Net Security

All About SPYWARE

2010-01-19T15:08:00.000-08:00

Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.

Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.

Aside from the questions of ethics and privacy, spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.

Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party.

How Does Spyware Get Onto My Computer?

Spyware typically finds its way onto your computer when you download other programs, mainly freeware (free software, often for trial purposes). This is called bundling - basically the spyware producers pay the freeware producers to include the spyware in their products. This helps finance the freeware that you download so that you don't have to pay for it.

When you download your freeware, the spyware application that you're also downloading may be mentioned in the licensing agreement. The spyware company is counting on you to click "Ok" without really reading the agreement, but if you do, the spyware installation will be mentioned in very hard to understand jargon so you may not realize that spyware is being added. Sometimes the spyware is not even mentioned in the agreement, in which case even if you read it, you will not be aware of the spyware.

Spyware can also be installed on your computer just by visiting certain sites. You may be prompted to download a certain application to see the site properly, to view a greeting card, to watch a video or hear a song on the site, etc. But really the application could have nothing to do with what the site says its purpose is - it could be spyware instead.

Another trick spyware makers use to get you to download their spyware is through ActiveX controls (simple programs that run in your internet browser). When these start to load, your browser will ask if you want to install. If you hit "No" this is only good for the page you are on. Every time you load a new page, your browser will ask you again. Lots of people give up and just click "Yes" after this happens a few times. Little do they know, they are agreeing to spyware.

Wanted Spyware

You may actually choose to install a spyware onto your computer for your own use. This may be used as a surveillance tool if you have children or employees to track what goes on on a computer when you're not around. This type of spyware can be bought and installed like any other software, and will track things like websites visited, programs used, keyboard stokes, etc. for your reference later. When used as a surveillance tool, the data from this type of spyware is not sent anywhere, but it can be referenced from the same computer later by parents and employers to check up on other user's activities.

Spyware Prevention: How Do I Block Spyware From My Computer?

Given the security threats of spyware, you're probably wondering how to protect your computer from spyware downloading itself and causing so much annoyance and damage. As with everything else, the best method of protection against spyware is prevention! Here are some simple ways you can prevent spyware from finding its way onto your computer:

Know What You're Installing

One of the most common-sense ways to avoid downloading and installing spyware is to pay attention to what you're installing! When you go to download a program, especially if it's freeware, ask yourself if you know the source of the program. If you do, ask yourself if you trust its publishers. Reputable software producers avoid including spyware whenever possible. If they do include spyware with their programs, they normally provide you with an option to opt out of "extras." This usually happens during the installation process. If given this choice, you should opt out. When something seems too good to be true, it usually is. If there's anything in a license agreement says something about transmitting information to a third party - watch out! It might be spyware.

Read What You Click

Another obvious and simple way to avoid spyware is to read what you click! Unfortunately, though this is such an important and easy step to take in spyware prevention, people often get in the habit of just clicking "Ok" without looking to see what they're agreeing to. Spyware publishers count on this habit when you go to install freeware that their spyware is packaged with. They hope you won't read the licensing agreement that says their spyware is included. They also may try to get their spyware on your computer by bombarding you with pop-up messages when you go to infected websites. The same principle applies here. So know what you're agreeing to before your click "Ok."

Install a Firewall

Firewalls are programs that filter data coming in and going out of your computer by way of the internet. They act as gatekeepers in that they only let authorized data into and out of your system. When you install a new program (like spyware) and it connects to the internet for the first time, the firewall will warn you that it's trying to connect, and it will ask your permission for the new program to do so. This way, even if you install spyware without knowing it, you'll be warned that something new is trying to exchange information over the internet. Because the firewall will not let it do so without your permission, you'll be safe from spyware sending out your personal information unless you authorize it to. So only authorize programs you're familiar with to access the internet. You can then take steps to remove any suspicious programs.

Adjust Your Browser Security Settings

To prevent spyware from finding its way onto your computer, you might want to adjust your internet browser's security settings. On Internet Explorer, your Internet Zone settings should be on or above "Medium Security."

Keep Your Computer Updated

Another way to prevent spyware from getting onto your computer is to keep your programs and system updated. There are four important types of updates you should keep up with: operating system updates, anti-virus software updates, email program updates, and internet service provider (ISP) updates.

Operating systems like Windows commonly come with security holes. This means that the way the system is structured inadvertently leaves it open to certain security threats. As the security inefficiencies of your operating system are discovered, the company that produces your operating system (for example Microsoft) will come out with security patches. Security patches are small applications that fix inadequacies in the system's security features. Make sure to install security updates for your operating system as soon as they're available, and check for updates regularly on the company's updates and support pages. You may want to change your system's settings to automatically check for updates if you haven't already done so. Pay special attention to updates marked "Critical."

Make sure you update your anti-virus software on a regular basis too. Older versions of antivirus software didn't protect against spyware because worms and viruses (what this anti-virus software is meant to protect against) behave differently than spyware does. But popular anti-virus programs like McAffee VirusScan and Norton AntiVirus now scan for some spyware, and they are constantly improving.

Email software like Microsoft Outlook needs to be updated too, since email software can now scan for spyware as well. This helps prevent malicious software from getting to your computer through email. You need to keep your email software updated so it has the latest information on the spyware you're at risk to pick up.

And last but not least, your internet service provider will sometimes come out with security updates as well. These updates can take the form of spyware protection or browser enhancements that block pop-ups etc. Make sure to regularly check for and download these updates. You have to have the latest version of the browser software to take advantage of the built in security features, so it's important to keep your browser up-to-date.

Prevent Hacking of Wireless Networks

2010-01-04T15:16:00.000-08:00

Prevent Hacking
of Wireless Networks

Hacked computers are termed as zombies and are used by hackers to rob online identity, make fraudulent banking transactions and even send terror emails to the media after bomb blasts to claim responsibility!

The following preventive measures can be used to prevent misuse of wireless networks and the internet in general.

Use Secure Portals and Payment Gateways

Banking transactions made on unsecured websites can lead to leaking of credit card details. These details can then be used to generate a card bearing the same data as the original credit card which can then be used fraudulently. It is imperative to use secure portals and trusted payment gateways like Paypal and CCavenue.

Be Aware of Phishing

Phishing is a fraudulent process of attempting to acquire sensitive information like user Ids and passwords by issuing fake emails on the pretext of security verification. The emails appear to originate from genuine banks and the user is misled into submitting the information. The golden rule to follow is to never share or submit passwords or user Ids.

Change Wireless Network Passwords

Most users of wireless networks do not change the default password provided by the router vendor. These default passwords are known to hackers and it makes a hacker’s job easy to intrude any home network from hundreds of meters away. One should change the default password immediately before using the wireless network.

Change Service Set ID or SSID

SSID or Service Set ID is the name of the wireless network. Wireless router vendors leave a default SSID on installation of the router software. Hackers can easily swap a home computer’s default SSID with theirs without the user’s knowledge. Like the network password the SSID also needs to be changed immediately before using the wireless network.

Hide the Service Set ID or SSID

Sometimes changing the SSID is also not full proof as hankers have advanced methods to intrude into a wireless network if the SSID is known. To prevent such cases the SSID needs to be hidden. Router configuration softwares allow the SSID to be hidden and the steps are provided in the manuals.

Convert to Static IP Instead of Dynamic

Most home users use IP (Internet Protocol) addresses on the internet that are dynamic and are provided by randomly picking one from on the fly from a pool of IP addresses. Hackers can obtain a valid IP address from this pool and use it to gain access to the home user’s computer. This feature of assigning dynamic IP addresses can be turned off and a fixed IP can be used instead. Additionally if firewall access rules on the router and computer are limited to this static IP address, then the home computer is secure.

As technological advancements are made, the hackers update themselves and in most cases are ahead of the technology to find loopholes. Commercial and home users of the internet should therefore get educated and become aware of basic do’s and don’ts to combat fraudulent activity through wireless networks on the internet.

Malware And Spyware

2009-01-10T02:30:00.000-08:00

Spyware & Malware are a problem that is costing individuals and businesses billions of dollars per year in lost time and revenue to detect and remove it. IDC, a top research and advisory company for IT and telecommunications industries recently surveyed over 600 organizations to determine what companies perceived to be their greatest security threat. The survey results showed that Spyware was listed fourth out of top security threats. This may not sound extremely important, but according to estimates, over half of consumer computers are infected with some sort of Spyware or adware. There are hundreds of anti-spyware programs on the market today, however the anti-spyware program is only as good as its database.

What is Spyware & Malware?

Spyware and Malware are software that is installed along with a program that is knowingly installed on your computer. Spyware collects information about your computer, data on your computer and information about you and it secretly sends to another computer or person via the Internet. Malware infects your computer and is designed to vandalize or cause data loss to your computer.

Spyware & Malware are a growing problem to businesses and individuals worldwide. According to statistics published by Earthlink in 2004, computers they scanned averaged 26 instances of Spyware per computer. As you can see, Spyware is a growing epidemic and every precaution must be taken to circumvent this problem. And Malware has been just as destructive, with 2005 figures of financial impact of and estimated $14.2 Billion.

What is the Problem with Spyware & Malware?

Businesses an individuals store all types of information on their computers. Information such as sensitive business information, company financial data, account numbers, credit card numbers, personnel information and other sensitive and private information.

When the Spyware or Malware program activates on your computer, it can collect this sensitive and private information and forward it to another person or computer or corrupt and destroy the data on the computer hard drive and then move throughout your network. When this happens, you will usually have little or no knowledge of this action.

What Types of Spyware and Malware Are There?

Spyware can be categorized by the level of intrusiveness and/or the use of information collected. Low-level spyware includes cookies and most adware. Medium to high level Spyware includes â€œmonitoringâ€ or â€œsurveillanceâ€ Spyware designed to collect information for criminal purposes.
Malware can be categorized by the manner in which they spread. They can either be considered a virus or worm. Malware can either infect computers by triggering when executable software actives or transmit itself over a network as a worm to infect other computers.

How Much Does it Cost to Counter Spyware & Malware?

Consumers and businesses are expected to spend approximately $305 million on efforts to detect and eliminate Spyware, according to a recent report from IDC. This amount does not include the loss of time and productivity. When Spyware affects a companies network, it can slow down the productivity of employees and require the companies IT staff to track down and eliminate the Spyware. If Spyware affects your computer at home, it can slow your productivity, forward personal information and in some cases you may need to format your hard drive to eliminate the Spyware. Thus loosing all of the data not backed up.
According to research, the most cost-intensive category for Malware was â€œlabor.â€ The loss of revenue was ranked second in 2005 approximately $14.2 Billion.

How to Protect Your Computer From Spyware & Malware?

There are two basic elements to any Spyware & Malware software. The elements are ability to detect Spyware & Malware and the ability to remove the detected malicious programs. To give your computer the most protection possible, itâ€™s best to purchase an anti-spyware/anti- Malware program.

There are free anti-spyware & anti-Malware programs available on the Internet but we strongly advise you not to use them. Some programs are poorly written or have not been tested thoroughly and can create conflicts with software on your computer or cause damage. Some programmers also create anti-spyware programs only to remove other spyware and install their spyware or Malware.

Itâ€™s best to purchase an anti-spyware / anti-Malware program from a reputable manufacture and retailer. The key to protecting your computer from this destructive software is frequently updating your softwareâ€™s database and running complete scans of your hard drive and any other storage media.

In conclusion, viruses, spyware and Malware are a billion dollar business and malicious programmers and companies are looking to cash in on you. Protect yourself with a quality security program and continuously update the software to give your computer the best protection possible when scanning your hard drive.

How to safeguard our personal and financial data?

2009-01-10T02:28:00.000-08:00

Internet is a public network of nearly 50,000 networks connecting millions of computers throughout the world. When we register to become a member of this website, we need to fill in some personal information.

The information is including name, date of birth, gender, address, telephone, e-mail address, occupation and interests. “Personal Financial Information” means any record containing a customer of a financial institution, whether in paper, electronic, or another form, that is handled by behalf of the institution or its affiliates.

If online purchase, the company will record consumer information records such as names, addresses, phone numbers, bank and credit card account numbers and et-cetera. Is it security to protect consumer avoid embezzled by other people?

Here are a few approaches on how to safeguard our personal and financial data:

Do not reveal any personal information or particularly passwords to anyone. After using any of the Financial Data Center or member services, must remember to log out properly before leaving the Financial Data Center.

If share information with another user or use our services on a public computer such as in a public library, school computer lab or Internet cafe, must remember to close the browser window. That is to prevent other users from reading your personal information and mail.

Avoid using passwords that are easy for someone to guess, such as the name of your favorite pet or your date of birth. Never write this information down and never carry it in your wallet or briefcase.

Install antispyware and antivirus software. Symantec, Norton and Avg antivirus are popular software use by computer users.Its clean computer and protect personal information, financial data and etc.

Web owner can use access control mechanism which limits actions that can be performed by an authenticated person or group. It determines who can use the network resource and what resource can be used.

Keep your card close. Whether you are out shopping or eating out, watch how clerks handle your card. Then take your receipt with you and never throw it away in a public place.

Pay attention when using an ATM and keep your eyes peeled for anyone who seems a little too interested in your transactions. Use your free hand to shield the keypad when entering your PIN. Besides that, banker can add on fingerprint scanning on ATM machine.

Keep credit cards to a minimum. Only keep the ones you actually use and destroy any that you no longer use by shredding them.

All people should cooperate between each other to prevent reveal our own or consumer personal and financial data.

Password Advice

2008-12-14T05:56:00.000-08:00

Password Advice

Use of a good password is your first security defence. You should always use a password on any computer that others can access, so that no one can access your private information, use your account and impersonate you on the Internet delete your files by mistake, etc.

You should change your password regularly, where regularly is determined by your environment -- perhaps every 60 days in an office environment and every six months on a secure home computer. From least to most secure, there are three types of passwords:

What you have. Examples include keys and pass cards. The risk is that they can be lost or stolen.

What you know. Examples include computer account passwords and building entry passwords, information that passes from your brain through your hand to the security system. The risks are that they can be copied if you are observed entering them, and unless they are sufficiently unique they can sometimes be guessed or cracked.

What you are. Examples include fingerprints, retina patterns, and other biometric passwords. These are much more difficult to copy (so far) and are therefore the most secure passwords.

The most common type of password on the Internet are passwords you know, mainly alphanumeric keywords. For a reasonably secure home computer, password selection might be a less critical issue, but on networks open to the Internet there are many very real threats to administrator, network, and application passwords. Many ingenious programs have been written to crack passwords at high volume, some by hackers and some as legitimate security testing tools, and are of course loose on the Internet. Many of these programs use a variety of dictionary based attacks to combine common words and word variations to try thousands of passwords as fast as the targeted system will permit. Some start by guessing a whole bunch of common passwords.

Other password cracking techniques include low-tech but surprisingly effective methods as sending an email supposedly from an authorized administrator requesting the password, making a telephone contact supposedly from the authorized company and then requesting the password for authentication, and use of electronic spy ware to capture the legitimate entry of a password and send it to the eavesdropper. As always, the human element is more unpredictable than the technical part.

To provide maximum protection, there are four basic rules for password management security:

Pronounceable. The best password is at least eight letters, and pronounceable so that it is memorable. Your password should not be a recognizable word, and should include at least one number, to minimize the chances it can be found by "dictionary" based attacks. There is a simple trick to making them up instantly -- pretend you are two years old, combine random syllables into words, then add a number, such as "banilum4", "somi3can", and "telupson6".

Non-clichés. Lots of people use their birthday or spouse's birthday, the name of someone from their family or friends, the name of a favorite pet, or some other high profile subject for their password. Avoid all the obvious choices, since professional hackers try these first.

Unique. Never use the same password for more than one purpose, and change important passwords regularly without reusing old ones. Use separate passwords for your computer login, internet account, email account, and other functions. If you use the same password for more than one purpose, you run the risk that if someone knows one of your passwords then they can break into all of your accounts. (This rule may be relaxed for low threat environments such as a home office).

Write it down. Unfortunately, the trade-off for using good password practices is that you might forget them, so you need to record them somewhere. If you don't do this, it is a statistical certainty that sooner or later you will find yourself locked out of a computer or application at a very inopportune time. The trick is finding a secure location for storage of this sensitive document. If you have a very secure storage location (locked filing cabinet, encrypted file on your main computer) than you might store it there, but make sure it is secure; if that security protection is bypassed, all of your passwords are lost.

First principles are: don't leave it on your desk, store it in your wallet, or tape it to the bottom of anything. For non-electronic storage, a common but effective technique is to record your passwords in pencil on a document that stored with a lot of other documents, or on the margin of a page of a book on a shelf with a lot of other books. Therefore, even if someone had the time to search for it, it would be difficult to find, and even if found it wouldn't be obvious what it was.

Virus Protection...Virus

2008-12-13T05:06:00.000-08:00

Virus Protection

The most important computing advice is "back up your files", which helps to safeguard your data if you ever get a virus. The second most important principle is "run an anti-virus protection program". If your anti-virus program does not include a good firewall, you must obtain one of those as well.

Modern computer viruses are more virulent than ever. It is critically essential for the protection of all of the valuable programs and information on your computer that you run a good anti-virus protection program. Most of these applications can regularly update their database over the Internet as the threats evolve and automatically keep your anti-virus protection up-to-date and your computer safe.

Commercial. The following companies are leading anti-virus protection providers:

Maintenance. Once you have installed anti-virus protection, take the following additional protective measures:

Never use a floppy disk, CD, DVD, tape, or other external media that has been on someone else's computer without first scanning it with your anti-virus protection program, which should be set to scan all media by default. If you lend media to someone else to copy a file, write-protect it first so that it won't get inadvertently infected.

Protect your perimeter. Make sure your anti-virus protection settings are turned on by default to scan files incoming over email and downloaded off the Internet.

Infection. Computers that run good anti-virus protection usually don't get infected. However, if you are sure that your system has somehow got a virus anyway, you can take the following steps:

Immediately shutdown your computer, and do not reboot it from the infected disk, in order to prevent the virus from wreaking more damage.

Boot the computer from some clean external media such as a bootable floppy, CD, DVD, or external disk that has previously been scanned by your anti-virus protection.

Run your anti-virus protection software from the clean boot disk, on the infected disk, and if required fix or delete infected files and replace them on the infected disk.

If you need help or your anti-virus protection can't clean the disk, then you are best advised to take your computer to a good professional repair shop where they have tools to try and clean and recover your disk as best as possible.

Keep in mind that anti-virus protection sometimes generates false alarms -- a common cause is when a program file has changed size but for a valid reason. Another common indicator that you may have a false alarm is if your anti-virus protection claims that a file may contains a virus but doesn't know the virus's name. Don't delete files unless the anti-virus protection software specifically recommends it, recognizes the viruses name, and it otherwise looks like a reasonable suggestion.

Internet Worms....Virus

2008-12-12T05:10:00.000-08:00

Worms - Types and Habitats

Penetration of a remote system can be accomplished in any of three ways... In each case the worm arranges to get a remote command interpreter which it can use to copy over, compile and execute the 99-line bootstrap. The bootstrap sets up its own network connection with the local worm and copies over the other files it needs, and using these pieces a remote worm is built and the infection procedure starts over again.

Internet worms are truly autonomous virtual viruses, spreading across the net, breaking into computers, and replicating without human assistance and usually without human knowledge.

Worms are particularly interesting technological constructs, with an intriguing mathematical structure and complexity. They fascinate because they take the digital imitation of life to another step -- they autonomously search for computers, penetrate them, and replicate their intelligence to continue the process.

An Internet worm can be contained in any kind of virus,program or script. Sometimes their inventor will release them into the wild in a single copy, leaving them to replicate by themselves through a variety of stratagems and protocols.

History. Worms use a variety of methods to propagate across the Internet. Early worms simply scanned the local network drives and folders and inserted themselves into programs wherever they could, trusting human beings to move disks and directories around in the normal course of things so they could continue to spread.

Since the late 1990's, many Internet worms have been Visual Basic script viruses which replicate on Windows computers by interacting with the user's email program to send themselves to many (often all) of the addresses in the address book. Once on a new machine, they repeat the process with the new user's address book, quickly expanding the number of people reached. Some of the worst outbreaks of email worms have spread around the world within just a few hours, and email remains the Internet worm's fastest known transmission method.

Beginning in 2001, the most dangerous worms started to employ weaknesses in the Windows operating system to attack machines directly across the Internet. When a significant Windows weakness was found, Microsoft would patch it, hackers would release worms to attack it a few weeks later, and any unpatched machine connected to the Internet would soon be compromised. With several hundred million machines running Windows, statistically speaking a lot don't get patched immediately, so there are always thousands of vulnerable systems. Even computers inside a firewall protected intranet are at risk as long as there is one weak link somewhere -- an unprotected machine on the Internet able to reach the rest of the intranet. Microsoft introduced automatic operating system updates to help solve this problem.

The most successful Internet worm of all time, in terms of sheer saturation, was the code red worm, which scanned the Internet for vulnerable Windows computers running the IIS web server to install itself and continue the infection. For example, a list of the code red infected computers trying to break into the LivingInternet site on August 7, 2001, can be found here. (Fortunately, the site was running on the Apache web server.)

A wide range of other inventive strains of Internet worms have employed security weaknesses in IRC, finger, and other programs and protocols. A few worms began to be discovered for Linux in the late 1990's as it became more popular across the Internet and some vulnerabilities were found, but the strong security architecture of Linux has kept the number of problems relatively low.

The first worm. The first worm disabled most of the Internet then existing. Robert Morris, a Computer Science graduate student at Cornell University and (embarrassingly) son of the Chief Scientist at the National Computer Security Center, wrote a 99 line program in the C language designed to self-replicate and propagate itself from machine to machine across the Internet. The worm performed the trick by combining a bug in the debugging mode of the sendmail program used to control email on almost all Internet computers, a bug in the finger program, and the Unix rexec and rsh commands.

On November 2, 1988, Morris released his worm, but did so from an MIT computer to disguise his origin. In his view, only one thing went wrong -- the worm started replicating at a much faster rate than he had predicted, and began crashing and disabling computers across the Internet.

Morris sent out an anonymous message telling people how to disable the worm, but because it had brought down the Internet, the message about how to disable it couldn't get through. The worm eventually infected more than 6,000 computers across the Internet. Within a day teams of programmers at the University of California at Berkeley and Purdue University reverse engineered the worm and developed methods of stopping it. The Internet then came back to normal in a couple of days.

Morris claimed that he had intended his worm as an innocent experiment and hadn't planned it to have any negative effects. Nonetheless, he was eventually convicted of violating the computer Fraud and Abuse Act (Title 18), and sentenced to three years of probation, 400 hours of community service, and a $10,050 fine. His appeal was rejected in March, 1991.

At least one good thing resulted from this incident -- the Computer Emergency Response Team, or CERT, was formed by ARPA in response to the Morris worm incident to track and provide information on Internet security threats.

Script & Macro Viruses...virus

2008-12-11T18:08:00.000-08:00

Script & Macro Viruses

Script Viruses - Types and Habitats

Script viruses (sometimes called macro viruses) generally travel embedded in email and office automation documents, although they can be found in web pages as well.

Old fashioned program viruses are usually implemented in executable system code, whereas script viruses are usually written in a powerful high-level language that is compiled and run on the fly. They often have sophisticated functionality and direct interfaces to high level applications such as word processing, spreadsheet, email, and web programs, and can wreak considerable havoc. Since they first surfaced in office automation programs, they are sometimes also called "macro" viruses. Script viruses can also propagate through IRC protocols.

On Microsoft computers, turning on your script checking virus protection is essential. However, keep in mind that there may be an associated performance hit for some applications. Many applications on Windows are written in Visual Basic, and real-time script virus checking can double the time it takes for their usual functions to run. If you find that ordinary functions take an inordinate length of time to complete, you can try temporarily turning this feature off in your anti-virus checker -- but don't forget to turn it back on afterwards!

Active threats. The following types of script viruses are currently the most active and dangerous, on the Windows platform:

Visual Basic is a flexible and powerful programming environment for Microsoft Windows, Office, and internet applications. Script viruses written in Visual Basic can run throughout the Microsoft architecture, giving them considerable reach and power, and making them the primary virus threat today.

The first widespread Visual Basic script virus was Melissa, which brought down several of the large international corporations for several days in March 1999. Melissa traveled in a Microsoft Word document and ran when the document was opened, then opened the associated Microsoft Outlook email program, read the user's email address book, and then sent email copies of itself to the first fifty names it found. It spread very quickly.

The Melissa virus architecture was quickly followed by many similar variants programmed by hackers around the world, including the ground breaking KAK, the first Visual Basic script virus that triggered as soon as an email was opened. KAK was then followed by BubbleBoy, which triggered if an email was even viewed in the preview pane. A steady stream of Visual Basic script viruses continue to circulate to this day. There are even automated, point and click programs like VBS Love Generator to help hackers produce additional variants. Script viruses which use email to send themselves to others are also a form of worm.
The term "macro virus" is used less often, and generally refers to a virus in an office automation application macro, most commonly a Visual Basic macro in a Microsoft Word or Excel document. Macro viruses can cross system boundaries from Windows to Macintosh computers with MS Office documents. Current versions of Microsoft Office contain strong anti-macro protections to guard against known attacks.

ActiveX is one of Microsoft's distributed application technologies that enable web pages to download programs on the fly with the full power of any executable running on your machine. This makes ActiveX modules especially efficient and powerful, but also a security risk since they can create, change, and delete files, add system programming code, or take any other action your user account is allowed on your computer.

To help mitigate the risk, Microsoft provides a network architecture of encryptedsecurity certificates for ActiveX modules. This network gives you the option of refusing the download of unsigned ActiveX modules from unknown authors, and at least disclosing the signed identity of those modules that you do accept in case they later cause problems. However, this approach is not universally accepted by the general user and professional security communities, and is sometimes called "trust me now, try to catch me later". Users running Internet Explorer on Windows machines should make sure that their browser security settings are set to "disable" for unsigned ActiveX applets, and to "prompt" for signed applets.

Hypothetical threats. The following script viruses are largely theoretical, but illustrate that they can turn up wherever there is scripting code:

Java is a standard cross platform development environment, and is often used to download scripts to add functionality like a clock or chat room interface to a web page. Java was written with a strong security model which protects your computer's data and resources, and it has so far proved remarkably resistant to script virus infection. You can turn Java off in your browser if you want to be extra careful, but it will disable some useful functionality on some web pages.

JAVAscript is the standard web programming language. JavaScript also has a well-defined security model that protects data and resources, and the few JavaScript viruses that have been discovered have been mainly theoretical in nature. You can turn JavaScript off in your browser settings if you want to be extra careful, but it will disable functionality on many web pages.

MIME. The first script virus that triggered as soon as an email was opened was a MIME virus that applied to older versions of Netscape Mail, Microsoft Outlook, and Eudora Mail. In a variation on an old hacker technique, the attached MIME file was given a very long name that triggered a bug which allowed the end of the name to be run as a series of instructions, which could then be written to run the virus. However, a fix for the bug was quickly developed for each vulnerable email program, and MIME viruses have so far remained hypothetical.

Boot & Program Viruses...Virus

2008-12-11T18:01:00.000-08:00

Boot & Program Viruses

Boot & Program Viruses - Types and Habitats

Boot and program viruses were the first viruses. They are generally made of executable code that hides inside device boot programs and application programs, and are usually targeted for a specific computer operating system. These were the earliest types of computer viruses developed, and remained relatively common in the wild until overtaken in 1998 by script and macro viruses.

Boot viruses. Boot viruses hide in the boot code for a media device, such as a disk or CD, and run automatically when the media is loaded since boot programs are always the first code loaded from any device. Boot viruses proliferated on floppy disks and even CD's into the late 1990's, but aren't seen as often these days with the decline in importance of transferable, bootable media.

The first computer boot virus was built by a 15 year old kid named Rich Skrenta in 1982 for Apple II computers. Called "Elk cloner”, it would activate whenever a floppy disk was booted on a computer, install itself on the computer, and then infect other disks used later. Once every 50 times an infected floppy was inserted in a computer it would display the following message.

Elk Cloner: The program with a personality

It will get on all your disks
It will infiltrate your chips
Yes it's Cloner!

It will stick to you like glue
It will modify ram too
Send in the Cloner!

Skrenta launched the virus into the wild in early 1982 by infecting his school’s computer and giving out disks at a computer club. Since viruses were not yet known and there were no safegaurds, it spread around the country and continued to pop up on Apple II computers for years afterwards.

The first boot virus to infect Microsoft computers was called Brain, developed in 1986 by two Pakistani brothers, and displayed the phone number of their computer repair business.

Program viruses. Program viruses can travel on media like a CD or across the Internet email attachment. They hide in an apparently useful program and then run when the program is opened. They are often called trojan horse viruses, after the hollow wooden horse containing soldiers that Ulysses and the Greeks gave to Minerva during the Trojan war, and from which the soldiers emerged that night to open the gates of the city of Troy to the Greek armies, thereby causing the city's downfall.

Program viruses may be deliberately hidden in a program by the developer, or surreptitiously attached after the fact at some point along its travels from computer to computer. Program viruses are also sometimes the vector of infection for boot viruses and worms.

Virus infection. A greeting card program emailed to you from a friend might display a holiday animation and song, while at the same time installing a remote access virus program that gives a distant hacker control over your computer whenever you're connected to the Internet. Similarly, a shareware program downloaded and emailed to you by another friend might have been infected with a virus on his computer or the server where it was stored.

The first thing a boot or program virus often does is insert commands and settings in the operating system so that they can operate freely, undetected, and unaudited, without warning messages or access log records. Some of them even change the Basic Input Output System (BIOS) that interfaces between the computer's hardware and software to help mask their activities.

The most sophisticated program viruses include "stealth viruses", which encrypt their contents to try and avoid detection by virus protection software, and "polymorphic viruses", which alter their content every time they replicate to try and avoid detection, which exhibits behavior just like real viruses. Most anti-virus program can still catch most of these types of viruses.

Viruses

2008-12-11T17:58:00.000-08:00

Viruses - Families and Habitats

Computer viruses of one kind or another have infected the Internet since its very first years of existence. Virus protection is now required technology for everyone that uses the Internet.

Signs that your computer might have a virus could include spontaneous startup of programs like email programs, unexplained attempts by programs on your computer to access the Internet, changes in file date stamps, unusually slow program load or run times, lots of unexplained disk activity, or failure of a program or your computer to start. However, if you have an anti-virus protection running, then problems like a slow computer or lots of disk activity are most likely caused by an inefficient system configuration, not enough memory, a fragmented disk, or other benign causes, since most viruses won't give any visible signs.

Some viruses are only annoying, displaying a message, using extra memory or disk, or changing file names. However, some are destructive and will change files and erase data, and some will erase your entire hard drive. Some run silently in the background and give outside agents complete control of your computer without your knowledge whenever you are connected to the Internet.

The Internet gives viruses a particularly efficient new path for global infection. Some email viruses have spread around the world and brought down tens of thousands of computers in just a few hours. It is absolutely essential that you run an anti-virus protection program to safeguard your computer from these serious threats.

Email Security

2008-12-11T05:33:00.000-08:00

Corporate email: A mission-critical application

Email is well-established as a prime means of communication for business purposes that is quicker and cheaper than more traditional methods. Yet it brings with it the necessity to make one's corporate messaging system as secure as possible.

Email-related threats to network security

A variety of different elements weaken your corporate email system and while some are widely known - such as email viruses - others tend to be ignored. Emails carrying offensive messages or confidential corporate information can create immense inconvenience and expense for a company that has not equipped its mail server with the appropriate tools. The same goes for spammers who use the email system at work to send thousands of unsolicited email messages. And what about the vast damage and time-loss caused by email viruses, which seem are making ever more frequent appearances these days?

Some companies lull themselves into a false sense of security upon installing a firewall. This is a wise step to protect their intranet, but it is not enough: Firewalls prevent network access by unauthorized users. But they do not check the content of mail being sent and received by those authorized to use the system, for instance. More targeted measures are needed to counteract this and other security loopholes in a corporate network.

The threat of information leaks
Organizations often fail to acknowledge that there is a greater risk of crucial data being stolen from within the company rather than from outside.

Various studies have shown how employees use email to send out confidential corporate information. Be it because they are disgruntled and revengeful, or because they fail to realize the potentially harmful impact of such a practice, employees use email to share sensitive data that was officially intended to remain in-house.

FBI statistics, for example, reveal that among Fortune 500 companies, most data thefts in 1998 were by internal users. Again, research results carried in PC Week in March 1999 report that, out of 800 workers surveyed, 21-31% admitted to sending confidential information - like financial or product data - to recipients outside the company by email. Ten per cent of those surveyed disclosed that they had received email containing company-confidential information.

The threat of emails containing malicious or offensive content
Emails carrying sensitive information, or unsolicited mail messages sent out by corporate users are not the only problem a company has to tackle with regard to employees' email use. Emails sent by staff containing racist, sexist or other offensive material could prove equally troublesome, not to mention embarrassing - and expensive!

This factor hit the headlines during the much-publicized antitrust case against Microsoft Corp., when the US government presented as evidence the contents of emails written by top Microsoft executives describing plans to topple competitors. On a similar note, Chevron recently had to pay $2.2 million to settle a lawsuit resulting from an email message bearing sexist contents.

Under British law, employers are held responsible for emails written by employees in the course of their employment, whether or not the employer consented to the mail. The insurance company Norwich Union was asked to pay $450,000 in an out-of-court settlement as a result of emailed comments relating to competition.

Besides, offensive emails can cause considerable damage to the work environment simply by generating an unpleasant, hostile or unprofessional atmosphere.

The threat of viruses
Viruses are a major email security hazard that companies simply cannot afford to ignore. Over 11,000 different computer viruses exist to date and some 300 new ones are created each month. Their effects range from negligible to bothersome to destructive.

The extent of the problem is so great that today many companies have even begun to prohibit the use of email attachments, as this is where viruses are often embedded. Unless forewarned, users are generally unaware that they have received a virus until they open the infected attachment. By this time, it is too late: the virus is activated and starts to take over, completely infecting the hard drive and the messaging network.

The danger of viruses transmitted through macros, another common form of virus transmission, is that they allow the user to continue working and sharing documents. This way, the virus spreads faster, infecting more and more users. One such macro virus, known as Melissa, reared its ugly head on March 26, 1999. Melissa forced organizations the world over - among them Microsoft and Intel - to suspend all email transactions. This may well have been an effective response to the new viral onslaught, when timely action was taken - but it also signified incalculable productivity loss, despite stemming data loss. As a result, Melissa left a huge dent in corporate coffers: "It is responsible for millions of dollars worth of damage", an April 1999 issue of InfoWorld reported.

Other fiercely destructive viruses followed fast on Melissa's trail, such as the Chernobyl (CIH) virus and the Explore Worm, both of which wipe out files, resulting in data loss. Again, companies like Microsoft, Intel, Boeing and Forrester Research were reported in the press as having shut down their mail servers when hit by the Explore Worm outbreak in June 1999. And, as if all this were not enough, anti-virus researchers predict that more damaging email viruses are yet to come.

The threat of spam
About 90 per cent of email users receive spam - or unsolicited commercial mail - at least once a week, a survey conducted by the Gartner Group shows. The research results, issued in June 1999, revealed that almost half those surveyed were spammed six or more times a week. The study surveyed 13,000 email users.

Although the U.S. Congress and state legislatures are seeking to ban spam, and the Federal Trade Commission sues spammers whose junk mail deceives consumers, unwanted mail is on the increase.

As well as consuming bandwidth and slowing down email systems, spam is a frustrating time-waster, forcing employees to sift through and delete mounds of junk mail. It also proves irritating and offensive to recipients who feel their privacy has been invaded. However, there is a third aspect to spam: it constitutes a security hazard.

Spammers can use a corporate mail server to send out their unsolicited messages, often bringing trouble upon the unwitting organization. Virgin Net recently underwent such an experience when one of its subscribers apparently used its network to send out 250,000 junk messages. As a result of this individual's actions, Virgin Net was put onto the Real-time Blackhole List (RBL), an undesirable listing which leads other ISPs to reject mail coming from that company.

SPAM Filtering

Protecting against security breaches

Corporate security policy
The security menaces are many, but effective solutions do exist. The first step to enhance security recommended by cyber-security consultants is the formulation of a corporate email policy document. This is used to inform all members of the organization which messaging practices are deemed unacceptable.

Without being overly restrictive, such documents should provide guidelines and procedures to be followed by employees in their use of email at the workplace. Examples of the kinds of email messages that could prove detrimental to the organization should be supplied. The overriding point to be emphasized is that by adopting this policy, the company and its staff stand to gain by benefiting from messaging security that is as watertight as possible.

Next, the organization must acquire new security tools to help enforce these regulations, informing all users that this measure is being taken.

Security software
Corporations may choose from a selection of email security packages. Some solutions are created to tackle a particular menace alone while others contain a convenient bundle of tools to deal with the various hazards. It is up to each organization to select the software that best suits their needs.

As always, price is bound to be one of the determining factors in making the right choice. Another essential characteristic to seek is a product that is as transparent to the user as possible. A package that installs on the existing corporate email system and is easy to use means that a company can enjoy the security benefits offered immediately upon installation. This section examines the different email security features available on the market, either separately or as part of a solution.

Preventing information leaks
A content checking tool is a must to prevent users from sending out confidential or sensitive corporate information via email. This tool automatically scans the contents of each message being mailed.

To be effectual, this tool should link to a quarantining feature that isolates emails with suspect content and prevents them from being sent unless an authorized person within the organization has approved the message.

Content checking
Likewise, a content screening tool is necessary to prevent corporate users from sending or receiving malicious, offensive, or inappropriate emails. This should be coupled with a tried and tested quarantining feature that bars emails with suspect content from being sent or received unless an authorized person within the organization has approved the message first.

Combating viruses
A reliable virus scanner screens all incoming and outbound messages and attachments for email viruses and worms.

Of course, it is not enough for a package to detect a virus. A good security tool must be able to block the infected documents or clean them before the email reaches the addressee. Additionally, the anti-virus solution should notify the recipient and/or network administrator of the email-borne virus. This way, viruses are stopped in their tracks before they do any harm and senders can be alerted that their systems are infected.

Eliminating spam
An efficient anti-spam tool will pick up words and phrases that usually appear in unsolicited commercial emails and block the unwanted message from entering the system. While preventing inconvenience to recipients, this saves the corporation time that employees would otherwise have wasted reading and deleting junk mail - paid work time that could be better applied.

Advanced anti-spam features include the detection of incorrect 'From' headers and addresses in the email body, typical spam practices, as well as the facility to be programmed to block emails containing any phrases the company chooses. Another essential ingredient is the ability to prevent spammers from using the corporate system to send out vast quantities of mail, a practice known as mail relaying.

Also effective against spam is a quarantining feature that deters email messages with dubious content from going through. This feature acts as a kind of clearinghouse, allowing an authorized person to approve the filtered messages before they are sent or received.

A powerful solution that arms your Exchange Server 2000

GFI MailSecurity for Exchange/SMTP
Your only true defence is to install a comprehensive email security solution to safeguard your mail server and network. GFI MailSecurity for Exchange/SMTP provides email content checking, exploit detection and anti-virus for Exchange/SMTP. it can be deployed at the gateway level, or at information store level (based on the Exchange 2000 VS API).

Key features include: Multiple virus engines - Don't depend on 1 only; Email content & attachment checking - Quarantine dangerous emails; Exploit shield - Email intrusion detection & defence; Email threats engine - Analyses & defuses HTML scripts, .exe files & more. Other features include:

Automatic removal of HTML scripts
Automatic quarantining of Microsoft Word documents with macros
Detects attachment extension hiding
Rules-based configuration
Apply rules to AD users or groups
Approve/reject quarantined mail using the moderator client/email client/public folders
Lexical analysis
Seamless integration with Exchange Server 2000 through VS API
Anti-spam (gateway version)
Great value

All About Malicious Codes

2008-12-02T08:00:00.000-08:00

Abstract

Malicious code refers to a broad category of software threats to your network and systems. Perhaps the most sophisticated types of threats to computer systems are presented by malicious codes that exploit vulnerabilities in computer systems. Any code which modifies or destroys data, steals data , allows unauthorized access Exploits or damage a system, and does something that user did not intend to do, is called malicious code. This paper will briefly introduce you to the various types of malicious code you will encounter, including Viruses, Trojan horses, Logic bombs and Worms.

Taxonomy of malicious Code

A computer program is a sequence of symbols that are caucused to achieve a desired functionality; the program is termed malicious when their sequences of instructions are used to intentionally cause adverse affects to the system. In the other words we can’t call any “bug” as a Malicious Code. Malicious codes are also called programmed threats. The following figure provides an overall taxonomy of Malicious Code.

Figure 1 Malicious Code Taxonomy

Taxonomy is a system of classification allowing one to uniquely identify something. As presented in the above figure, threats can be divided into two categories:

Independents: are self contained program that can be scheduled and ran by the operating system.

Needs host program: are essentially fragments of programs that can not exist independently of some actual application program, utility or system program.

You must also differentiate between these software threats that do not replicate and these that do. (Replication is a process that a code reproduces or duplicates itself.)The former are fragments of programs that are to be activated when the host program is invoked to perform a specific function , the latter consist of either a program fragment or an independent program (worm , zombie ) that when executed may produce one or more copies of itself to be activated later on the same system or some other system . In the following, I briefly survey each at these parts of malicious software.

Trap doors

defined - 1.syn.Back doors a bad thing. 2. A Trap door function is one which is easy to compute but very difficult to compute the inverse of [Jargon Dictionary]
A trap door is a secret entry point into a program that allows someone that is aware at the trap door to gain access without going through the usual security access procedure. In many cases attacks using trap doors can give a great degree of access to the application, important data, or given the hosting system. Trap doors have been used legitimately by programmers to debug and test programs, some of the legitimate reasons for trap doors are:

Intentionally leaves them for testing, and make testing easier.
Intentionally leaves them for covert means of access. In the other words, allows access in event of errors.
Intentionally leaves them for fixing bugs.

But they may use illegitimately, to provide future, illegal access. Trap doors become threats when they are used by unscrupulous programmers to gain unauthorized access.

Back door is another name for a trap door, back doors provide immediate access to a system by passing employed authentication and security protocols, Attackers can use back doors to bypass security control and gain control at a system without time consuming hacking.

Logic Bombs

defined - The logic bomb is code embedded in some legitimate program that execute when a certain predefined events occurs, these codes surreptitiously inserted into an application or operating system that causes it to perform some destructive or security – compromising activity whenever specified conditions are met [Jargon Dictionary]

A bomb may sent a note to an attacker when a user is logged on to the internet and is using an specific program such as a word processor, this message informs the attacker that the user is ready for an attack, figure 2 shows a logic bomb in operation .Notice that this bomb dose not actually begin the attack but tells the attacker that the victim has met needed state for an attack to begin.

Figure 2 Logic Bombs

Attacker implants logic bomb
Victim reports installation
Attacker sends attack message
Victim dose as logic bomb installation

Examples of conditions that can be used as triggers for a logic bomb are the presence or absence at certain files, a particular day of the week or date, or a particular user running the application. One triggered a bomb may alter or delete data or entire files, cause a machine half or do some other damage.

Trojan Horses

defined - A malicious, security –breaking program that is disguised as something benign, such as directory lister, archiver, game, or (in one notorious 1990 case on Mac) a program to find and destroy viruses!" [Jargon Dictionary]

A Trojan horse is a useful, or apparently useful program or command procedure containing hidden code that when invoked performs some unwanted or harmful function. Trojan Horses can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly. For example, to gain access to the files of another user on a shared system, a user could create a Trojan Horse program that when executed, changed the invoking user’s file permissions so that the file are readable by any user, the another example of Trojan horse program is a compiler that has been modified to insert additional code into certain programs as they are compiled such as a system login program, the code creates a trap door in the login program that permits the author to log on to the system using a special password. Another common motivation for the Trojan horse is data destruction.
The program appears to be performing a useful function but it may also be quietly deleting the victim’s files.

Zombie

A zombie is a program that secretly takes over another internet-attached computer and then uses that computer to launch attacks that are difficult to trace to the zombie’s creator. Zombies are used in Denial of service attacks, typically against targeted web sites. The zombie is planted on hundreds of computers belonging to unsuspecting third parties and then used to overwhelm the target website by launching on overwhelming onslaught of internet traffic.

Viruses

defined - [From the obvious analogy with biological viruses]. A cracker program that searches out other programs and 'infects' them by embedding a copy of itself in them so that they become Trojan horses. When these programs are executed, the embedded virus is executed too, thus propagating the ' infection ' this normally happens invisibly to the user. Unlike a worm, a virus can not infect other computers without assistance. It is propagated by vectors such as humans trading programs with their friends the virus may do nothing but propagate itself and then allow the program to run normally. Usually, however, after propagating silently for a while, it starts doing things like writing cute messages on the terminal or playing strange tricks with the display. Many nasty viruses, written by particularly perversely minded crackers, do irreversible. Damage, like nuking the entire user’s files… [Jargon Dictionary]

A virus is a program that can ' infect ' other programs by modifying them , the modification include a copy of the virus program , which can then go on to infect other programs . Therefore the key characteristic of virus is the ability to self replicate by modifying a normal program file with a copy of itself. On Nov, 1983 Fred Cohen ("father of computer virus") thought of the idea of computer viruses as a graduate student at USC. Cohen wrote the first documented virus and demonstrated on the USC campus network. “Virus” named after biological virus the following table shows details:

Biological Virus	Computer Virus
Consist of DNA or RNA strand surrounded by protein shell to bond to host cell	Consist of set of instructions stored in host program
No life outside of host cell	Active only when host program is executed
Replicates by taking over host’s metabolic machinery with it’s own DNA/RNA	Replicates when host program is executed or host file is opened
Copies infect other cells	Copies infect (attach to) other host program

A virus can do anything that other programs do. The only difference is that it attaches itself to another program and executes secretly when the host program is run. Once a virus is executing, it can perform any function such as erasing files and programs. During its lifetime a typical virus goes through the following four phases:

Dormant phase: The virus is idle the virus will eventually be activated by some event, such as a date. The presence of another program or file, or the capacity of the disk exceeding some limit, not all viruses have this stage.

Propagation phase: The virus places an identical copy of itself into other programs or into certain system areas on the disk. Each infected program will now contain a clone of the virus, which will itself enter a propagation phase.

Triggering phase: The virus is activated to perform the function for which it was intended. As with the dormant phase, the triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself.

Execution phase: The function is performed. The function may be harmless, such as a message on the screen, or damaging, such as the destruction of programs and data files.

Virus Anatomy
Virus Structure has four ports
Mark can prevent re-infection attempts
Infection Mechanism causes spread to other files
Triggers are conditions for delivering payload
Payload is the possible damage to infected computer

Figure 3 Anatomy of Virus

Mark (optional)

Infection Mechanism

Trigger (optional)

Payload (optional)

Memory – resident virus: lodges in main memory as part of a resident system program. From that point on, virus infects every program that executes.

Program file virus: Infects programs such as Exe/Com/Sys – files. The following figures show details:

Figure 5 Program File Viruses

Polymorphic virus: creates copies during replication that are functionally equivalents but have distinctly different bit patterns. In this case the “signature “of the virus will vary with each copy. To achieve this variation, the virus may randomly insert superfluous instructions or interchange the order of independent in-generally called a mutation engine, creates a random encryption key to encrypt the reminder of the virus. The key is stored with the virus, and the mutation engine itself is altered. When an infected program is invoked, the virus uses the stored random key to decrypt the virus, when the virus replicates, a different random key is selected.

Boot Sector Virus: Boot sector viruses infect the system area of the disk that is read when the disk is initially accessed or booted. This area can include the master boot record the operation system’s boot sector or both. A virus infecting these areas typically takes the system instructions it finds and moves them to some other area on the disk. The virus is then free to place its own code in the boot record. When the system initializes, the virus loads into memory and simply points to the new location for the system instructions. The system then boots in a normal fashion except the virus is now resident in memory. A boot sector virus can replicate without your executing any programs from an infected disk. Simply accessing the disk is sufficient. For example, most PCs do a systems check on boot up that verifies the operation of the floppy drive even this verification process is sufficient to activate a boot sector virus if one exist on a floppy left in the machine and the hard drive can also become infected.

Stealth Virus: A format virus explicitly designed to hide itself from detection by antivirus software. When the virus is loaded into memory, it monitors system calls to files and disk sectors, when a call is trapped the, virus modifies the information returned to the process making the call so that it sees the original uninfected information. This aids the virus in avoiding detection. For example many boot sector viruses contain stealth ability. If the infected disk is booted, programs such as FDISK report a normal boot record. The virus is intercepting sector calls from FDISK and returning the original boot sector information. If you boot the system from a clean floppy disk however, the drive is inaccessible. If you run FDISK again, the program reports a corrupted boot sector on the drive. To use stealth, however, the virus must be actively running in memory, which means that the stealth portion of the virus is vulnerable to detect by antivirus.

Macro Virus: it is set of macro commands, specific to an application, which automatically executes in an unsolicited manner and spread to that application’s documents. According to the national computer security agency (www.ncsa.com), macro viruses now make up two – thirds of all computer viruses. Macro viruses are particularly threatening for a number of reasons:

A macro virus is platform independent. Virtually all of the macro viruses infect Microsoft word documents. Any hardware platform and operating system that supports word can be infected.
Macro viruses infect documents, not executable portions of code. Most of the information introduced on to a computer system is in the form of a document rather than a program.
Macro viruses are easily spread. A very common method is by electronic mail.

Macro viruses take advantage of a feature found in word and other office applications such as Microsoft Excel, namely the macro. In essence, a macro is an executable program embedded in a word processing document or other type of file. What makes it possible to create a macro virus is the auto executing macro this is a macro that is automatically invoked, without explicit user input. Common auto execute events are opening a file, closing a file and starting an application. Once a macro is running, it can copy itself to other documents, delete files and cause other sorts of damage to the users In Microsoft word. There are three types of auto executing macros:

Auto execute: If a macro named Auto exec is in the "Normal. Dot" template or in a global template stored in word’s start up directory, it is executed whenever word is started
Auto macro: An auto macro executes when a defined event occurs, such as opening or closing a document
Command macro: If a macro in a global macro file or a macro attached to a document has the name of an existing word command, it is executed whenever the user invoked that command.

A common technique for spreading a macro virus is as follows:
An auto macro or command macro is attached to a word document that is introduced into a system by e-mail or disk transfer. After the document is opened, the macro executes. The macro copies itself to the global macro file. When the next session of word opens, the infected global macro is active. When this macro executes, it can replicates itself and cause damage.

Email Virus: A more recent development in malicious software is the e-mail virus. The first rapidly spreading e-mail viruses, such as Melissa, made use of a Microsoft word macro embedded in an attachment. If the recipient opens the e-mail attachment, the word macro is activated then:

The e-mail virus sends itself to everyone on the mailing list in the user’s e-mail package

The virus does local damage

Worms

Can one IP packet cripple the Internet within 10 minutes? On January 25Th 2003 “SQL Sapphire Slammer “worm causes more than 1.2 billion US dollars damage, 70% South Korea’s network paralyzed, 300,000 ISP subscribers in Portugal knocked offline, 13,000 Bank of America machines shut down, Continental Airline’s ticketing system crippled.

Figure 6 SQL Sapphire / Slammer Worm

Worm (n)
[From ‘tape worm’ in John Brunner’s novel “The Shockwave Rider “… ], A program that propagates itself over a network, reproducing itself as it goes … [Jargon Dictionary]

Worm is also self-replicating but a stand-alone program that exploits security holes to compromise other computers and spread copies of itself through the network. Unlike viruses, worms do not need to parasitically attach to other programs. Because of the recursive structure of this propagation, the spread rate of worms is very fast and poses a big threat on the Internet infrastructure as a whole.

Worm Anatomy

Mark: structurally similar to viruses, except a stand-alone program instead of program fragment
Infection Mechanism: searches for weakly protected computers through a network (i.e., worms are network based)
Triggers: are Conditions for delivering payload
Payload: might drop a Trojan horse or parasitically infect files, so worms can have Trojan horse or virus characteristics

Figure 7 Worms Anatomy

Mark (optional)

Infection Mechanism

Trigger (optional)

Payload (optional)

More On Data Security

2008-11-28T21:31:00.000-08:00

SafeConduct

Application Access Security for New and Legacy Systems

SSL Standard
SafeConduct brings benefits of the Secure Sockets Layer (SSL) v3.0 standard, including digital certificate authentication and 256-bit data encryption, to any point-to-point Internet or VPN application data traffic. The SafeConduct product family transparently works with new and legacy applications. Using SSL data security standard, the most widely used protocol for security data transmission on the Internet, SafeConduct eliminates significant information security and privacy risks.

Secure channel
SafeConduct (for ODBC SSL, OLE DB SSL, JDBC SSL, or .NET provider SSL) builds an invisible and secure channel between two TCP/IP nodes. Before any application data traffic is sent, SafeConduct authenticates the machines, securely negotiates encryption keys, transmits secured user ID/password data, and finally transmits secured application data between the two nodes. SafeConduct prevents unauthorized machines from accessing applications. Application security is ensured by preventing unauthorized access to any application data transmitted over TCP/IP networks.

SafeConduct (using SSL security) monitors and intercepts TCP/IP data at pre-configured port addresses. Once secure communication is established between the two TCP/IP nodes, SafeConduct routes application data traffic to the true destination application port address. SafeConduct Server may be installed on a machine other than the one of the server application in order to redirect requirements for SSL encryption processing. SafeConduct Server acts as an SSL proxy.

Server and Client for all platforms
The SafeConduct product family includes the SafeConduct Server, the SafeConduct Windows Client, and the SafeConduct Java Client. The SafeConduct Windows client runs on Windows client and server platforms as an application or service. The SafeConduct Java Client can be used on multiple client and server platforms including, but not limited to Linux, Solaris, Windows, IBM OS390 and zOS, IBM iSeries/AS400, IBM AIX, Mac OSX, and OS/2. The SafeConduct Server can similarly be used on multiple client and server platforms.

The SafeConduct Server includes support to allow an administrator to remotely terminate its function. This allows systems administrators to easily prevent application access during maintenance or batch processing periods.

Key Features			Benefits

SSL and TSL support - 256 bit encryption			Data protected from unauthorized access

NIST FIPS 140-2 validated crypto and SSL functions			Approved US Government standards

Node-to-Node authentication			Assurance that only authorized point-to-point pairs may exchange data

No change required to application source code			Protect Investments

Broad platform support			Single tool for enterprise deployment

Data encryption using the DigitalSignature Standard (DSS), with theDigital Signature Algorithm (DSA) and RSA algorithm			Standards-based, secure architecture

Extensive internal and Windows log reporting and accessibility			Audit tool for data analysis

Graphical tools for certificate generation and management			Faster administration processing

Optional integration with certificates obtained from an external certificate authority			Flexible support for third-party security

System Requirements:

Server
Any platform with Java Run-time Environment 1.3 and later

Client
Any platform with Java Run-time Environment 1.3 and later
or
Windows 2003/XP/2000/NT/ME/98

All About Firewalls

2008-11-27T08:17:00.000-08:00

A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria.

Function

A firewall is a dedicated appliance, or software running on another computer, which inspects network traffic passing through it, and denies or permits passage based on a set of rules.

A firewall's basic task is to regulate some of the flow of traffic between computer networks of different trust levels. Typical examples are the Internet which is a zone with no trust and an internal network which is a zone of higher trust. A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is often referred to as a "perimeter network" or Demilitarized zone (DMZ).

A firewall's function within a network is similar to physical firewalls with fire doors in building construction. In the former case, it is used to prevent network intrusion to the private network. In the latter case, it is intended to contain and delay structural fire from spreading to adjacent structures.

Without proper configuration, a firewall can often become worthless. Standard security practices dictate a "default-deny" firewall ruleset, in which the only network connections which are allowed are the ones that have been explicitly allowed. Unfortunately, such a configuration requires detailed understanding of the network applications and endpoints required for the organization's day-to-day operation. Many businesses lack such understanding, and therefore implement a "default-allow" ruleset, in which all traffic is allowed unless it has been specifically blocked. This configuration makes inadvertent network connections and system compromise much more likely.

Network firewall

A firewall is a system or group of systems that enforces an access control policy between two or more networks. The actual means by which this is accomplished varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one which exists to block traffic, and the other which exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic. Probably the most important thing to recognize about a firewall is that it implements an access control policy. If you don't have a good idea of what kind of access you want to allow or to deny, a firewall really won't help you. It's also important to recognize that the firewall's configuration, because it is a mechanism for enforcing policy, imposes its policy on everything behind it. Administrators for firewalls managing the connectivity for a large number of hosts therefore have a heavy responsibility.

Why would I want a firewall?

The Internet, like any other society, is plagued with the kind of jerks who enjoy the electronic equivalent of writing on other people's walls with spraypaint, tearing their mailboxes off, or just sitting in the street blowing their car horns. Some people try to get real work done over the Internet, and others have sensitive or proprietary data they must protect. Usually, a firewall's purpose is to keep the jerks out of your network while still letting you get your job done.

Many traditional-style corporations and data centers have computing security policies and practices that must be followed. In a case where a company's policies dictate how data must be protected, a firewall is very important, since it is the embodiment of the corporate policy. Frequently, the hardest part of hooking to the Internet, if you're a large company, is not justifying the expense or effort, but convincing management that it's safe to do so. A firewall provides not only real security--it often plays an important role as a security blanket for management.

Lastly, a firewall can act as your corporate ``ambassador'' to the Internet. Many corporations use their firewall systems as a place to store public information about corporate products and services, files to download, bug-fixes, and so forth. Several of these systems have become important parts of the Internet service structure (e.g., UUnet.uu.net, whitehouse.gov, gatekeeper.dec.com) and have reflected well on their organizational sponsors. Note that while this is historically true, most organizations now place public information on a Web server, often protected by a firewall, but not normally on the firewall itself.

What can a firewall protect against?

Some firewalls permit only email traffic through them, thereby protecting the network against any attacks other than attacks against the email service. Other firewalls provide less strict protections, and block services that are known to be problems.

Generally, firewalls are configured to protect against unauthenticated interactive logins from the ``outside'' world. This, more than anything, helps prevent vandals from logging into machines on your network. More elaborate firewalls block traffic from the outside to the inside, but permit users on the inside to communicate freely with the outside. The firewall can protect you against any type of network-borne atta 1000 ck if you unplug it.

Firewalls are also important since they can provide a single ``choke point'' where security and audit can be imposed. Unlike in a situation where a computer system is being attacked by someone dialing in with a modem, the firewall can act as an effective ``phone tap'' and tracing tool. Firewalls provide an important logging and auditing function; often they provide summaries to the administrator about what kinds and amount of traffic passed through it, how many attempts there were to break into it, etc.

Because of this, firewall logs are critically important data. They can be used as evidence in a court of law in most countries. You should safeguard, analyze and protect yoru firewall logs accordingly.

This is an important point: providing this ``choke point'' can serve the same purpose on your network as a guarded gate can for your site's physical premises. That means anytime you have a change in ``zones'' or levels of sensitivity, such a checkpoint is appropriate. A company rarely has only an outside gate and no receptionist or security staff to check badges on the way in. If there are layers of security on your site, it's reasonable to expect layers of security on your network.

What can't a firewall protect against?

Firewalls can't protect against attacks that don't go through the firewall. Many corporations that connect to the Internet are very concerned about proprietary data leaking out of the company through that route. Unfortunately for those concerned, a magnetic tape, compact disc, DVD, or USB flash drives can just as effectively be used to export data. Many organizations that are terrified (at a management level) of Internet connections have no coherent policy about how dial-in access via modems should be protected. It's silly to build a six-foot thick steel door when you live in a wooden house, but there are a lot of organizations out there buying expensive firewalls and neglecting the numerous other back-doors into their network. For a firewall to work, it must be a part of a consistent overall organizational security architecture. Firewall policies must be realistic and reflect the level of security in the entire network. For example, a site with top secret or classified data doesn't need a firewall at all: they shouldn't be hooking up to the Internet in the first place, or the systems with the really secret data should be isolated from the rest of the corporate network.

Another thing a firewall can't really protect you against is traitors or idiots inside your network. While an industrial spy might export information through your firewall, he's just as likely to export it through a telephone, FAX machine, or Compact Disc. CDs are a far more likely means for information to leak from your organization than a firewall. Firewalls also cannot protect you against stupidity. Users who reveal sensitive information over the telephone are good targets for social engineering; an attacker may be able to break into your network by completely bypassing your firewall, if he can find a ``helpful'' employee inside who can be fooled into giving access to a modem pool. Before deciding this isn't a problem in your organization, ask yourself how much trouble a contractor has getting logged into the network or how much difficulty a user who forgot his password has getting it reset. If the people on the help desk believe that every call is internal, you have a problem that can't be fixed by tightening controls on the firewalls.

Firewalls can't protect against tunneling over most application protocols to trojaned or poorly written clients. There are no magic bullets and a firewall is not an excuse to not implement software controls on internal networks or ignore host security on servers. Tunneling ``bad'' things over HTTP, SMTP, and other protocols is quite simple and trivially demonstrated. Security isn't ``fire and forget''.

Lastly, firewalls 1000 can't protect against bad things being allowed through them. For instance, many Trojan Horses use the Internet Relay Chat (IRC) protocol to allow an attacker to control a compromised internal host from a public IRC server. If you allow any internal system to connect to any external system, then your firewall will provide no protection from this vector of attack.

Design and Implementation Issues

What are some of the basic design decisions in a firewall?

There are a number of basic design issues that should be addressed by the lucky person who has been tasked with the responsibility of designing, specifying, and implementing or overseeing the installation of a firewall.

The first and most important decision reflects the policy of how your company or organization wants to operate the system: is the firewall in place explicitly to deny all services except those critical to the mission of connecting to the Net, or is the firewall in place to provide a metered and audited method of ``queuing'' access in a non-threatening manner? There are degrees of paranoia between these positions; the final stance of your firewall might be more the result of a political than an engineering decision.

The second is: what level of monitoring, redundancy, and control do you want? Having established the acceptable risk level (i.e., how paranoid you are) by resolving the first issue, you can form a checklist of what should be monitored, permitted, and denied. In other words, you start by figuring out your overall objectives, and then combine a needs analysis with a risk assessment, and sort the almost always conflicting requirements out into a laund 1000 ry list that specifies what you plan to implement.

The third issue is financial. We can't address this one here in anything but vague terms, but it's important to try to quantify any proposed solutions in terms of how much it will cost either to buy or to implement. For example, a complete firewall product may cost between $100,000 at the high end, and free at the low end. The free option, of doing some fancy configuring on a Cisco or similar router will cost nothing but staff time and a few cups of coffee. Implementing a high end firewall from scratch might cost several man-months, which may equate to $30,000 worth of staff salary and benefits. The systems management overhead is also a consideration. Building a home-brew is fine, but it's important to build it so that it doesn't require constant (and expensive) attention. It's important, in other words, to evaluate firewalls not only in terms of what they cost now, but continuing costs such as support.

On the technical side, there are a couple of decisions to make, based on the fact that for all practical purposes what we are talking about is a static traffic routing service placed between the network service provider's router and your internal network. The traffic routing service may be implemented at an IP level via something like screening rules in a router, or at an application level via proxy gateways and services.

The decision to make is whether to place an exposed stripped-down machine on the outside network to run proxy services for telnet, FTP, news, etc., or whether to set up a screening router as a filter, permitting communication with one or more internal machines. There are benefits and drawbacks to both approaches, with the proxy machine providing a greater level of audit and, potentially, security in return for increased cost in configuration and a decrease in the level of service that may be provided (since a proxy needs to be developed for each desired service). The old trade-off between ease-of-use and security comes back to haunt us with a vengeance.

What are the basic types of firewalls?

Conceptually, there are three types of firewalls:

Network layer
Application layer
Hybrids

They are not as different as you might think, and latest technologies are blurring the distinction to the point where it's no longer clear if either one is ``better'' or ``worse.'' As always, you need to be careful to pick the type that meets your needs.

Which is which depends on what mechanisms the firewall uses to pass traffic from one security zone to another. The International Standards Organization (ISO) Open Systems Interconnect (OSI) model for networking defines seven layers, where each layer provides services that ``higher-level'' layers depend on. In order from the bottom, these layers are physical, data link, network, transport, session, presentation, application.

The important thing to recognize is that the lower-level the forwarding mechanism, the less examination the firewall can perform. Generally speaking, lower-level firewalls are faster, but are easier to fool into doing the wrong thing.

These days, most firewalls fall into the ``hybrid'' category, which do network filtering as well as some amount of application inspection. The amount changes depending on the vendor, product, protocol and version, so some level of digging and/or testing is often necessary.

Network layer firewalls

These generally make their decisions based on the source, destination addresses and ports in individual IP packets. A simple router is the ``traditional'' network layer firewall, since it is not able to make particularly sophisticated decisions about what a packet is actually talking to or where it actually came from. Modern networ 1000 k layer firewalls have become increasingly sophisticated, and now maintain internal information about the state of connections passing through them, the contents of some of the data streams, and so on. One thing that's an important distinction about many network layer firewalls is that they route traffic directly though them, so to use one you either need to have a validly assigned IP address block or to use a ``private internet'' address block layer firewalls tend to be very fast and tend to be very transparent to users.

**Figure 1:** Screened Host Firewall

In Figure 1, a network layer firewall called a ``screened host firewall'' is represented. In a screened host firewall, access to and from a single host is controlled by means of a router operating at a network layer. The single host is a bastion host; a highly-defended and secured strong-point that (hopefully) can resist attack.

**Figure 2:** Screened Subnet Firewall

Example Network layer firewall: In Figure, a network layer firewall called a ``screened subnet firewall'' is represented. In a screened subnet firewall, access to and from a whole network is controlled by means of a router operating at a network layer. It is similar to a screened host, except that it is, effectively, a network of screened hosts.

Application layer firewalls

These generally are hosts running proxy servers, which permit no traffic directly between networks, and which perform elaborate logging and auditing of traffic passing through them. Since the proxy applications are software components running on the firewall, it is a good place to do lots of logging and access control. Application layer firewalls can be used as network address translators, since traffic goes in one ``side'' and out the other, after having passed through an application that effectively masks the origin of the initiating connection. Having an application in the way in some cases may impact performance and may make the firewall less transparent. Early application layer firewalls such as those built using the TIS firewall toolkit, are not particularly transparent to end users and may require some training. Modern application layer firewalls are often fully transparent. Application layer firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network layer firewalls.

**Figure 3:** Dual Homed Gateway

Example Application layer firewall: In Figure above, an application layer firewall called a ``dual homed gateway'' is represented. A dual homed gateway is a highly secured host that runs proxy software. It has two network interfaces, one on each network, and blocks all traffic passing through it.

Most firewalls now lie someplace between network layer firewalls and application layer firewalls. As expected, network layer firewalls have become increasingly ``aware'' of the informa 1000 tion going through them, and application layer firewalls have become increasingly ``low level'' and transparent. The end result is that now there are fast packet-screening systems that log and audit data as they pass through the system. Increasingly, firewalls (network and application layer) incorporate encryption so that they may protect traffic passing between them over the Internet. Firewalls with end-to-end encryption can be used by organizations with multiple points of Internet connectivity to use the Internet as a ``private backbone'' without worrying about their data or passwords being sniffed.

What are proxy servers and how do they work?

A proxy server (sometimes referred to as an application gateway or forwarder) is an application that mediates traffic between a protected network and the Internet. Proxies are often used instead of router-based traffic controls, to prevent traffic from passing directly between networks. Many proxies contain extra logging or support for user authentication. Since proxies must ``understand'' the application protocol being used, they can also implement protocol specific security (e.g., an FTP proxy might be configurable to permit incoming FTP and block outgoing FTP).

Proxy servers are application specific. In order to support a new protocol via a proxy, a proxy must be developed for it. One popular set of proxy servers is the TIS Internet Firewall Toolkit (``FWTK'') which includes proxies for Telnet, rlogin, FTP, the X Window System, HTTP/Web, and NNTP/Usenet news. SOCKS is a generic proxy system that can be compiled into a client-side application to make it work through a firewall. Its advantage is that it's easy to use, but it doesn't support the addition of authentication hooks or protocol specific logging.

2008-03-28T19:42:00.000-07:00

This article is aimed at those who want to have a broader understanding of many of the Internet Security issues that effect us ALL in today's Internet age.

Understand the Internet Security risks!

The term Internet Security means different things to many people. However there are some common topics under the heading of internet security that EVERYONE using the Internet should be aware of.

This article will identify some of the main topics and attempt to explain them in easy to understand language.

These Internet Security issues include:

Firewalls

Anti Virus software

News Groups

Chat Rooms

Spyware

Adware software

Home Page Hijackers

Scum Ware

Pop Ups

Messenger Service Spam

Windows XP Updates

The above list is NOT an exhaustive list of Internet Security related topics, NOR is it aimed at the more complex needs of business.

However, the above list of internet security topics DOES serve as a very useful primer and will arm the reader with much practical information that they can apply to their own computer!

Firewalls

What are they?

The term firewall is often mentioned in the press and computer magazines. You may even have one on your computer.... BUT what exactly are they?

Well, a firewall is a piece of hardware or software that protects you form intentional hostile attacks on your computer. For most home users this will take the form of a piece of software installed on their computer. This kind of defence is VITAL in supporting your Internet Security.

However with many small business running from peoples homes these days, some may have a small hardware firewall that all their computers will use to protect them.

What do they do?

Basically a firewall examines ALL the "traffic" (the name given to all the bits of electronic information entering and leaving your computer) when you are connected to the Internet.

Firewalls use "rules" to determine if they are going to:

Refuse "traffic" from certain internet addresses.
Refuse certain types of "protocols" e.g. Telnet or FTP (ways of accessing a computer over distances).
Refuse suspicious looking traffic".
Refuse attempts to probe your computer for information.
Refuse certain files types e.g. MP3 files.

These are a few of the things a firewall can do..

Anti Virus Software

What Is A Virus?

You can not escape the fact that at some point you are going to get infected by a computer virus if you have no up to date Anti Virus protection on your computer! These "Viruses" are basically little software programs that can be spread in many different ways. Anyone serious about Internet Security MUST take this onboard!

The difference between a computer virus and other programs is that viruses are designed to self-replicate (that is to say, make copies of themselves). They usually self-replicate without the knowledge of the user.

Viruses often contain 'payloads', actions that the virus carries out separately from replication. Payloads can vary from the annoying messages that display on your screen, to the disastrous which attempt to overwrite the Flash BIOS and cause irreparable damage to YOUR computer...

The best way for users to protect themselves against viruses is to apply the following anti-virus measures:

Make backups of all software (including operating systems), so if a virus attack has been made, you can retrieve safe copies of your files and software.

Be aware that the risk of infection grows exponentially when people exchange floppy disks, download web material or open email attachments without caution.

Have anti-virus (AV) software installed and updated regularly to detect, report and (where appropriate) disinfect viruses

Different Types Of Virus.

These programs that can infect your computer are split into various different types called:

Viruses

Trojans

Worms

It is NOT possible for any individual to remain uninfected for long, without any reliable Anti Virus software. But it is NOT good enough to just have the software on your computer. It ALSO needs to be updated on a regular basis - so that it can keep up to date with the latest viruses. This last point lets many folks down in their fight against Internet Security threats... They simply forget to update the software!

News Groups

Internet News Groups are a place for

online discussion of topics of interest. These are usually text messages placed by their writers into the newsgroup where other people can read and reply to them. The groups are public, open to anyone to read and write messages, and often also share computer files such as photographs and sound files. Over the years, the number of such newsgroups has grown to many thousands, covering a huge range of subjects.

Newsgroups can be very useful and entertaining, as a place to talk to experts and share ideas and experience. For example, if you want to find out about a holiday destination, you can probably find people who have been there who will share their opinions and knowledge. There are also groups devoted to Music and particular bands or artists, a kind of disorganised fan-club, and the groups specialising in computing technical support are heavily used by people who have problems using their computers, printers, software, etc.

While there can be lots of valuable information taking place in newsgroup discussions, there can also be a lot of useless content too and they form part of your Internet Security awarness!

Obscene material is common in some newsgroups, while other groups have been used for criminal activity such as exchange of child pornography.

Don't believe everything you read online. For example, there have been cases of criminals trying to affect share prices by spreading false information in newsgroups.

Schools usually deny most pupils access to Newsgroups, on the basis that there is a lot of undesirable content found there and that taking part in the discussions has limited educational value. Community venues such as public libraries may take similar action.

If you have children using your computer then you need to be aware of News Groups!

Chat Rooms

Ask most young teenagers if they have ever used a Chat Room they will answer yes.

But do you know what a chat room is and the dangers involved? Are they an Internet Security risk?

Internet Chat is a way for people to communicate live with each other by typing text messages which are seen immediately by everyone present in the online chat "room". It is a sociable activity, and very popular with young people as a way of meeting and talking to friends and establishing relationships.....

BUT you have NO real IDEA who is in the chat room..... people lie about who they really are and many paedophiles use chat rooms to talk sexually to youngsters! very disturbing!

Spyware / Adware

What Is Spyware?

Spyware is Internet jargon for Advertising Supported software (Adware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.

Why is it called "Spyware" ?

While this may be a great concept, the downside is that the advertising companies also install additional tracking software on your system, which is continuously "calling home", using your Internet connection and reports statistical data to the "mother ship".

While according to the privacy policies of the companies, there will be no sensitive or identifying data collected from your system and you shall remain anonymous, it still remains the fact, that you have a "live" server sitting on your PC that is sending information about YOU and YOUR surfing habits to a remote location.....

How Do I Remove It?

There are some great programs out there to do this for you! And the best one in my opinion is FREE. It checks for over 7,000 of these privacy concerns and removes them from YOUR computer.

Home Page Hijackers

What Is A Home page Hijacker?

Once one of these nasty programs gets onto your computer, it will constantly reset your homepage (and maybe Search, etc.) to where they want you to go. You can't change it back!

Typically, hijacker programs put a reference to themselves in your StartUp folder or Registry Run key, so that the hijacker runs every time the computer is started. This kind of activity does still present as an Internet Security risk, after all THEY have now taken over part of YOUR computer!

If the user tries to change any of these settings, the hijacker changes them back, sticking the user with the hijacker's site unless the hijacking software can first be found and removed.

Scum Ware

What Is Scum Ware?

Ezula's TopText is a virus-like collection of programs that gets installed onto YOUR computer when you download and install programs such as the new KaZaa system which has replaced the popular Napster program. (This allows people to download pirated copies of MP3 music files.)

Download.com shows that KaZaa has been downloaded over 7 million times just from their site. If you read the user reviews for KaZaa you will see that most users are very upset about the programs installed that do not relate to file sharing. They don't like the programs that spy on you while you are online and send the data back to the media companies wanting to sell your private information with advertisers.

What happens with Scum Ware is that you visit a reputable site but certain keywords on that site will be underlined as a link. When YOU click on them YOU are taken to an advertisers website... (These can be pornographic websites.)

Now the company/person that created the website did NOT put these links there. It is the Scum Ware software sitting on your computer that is doing this.... Most folks are shocked when i explain this to them! This may seem a low Internet Security risk, and it probably is.... BUT it is not an activity that ANY IT security expert would condone...

Messenger Service Spam

When Microsoft released it's Operating System "Windows NT" it included a "service" that runs in the background. This was then included in Windows 2000 and the recent Windows XP.

No one knows exactly why Microsoft enabled this service to be running when you install the Operating System. BUT because it is running, Spammers have the ability to send you annoying adverts every time you are connected to the Internet! This is an Internet Security threat...

Also Visit:
1. Network Security
2.Computer Networking