The History of Computer Viruses (Part 2)
In This Second part of the three-part article by our reporter Yeo Kheng Meng, he explores on how you can counter those nasty computer bugs. (yes, KILL EM’ ALL!)
Given the nature and the number of computers affected, it could be very likely that the computer you are using to read this could be infected by this worm. So you may be wondering, what tools do we the end users have to deal with such threats?
I will be answering this question in this section.
For end-users, just remember 5 things. Firewall, Antivirus, Constant Updates, Alternative software and Common Sense.
Firewall
A firewall is a software or hardware that filters out any unauthorised data from passing between two networks. It is usually considered the first line of defence for most computer (networks) as it prevents infection in the first place. As prevention is always better than cure, I will be elaborating in detail about its importance and usage.
A firewall is a must have for any computer system/network that is connected to the Internet today. Today's viruses and worms do not even need user-intervention to spread itself. An example would be the Blaster worm I mentioned earlier, it can infect an unpatched/unprotected PC connected to the Internet even without the user doing anything on it.
According to the SANS institute as reported by ZDnet News, it takes just 20 minutes to compromise a computer. And take note, which was in 2004, there is every reason to believe that this time frame has gone shorter by now. Even with the most seasoned techies, a firewall is still a must.
Thankfully, every computer installed with the Windows XP Service Pack 2 or later has an inbound-based firewall turned on by default. That perhaps can give users a basic sense of security. To check if yours is turned on, see the instructions from Microsoft here.
It’s good to note that the built-in firewall provided by Windows XP does not protect well against outbound transmissions. That is to say, the moment a virus manages to get into a system, there is nothing to stop it from sending out information such as credit card numbers back to its creators. Microsoft claims that Windows Vista has the ability to control outbound data. But so far, an independent tester has found it unreliable and unintuitive to use.
Therefore, the best solution is, get a third-party firewall for this task. The several common ones include Zonealarm and Comodo. This two are free for Home use. The main feature that distinguishes most third-part firewalls and the Windows Firewall is the ability to manage outbound connections more efficiently. The problem is, outbound filtering requires active user intervention for it to work effectively. The user has to individually approve the outbound access of all programs that wants to do so.
Very often, the user is shown just the process name without any additional information. The user being to fed up with the constant questioning may simply click allow at every question or worse still, turn off the firewall altogether. This is obviously is not the correct way. The firewall has no way of determining whether the program is legitimate as there are billions of programs in the world. It’s up to the user to seek out and search the name of the process online and hopefully make a correct decision.
It is not common knowledge that routers are actually a form of physical firewall in itself. Due to the nature in which routers operate, they automatically filter out any unrequested information. An added feature is that the router's programming resides on a firmware in a chip; this makes it even more unlikely that it can be corrupted by a rogue program. DoS attacks are also limited as any attempt to bring down a system is mainly focused on the external entity (router), the internal entities (computers) remain secure.
Antivirus
As its name suggests, it searches for viruses in a computer and alerts the user if one is found. Take note, up to this stage, the virus has already infected the system so the antivirus software is essentially a cure.
Antivirus software works like a security camera behind a locked door (firewall). When an intruder enters the house, it will attempt to identify the threat and eliminate it. Its function is fairly basic thus there is no need to explain much here.
The most common free antivirus software is AVG by Grisoft. There are paid versions too like Norton Antivurs from Symantec and Mcafee VirusScan. I will not participate in the debate between the quality of paid and free versions as I have not used paid versions. Your best bet will be to do read online reviews and ask around for advice.
When getting such software, always ensure that that it offers On-Access protection. This feature allows the software to scan all the computer processes for rogue activities as they are being used. Some software such as the Clamwin Antivirus does not have this feature and requires the user to manually scan a file(s) for viruses.
There are prepacked solutions that combine all the relevant software into a single package. They are usually cheaper that purchasing the software individually. Symantec has the Norton Internet Security that includes the AntiVirus, Firewall, Antispyware and Antispam etc.
We are in a lot of trouble. And we will always be in a lot of trouble.
Constant Updates
This is not a third line of defence. It is a must-have in this age of rapidly evolving threats. Your security software has to evolve in tandem to keep up.
First and foremost, ensure that the automatic update feature in Windows is turned on. If not, make sure you visit the Windows Update Site regularly to install the latest patches. Do take a look at the software updates section at the site from time to time.
For firewalls, the need to update is less urgent as firewall technology has stayed relatively constant throughout the years. Any new feature is usually only available in newer versions of software. But that does not mean you should totally neglect it, update when the software tells you to.
For antivirus software, no updates equal negligible defence. The antivirus software needs up-to-date signatures to detect the threats of today. Always ensure that the automatic updates feature by the antivirus is enabled.
Alternative Software
This is another method to avoid certain threats altogether. For this part, I will be elaborating only about Web browsers and operating systems (OS) as hackers mostly target flaws in this software.
It is a given that most Internet threats today target Internet Explorer (IE) over other browsers such as Mozilla Firefox and Opera. As such, in order to keep safe, users have to constantly patch this software. But patches are only for protection against yesterday threats, which is to say a hacker will not exploit a yet undetected flaw?
Here is where alternative browsers come in. Other browsers with their much lower market share will usually be ignored by hackers. Thus, they tend to be safer. A good start would be Mozilla Firefox currently in its 2.0.0.9 version. The downside being that certain features may not work on alternative browsers. The most common being the ActiveX control which is only available on IE. Its helpful to note that ActiveX itself is actually responsible for many security loopholes on IE.
For OSes, it’s much tougher. This entails switching to alternative platforms such as Linux and Apple. Apple's Mac OS can only be used on their own proprietary designs. If you want to use your current hardware, this leaves Linux as the only remaining viable option.
Linux is an open-source operating system that is usually available free-of-charge on the Internet. The installation and usage of Linux is still considered rather geeky despite its improved user-friendliness over the years.
And the problem of missing/different features becomes magnified here. You can expect all the third-party software such as games that you are using now to be incompatible with Linux. It is almost mandatory to use alternative software like Firefox and Openoffice for your day to day operations. This entails an extremely high learning curve which not many users want to overcome.
(Open Source- A software which has its source code easily available to the public to scrutinise for bugs.
Openoffice- A free, open source alternative to the Microsoft Office productivity suite.
Linux actually has a limited ability to run Windows applications through emulators such as Wine and virtualisation software such as VMware. But these tools are usually slower and not all software can work on them with the same efficiency then if they are run on their native platform.)
Certain specialised hardware such as TV tuners, wireless adapters, scanners, webcams and biometric readers etc may not be usable if the manufacturer is lazy to write a driver for it on the Linux platform.
Because of this, most Linux users operate in a dual-boot environment. This allows them to switch over to Linux by a simple reboot if the need arises. The technique to partition a drive for installation space is HIGHLY not recommended if you just a novice user.
If you are really daring like I did, you can go ahead and take the plunge to install Linux. But thankfully there are some Linux distributions that allow to “test-run” Linux in the form of Live-CDs before installing it. These distributions do not touch any files on your hard disk. Any time you want to go back to Windows, just reboot.
Common conventional Linux distributions, Fedora Core, OpenSuse, (K)Ubuntu and Mandriva.
Common Live CDs, Knoppix, Puppy Linux, Damn Small Linux.
Common Sense
Nothing is usually good when we are dealing with the human aspect of machines and technology. Computer security is also no exception. In every system, humans are always the weakest link. Common sense is supposed to be common, but surprisingly some people do not have it, probably due to the lack of knowledge.
Now is the time for me to preach with the ten commandments of computer security. Print out and paste in front of your computer if necessary.
Rule 1: Do not accept any attachments you receive haphazardly. Whether through email or instant messaging, when you click it, it gives the virus an opportunity to activate itself.
Rule 2: Do not deactivate any security programs you are running. Just because they are an irritant does not give you the license to take a chance without protection. A lock is only effective if it is used all the time.
Rule 3: More does not mean better. Having more that one security program of the same class may cause them to conflict and create unnecessary problems.
Rule 4: Stay out of piracy! Do not download any stuff such as games, screen savers from the Internet without first scanning them for rogue material. Buying pirated stuff from the pasar malam may get you more that what you bargained for.
Rule 5: Backup important data regularly.
Rule 6: Never give out personal information and passwords to anybody.
Rule 7: Change passwords regularly. Once every 6 months would be prudent. Make sure they are of at least 8 characters and are hard to crack. If you are afraid of forgetting your passwords, write them on a physical medium and store them in a safe place.
Rule 8: Be observant. If you feel that your computer or Internet connection is getting slower and slower, there is a high probability your computer is infected by a virus.
Rule 9: Key the exact web URL in the browser's address bar. This prevent phishing where a hacker sets up an identical looking site to get personal information.
Rule 10: Follow the above rules but do not be complacent. Stay vigilant!
By Yeo Kheng Meng