One of the most frequent calls I got during the weekly computer show I produced in Los Angeles was about how to protect one's computer from mischief on the Internet. Denial of Service attacks, Malware, Viruses, phishing, Trojan horses, spyware, browser hijacks, root kits… the list goes on and on. These days, anyone who owns a PC has to either know someone who is an expert in computer security, or, they have to become one themselves. This is largely due to the fact that there is no need anymore to dial in for a connection in our broadband world; our Internet connection is always on. In addition, as such, our computers are always connected to the Internet and always vulnerable. In fact, it is said that an unprotected computer is infected with the Sasser virus within a minute of connecting online.
Picture it. Imagine your computer as your house. Locked up tight, safe and secure. Then, you connect it to the high speed, broadband Internet. Now, imagine that house with all the doors and windows wide open! That is the state of native PC security. However, with a few simple steps, one can lock down access to one's computer while on the net.
First off, if you have more than one computer, don't use your editing system to surf the net. PCs are cheaper now than ever and devoting a box solely for Internet use to protect your edit rig only makes sense. Admittedly, as online software updates have become the norm, this "second-PC solution" may require more effort than some people will want to spend. Otherwise, you could buy a Mac and cut on Final Cut Pro. It's a fact that only a small handful of viruses have been written for the Mac platform, whereas more than 100,000 have been written for Windows.
If you must have your editing system connected, it's probably a good idea to find out just how vulnerable you are. This will be a sobering exercise, to say the least, but it's crucial to understanding all the work you will have to do in order to protect yourself while online. A good resource for this is SHIELDS UP!, over at www.grc.com. Computer Security guru Steve Gibson has created this handy online utility that will probe your ports and connections, ping your IP and advise you if your computer is hidden on the internet. Chances are, it will not be. However, the good news is, you'll be able to see just where and how badly vulnerable you are. And that's the first step in taking concrete action to a solution.
If your computer is networked, it's a good idea to make sure the "sharing functions" of your OS are either turned off or limited to solely one-drop files on your PC.
The Great Wall
The next thing you must do is install a firewall. Webster's defines firewall as "computer hardware or software that prevents unauthorized access to private data (as on a company's local area network or Intranet) by outside computer users (as of the Internet)." Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially Intranets. All messages entering or leaving the Intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
Firewalls can be implemented in hardware or software, or a combination of both. Hardware firewalls are generally more robust and harder to crack. In addition, if you have a wireless router, the good news is, you already have a hardware firewall protecting you. Software firewalls are good too, but not nearly as robust and as such, can be defeated by a very good hacker. If your PC is using SP2 for Windows XP, chances are, when you updated, the software firewall was turned on. One third party firewall to look for is Zone Alarm by Zone Labs.
Good. Now that you've closed all the doors and windows on your machine, let's see just how badly anyone has gotten in there. According to Eset (creators of the popular AVS NOD32) reported virus encounters rose 40% in 2004, Spyware infestations affect more than 66% of computers, and Phishing increased by 40%. Chances are, within only a few minutes of connecting to the Internet; your PC was infected with the Sasser virus, so let’s fix it.
Tools for Warfare
Tools to check for viruses, Trojans, and spyware are now necessary in order to assess if any damage has occurred. For that, you'll need some good anti-virus software (AVS) and Spyware Detection Utilities (SDUs). At this point, it is important to note that only one AVS can be installed on a computer. And it's vital that it be kept up to date.
Scanning your PC could take some time and once you see just how badly your box is infected, you may just want to pass out. With more than 100,000 viruses written for the PC, it can be overwhelming to think your box is in harm's way. But fear not. Today's anti-virus software does a pretty good job of scanning infected computers and quarantining potentially destructive viruses. Even viruses that have just been released can be caught by the fuzzy logic of "heuristic analysis," where the AVS looks for the virus footprint, even if it doesn't know the kind of virus it is. And usually, if there isn't a way to quarantine and remove the virus, AVS companies like Symantec have removal tools, which can be downloaded to handle the problem.
However, some AVS, like Norton AntiVirus or Panda Titanium are incredibly powerful, but also invasive in their installation. They can bog down your system, and require yearly subscriptions. They're also a bear to uninstall. There are other options. Low-cost lightweight variants like NOD32 by Eset or even AVG, an AVS by Grisoft (free version available) can also do the job and are recommended by many of the top tech reporters. They are constantly being updated with the latest threats so one doesn't have to worry.
Search and Destroy
Once you've cleaned the infected PC, then it's time to look for spyware. Spyware are little cookies and programs that monitor Internet use or hijack search engines. Spyware can also engage in identity theft if said computer is used for online purchases. There are many different SDUs and not one will catch every single instance of spyware. Which is why it's a good idea to have more than one to scan with as one can pick up footprints that the other misses and vice versa. Microsoft has one, which looked promising at first, but seems to have fallen out of favor since it's moved out of beta. Ad-Aware by Lavasoft and Spybot Search and Destroy can work in concert to make sure your PC is spyware free. Use them together, use them for life.
A rootkit may be running on your PC without your knowledge. In addition, without a tool specifically designed to scan the hard drive for them, they are terribly hard to find and remove. Thankfully, there is a utility called BlackLight by F-Secure that does just that. BlackLight will scan your PC's root directory for the unseen rootkit, expose it, and clean it off. A very important tool to have if you've been playing Sony CDs on your PC of late.
Now that your PC is cleaned and locked down, you might think that's the end of it. Well, not really. If you're using Internet Explorer to do your web surfing, you are still asking for trouble as the program uses ActiveX for many of it's surfing applications, and ActiveX is a popular exploit for hackers trying to get into your system. Firefox by Mozilla is a much better web browser that does not rely on ActiveX and as such, is much more secure. Using that in concert with the Google Toolbar (set on Advanced) can add an additional layer of protection while you're out there. Other open source options can include Peer Guardian, which can block pinging of your IP. There are also pay variants in both software and hardware forms (like iPhantom) which is a hardware alternative that does essentially the same thing.
Also, don't open attachments from anyone you don't know — and even be wary about those from people you do know! Even a JPG can contain malicious code that can take over your computer. Turning HTML viewing off in your email program will also prevent a takeover from a malicious web site.
A lot of work, right? Well, here's where it pays off. Now that you've done all that, head on back to SHIELDS UP! and see the difference. It will astound you.
James DeRuvo is producer and editor for a broadcast production company.
[Sidebar: The Nomenclature of Malware]
Here are a few definitions for some of the bad stuff floating on the Net.
Virus: Computer viruses have evolved over the years. First as executable files, now usually embedded in e-mail as attachments. Some viruses overwrite other programs with copies of themselves, which destroys them altogether. Viruses can spread across computers when the software or document they've attached themselves to is transferred from one computer to the other.
Worm: Similar to viruses, worms act on their own without the use of a host file to spread. They modify an OS to be started at boot up. To spread, worms usually exploit some vulnerability of PC and can spread lightening quick. MyDoom spread worldwide in a matter of minutes.
Adware: Adware is advertising-supported software
which includes advertisements or utilities that are loaded by the software. It also relays information about the computer or user without
the user's consent.
Spyware: Spyware is malignant software that intercepts or takes partial control of a user's computer without consent. The purpose of spyware is to transfer knowledge about the computer and its user to an external party and can be used for identity theft.
Phishing: Phishing is usually a tactic for getting sensitive information, such as passwords and credit card details from users, by masquerading as an official email from your bank or from such auction pay sites as PayPal. These organizations will never correspond with you via email, so they are fairly easy to find.
Rootkit: A recent Sony DRM fiasco made rootkit a household word in the online community. A rootkit is a collection of one or more tools designed to covertly maintain control of a computer. It will probably not even be seen on the hard drive as it is installed in the "root directory" of the hard drive. The rootkit will usually hide other files, such as keystroke loggers and/or other malicious programs.
Scams: There are many famous scams, like the infamous Nigerian scam which comes in the guise of a dignitary contacting you via email for help in getting cash out of the country with the promise of a big fee for your help. The ruse usually includes requesting a bank account in order to transfer the money and then moves onto last minute fees which must be paid in order for the transfer to occur. Each time, there is an emotional, yet personable appeal for help and a reminder of the big payoff that awaits. Don't be fooled. These are designed to bleed you of cash and can end up being VERY dangerous and costly.
How to Spot a Scam: Unsolicited appeals are almost always fraudulent. Don't be fooled. With HTML (you know, the option you've chosen to turn off in your email?) emails can appear legitimate with official language of a legitimate organization. They can also include links that appear to be legitimate, but upon closer scrutiny, lead to "spoofed" Web sites that have the appearance the real McCoy. The misleading eBay or Citibank logos copied into email letterheads are perfect examples of money scams riding rampant over the Internet. The FBI maintains an Internet fraud complaint center at www.ic3.gov, where you can find more information and lodge a complaint if you feel you are victim of Internet fraud.
- SHIELDS UP! By Gibson Research – www.grc.com
- Ad-Aware by Lavasoft — www.lavasoftusa.com
- Spybot Search and Destroy — www.safer-networking.org
- AVG Anti Virus by Grisoft — www.grisoft.com
- NOD32 Anti Virus by Eset — www.eset.com
- F-Secure BlackLight Rootkit Elimination Software – www.f-secure.com/blacklight/
- Firefox Browser and Thunderbird email — www.mozilla.org
- Google Toolbar — www.google.com/downloads/