|
The Dangers Of Not Using A Firewall
Learn how others are attacking you and your PC via Trojans, Remote Access Software, Denial of Service Attacks, Cyber Stalking, as well as Information and Identity Theft.
Go to Web Site
|
|
|
|
A COMPUTER VIRUS WITH A NASTY BITE
"You may never get another warning.
Are you prepared for the upcoming computer disaster?
I hope you're ready, because if not, it will hurt. Badly.
And it can hit at any time: today, tomorrow, next week..."
The reality is... if "we" are not ready, all of us are going to get hurt. People who are prepared will still feel it if "everyone else" ignores their responsibility to their own safety. In this "Global Village" we call the Internet, we are all in it together. Unprotected computers easily become unwitting zombies for the "bad guys".
How is it going to hurt? Well, certainly it won't have the impact or notoriety of the 9/11 disaster. But the damage it could do could be even more damaging to all of us. Over time it definitely could mean bankruptcies, even injuries and deaths.
What could cause such a nightmare? It would only take a computer virus with a really nasty bite.
VIRUSES, WORMS, AND TROJANS
The year 2003 has been called by many the "Year of the Computer Virus" due to the increasing frequency and larger scale of attacks that are striking computers everywhere as never before. With names like "Bagel" and "NetSky" they attack our computers by:
• hiding within email attachments and/or malicious Java or ActiveX web pages
• taking over our computers remotely making them some hacker's unwitting zombies
• sending spam out to everyone on our address lists using our email address as the sender
• tricking our computers into performing a Denial-of-Service (DoS) attack on some popular or government website
• or, just using our Windows file sharing services to steal our personal and financial data stored on our hard drives.
By the way, whenever I am talking about a "virus", it also applies to what are also called "worms" and "trojans". Although they operate slightly differently, their effect is the same. In fact, there really isn't much difference between a "virus" and a "worm" anymore. A "trojan" (or "trojan horse") is in essence a virus or worm packed inside an innocent-looking joke, music file, or document macro. So whenever I use the term "virus", you can apply what I say really to any of these three attackers.
So... since 2003 had so many reports of attacks, why wasn't it the year of the upcoming computer disaster?
There certainly were many viruses that annoyed people by clogging up email and slowing internet connections. Some viruses even penetrated people's personal privacy by gathering and sending off personal detail such as credit card numbers, address book email addresses, and account passwords.
But so far, none of these viruses have "dropped the big one"
That is, none of them have started massively or even selectively destroying data on computer hard drives. Even selective erasure of certain data, such as personal or business financial data, could have the effect of a major headache to possible ruin of a business for both individuals and corporations globally.
So... why didn't they?
It seems virus writers were more interested in showing off in a clash of egos, instead of doing any real harm. For example, notice how the early versions of the afore-mentioned "NetSky" viruses actually attacked the "Bagel" viruses and removed it from a victim's computer. It's as if thieves simply broke the lock on a large number of residences, but then didn't steal anything.
They did it just to prove to everyone that they could.
Bad stuff? Of course. Scary? You bet. But it isn't anything like the real upcoming computer disaster.
When the viruses with really nasty bites are first detected, it will start out something like the "Y2K" threat predictions. But probably without the crazy stories of people dying or planes falling out of the sky.
However, the viruses will spread rapidly across the Internet. Millions of computers will be infected within minutes. Previous infections from earlier viruses, that until then layed dormant, may even help these new viruses get spread around the world by turning the infected computers into unwitting "zombies". Viruses may be spewed out across the Internet by using any email addresses, instant messaging user names and password, file sharing resources, etc. that are stored on the victims' computers.
Then finally, the virus will issue the last command. "Wipe Out All Information."
People will lose their financial account information, user names and passwords, bookmarks, tax records, photos, instant messaging logs, email folders, etc. Think of the heartache and the expense!
Businesses can lose their customer information, such as who they are, their contact information, who has paid and who hasn't, etc. Think how this could cause many businesses to fail and could even mean big layoffs.
Hospitals could lose patient information, such as who is being treated for what, with what medication, and who is allergic to what. This is a scenario that actually could lead to injuries and deaths.
We will all lose services from business that disappear, even lose our jobs from struggling companies. We will probably receive bills that have already been paid, or forget to pay bills we don't receive bills for. Store shelves will go empty as transport companies have to rebuild their distribution systems from scratch. We may not even have access to our own money as ATMs may even be attacked. Already lately in the news was a story about ATMs being attacked that were running on Windows software.
Try to imagine all the economic damage that was done by the grounding of airlines during the 9/11 disaster.
Now imagine the impact if a virus such as this shuts down many parts of the economy for days or even weeks.
HOW CAN A "SIMPLE VIRUS" DO ALL THIS?
Simply by using the technologies available today, this kind of event is not only possible... but probable. To understand how, we need to be acquainted with these basic technologies and how they work. Then we can discuss a possible way that we can protect ourselves from this happening, at least to our own computers. The basic technologies we'll discuss briefly below are:
• Backdoors - A "hole" that exists in the security of an operating system due to a flaw in the design of the software, or one created by a previous virus infection.
• Trojans - A program disguised as some usually cute game, music file, or postcard that installs itself on your computer until something reawakens it to attack.
• Hacker Penetrations - More insidious because the attacker is human and focuses on your computer usually to steal your secrets or financial data.
• Cyber Stalking - Usually focused on learning everything about you as a precursor to Identity Theft (or worse).
• Denial of Service Attacks - Used bring down computers on the Internet by overloading their connections.
• Remote Access - Software designed to allow one computer to completely control another computer remotely over an Internet connection.
BACKDOORS
Backdoors are particularly hard to detect since they are not actually software programs, like viruses. They are actually "holes" in the operating system software. They could be there for either of two reasons. They were put there on purpose by the programmers of the operating system for debugging the operating system. Or it is an actual "bug" or flaw in the design of the operating system. Backdoors are not so much "created" by hackers, as they are "discovered and exploited".
So due to this aspect, there is no way to create an "anti-backdoor" detection program. Usually you will hear about them when announced by operating system manufacturers as they release a "patch". Of course, that is always a signal for virus writers to quickly create viruses exploiting the backdoor before most people can get their system "patched". Many people never even bother to update their operating systems on a regular basis. These are the most likely computers to fall victim to a backdoor attack.
Search on Google using the keywords "backdoor attack" and you will find plenty of forums of people pleading for help trying to clear their computers of virus infections that took advantage of the backdoor "hole". Sometimes the only solution offered is simply to reformat their hard drives and start over from scratch.
TROJANS
Understanding trojans is at the heart of comprehending the real scope of what is possible. Viruses and worms with their ability to spread around the world in minutes are dangerous enough. Trojans are worse since they can disguise themselves as a "cute" joke, music file, postcard, etc. and you never even know your computer is infected. Rarely do trojans do damage immediately, although some are designed to create "holes" (see Backdoors) in your security so that a hacker can remotely control your computer without your knowledge.
Trojans have an even bigger impact that you would think. Because of their stealth they can be used to attack us in ways that go far beyond stealing our personal passwords and email addresses. Here is a story link about one such attack back in May, 2001 where a trojan invaded a bank executive's computer and allowed a hacker to commit extortion against the bank for half a million dollars ($500,000.00):
http://www.wired.com/news/print/0,1294,43981,00.html
HACKER PENETRATIONS
Hackers don't just write software, they use it too. Finding "new victims" is one of their main pursuits. There is software freely available on the Internet that allows hackers to "ping" Internet Protocol (IP) addresses to see if any computers are online across a large range of addresses. When any computers respond to these "pings", that computer then looks like a lighthouse to the hacker, and most likely becomes the hacker's next victim.
A group calling itself "Cult of the Dead Cow" released a program a few years ago called "Back Oriface". Believe it or not, it was actually only a front-end (GUI) program designed to take advantage of remote access and control capabilities already hidden inside Windows by Microsoft. They made their softare freely available on the Internet mostly as an indication of their lack of esteem for Microsoft software engineering. But as you can imagine, all the hackers downloaded it and started using it to perform all sorts of mischief. It claimed it gave you more control over the computer than the actual user of the computer had. That claim turned out to be true.
Back Oriface was made "identifiable" by all the firewalls and anti-virus scanners almost immediately. After all, how it worked was no secret. In fact, here is an old article showing how you could detect and defend yourself from Back Oriface. Remember, almost all firewalls and anti-virus scanners now detect and can remove Back Oriface now. However, how many others are there out there like it that aren't so easily detected?
http://www.jamesmcquaid.com/attacks.html
Now the bad news. Using even more tricks and techniques, you can become a victim of hacker penetrations without even having a computer connected to the Internet. How is that possible? Here's a story about how Georgia Tech got penetrated just trying to handle reservations and payments for simple events they hosted on campus. You know - concerts, recitals, lectures, dance, film and theater events. They just used a computer in one of their departments to handle it all, and after being transferred from one department to another it got lost in the shuffle. The computer didn't even have a firewall - hence an easy target. 57,000 patrons of the Center for the Arts had their names and addresses and in some cases their credit card information stolen. No virus needed here... just a simple case of hacker penetration.
http://www.globalitsecurity.com/NewsAlerts/_disc11/0000000a.htm
CYBER STALKING
Probably the closest any computer attack will ever come to being labelled a form of personal terrorism is a phenomena called Cyber Stalking. It can make a person feel completely invaded and violated like some physical crimes. Just the thought of someone stealing your information and possibly using it to steal your identity, or maybe steal your money is bad enough.
But what do you do when this person, this malicious hacker, actually starts putting your life on show? Actually going to the point of putting up a web site with all your information on it for the world to see? Calling you and then hanging up on you... etc.
If you think that this is too "out there" to really happen, then you really need to check out this article.
http://www.geocities.com/Paris/Rue/2597/stalked.html
DENIAL OF SERVICE ATTACKS
The impact of this form of attack is just now becoming evident. Not too long ago, mighty Microsoft itself had to defend itself from it's Windows Update site servers crashing due to such an attack due to a new virus. Many businesses and government sites are now being targeted. While this has up to now been an attack on inidividual web sites, causing most people to think of it as an isolated incident, it really has a darker side that's not so obvious.
Beyond crashing web site servers, the mechanism used to make Denial of Service attacks to operate is viruses. These specialized viruses are usually set to coordinate themselves on millions of computers connected to the Internet and to strike simultaneously. Here's the really nasty part. Your computer could become one of these "zombies". Instead of attacking one server, what if they were set up to attack all servers at the same time? This is done by hackers all the time when they perform Internet Protocol (IP) address scans. If millions of computers started doing this at the same time. The results could be catastrophic.
Steve Gibson, author of the free "Shields Up!" web service that will check your computer to see if it is "stealthy", has written a great article on this kind of attack. While it is intended for discussing a particularly technical topic about Windows XP, realize that this vulnerability to attack is not only restricted to that operating system. Here's the link so you can read more about it.
http://grc.com/dos/winxp.htm
REMOTE ACCESS
Remote access is intimately related to penetrations by hackers. However, it is done after the hacker penetrates your system. While Back Oriface and it's ilk have made the headlines about remotely controlling other people's PC's, there are legitimate uses for this technology. That's what makes this type of attack so tricky to deal with. By default, the options are all open to allow remote access and control in Windows. What you need to learn to do is to shut this off when it is not going to be used so it is not exploited as another "hole" by a hacker or virus.
Remote administration of computers on a local area network (LAN) is usually the main use of this software. In fact, Tucows has a small list of legitimate software used just for this purpose.
http://www.tucows.com/remoteadmin95_default.html
WHAT CAN WE DO?
We can do plenty. It is possible to be prepared. What is important is that as many of us as possible need to get prepared as soon as possible. Really - it's only a matter of time until the upcoming computer disaster hits. The technology already exists to make it happen, now it simply comes down to the egos of some otherwise fairly unstable types of people. Be forewarned.
There are five simple steps we can take to prepare ourselves. None of this is rocket science. In fact, it is really a list of things you should be doing already. It's only common sense.
1. Never, ever again, open an email attachment you don't absolutely know is safe. Don't even trust the sender in the email message. Hackers are good at spoofing senders. Call them. Make sure. Really.
2. Back up your entire hard drive regularly. Don't just back up your "data". Find a good backup program and stick with it on a schedule. At least weekly for personal computers. Daily if used for business. Keep at least 3 months worth of monthly backups, just in case you have to recover from a virus infection. Invest as much as you need in backup media, even a new bookshelf to store them in, if necessary. Try to store some of your backups off-site just in case of fire or worse.
3. Buy and install a firewall. Find one that has the features you like, as several come bundled with extra features such as virus scanners, attacker tracing, detailed logging, pop-up alerts, etc. in addition to the basic firewall functions. Make sure the firewall is effective and reliable, then be concerned whether it is easy to install or use.
4. If your firewall doesn't include one, make sure you buy and install a good anti-virus program. Some include a "virus shield" like facility where it scans every file accessed on your PC in real-time. These are the safest, since they can prevent damage from occuring before it happens. The older style anti-virus scanners can only attempt to fix the problem after-the-fact. That is, after your PC has already become infected.
5. Once a month, or maybe even once a week... you should make sure your firewall and anti-virus are up-to-date. You can probably avoid this step if you buy one of each with automatic online updates. These tend to be the more expensive ones. Otherwise, you will have to manually update them yourself. As for Windows, the update process using Windows Update is still a manual process... unfortunately.
Thomas Straub
http://firewalls.topsoftwareinfo.com
|
|
|
|
|
Copyright © 2003 - 2008 URL.biz. All rights reserved. |
|
