11 Oct

A public service announcement regarding computer security

Category: system administration

Yesterday I spent a lot of time researching Bugbear, and trying to get in touch with an old mentor of mine whose computer was infected and sent me two infected emails containing personal email originally sent to him, all without his knowledge. I’ve also spent some time lately helping various family members better secure their home computers.

Computer security is no longer optional for anyone who owns a computer connected to the internet. Even if your computer has absolutely nothing of interest stored on it, hackers will try to get to it so they can use it to attack other computers to cover their trails. Computer viruses and worms attack without forethought, automatically spreading and squirming around into places they’re least expected, much like their biological counterparts. Yes, I know this is a long entry. Read it anyway! I promise to use mostly understandable English!

Disclaimer: I do not know all there is to know about computer security, but oftentimes my job involves me putting on my security expert hat. I’m human, and fallible, but I’m also a perfectionistic driven geek. Take this advice in the spirit it is given.

Every computer connected to the internet in any way should have a virus protection program running on it, especially computers running any version of the Microsoft Windows operating system. This is true of both business computers “protected” behind firewalls as well as home computers on cablemodem, DSL, or phone modem connections to internet service providers like Earthlink or AOL or whatever.

And virus protection programs are useless unless they have the latest virus definitions and real time protection turned on.

Basically, virus protection software provides the mechanism to protect your computer, like a security guard, but the virus definitions are like the daily most-wanted posters. Without knowing who to protect against, having the security guard is pretty useless.

Also, if you have an old version of the virus protection software, it’s like having a really old guy working as your guard: it’s just not the best idea. Honestly, enough different kinds of viruses, worms, and embedded executable malicious code have been developed by hackers that even if you get the latest definitions, the virus protection software wasn’t beefy or smart enough in years past to deal with today’s nasties.

If you’re using old software with old definitions… Well, it’s kind of like having an old man as your security guard, using an old wanted list to guard your door. He’s peering diligently through his spectacles looking for Al Capone, and letting gang members with cutting torches waltz right into your computer.

McAffee and Symantec are competing vendors, and depending on who you ask, you’ll get different answers about which vendor’s products are better. Honestly, as long as you configure the product you buy to automatically get the latest virus definitions and to use real time protection, either vendor’s product should be effective.

Also, if you have a techhead geek available to do the configuration for you, go with whatever product they are most familiar with. It’s easier on both of you in the long run.

Personally, I use Norton AntiVirus and am careful to configure it to automatically check for the latest virus definitions from the vendor.

Configure the software to do real-time protection on your computer. This should catch most nasties in your email as you download the messages. Basically real-time protection constantly scans any files that change on your computer. In conjunction with regularly-scheduled scans of your entire system, real-time protection is anti-virus software’s best line of defense against the nasties.

With a bit of quick web searching, I found:
McAfee.com’s VirusScan Online service with one year of free virus definitions, for $25 http://www.mcafee.com/myapps/vso/default.asp
or
Norton AntiVirus 2003, with free virus definitions for $50 http://www.symantec.com/nav/nav_9xnt/

I believe that Norton has slightly more features, but I’m not as familiar with McAfee’s product, so I can’t really compare them. There are other products out there, too, and for all operating systems. Get one and configure it properly, or your computer should not be connected to the internet: without active virus protection that works, your computer is a danger to yourself and others.

Be sure that the default behavior (for both the scheduled scans and the real-time protection) if the software finds a virus is to try to repair it, and if that fails to quarantine the infected file, NOT to automatically delete it.

Once you’ve installed your antivirus software, you should be able to set the default behavior to first attempt to Clean, then Quarantine if the clean fails. Once files are quarantined, they can’t hurt you. :-) If you want, you can use the antivirus software to show and then let you individually delete files from the quarantine. Setting up anything on my computer to automatically delete files, even infected ones, without human intervention makes me jumpy.

I had a problem a bit ago where a certain pesky virus got emailed to me. My Norton AntiVirus RealTime Protection kicked in, and quarantined not just the infected message, but my entire inbox. If I had the default behavior set to delete if it couldn’t repair, I would have lost my entire inbox. As it was, I had to turn off RealTime protection temporarily, un-quarantine my inbox file using Norton’s built-in features, remove the infected message with its embedded virus using Notepad line by line, and then turn RealTime protection back on. If I hadn’t had RealTime protection on in the first place, my inbox would have spread the infected file like the plague.

Don’t ever use Word to try to clean out a virus line by line, by the way. Word has so many features that some viruses will use Word to propagate. Notepad is a bare-bones editor, so it’s safer. But cleaning viruses manually is highly dangerous and best left to professionals. ;-)

If you are running Windows, most of the viruses you’ll see are W32.SomethingOrOther. The particularly nasty ones going around now are variants of Klez, YaHa, and Bugbear. And they are really nasty. :-( They do everything, from letting a hacker get root (administrator) rights to do anything with your computer, to harvesting your passwords and credit card information via a keystroke logger. Some other viruses and worms just randomly delete files from your computer… some delete all files on your computer if activated.

Do be sure that your computer is automatically grabbing the latest virus definitions. You should be able to see the date on the virus definitions that your computer is using if you open up the antivirus software. Make sure that you see that date change over two weeks or so, and you’ll know you’ve got it set up properly.

After you’ve got your young, beefy antivirus software equiped with the latest most-wanted information and actively guarding your computer, be sure to follow other common-sense computer security guidelines, including but not limited to:

  • Install patches, service packs, and bug fixes to your operating system and your software. Particularly, use Microsoft Update or Microsoft Intelligent Updater if you are running Windows or Internet Explorer. You can schedule your computer to search for updates to your software and alert you automatically if updates are available, but I recommend checking manually every so often as well.

  • Choose hard-to-guess passwords, always. Don’t use SSNs, birthdays, names, or words in any language. And don’t use the same password for all of your accounts.

  • Don’t stick your password on a post-it note on your computer monitor if other people have physical access to your desk. You can write down your passwords on a card in your wallet or your safe or your safe deposit box, but consider writing in down using some personal code… add a dummy character in the middle of the password, or remember that you always add 2 to any number in your written password, things like that.

    One good way to choose good passwords in the first place is to remember a phrase associated with each of your computer accounts, and use the first letter of every word in the phrase as your password for that account. For instance, a former co-worker of mine at a previous job used “I want to get a new job!” as her phrase for her work email account, resulting in the password “Iw2ganj!” which looks very random, is eight characters long, and would be very hard to guess or hack. And yes, she got a new job and no longer uses that password!

  • Don’t ever send your credit card numbers, SSN, or passwords via email. Unless you are encrypting your email, it is sent in plain text across the network, and can in some situations be intercepted by those with malicious intent.

  • Don’t open unexpected attachments to email messages. Even from people you know, email attachments can contain viruses or worms.

  • Encourage and advocate proper computer security awareness among your friends and correspondents. Don’t send them bulk-email about it, but do mention it in the course of other conversation if the topic comes up.

  • Don’t bother trying to unsubscribe from mailing lists which you never subscribed to in the first place. That’s one way that advertizer-scum types collect active email addresses, and then they sell the lists to other bulk list emailers.

  • Don’t fall for pyramid get-rich-quick schemes or the Nigerian scam, and never go along with people who bulk-emailed you asking for your personal information or money.

  • Turn off all unnecessary services running on your computer.

  • If you have a persistent connection to the internet, like cablemodem or DSL, turn off your home computer when not in use, and/or consider running a firewall in addition to antivirus software. Not all threats to computers are viruses or worms; hackers exploit bugs in operating systems and programs to get into your computer and use it for whatever purposes they want, and a firewall can, if configured properly, help block or deter that. Note that a firewall is not sufficient protection by itself.

  • Don’t post children’s photos on the internet unless you are putting them on a password-protected site for family and friends only. Unwanted attention from predators is too dangerous for children to risk it.

    • Lastly, if you are yourself not computer-savvy, ask for help, and don’t be intimidated about asking young people to help. Assisting people to secure their computers is a task that geeks, even busy and/or young ones, are more likely to volunteer for than helping you debug your latest attempts to learn a new word processing software, or helping you getting your vacation photos scanned in… securing your computer is actually helping protect the internet at large from the nasties. Geeks understand that. And we usually take bribes (chocolate, cookies, ice cream, coffee, amazon.com or thinkgeek.com gift certificates, etc.).

    Posted Friday, October 11th, 2002 at 7:44 pm
    Filed Under Category: system administration
    You can leave a response, or trackback from your own site.

    0

    Leave a Reply