Greek Mythology
I
still love ancient mythology and was enthralled by it in my
school days. We all remember the incredible tale of Paris, Helen
and that deceptive beast, the Trojan Horse, all way back in
about 1500BC give or take a few centuries. The lovers have long
left their mortal coil but the horse still exists in cyberspace.
Just as that ancient tale was all about security, so is this.
I wrote about spyware and we all understand the basics of viruses.
But like the saying goes; "there is more". Things
aptly named Trojan Horses, because of their similar nature to
their historical forebear, who also deceive and are designed
to cause us grief.. And who came to grief? Yeah, your not so
clever author!
Let me explain some basics which affect you also and the real
cause for my security concerns and the reason for this tale.
All modern computers have some 60,000 odd ports. Think of the
computer like a house which has this many doors. Some doors
serve a specific purpose and others allow all kinds of traffic
in and out. These doors, or ports in computer speak, are numbered
with many dedicated to predefined tasks such as : collect email
(port 110), log onto the web (port 8080), control file or printer
sharing on networks and so on.
We operate a network at Cybercons which is well protected with
anti-virus and firewall software which is always up-to-date
and even regularly tested by external resources. The network
consists of conventional desktop PCs and one note book computer
to permit mobility if needed. This arsenal of protective software
was installed really in anticipation of broadband becoming available
but permitted testing and fine tuning whilst still using the
dial up system we all use. My attitude quickly changed during
this "tuning" period when I discovered that my computers
were under almost constant "attack" whilst on line
at random times and each time with a different IP or address
as previously explained in another article.
How was that possible? Easy! Scanners, just like those which
scan radio frequencies to listen in to the police, fire brigade,
air craft etc. except this time scanning the internet for open
ports. This is what hacking is all about. Get into someone's
computer via an open port and have a play. Great if it happens
to be a bank or credit card provider. New Ferrari's for mum
and aunty Irma!
However if your are not clever enough to do that, well, just
slip a nasty program in to do some dirty work. Because the ports
are specific task managers so a specific Trojan Horse has to
be aimed at specific ports, otherwise it would not work. And
that is exactly what goes on. As always, lists of all this information
is available all over the web with many sites specialising in
this topic.
And
what do these TH's do? Well, just like viruses they can do many
things. So why are they named as they are? Because they disguise
themselves and indeed change themselves into different formats
by altering their names, file sizes or imitating if not replacing
components which legitimately belong to the computer. To make
matters worse, they spread over networks where of course one
has given each computer the right to communicate like that,
with no questions asked, and to transfer files between them.
So what happened to me? You have probably guessed that the note
book was taken for an excursion, email from a trusted source
downloaded whilst the virus definitions were not quite up to
date because the network server always was and looked after
all machines. It was not updated at the time because it was
inappropriate to use someone else's phone line for an extended
period.
Bring the note book home and plug it into the network and bingo!
Damage done! The price for a little bit of smug "it'll
be ok just this once" was four days of work and hair tearing
to clean up the network machines and not lose any precious data.
What about backups you say? Of course we backup but between
different computers. So if all are suddenly at risk you can
still lose the lot. Once again, you are only as strong as your
weakest link. The nastiest side to all this was that this trojan
actually attacks anti-virus software and firewalls, amongst
other things, and to add insult to injury installs a dialler
to phone home and get some more nasties.
So what should one do to protect ones system and valuable files?
· Update your Windows operating
system which for later versions can be automated.
· Most definitely update your browser to the latest version
- these are free. You should all be running at least versions
6 by now!
Install good anti-virus software and keep it up to date. Update
at least once a week. If you use Norton's set for Live Update
to automate this. These are available every Wednesday. Otherwise
manual updates are available on a daily basis.
· Install a reliable Fire Wall and test it from several
good web sites which try to break into your computer whilst
you are under test.
· There is specific trojan horse detection/protection
software but the above items should be able to cope.
· Beware the BHO's.
These are "Browser Helper Objects" and most of you
would have come across a variety of these such as the add ons
to your web browser to go directly to Google or Altavista if
you wish to search. BHOs are programs which can do anything
the designer intends.
Most
intentions are good and designed to make our life easier as
with those search engine attachments. But, as always, dishonourable
intent also exists and that is where you can come unstuck. To
be installed you actually have to agree to this happening and
of course you do. you have believed the "sales" pitch.
No anti-virus will detect them as they do not carry the expected
fingerprints viruses have. Many of the undesirable ones are
also part of the spyware story a few issues ago.
Another very useful tool is to install SpySites from http://Camtech2000.net
which also offers a free version. This handy little tool updates
its extensive data base, currently listing 1,500 plus sites,
regularly. It not only tells you what these sites do but allows
you to block your browser from these sites. Also a good help
if there are inquisitive youngster about.
Having betrayed my own standards it was interesting to visit
Nortons web site to look at their statistics of security scans
they performed on 21 odd million people who agreed to have results
applicable to them entered into a database. You can see the
bar chart but in summary the following percentages of the 21
million are at risk as follows:
· Network vulnerability 22%
· Network or hardware sharing weaknesses between computers
19%
· Active Trojan Horses 8%
· Antivirus Programs deficiencies 28%
· Antivirus definitions not up-to-date 11%
· Browser privacy flaws 51%
· These results are updated every hour and one does not
have to be Einstein to calculate that a huge number of people
are really playing with fire - their own data security.
Just remember that all the software mentioned, with the exception
of anti virus, is free. You have no legitimate reason for not
ensuring the safety of your systems and your sensitive information.
Just remind me to heed my own advice. Please!
I wish you and yours a happy and secure festive period and look
forward to meeting again in a happy New Year!