[ISN] How to protect your computer

InfoSec News isn at c4i.org
Tue Apr 12 07:01:46 EDT 2005


http://australianit.news.com.au/articles/0,7204,12819346%5E15841%5E%5Enbv%5E,00.html

Angus Kidman and Anthony Fordham
APRIL 12, 2005 

THE release of Windows 95 10 years ago marked a key turning point in
the evolution of the consumer internet.

Built-in support for core internet protocols in Windows 95, combined
with rapid growth in the number of consumer-focused internet service
providers (ISPs), helped transform the net from a specialist geek
pastime into something everyone wanted.

In 2005, it's much simpler to get connected to the internet, and even
easier to fall victim to myriad security threats.

"There's all this malicious stuff out there, and 10 years ago there
wasn't that much,'' says Sean Richmond, senior technology consultant
for computer security software company Sophos.

"The internet in 1995 was a reasonably safe place to wander around.  
Now it's got that feeling where you have to be on guard. You have to
be on the ball a lot and pay a lot more attention to what you need to
do to be safe."

The threat of viruses was alive and well in 1995.

However, the evolution of malware (code designed to either damage your
computer or steal resources and information) has put a wider range of
threats on centre stage.

"There's a constant hum of malicious code roaming the internet," says
John Donovan, managing director for Symantec for Australia and New
Zealand.

According to Allan Bell, Asia-Pacific marketing director for McAfee,
the history of malicious code can be divided into five broad stages.

In the pre-network era, roughly from 1986 to 1995, viruses spread
largely via floppy disks.

Over the next four years, macro viruses in popular applications such
as Word and Excel dominated.

Between 1999 and 2001, mass-mailing viruses that distributed
themselves via email took centre stage.

>From 2001, blended threats that combine existing technologies became
predominant.

More recently, "content invasion" problems such as spyware (which
invisibly tracks what you do on your PC) and phishing (which uses
"social engineering" to try to access sensitive information such as
credit card details) have become dominant.

Computer security group Trend Micro says the broad virus problem has
not disappeared. It reckons more than 8 million systems were infected
in the first three months of this year.

"Viruses and worms do still infect systems, but it's less obvious.  
Trojans are by far the most common things we're seeing now," Sophos'
Richmond says.

However, it's the sheer range of potential attacks that now poses the
biggest challenge for consumers and security companies.

McAfee's Bell says: "Threats in the past have been very much
mass-market threats. The trend you'll see in the future is more
customised and personalised attacks."

New technologies create new risks, managing director of internet
service provider Netspace’s Stuart Marburg says.

"Consumers are putting themselves at financial risk by not securing
their wireless networks, leaving their broadband connection open for
anyone to use their account to check emails and surf the internet," he
says.

A core change in recent years has been in the profile of the typical
malware writer, senior product manager, security, at Microsoft
Australia Ben English says.

"Organised crime has taken an interest in the internet as a route to
market," he says. "Money is now the predominant driving factor, and
the sophistication is increasing. We've moved away from a nuisance
attack model into a more crime-based scenario."

There's no room for naivety on the net, Richmond says.

"There's a definite interest in ripping people off, and that's making
the internet less fun," he says. "The amount of adware and spyware is
driving people away from the idea of browsing around for its own
sake."

With that said, the biggest problem for most consumers is their
failure to keep their systems up-to-date with software patches and
updates.

"One problem is the rate of change," Bell says. "We're seeing multiple
vulnerabilities emerge every day, but multiple patches are just not
realistic for the average consumer."

Lack of education and awareness among users is a big problem. "You can
choose to use a different browser, but you have to know you're able to
do that," Richmond says. Such solutions are often short-term in any
case.

For instance, in its most recent Internet Security Threat report,
Symantec noted that while Internet Explorer continued to display more
serious vulnerabilities, "alternative" browsers such as Firefox were
increasingly being targeted.

Many consumers also incorrectly assume that newly-purchased PCs will
be up-to-date and secure out of the box.

"One of the most unsafe things you can do is buy a brand-new PC and
plug it into a broadband network and see what happens," Donovan says.

Richmond says: "You can be part of a botnet within 15 minutes of
connecting an unprotected system to the internet."

With any new system, experts advise downloading patches for all key
applications and ensuring security software is set up before
performing any other tasks.

While future trends may be difficult to predict, one thing is certain:  
PC security problems aren't going to go away.

"Anywhere there's software, there's going to be vulnerabilities," Bell
says.

But regular updating of security software combined with a healthy
degree of cynicism will protect users from most problems.

Marburg says: "The key to internet security is common sense. As an ISP
we can provide pre-emptive measures to safeguard our customers from
viruses, but we can not reach into their computer and stop our
customers from handing over their personal information online or
downloading files from the internet."

Richmond says: "You don't need to be terrified and paranoid, you just
need to be informed. Don't make a target of yourself and act like an
idiot."

In other words just exercise some good common sense.

KEEPING YOUR PC HEALTHY

THE maintenance involves a combination of proactive and reactive tasks
designed to keep your machine in perfect running order. Here are the
most important. Windows security updates

Nearly as effective as antivirus software, staying on top of Windows
security up-dates will keep your machine in good running order.  
Automatic updates will alert you whenever there is a new fix or patch,
but you can also select Windows Update from the Start menu.

Be sure to install new service packs as they are released, but take
the time to read accounts online of how the service pack has affected
users so you can be prepared for any potential teething problems.

Fresh install Recommended for the experienced user only, the ultimate
solution to instability is a complete fresh reinstall of all your
software, including Windows.

Make sure you have everything you need on disc, not forgeting
applications such as word processors, games, and, of course - your
personal files.

Delete Windows at the hard drive partition level, by using the command
line instruction FDISK.

If you reinstall over an old copy of Windows, it may not fix the
instability.

You can benefit from a complete reinstall every 18 months or so, but
the operation is incredibly risky and not recommended for
inexperienced users.

Control installations

When installing a new program, don't let the installer choose the
folder. Most applications put themselves under Program Files, which
results in a huge list of folders that can be difficult to manage.

Creating a logical folder structure will make it much easier to find
programs as you need them. You can mirror this structure in the Start
menu. Use Windows Explorer to find your username in Documents and
Settings, then select Start Menu and create program groups according
to your own filing system. This prevents Start Menu bloat, which can
occur if every application is allowed to create its own program group.  
Dusting

Modern components are pretty tough, if not subjected to unusual
conditions such as damp or cockroach infestation. However, dust has
the potential to build up inside fans and on sensitive electronics,
which runs the risk of short-circuiting your machine and killing the
motherboard.

Use a can of compressed air to blow dust away from components, but
don't hold it too close since most use an aerosol that could cause
condensation to form.

Be aware that you run the risk of voiding the warranty if you open the
back of your machine. Dust shouldn't be a problem for at least the
first year, by which time most warranties expire.

Uninstall, don't delete Because you can delete a file by dragging it
to the Recycle Bin it can be tempting to do this with applications
such as games or internet related programs.

But deleting this way leaves parts of the application still on your PC
in other folders, which will slow performance.

Instead, go to Control Panel, choose Add or Remove Programs and select
the application you want to uninstall from the list. The uninstall
wizard will say if you have to delete anything manually.

Update virus software

Installing an antivirus suite will only keep you protected for as long
as it takes hackers to come up with a new virus. You need to regularly
update antivirus files, available from your antivirus suite's website.  
The files will configure the software to be able to detect and block
new viruses as they are released.

Most software can now do these updates automatically, but it's worth
checking for new image files every two weeks.

A LITTLE KNOWLEDGE CAN BE DANGEROUS

A LITTLE knowledge can be a dangerous thing, according to network
manager James Bannan. He says the biggest threat to a large network is
users who think they know how to configure their own computers.

"You might know a little bit about networking and how to turn on a
feature, but you probably don't realise what you're exposing the
network to," he says.

Bannan is deputy systems manager at St Leonard's College in Melbourne.  
In a previous position at Price-waterhouseCoopers, Bannan had to deal
with a network heavily infected by an Internet Information Systems
(IIS) virus.

"We came in to work one day and the whole network was running slow.  
The first couple of requests to the helpdesk were along the lines of,
my PC has crashed, my mail won't open." Bannan says.

"It's hard to immediately diagnose a virus attack because the problems
it causes can be so generic. We told the first five people to just
reset their computers, but pretty soon we realised the problem was
much more widespread."

He says the virus the team eventually identified was designed to spam
a network with traffic to slow it down and inconvenience its users.

"Basically, these viruses are written to exploit security holes in
later versions of Windows, such as 2000 and XP," he says.

Bannan believes the virus coders are ideologically motivated. "A lot
of these guys are proponents of the open source standard and are
really anti-Microsoft."

He says the virus got into the network because employees were taking
their laptops home and using IIS features to enable them to connect to
the work network remotely.

"These were DIY configuration jobs. These guys knew enough to turn the
system on, but not enough to lock it down and protect it from attacks.  
It took us more than a week to eradicate the problem."

Viruses aren't the only thing that can hang a network. Bannan says
many types of naive configuration can be dangerous.

"Here at St Leonard's College, we had a problem with a user who had
taken his laptop home and used Windows bridging functionality to
configure an Ethernet-based network card with a wireless card.

"When he came to school and plugged his laptop back in, he forgot to
turn off his wireless and the network got itself into an infinite loop
and hung. It took us quite a bit of time to identify the problem and
track down the offending user," Bannan says.

His message to anyone who uses a complex network is simple: "If you
don't know what you're doing, 100 per cent, please don't turn on any
features or change your settings.

"It makes life very hard for network managers."

However, Bannan admits his primary role is to protect users from
themselves. He says most people can't be expected to understand the
inner workings of a big network.

"Networking can expose you to considerable risks. Even peer-to-peer
file sharing can be very dangerous unless you know how to configure it
properly," Bannan says.

 



More information about the ISN mailing list