Viruses
Published Thu, May 29 2008 12:14 PM
Technorati Tags: Computers and Internet, Software Development, Annoyances
Very early in my association with computers there was a saying — "Practice safe computing, always wear a write-protect tab". It was a play on another saying of the time, but it was a reference to the write-protect tab on floppy disks (I refuse to go there, so don't ask). The worst thing we had to worry about back then (as far as our computers went) was our own inattentiveness, when we might accidentally delete a file from our diskettes. If you covered the little notch in the side of the diskette with dark tape, the diskette drive wouldn't write to it, so you couldn't accidentally delete a file.
For the most part, personal computers were either expensive, clunky machines that belonged to your employer, or they were toys. Very few of them were connected to the Internet. The concept of the World Wide Web wasn't known but to a few people and the reality was several years in the future. Viruses, worms, Trojan horses and hackers existed but the PC wasn't a common target, and most PCs weren't connected to the Internet except through very slow dialup service. The nearest equivalent to a web site might have been the FTP sites at universities or a BBS service you read about in a computer magazine or heard about from your local computer club. For the home user, 300 baud was typical, 1200 bps was better, 2400 bps was fast, and 9600 bps was for businesses that weren't using a T1 line. Imagine reading this site at 300 baud.
How much things have changed in a few decades. There are hundreds of millions of computer users now, millions and millions of web sites. Broadband access is widespread to the point that it's common to share video over the Internet. Some of that video requires transfer speeds well over a megabit per second to play smoothly, although most is still tailored for slower connections — only a few hundred kilobits per second or so. Imagine YouTube with a Hayes Smartmodem 1200! (I used to own one of these blazingly fast machines — yikes!)
With all of those people connected to the Internet at the speeds of today, it's not a surprise that the Internet just isn't as safe as it used to be. Whenever large numbers of people gather, there are sure to be some with criminal intent. This is especially true when money is exchanged between people who think they're safe but don't really understand the technology they're using to do it. Do you shop online? Do you use a credit or debit card to carry out your transactions? Do you bank online? Do you use a service like PayPal? If so, you are a target. Your network connection is like a soldier in the field wearing a big white shirt with concentric red circles painted on the front, back, and sides.
Firewalls
Practice safe computing. Use a firewall. Windows XP has a built-in firewall. Use it. Even better, purchase security software that provides a firewall, such as McAfee's. Better yet, buy and use a hardware based firewall. This will help to prevent malicious people from burrowing into your computer through your Internet connection without your active help, and YES, THEY CAN DO IT WITHOUT YOUR HELP. Every computer on the Internet has an address. Every computer on the Internet uses one or more network ports to communicate with other computers. Thieves and other criminals are actively running scans to find open, unprotected network ports on every network address possible. Using a firewall is a good first line of security against this sort of attack.
Anti-Virus software
Practice safe computing. Use anti-virus software. Scan every file that comes onto your computer from another one before you use it. Make no exceptions or you'll be sorry. Sure, it takes longer to transfer files this way and it's a bit of a hassle, but trying to get rid of a virus takes even longer and is much more of a hassle. And that's not even considering the financial damage a virus could potentially do to you. If a virus gets onto your machine that includes a key logger, the bad guys will soon have access to your credit cards, to your bank accounts and passwords, or to any other sensitive data that you transfer online or even keep privately on your computer. They could drain your bank account without you ever knowing how.
All programs are essentially patterns of bits. Computer instructions are simply sequences of bits that, when read into a processor cause various control signals to be activated, switches to be opened and bits to flow into and out of memory. Every program you use consists of these sequences of bits in different arrangements. Viruses, which are simply small programs that do things that we don't want but that their creators want instead, are also composed of sequences of bits. The typical virus, once it gets onto your machine gets loaded and executed, will open a piece of another program file and insert a copy of its important bits into that file, infecting it. Now when that program is executed the virus is executed with it, and it may infect still more files. An anti-virus program can recognize thousands of viruses by pattern matching the sequences of bits, and can try to remove the virus, but it's not easy.
The problem with trying to remove viruses is that they infect other files. If they happen to infect a file that your computer's operating system needs to continue running they can bring the machine down. If they've infected a system file and don't bring the machine down, the machine might be disabled when the infected file is removed. This is why it's important to actively examine every file that comes onto your computer from another one before you use it. It's much easier to prevent a virus from being loaded when it first crosses the machine boundary than it is after it's infected your computer.
Anti-Spyware software
Practice safe computing. Use anti-spyware software.
Spyware isn't a virus. Sometimes it's software that you think you want. It's software that keeps track of your activities and reports it back to the bad guys. Spyware is everywhere these days, and some of the most reputable companies in the world are producing it. Even some companies that publicly crusade for Internet privacy and make their vendors sign agreements to protect the privacy of their customers produce spyware. Not too long ago, a major software producer that's publicly big on consumer privacy that we've all heard of purchased a company that provides advertising on the Internet — an advertising company that uses tracking cookies (a minor form of spyware, but spyware nonetheless) in all of its ads… and still does.
Some of the most popular websites on the Internet use spyware to keep track of what you do. Web analytics software is used by businesses all the time to see what content on their sites is the most popular, to see how better to tune search results to what people are looking for and so on. I use it too, to see what browsers my visitors are using, to see what screen resolution they're using, and yes, to see where they're from. Just about every major blog on the Internet does this. If you visit a blog that uses Sitemeter or Statcounter for example, the blog owner can learn a lot about you.
Most of the uses of such software are benign, but remember there are people out there with criminal intent. What may seem benign isn't going to stay that way as long as the bad guys are looking at it, and some spyware is not benign. One of the worst kinds of spyware is the browser hijacker. This lovely piece of work can change your home page to something you don't want, or worse, it can make your browser go to places you never asked it to, often at annoying moments. One recommended tool for fixing this particular problem is About:Buster, which is one of the first programs that fully detects this type of malicious code and gets rid of it.
The problem with anti-spyware software is finding a good product. Some of the anti-spyware software that's available is actually spyware itself. Kim Komando has some good recommended sites to look at and downloads to help deal with the spyware problem. Don't trust just any company that's in the anti-spyware business, go with a reputable recommendation.
Regular updates
The bad guys aren't sleeping. They know that people are out there trying to stop them. Some viruses have been designed to stealthily slip around anti-virus software. New viruses are written every day, with different bit patterns that the anti-virus software hasn't seen yet. The human mind is always inventive, always looking for a newer, better way to do things, even evil things.
Software is often incredibly complex. You can do amazing things with it, despite the fact that the only things a computer really can do is copy data from place to place, perform bitwise operations on it, compare one bit to another, and open and close switches thanks to the wonders of electromagnetism. It's so complex that most programmers don't even write the entire program they're responsible for, but they rely on libraries of routines. A lot of programmers don't even understand the routines in the libraries they use! When you consider the millions of lines of code that go into an operating system and our applications today, programs that can occupy tens or even hundreds of millions of bytes of memory is it any wonder that there will be flaws that can be exploited?
Microsoft has a bad reputation for security flaws in its software, but don't think that your favorite software is any better. Apple advertises that its software is more secure than Microsoft's, and to some extent that's true, but Microsoft is a bigger target because they've got a bigger installed base. And Apple has security flaws of its own that aren't as well publicized. Even Linux, open source software that its adherents love to tout for its security has flaws that can be exploited.
Software companies spend millions of dollars trying to patch those flaws, but it's a fact of human nature that errors will occur. When a flaw is found, a way to exploit that flaw is also found. When a way to exploit an unpatched flaw is found, the bad guys have a new way in to your computer. Picking up those regular security updates is a good idea.
Virus writers are always trying to find new ways to get into your computer. Anti-virus software vendors have to keep their programs updated regularly so that they can detect and block the new viruses. If you don't get the regular updates, sooner or later one of the viruses can get past it.
I know that there's the fear that even the good guys aren't so good. The movie I, Robot had that as a central theme. The NS-5 generation of robots received regular software patches from the company that made them, and eventually that process was used to override the programming of all of the NS-5 robots and make them turn on their masters.
Even so, without regular security updates to your computer and anti-virus software your computer is at risk. Doing everything you can to protect yourself is a good idea. Just take off the tin-foil hat, ignore the black helicopters and practice safe computing — OK?
Try not to help the bad guys
Remember that I told you that the bad guys will try to find a way into your computer without your help? Just think about what they can do with your help.
Don't click on links in email you receive from an unknown source. Don't do it. Please don't do it. In fact, don't even trust email that looks like it is legitimate and comes from a source you think you know. If you receive email claiming to be from a bank that contains links to log in to your account, don't trust it. Often times this is just "phishing", Email from people that don't know you that simply want to steal the access codes to your bank accounts. The email may look legitimate, but it's easy to spoof the email headers and to copy the look and feel of a website. It's all downloadable you know. Most banks won't provide those sort of links in their email in the first place. In the second place, just because the link LOOKs like it goes to the banks site, and when you hover the mouse over the link the tool-tip window shows the correct URL doesn't mean the link really goes there. You're far safer typing the address into your browser's address bar than clicking on that link.
Most email clients have a way to view the source of the email. Use it. Oftentimes those links that look OK from within the email client turn out to be very different when you view the actual address. Here's a clue - if the value of the href attribute includes an IP address, it's not legitimate. To be safe, type the address into your browser.
Even so, watch out for typographical errors when you type a URL into your browsers address bar. For example, if you want to go to Kim Komando's site, the URL is http://komando.com. It's not http://kommando.com, which is a completely different site with a completely different purpose. The URL for McAfee's web site is http://mcafee.com not http://mcaffee.com, which looks to be a cyber-squatter. PAY ATTENTION when you go online. The bad guys will use every trick in the book and a few that aren't to hurt you. If they can trick you into helping them they've won.
Don't think it can't happen to you
Seriously. Don't. I know you're smart. I know you don't trust people any more than I do, and I don't trust people at all. I know you think you know what you're doing. Scammers and hackers and bad guys are smart too. Maybe not as smart as you, maybe smarter. It's their job to figure out ways to steal from you. You're good at your job, what makes you think they aren't going to be good at theirs?
Actively protect yourself, but be prepared. Back up your important data. Back it up to another computer. Back it up using Carbonite. But don't store it on just one machine. If that machine goes, so does your data.
Just because you are protecting yourself doesn't mean that things won't slip past you. Kids aren't as vigilant as adults for example. Who would expect them to be? They don't have the same amount of life experience. Kids love the flashy and the new, and the bad guys know this.
Recently, a flaw was found in the flash player. This flaw allows a person to view a flash movie that contains malicious content that can take over your computer. It happens that my son loves to listen to music on YouTube while he does his schoolwork. He also likes to watch some of the silly videos on YouTube and other sites. Who knows, maybe that's how it happened…
I have three computers at home, and all of them are connected 24x7 to the Internet. They're behind a firewall. They all have anti-virus software on them. They all have on-access scanning. They all get regular anti-spyware sweeps, done by me. They're all configured to get regular, automatic security updates.
I've never in nearly thirty years of computing had a virus infect a computer that I use regularly. Never. Twice in the last three years my son's computer has become infected with viruses, spyware, adware, and Trojan horses. This, in spite of my best efforts to prevent it (I do all of the things I've recommended above).
I've spent the last three days trying to get rid of it. That computer is isolated from the others in my house, fortunately. My really important data is backed up anyway. But even so, it's an annoyance. Sadly, unless I can get rid of the damned virus that's on it, the one that McAfee didn't detect, the one that Windows Live Onecare can't remove, then I'm going to have to take the ultimate measure. The one that even that virus software can't do anything about (unless it's managed to work it's way into the EPROM firmware, in which case I'm totally screwed).
That's right. I'll disconnect the machine, do a low-level format of the drives, and install a new operating system from scratch. All of the data will be gone. All of the software too, but I have the original disks. Then, I'll install all of the patches, install the software I need and the patches for that, and start fresh.
Virtual Machines
But this time I'll install a virtual machine on it, and the kid can use the virtual machine instead of the real one. Microsoft, and a few other companies have virtual computer software that allows you to simulate a computer on your computer. Ultimately, this might be the best thing to do. The host computer doesn't need to have anything but the operating system on it and the virtual computer software. That can take a small disk drive.
The virtual machines can be the ones where everything else runs. It's a bit slower, but each machine can be replaced very easily. Just delete it and start over. Keep data on a separate non-virtual drive and keep it scanned. ONLY Data. No executables. No scripts. Just Data.
Maybe that's the safest way to go, other than disconnecting from the world. But a computer that can't communicate is next to useless except as a toy, or for very private data that you have to share manually. What a hassle.
Trackback URI for this post: http://perrinelson.com/track.aspx?postid=1165
Permalink URI for this post: http://perrinelson.com/2008/5/29/1165.aspx
Subscribe to this entry's
comment feed. (Atom)
Angel responded with:
 | ya cant be too careful eh!..but dont get software like Norton which takes over your whole PC! :) |
Perri Nelson responded with:
 | I'm not quite ready to declare victory, but it looks like I may have eradicated the last of the viruses that my son's machine was infected with. I ultimately had to go and boot windows into "Safe Mode with Command Prompt" to do it. That way the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run registry key doesn't get executed. I then spent a bit of time looking for the files that had been flagged by the OneCare scan - the files it couldn't remove. and I removed them. I also wiped out several dozen megabytes of temp files, including some rather suspiciously named DLLs, and a couple of ".INI" and ".INI2" files that actually contained binary garbage (hint hint - that binary garbage was most likely the virus). Since those .INI files were hidden files and marked with the "System" attribute they didn't normally show up in a directory scan. Since the virus actually ran when the Windows Shell was active, the virus probably hid them from directory scans too.
Anyway, after cleaning them up, and all, a registry key that kept finding its way into the registry to start "Rundll.exe" with yet another strangely named DLL finally failed to load at system startup. I've deleted that registry key, and lo and behold the system runs about 50% faster than it did a couple of weeks ago... a good sign.
... but, like I said, I'm not yet ready to declare victory. I've got another pass at Microsoft Update running, installing SP1 for Office 2007 and a couple of other updates like root certificates. That's going to take a while to complete. Then... when the system restarts, I'll check to see if the virus is really gone... Keep your fingers crossed (yeah, like that's gonna help).
I'm going to keep the machine quarantined from the rest of the network at home for a few days just to be sure, but if the virus doesn't manifest itself again (a big if) I think I'll celebrate. |
Spywarere mover responded with:
 | Hi, The problem of Adware is an ongoing issue that will not go away soon. Whether it is called Anti Spyware, Spyware Remover, Spyware Protection, |