Computer Hazards
Viruses,
By Deb Thornton
“Viruses,” “worms,” “spam,” and newer threats like “phishing” and “spyware” are often headline news.
You may not know all the geeky, techno-babble details surrounding these threats, but you know they can spell trouble for your computer system and business.
The following overview is intended to help you understand the most common malicious software (known as “malware”) threats and steps you can take to protect your computer system.
Knowing the Threats
Email Viruses have been around for years. Viruses often arrive as harmless looking email attachments. When the attachment is opened, the virus may display a simple image or message, or it may destroy files, reformat hard drives, or cause other damage. Viruses take advantage of a flaw or weakness (known as a “vulnerability”) in one of your computer’s programs.
Computer Worms wriggle along from computer to computer infecting each one as it travels across a network. As it moves, it leaves behind a copy of itself (known as “replication”). A replicating worm can move incredibly fast. In 2001, the Code Red worm replicated itself over 250,000 times in just 9 hours. Worms are very dangerous because you don’t even have to open an email attachment to release it. Just opening the email itself can release a worm. A worm can be designed to delete files, exploit your computer’s IP address to send junk email (spam), conceal the attacker’s own address, and just plain steal your resources (which causes the network to become really slow). Some well-known worms have caused billions of dollars in damage.
Network Worms are a new breed of malware which attacks at the network layer. Network worms exploit software vulnerabilities and rapidly self-propagate from computer to computer. As data is broken into small packets to be transferred across the network, network worms embed themselves into the packets. This prevents traditional file-based antivirus solutions, which can only scan the reassembled packets, from being able to detect the virus. Intrusion detection and vulnerability assessment technologies can help monitor network activity and identify potential security holes. However, the damage may already be done by the time notification is delivered.
Trojan Horses are named for that famous wooden horse in Greek mythology because they follow the same sort of strategy. You think you are just downloading a program from the Internet (such as a game, screensaver, or some type of business shareware), but hiding in the program may be malware. Trojan programs can cause damage to data, unexpected computer behavior, and even compromise the security of the network. Be wary of free Internet downloads–make sure the site is reputable.
Spam is unsolicited junk email usually used for advertisements. Besides being an annoyance, spam email can quickly overwhelm your personal email inbox or company email server.
Spyware is a newer method of attack intended to intercept or take partial control of your computer. Spyware is a software application designed to monitor your habits and personal information without your knowledge or consent. The data gathered may include your Internet habits (such as what websites you go to or what links you click on) which is sent to legitimate third parties who use or sell the information for marketing purposes (such as targeting you for delivery of those annoying pop-up ads). However, the data gathered may also be personal information (such as email addresses, passwords, and credit card information) which is sent to criminals who plan to use or sell the information with the intent of identity theft or other fraud. Like Trojans, spyware is installed without your knowledge when you load another program that you typically want. Not only does it steal your personal information, but it takes up network bandwidth when it sends its information back to its owner via your Internet connection. This can lead to system instability or crashes as it eats up memory and system resources.
Phishing is a new ruse built on an old principle: deception. The attacker, disguised as a trusted authority, asks for personal information. The victim, believing the request to be valid, replies with the information. A common attack involves banking organizations. In this version of the scam, victims are sent an official looking email directing them to visit a fraudulent website that has been designed to look like the real one. They are then asked to enter their personal information (such as password, Social Security Number, credit card information, or bank account information). In a matter of minutes, criminals are in possession of enough information to drain bank accounts, open new credit card accounts under false names, and even sell or assume stolen identities.
Managing the Threats
First, it is important to understand a few basic principles about the threat of computer attacks:
- Security starts and ends with people. Technology alone does not provide computer security. People’s behaviors are a significant factor in protecting computer systems. Their awareness of threats, understanding of company security policies, and applying of good security practices is a crucial security control.
- Computer systems can never be protected 100 percent. Security software can only protect against what is known at a certain point in time. There is always risk from the time a new vulnerability is discovered until a patch is made available by the vendor and you install it on the computer. And one person’s straying from good security habits can render all the protection in place ineffective.
- Using the Internet is a risk in itself. Being connected to the Internet greatly increases the possibility of attack.
Protection strategy should take into consideration all major access points into your computer or network, such as:
- Desktop/laptop computers
- Personal digital assistants (PDAs)
- File servers
- File backup or storage systems
- Network edge (perimeter)-the area of the network that connects the LAN (local area network) to the WAN (wide area network); i.e.: Internet
- Remote access network for workers in remote locations and telecommuter associates
Wireless access points
Security software can be purchased to address a specific security threat (such as antivirus, anti-spyware, or content filtering) on a specific device (such as computer, PDA, or file server). Most popular security software vendors also market integrated product suites, which provide a bundle of security software products for protection against a number of threats. The software can usually be bought and scaled for small, medium, or large-sized businesses.
Networks often use a “defense-in-depth” strategy which provides a multi-layered approach to security. This can include using more than one vendor’s products so that you’re not putting all your eggs in one basket.
Vigilance is required to keep security software current. Patches (software fixes) and other definition files must be downloaded regularly and installed. Unpatched systems are easy targets. Hackers and criminals continue to exploit old vulnerabilities because so many computer systems are never patched.
It is a continual challenge for hackers and criminals to find new ways to exploit vulnerabilities - including people. And knowledge is your first step in being able to protect your computer system and your business.
