|
Adrian
|
 |
« Reply #27 on: November 29, 2008, 12:44:44 » |
|
Dear Melody,
Trend is possibly the best anti-virus solution, but nowhere near as good for trojans. The reason is that the way anti-virus software works is to sort of disassemble the compiled code and look for known patterns called "signatures". They also look for known subject lines, and strings of words in the content, but virus makers automatically scramble those now to make it much harder. But Trend keep on developing to keep up, and they do quite a good job. The danger is that even Trend do not know about a new virus until it is what is known as "in the wild", by which time millions of PC's have already been infected, and then it takes a few more days to update the virus signature file.
Even then people do not bother to update their signature files, just like they don't backup their files. Most people treat PC's like cars - providing they get in, start the engine and they can drive to the destination - they are happy. It is only when they have not bothered to service it, top up the oil and water, or battery, and they get in the car and either it does not start or blows a piston, or the head gasket etc, they blame the manufacturer for making unreliable cars.
Or it's like the parents who do not place their children is rear seat belts, thinking they are safe because they are in the back, not understanding the laws of physics which state that if you hit something at 60MPH, the kinetic Energy is transferred to everything in the car, including the child who is launched forward at 60MPH, and when their child goes through the windscreen and is killed, or in to the driver or passenger so both are killed, they sue the car manufacturer for making "unsafe cars".
The point I am making is that most people seem to think these things magically look after themselves, and are never prepared to accept responsibility for their own actions.
People who do not update signature files are the same. They install Trend or whatever, never bother to update signature files, and when they catch a virus - or usually lots of viruses, or "virii", they say that "Trend is useless" and switch to something else where the cycle repeats itself.
Therefore the best anti-virus solution for the PC is Windows Defender which is built in to Windows Vista. Assuming you have Windows Automatic Update switched on, and don't ignore the "new update" messages because you want to get to bed, it will not only keep Windows updated and secure, it also automatically updates the Defender signature files, making them as "human-proof" as realistically possible.
Trojans are entirely different. You really need a dedicated anti-trojan program, and A-Squared is the best. You still need to run it every day though and accept the prompt that a new update file is available.
Then you need to consider what each type of attack is for.
Virii are usually designed to cause damage - either instantly or at a pre-determined date - Friday 13 and April 1 are common.
When a virus strikes, Windows is so severely compromised that the only solution is to reformat the hard disk and reinstall Windows, your application software, and then all your valuable data which you should have backed up.
Almost every day someone sends me a message, sometimes up to 5 people per day, asking for the products to be re-sent - which I always do of course - because they caught a virus which wiped their system out completely, and when it comes back from the PC repair shop all they have is a newly installed Windows and nothing else.
Common sense is also important. These are the two really big risks:
1. If you receive a file with an attachment that you were not expecting, and you open that file - it is too late - reinstall Windows is the only option. Even Microsoft Word files can cause havoc because they can contain macros which do the damage.
This sort of attack is extremely common, and the messages always disguise the file as something plausible like a purchase confirmation, legal contract variation, and the latest flavour is a UPS tracking number. These attacks use the law of averages whereby at any given time someone will have purchased something online, or be using a delivery service - particularly at Christmas. Others disguise themselves as e-greetings cards, which most people fall for because they like to think someone has made a kind gesture - and thousands of others.
If you open and run any such attachment it is game over - your PC is totally compromised.
So again - if you receive an attachment in an email, and you were not expecting it, delete the email instantly.
2. Phishing. This one is massive, and millions of people have lost a lot of money.
These are the emails that masquerade as being sent from a major bank, or PayPal, or more recently Google Adwords, eBay is another, saying that your online service has been upgraded in some way, or very often "we have been monitoring online accounts for your safety, because we believe in customers staying safe, and have noticed unusual activity on your account. If you have been travelling that would explain it, but if not your account has been compromised and will be suspended for your own safety unless you login and confirm your bank details".
So you click the link and are taken to a site that looks like your normal login for that site, enter your user name and password, and then nothing happens. What has really happened is that you have just provided cyber-criminals with full access to all your money which they will then transfer to an offshore bank account. You will not notice until you login or receive a statement to find all your money has been stolen.
These criminals send billions of emails for each bank, knowing that although most people will not use that bank and just think the email is a "mistake", there will always be a percentage that do use that bank, and they are so used to going to a familiar login page and entering their user name and password, they do it Subconsciously, and unless they realise it, they will lose their money.
Bank accounts lost $3.5 billion this year alone due to phishing.
If you think you have been caught out, which should be obvious when you don't get anywhere after entering your details, don't worry about looking "stupid" or "inept" - pick up the phone, phone the 24 hour emergency number, tell them what happened. They will suspend the account until you have been issued with new security details.
Phishing messages are usually obvious because they have been written in "pigeon English" or using very bad and unprofessional grammar" - because they mostly originate in Russian block countries, China, or Turkey, and the phishers are much better at writing computer code than in High School English.
Trojans are similar in that they are not malicious. As the name suggests they are designed to install themselves on a PC and send information to the hackers, usually to gain access to your PC, or often as part of their "owned network" to attack other PC's from.
This happens to Internet servers as well. Hackers create what are known as "Root Kits" that, once installed, allows the hacker to gainn the highest level access to the server. Once they have that access they create innocent looking folders called for example "images" and install their own attack software. They hijack PC's and servers so they cannot be traced.
What then happens is they launch an attack, which then creates havoc for a day or so until the origin of the attack is traced, after which the hosting company closes down the website and bans the webmaster from their service, or in the case of a PC based attack, the Internet Service Provider will suspend or terminate the account of the hijacked customer. They never ask questions because the web host or ISP is legally accountable for all consequential damage originating from the attack, which could put them out of business - and in fact has in several cases.
The hackers then simply move on to the next server or PC they have hijacked - and they have an open ended choice.
Another server side attack is to use the server to host pornography - and I mean really nasty hard core pornography that they cannot legally host anywhere else. They create download directories - the server equivalent of PC folders, many levels deep so the webmaster is not aware of it. They then upload their porn - and much of it is beyond porn - it is for example video of live "executions" by people by hard right fascist organisations of a member of a racial minority. Sometimes it is gruesome torture followed by murder, often it involves homeless children and so on. Suffice it to say it is the darkest extreme of humanity.
So here is a webmaster with a blog which he and his wife put online to show their family holiday snaps, while not having any idea that they are hosting something at the opposite extreme.
of course they get shut down very quickly, and banned from the host - assuming they don't get prosecuted - but the damage has been done, and the hackers just move on to the next server - send all of their perverted "clients" - often tens of thousands of them - an email with the next URL where they can download their "material" and so it goes on and on, because there are more "amateur" webmasters out there than professional ones - and there is nothing wrong with being an amateur webmaster.
The biggest issue is that 99.99% of people that host websites, blogs etc, simple hire a "hosting account" to upload their files to. They have no idea that the version of WordPress or other php/mySQL based application thay theu auto-install through Fantastico - a hosting utility that makes it easy - is insecure, and hackers have used a process known as "XSS" - "cross server scripting" to hack their site.
I own my own servers and manage them from the Linux command line. I have a whole arsenal of defences installed. For example - if a hacker attempts to "brute force" an access account, my software monitors the IP address of the attacker, and after 3 hack attempts it automatically blocks the IP address of the hacker, and sends me an email with their IP address and other details which I can use to have them shut down - which usually means some innocent webmaster - but I have an obligation to protect Internet users generally, and cannot accept responsibility for an amateur webmaster who has been hacked.
These hackers, and also a growing group of hackers in their teens - most of whom are brilliant programmers if only there abilities were better directed - called us experienced server administrators as "script kiddies" - write Linux programs - called "scripts" - that run 24 hours per day scanning millions of IP addresses per day for known, or sometimes as yet unknown vulnerabilities, and when their script finds such a server or PC it automatically installs the trojan or root kit and notifies the script kiddie or hacker who then add it to their list of "owned" PC's or servers. Script kiddies do not usually carry out attacks, they usually sell hackers lists of compromised servers or PC's.
And even all this is just the tip of a very deep iceberg. This goes on and one with the hackers forever exploiting the latest vulnerability. Often they monitor sites that report vulnerabilities as "user advisories", and when a vulnerability is reported the hackers or script kiddies write an attack program to exploit that vulnerability before Microsoft or whoever get round to fixing it. This is because software companies are usually large and have management structures where they like to have meetings to discuss these and what to do, before getting the OK from their managers, and finally directors - because vulnerabilities are embarrassing and they like to keep it quiet - like Microsoft do with automatic update - in the meantime the hackers and script kiddies have created a hack in hours and exploited a few million more servers or PC's.
There is much more I could say, but I cannot because I would be revealing some of the deepest counter measures I and other administrators use.
I know this has been a long answer to a short question, but I hope it gives you some idea of what we are up against, especially administrators like myself who carry the ultimate responsibility for security, and are not expected to get it wrong.
If this has scared anyone reading this I make no apologies - hopefully you will make you more aware of your responsibilities to other Internet users as well as to yourself. As a web user or even webmaster, you have no real concept of what we adminstrators are up against - and that is in addition to managing our own websites and other resources.
In Love and Light,
Adrian.
|
Dilber MC Theme by HarzeM