Computer Corner : Computer Viruses, Update 2010 by Bob Hubbard

Bob Hubbard

Retired
MT Mentor
Founding Member
Lifetime Supporting Member
MTS Alumni
Joined
Aug 4, 2001
Messages
47,249
Reaction score
767
Location
Land of the Free
Computer Corner : Computer Viruses, Update 2010
by Bob Hubbard


In the 7 years since the original version of this article was released, the war between virus writers and anti-virus software companies has continued to grow. What follows is an update and expansion of the original. Companies have changed products, merged, gone under and so on. I've revised and updated the reference list at the end, so that you have the most current listing possible.

With the ever-growing increase in email traffic, viruses are a constant threat to the computer user. In the old days, viruses were limited to those who shared infected software. Today, with around 1/5th of the world’s population online, and the ever-growing dependence on the Internet as a communications medium, viruses are a major threat.

So, what is a virus? We’ve all heard the terms ‘virus’, ‘worm’, ‘trojan horse’, and more, but what are they exactly? Aren’t they all the same thing? Not really. In this column, I’ll define what a virus is, what the differences between a virus and a worm are, why you should care, and what you can do to protect yourself.

1. What is a computer virus?

The word virus is often used very generally when we normal computer users talk about unwished programs we have got into our computers. What we often carelessly call a virus is actually a trojan or worm. A real computer virus is a (hostile) program, that is capable to reproduce it self and infect other programs.

The victim of these infections usually doesn’t care what they are called; the important question is how to get rid of it, preferably without losing any data. Knowing a bit about them however can ease the panic, and speed the safe recovery of your system. Panic reactions often cause the bigger part of the costs of virus infections.

Viruses are little programs. They have to be executed to be able to make harm. A virus that is not executed is not an immediate risk. Therefore, it is very important to not allow e-mail programs to automatically open attachments.

Not all viruses are “dangerous” to the computer. Some of them just play music, show text or a picture. But although the virus-writer didn’t mean to make any harm, these “innocent” joke-viruses might be malicious. Most virus-writers are no stars of programming, and bugs in their code can cause trouble when the virus is executed.

2. What is a Worm?

Unlike a virus, a worm doesn’t need to infect other programs. It reproduces itself and spread mostly via e-mail. Some worms use different means to work their way around the Internet. In the late 1980’s, the infamous ‘Morris Worm’ brought the Internet to a virtual standstill by exploiting holes in the Unix operating system. Worms will often scan the system they are attacking for email addresses and use that information to launch the next phase of their attack. Because of this, worms can spread very quickly.

Many worms attach a document from the infected computer when they send themselves to various addresses. Recent worms include Code Red, SoBig and Blaster.

Some worms, including Klez H, inactivates the anti-virus program in the infected computer, and destroys the ant-virus program file system. Often a worm will take an address from either the address book or from another source on the system and use that as the “sender” address when it attacks other systems. Forged and falsified sender information is a common trick used by the current worms. If it also takes a document from the computer, it may be very difficult for the recipient to separate it from a normal mail with attachment. This increases the risk that the attachment is opened and another computer infected.

It’s very common that worms use a bug in a mail program, some version of Outlook Express for example, that makes the attachments open automatically. The receiving computer then will be infected as soon as the message is read.

3. What is a Trojan?

“The Trojan horse” is well known from Greek history. The Trojan Horse was an instrument of war used by the Greeks to gain access to the city of Troy. The horse appeared to be a gift, but in fact had an enemy hidden inside. In safety of darkness the Greek soldiers could beat the guards and let their army in to town, and the Greeks won a great victory.

In the computer world the word Trojan stands for something similar, but more technical. A trojan is a program, hidden in something looking friendly or useful. When installing the nice program, game or whatever it is, you also install the trojan. This makes it possible for a malicious hacker to take full control over your computer and all that is in it.

You can get a trojan into your system together with a program you install. Trojans can be a part of a virus or worm, they can be a component of an other trojan. A site-owner might place them in your computer when you visit a website, by making it be a part of a Java applet, a ActiveX control or something else, that is executed on the visitors computer.

An other way to place trojans, is to hide them in e-cards, congratulation cards, Christmas cards, Easter cards, Happy New Year cards and so on, sent to the victim via e-mail. It’s easy to hide the trojan in the card contents to make effects on the screen. If this is done, the victim gives the hacker free entrance to the computer when he starts the nice greeting. Or let out a virus or a worm...

Why should you care?
When your computer is attacked, you run the risk of:
· Losing all data stored on your computer
· Information could be stolen from you or your company
· Your computer could be used to attack other computers
· You could be held liable in court if your network was not deemed secure.
· Your identity can be stolen.
· Increased chance of lawsuits due to hacker-inflicted damages.
· Your passwords can be stolen.

Think about all the information you have on your system. Usernames and passwords. Credit card numbers or bank account information. Important phone numbers. All of this and more can be stolen or destroyed or changed when your system is attacked successfully.
Wait you ask, who would want to target me? I’m a nobody. Well, that may be true. But, it doesn’t matter. Computers are attacked for many reasons.

A few are:

Fun, Excitement, or Fame:
· Exciting and thrill-seeking for inexperienced attackers
· Experienced attackers brag about accomplishments
· Fame – recognized in print for their “work”

Revenge:
· Former employees getting even with employers. 57% of security breaches are by insiders

Steal Information:
· Company’s proprietary information
· Company’s customer information (credit cards)
· Personal information from home computers
· Passwords or system information from systems other than the one broken into

Denial of Service:
· Computer may be attacked for sole purpose of being used to conduct denial-of-service or other malicious attacks on other computers

Storage Space:
· Attackers store pirated material on unsuspecting computers
· Continuously connected computers allow other pirates to download material from systems used as storage

Cover Their Tracks:
· Make it difficult for law enforcement to track them

Intercept Passwords:
· Packet sniffers record transmitted information and Keystroke recorders record all keystrokes

SPAM:
· Many compromised systems are used to send out SPAM. Much of the junk email that we receive is sent out by these compromised systems. The recipients often direct their anger at the owner of the pc, rather than the real culprits.

Ok, so how do you protect yourself?

As in any battle, defense is key. In the battle against the viruses, I recommend a multi-layered defense. This consists of good computing practices, up to date anti virus software on your system, and a well-maintained firewall to help block the attacks.

Lets look at good computing practices first.

· Use hard to guess passwords. “Bob” is an easy one. “56as34rt” is much harder to guess.
· Memorize your password
· Don’t share password with others
· Don’t write password on a sticky note stuck to monitor
· Disable file and printer sharing in Windows
· Install a personal firewall
· Keep programs on your system updated by installing the latest patches
· Regularly check your system for SpyWare. Spyware are hidden programs installed while you websurf.

Installing a quality anti virus program is also essential today. The days of “I’ll just reinstall if I get hit” are long past. Proper configuration is also essential as is weekly or even daily updating of it to keep you ahead of the enemy. An out of date anti virus package is actually worse than not having one due to the false sense of security you can have. Most anti virus software allows for automatic updating. I strongly encourage you to use it, as most folks, myself included always mean to do it, but usually forget.

Also, be certain to have an up to date personal firewall. Do not depend totally on your ISP to filter for you. Most do not. Many of us run DSL or Cable and use the $100 ‘cable routers’ which come with some firewall capabilities. These are a good first line of defense when properly configured. For a second line, I strongly recommend the installation of a personal firewall. The best of these will also allow you to block both outgoing and incoming traffic. Worms are rendered impotent when they can’t get in or out.

In conclusion, viruses are a major threat today, but with a combination of knowledge, and proper defense, we can keep our systems clean, our data safe, and our lives less stressed. I will end with a list of information for those seeking further information. Thank you.

Windows:

Windows continues to be the main target of virus writers. As the dominant desktop platform, it offers a huge playground for viruses, worms and trojans to infect. Your best bets for Windows protection are:

  • Make sure you keep your operating system updated.
  • Install software patches and updates for your web browser promptly.
  • Run Firefox, Chrome or Safari and use their built in and add on protection rather than the heavily targeted and vulnerable Internet Explorer.
  • Activate Windows built in Firewall, or install a more sophisticated 3rd party firewall.
  • Use a top quality anti-Virus package such as Vipre and keep it updated.
  • Install spyware protection such as Adaware or Vipre.
Macintosh:

Macs running OS/X currently feature many built in safe guards against malware, however no system is 100% secure. Keep your Mac safe by following these tips:

  • Keep your OS up to date and regularly check for updates and install them.
  • Make sure the built in firewall is up and running.
  • Install Firefox or Chrome and use their built in and add on protection.
Linux:

  • Linux is hard for virus writers to crack due to the wide range of distributions and it's built in security. However, as with Macs, no system is solid. Many of the same tips apply to Linux users.
  • Keep your OS up to date and regularly check for updates and install them.
  • Install a good *nix anti virus such as Clam AVS.
  • Remove unused servers from your system to minimize attack options.
  • Install a solid firewall such as APF and BFD
Anti Virus Software Vendors:

Windows Update: windowsupdate.microsoft.com

FireWalls:
SpyWare Removal:
Web Browsers and Browser Security Add Ins

FireFox
FireFox has built in protection against hostile sites, but you can boost it's security by installing these extras:

  • NoScript - Allows you to disable/enable scripts per page or site to stop ad trackers and other such cold.
  • Adblock Plus - Probably the best ad blocker around, blocks most internet advertisements and allows for regular updating as well as white listing as needed.
Safari
Safari features built in pop up and cookie protections. For additional security, install JavaScript Blacklist which helps you control what scripts are allowed to execute on a webpage.

Chrome
Chrome features built in safeguards against malware and phishing attempts, as well as auto-updates and sandboxing tech that isolates code.

Internet Explorer
If you must run Internet Explorer, be certain to regularly check for updates and run the most current version. As of this writing that is IE 8 with IE9 in beta. Prior versions contain security risks and should be upgraded from ASAP. Tools such as Web Security Guard can extend the protections in the newest versions of IE for added safety.
Further Reading:
Robert Morris Worm:
http://www.swiss.ai.mit.edu/6805/articles/morris-worm.html
General Virus info:
http://antivirus.about.com This is a great resource with more links, news and tools to help you win the war.
===​
Bob Hubbard is an administrator of the popular martial arts portal site MartialTalk.com and president of SilverStar WebDesigns inc. Bob can be reached through his homepage bobhubard.net..
Updated October 2010
Originally Published September 2003 MartialTalk Magazine
Copyright ©2003-2010 Bob Hubbard - All Rights Reserved
 
Last edited:

wushuguy

Purple Belt
Joined
Jan 20, 2008
Messages
378
Reaction score
7
Location
NYC
just as a note on the linux side, most linux distros for beginners come with iptables and some kind of GUI to control it, pretty simple.

APF and BFD from my understanding are outdated and also the main target for those were servers, slightly different requirements than for home use.
http://www.webhostingresourcekit.com/307.html

One thing for any system is to be familiar with what programs are on your system, regardless win, max, unix/linux, etc. and to know which programs have a need for network access and why. For example, if you are using a paint program, there should be no reason for it to constantly send or receive info from the internet...

And if you use an online tool to check your firewall, it's good to know that if you are using a router, which you most likely are, it's only looking at your router's firewall and not your computer's firewall. To check your computer's firewall, use a program like nmap. you might be surprised at what ports are open and advertised.
 

MA-Caver

Sr. Grandmaster
MT Mentor
Joined
Aug 21, 2003
Messages
14,960
Reaction score
307
Location
Chattanooga, TN
Very insightful and useful Bob thank you.

My thoughts on it...
Presently I have two anti-virus programs running on my computer. One is Norton 2010 and the other Antivir (most updated version). I learned that having two different antivirus programs helps in the idea that if one program misses a potential malware or virus the other program catches it. In-so-far I've found this to be true. I make Norton the front line and the Antivir the 2nd ranking protection.

Both have done well but they still don't remove (all) the malware that has snuck aboard or rooted itself into my system. Thankfully it hasn't infected my e-mail and so folks are protected. I don't use the MS Outlook Express anymore since I've (personally) found it to be a POS program anyway.

My biggest beef is the seeming false ads that the more popular Spam removers or Malware removers have... they'll scan your computer and say yep you're infected... now, pay us and we'll remove it. Kinda like a doctor saying... yep your leg is broken, pay me and I'll fix it. Or they'll just remove SOME of it but not all of it... like a doctor putting a band aid on an open wound.
Understandably the makers of these removal programs have got to eat and all of that but they should make it clear that these programs are far from FREE. Free Scans yes... but Free Removals... No.
As a person of limited means (i.e. income is minimum wage based) it's difficult to even contemplate buying these programs. I bought the Norton 2010 when I had some extra hours on my paycheck and got it out of heavy research and sheer frustration because my computer was running so crappy.
I also bought (and recommend) IOLO System Mechanic http://www.iolo.com/ and have found it fixed A LOT of problems I was having... including registry and other stuff that was slowing down my computer. It offers a good firewall program as well so I'm feeling good about that and while my computer still runs sluggish I'm not having crashes or freezes or any other crap that was happening prior to my purchase of either programs.

Eventually I'm going to have to break down and get a whole new PC and hopefully have a majority of my stuff successfully transferred and with the anti-virus/malware protection I can be relatively safe.

Biggest thing I learned was under NO circumstances open ANY mail from ANYONE I do not personally know and to always look for that little paperclip with every e-mail to see if it's there. If it's there, I order the anti-programs to scan it (crawl up the e-mail's *** with a microscope) and see if there is any infections with it.
I've asked friends (and family) to never again send those cute E-cards or on line greetings. It makes me a wet blanket but it does make me more safer.
I also have two e-mail addresses. One is my present friends/family/work only e-mail addy and the other is a Yahoo addy which I use/give out when programs or sites or online purchases that I just am using for the day or whatever ask for an "valid e-mail" address... nearly 97% of whatever SPAM I get goes to THAT Yahoo address and leaves my preferred e-mail alone.

Facebook has my yahoo address and those who are friends of friends only can contact me via messaging me on FB. My address is hidden along with other personal info.

I may not be a complete geek or a complete idiot but I at least have a durn good idear about how to protect my computer.

Staying away from porn sites is a damned good idea too. :rolleyes:
 
OP
Bob Hubbard

Bob Hubbard

Retired
MT Mentor
Founding Member
Lifetime Supporting Member
MTS Alumni
Joined
Aug 4, 2001
Messages
47,249
Reaction score
767
Location
Land of the Free
Installing multiple AVS programs can be a problem. In the past putting McAfee and Norton on the same machine led to blue screens and full wipes and reinstalls of the OS. Don't know if that's still true, but then again I avoid don't recommend either program.
 

jks9199

Administrator
Staff member
Lifetime Supporting Member
Joined
Jul 2, 2006
Messages
22,132
Reaction score
2,301
Location
Northern VA
On the topic of emails, a pet peeve of mine is how some folks attach a fancy image or background as part of their email. What that really means is that EVERY email they send has an attachment... and a potential to carry a virus. Plus it takes space and time. I know some employers may mandate it -- but personally, I'd just suggest settling for a nicely organized signature along the lines of:
John Q Public
Director, Fancy Pants Emails
Phone: 555-555-5555
email: ....

One other thing... Sunbelt Personal Firewall doesn't work on Windows 7. However, the firewall included in Vipre Premium does.
 
OP
Bob Hubbard

Bob Hubbard

Retired
MT Mentor
Founding Member
Lifetime Supporting Member
MTS Alumni
Joined
Aug 4, 2001
Messages
47,249
Reaction score
767
Location
Land of the Free
Thanks for the info. I'm running Mac OSX so enjoy that 99% immunity thing. ;)

Of course, if I were to dual boot or run windows in virtual mode, I'd need a solid win AVS for that segment.
 
Top