The MD of Roundtrip Solutions Limited posted an interesting link to a piece about security in this posting: 81% of Home Users Lack Critical Security Elements (which links to this CNET article).
Security is something most folks generally ignore. I took delivery of my next door neighbour’s Dell PC this week (late December 2005), now I know security won’t be on his mind once it’s all set up and working. And since virtually all Dell’s are supplied with a Symantec anti-virus/firewall product that’s free to use for the first three months, any Internet nasties that were thinking of taking up residence on his machine will be kept away…for the first three months. After that, and after the Symantec product has asked for a credit card number and been told “no” (politely of course), the machine gradually opens up and the nasties come in. That’s the start of spyware, malware, viruses, rootkits and trojans, each inviting the other, each breeding and infecting the machine, applications, e-mails and ultimately, machines belonging to others…the zombie network takes over.
[April 2006 update: Dell are now shipping with McAfee as their anti-virus vendor of choice, and they are offering 15 months instead of 3, but do check as I believe that this is an offer not a permanent thing]
A further three months might pass before the “fastest machine money could buy” starts taking a long time to boot up…simple operations take forever…perhaps the odd “memory could not be read” error or even a blue screens of death. If they’re lazy, they might put up with it for another few months, but invariably “Friendly Bloke/Relative (FB/R) who works in IT” gets a call.
The majority of spyware “items” infect your PC largely because you clicked on something that essentially gave them permission. It’s rather like a burglar knocking at your door, you invite him or her in, they take some stuff, including a copy of the keys and go. OK, so the spyware doesn’t actually go, it lurks about on your PC making it slower and slower. And spyware will not take a copy of your keys, it might take a copy of your passwords, credit card numbers etc. You may have read a lot in the press about identity theft – well, spyware is responsible for some of the pain and turmoil caused by identity theft. Spyware, malware, etc. that sits on your PC logging your keystrokes, watching what sites you visit, can be the first step to your identity being stolen…or worse, your bank account being accessed without your knowledge or consent.
Now, until the major banks implement better security mechanisms, on-line banking is threatened by these key loggers. However, if you PC is protected using the tools mentioned in this posting, you can relax a little. You can relax even more when you learn that the banks are working on methods that will make your usage of their services a little bit more secure. In addition to the plethora of passwords and bits of passwords that banks expect us to remember (never write down of course!), new techniques such as two-factor authentication are in the pipeline. It is the PassMark system that offers this two-factor authentication, more can be found here and here.
However, whilst your bank balance is somewhat hardened, imagine how your children might react if the computer that they had been using for their homework suddenly presented them with a rather less than salubrious list of previously visited sites? That’s what I’ve found a lot of PCs that I “look after” under the auspices of FB/R. Here’s a carefully edited screenshot that demonstrates the kind of thing to expect.
This is an extreme example. The machine in question had been used to view rather a lot of pornographic material and as such had been subject to a variety of popups many of which expected the user to click ok, Yes or Accept. It is this affirmation that lets the burglar into your house and thus free to do as they please. As soon as you confirm that you are happy to have something downloaded and installed on your PC, there’s often little that can be done to prevent any damage being done.
What’s worse, this particular machine had lost its Start bar, hence the appearance of the Windows Task Manager at the bottom of the screenshot. The user of this particular machine had to use the Task Manager to run applications (some of which were in fact corrupt). By visiting pornographic sites, downloading whatever they have to offer and claim to need in order to run, this computer become very slow, unstable and required a complete re-format to bring it back to life.
Incidentally, the metastop toolbar that you see in the screenshot above, it’s a “search hijacker”. Whilst it might not sound dangerous, largely because many search hijackers will return similar results to those returned by your preferred Internet search tool, e.g. MSN Search or Google. The subtle difference being the fact that you might be directed to a site that gives the search hijacker some benefit based on the number of clicks and click-thrus that are made. If you are offered the chance to install a toolbar, particularly if you are just browsing, my advice to you is to ignore it. There are very few toolbars that you need – the big names have the market sewn up, Microsoft, Google, Yahoo, etc. More about this particular search hijacker can be found here.
You can, however, protect yourself in a number of ways:
- User education – don’t visit dodgy sites. This is harder than it sounds – convincing folks not to visit dodgy sites is a mind game, good luck!
- Avoid clicking on popups. Use the default operating system close icon instead: in Windows this is a red cross in the top right of the popup – some popups will try and fool you by including their own red cross, watch out for this and don’t be tempted to click on it. If in any doubt, ignore the popup, reboot and don’t visit that site again!
- Purchase and install a reputable firewall product. Many popular broadband routers, such the NetGear DG834 and the DLink DI-624+, have a firewall built in. Generally, this is a good thing and it does give you out of the box protection. However, if you really want to know how and when your PC is sending messages from your machine to the Internet, a operating system level firewall is useful. There are many good ones, such as ZoneAlarm. Many antivirus products now have an integrated firewall, so it is worth considering software products that do both – there are a few listed in the Recommended Software section at the end of this posting.
- Purchase and install a reputable anti-virus product. Whilst you can rely on your ADSL/Broadband router to protect you with its firewall, there’s nothing it can do to help you protect your machine from viruses, Trojan horses and other nasties that might come in via other means.
- Install an anti-spyware product. There are some good free tools, such as Ad-Aware, however like firewalls, many anti-virus vendors are integrating them into their products. John notes that he is enjoying success with Windows Defender.
- Use a file cleaner such as CCleaner. Over time, your computer builds up a lot of temporary files. Whilst Windows is reasonably good at maintaining these files, inevitably many remain. Amongst many others, CCleaner is capable of removing a whole plethora of temporary and unneeded files. After you have used CCleaner, I recommend that you defragment your drives too.
What if I don’t want to buy any software?
In that case, I recommend that you download and install a firewall such as ZoneAlarm. I would also suggest installing a free anti-virus product, such as AVG or avast!. Further, you should also install Ad-Aware.
Of course, it’s not much use downloading and installing these products, whether free or not. You have to keep them up to date. Most of the products I’ve mentioned in this post offer some form of automated update, so once you’ve installed them, they’ll happily update themselves in the background – it’s worth watching to see that this does actually happen. The first sign of a virus infection usually manifests itself when the virus tries to disable or alter the anti-virus protection that you have installed. Viruses are not known for their delicacy and often step on lots of toes whilst attempting to thwart the anti-virus protection!
On-line alternatives
Many anti-virus vendors offer their “scans” on-line, often for free. Microsoft’s Windows Live Safety Center and Symantec do just that.
Lastly…
This post homes in on the need for security on your [home] PCs, the author makes reference to a number of products that can help achieve a level of security that is sufficient. However, security is an on-going thing, it’s important to keep any security products up to date. It’s also about vigilance: don’t do anything “out of the ordinary”, don’t click “yes” or provide some sort of confirmation to popups that you weren’t expecting. Don’t open e-mails or attachments if there is anything “odd” about them, particularly if they look as if they are “executable”, e.g. .exe or .com extension…or unsolicited Word/Excel documents. The author welcomes comments and pointers to other competent software.
—
Further Reading
Identity theft, phishing, key loggers…
http://www.rootkit.com/
Sony, Rootkits and Digital Rights Management Gone Too Far
EMPLOYEE FRAUD – THE ENEMY WITHIN
Banks introduce transfer delays in drive to stamp out phishing
Victims of internet bank fraud will have to pay up
Recommended Software
Windows Live OneCare
ZoneAlarm Internet Security Suite 6
McAfee VirusScan Professional 6.0
[Originally written 31st December 2005, not posted. Revised April 2006, posted]
Craig, Craig, Craig, [say in a disappointed style]
You should get put over the knee for a couple of recommendations you’ve made! Namely, I wouldn’t accept Symantec or McAfee security products as a gift! It is only a few months ago that McAfee deleted Excel or something other similarly widespread app from systems. My experience with Norton is that it misses a load of nasties that the free AVG and Avast catch without issues.
The blog posting shown below, has an interesting video from MS Japan that shows in graphic detail the true nature of what is happening on “owned” systems!
See http://blog.roundtripsolutions.com/2006/03/23/148/what-the-bad-guys-do/
You’ve also forgotten the free Microsoft antispyware product “Windows Defender”. Although it is only in beta 2, it is stable and provides pretty good real time protection and system scanning. Loads of nice features as well like a scheduler. Remember it is FREE to an legitimate user of W2k or XP. I’ve been using and recommending it since it was called “Microsoft Antispyware”, at which point it was beta 1 quality. Defender is certainly a massive improvement and much less intensive on system resources.
User should also be using Spyware Blaster which blocks all kinds of nasties.
The single biggest thing you’ve not mentioned is to operate an account with least privledge i.e. a Windows limited user account. But that brings all kinds of other problems for most home users, who will usually resort back to administrator level in double quick time! Can wait for Vista, which should hopefully fix this issue once and for all…. or at least until an exploit is discovered and code is written to abuse the security hole!
Still a very nice post.
Regards
John
Roundtrip Solutions
John, John, John, patience 🙂
This is the first post out of at least seven on this particular subject! I’ve got 7 or so posts in draft format, many of which touch on the subjects you mention in a little more detail – the trouble is, with posts of this length, they take time to write, hence there are so many sitting in my drafts folder (25 at the last count!)…and hence a few of them are starting to be released slowly (Easter was a good break and saw two of them “escape”!)
What you say about the various anti-virus tools “missing” the odd virus is true, which is why it pays to use two different manufacturers products…but not on the same machine.
I don’t know if I’ll be touching on the “least privilege” issue that you mention – perhaps that’s something you want to run with?
I take your point about Windows Defender – now added – ta!
Thanks for reading!
“2. Avoid clicking on popups. Use the default operating system close icon instead”
I think the easiest way to get rid of confusing and unwanted popups is the ‘escape’ key (at least on windows). AFAIK it does the same as clicking on the close icon.
No reason to press anywhere on the popup.