren't intentionally sending something, then DENY that traffic. It could be your credit card info going to China! You'll notice things like Windows Update (WUABOOT) requesting contact to the internet. Be sure you know what internet access you are approving. Second, you should never type your credit card number or password into a web dialog without skipping characters and using the mouse to reposition and insert the correct characters. If the website won't let you edit the string, complain how they are compromising your local security measures and stop using that site.

Keystroke capture is so easy to do with a tiny resident application that even an expert can't detect when service.exe is running something that does just that. All the IPSec and encryption techniques developed so far apply only to network traffic AFTER the keystrokes are entered. Microsoft is aware of this major flaw and has been working with Intel and others for years to develop a new generation of equipment that will encrypt all traffic between the motherboard, CPU, video card, keyboad, and other major components of your PC with special hardware chips. This feature won't be part of the next version of Windows and maybe not even the one after that. It will require your operating system to be custom installed for each hardware component and break your system if any piece fails. No existing hardware is compatible and no new hardware with this capability is yet available. Until you own such a system, be very careful before you participate in online commerce or banking. Review your bank and credit card statements for fraudulent transactions, you may be able to review transactions online every other week.

Never use a debit card online (or anywhere else), you are not protected by law from its unlawful use, only by current bank policy which could change at any time or be arbitrarily applied. The most you can lose from using a US credit card online is $50 by law as long as you promptly advise your bank and BankCard Center in writing (snail mail) of loss or compromise of your card number, or known fraudulent activity and within 60 days of billing. Banks make this distinction increasingly blurry but stand to save $Billions if they can swith users from Credit Cards to debit cards. Repeated efforts to repeal the Credit Card law have failed in spite of massive political contributions, but I wouldn't count on our current government to continue to protect you from big business. Watch for news of changes in Credit Card law.

Finally, try to become more familiar and in touch with the operation of your PC. Know what runs at startup and why, don't install any software from a company unless you are sure it has more to lose in bad publicity than it has to gain from compromising your PC. Stick to big name vendors or highly recommended, long established developers. Read the fine print of licensing agreements when installing software and never agree to install additional software (AdWare). Update protection software and run full scans regularly. Do a full system state backup before installing anything, backup your personal files to removable media frequently, and have all the drivers, CD's and license keys readily available to wipe and reinstall your OS if it does become compromised beyond repair. Yes, it's a pain but life online just isn't simple anymore.

Or, if you are unwilling to work at securing your PC, then stay off the internet and just use your PC to play Solitaire. Don't shop, get news, play games, or otherwise interact with the world online. While you are at it, build an eight foot wall around your home, put in a well and gas generator, stock up on canned goods and ammunition. That's the alternative.

BTW PC Mag recently reviewed seven anti-Spyware apps and agree with me that no single app is up to the challenge.,1759,1829282,00.asp


Post a Comment

<< Home