(Note: This week’s “Hi, Tech” is brought to you by Arita JET Sergio Pena, whose well-timed article on computer security saved me from having to dream up something to write about this week. Also, there will be no “Hi, Tech” next week because of the Golden Week holidays. If a “Hi, Tech” is written and no one is around to read it, is it really written? — Nicholas)
Computer security. These two words echo throughout the internet, but do you really know what they mean? Sure, you might have heard about viruses, spam, identity theft and the like, but do you know how to protect yourself and your beloved computer from the cesspool that is the internet? In this article, I hope to establish a baseline definition of certain terms and to enlighten you on this very important — but often overlooked — aspect of technology.
Let’s start off with the basics, shall we?
The basics
Following definitions taken from Wikipedia.
- Computer Security. Computer security is a field of computer science concerned with the control of risks related to computer use.
- Computer Virus. In computer security technology, a virus is a self-replicating/self-reproducing-automation program that spreads by inserting copies of itself into other executable code or documents. A computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of a virus into the program is termed as an “infection”, and the infected file (or executable code that is not part of a file) is called a “host.” Viruses are one of the several types of malicious software, or malware.
- Computer Worm. A computer worm is a self-replicating computer program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; however, a worm is self-contained and does not need to be part of another program to propagate itself. They are often designed to exploit the file transmission capabilities found on many computers. The main difference between a computer virus and a worm is that a virus cannot propagate by itself whereas worms can. A worm uses a network to send copies of itself to other systems, and it does so without any intervention. In general, worms harm the network and consume bandwidth, whereas viruses infect or corrupt files on a targeted computer. Viruses generally do not affect network performance, as their malicious activities are mostly confined within the target computer itself.
- Trojan Horse. In the context of computer software, a Trojan horse is a malicious program that is disguised as legitimate software. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed. Often the term is shortened to simply “trojan,” even though this turns the adjective into a noun, reversing the myth (Greeks were gaining malicious access, not Trojans). There are two common types of Trojan horses. One is otherwise useful software that has been corrupted by a cracker inserting malicious code that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software and peer to peer file sharing utilities. The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program’s objectives.
- Malware. Malware is software designed to infiltrate or damage a computer system without the owner’s consent. The term is a portmanteau of “mal-” (or perhaps “malicious”) and “software,” and describes the intent of the creator rather than any particular features. Malware is commonly taken to include computer viruses, Trojan horses, spyware and adware. Malware is sometimes pejoratively called scumware.
History
After the first computers (Post ENIAC) were rolled out and programming languages evolved from their humble punch card origins, people began to play around with the programs as pranks or jokes, or out of boredom. At first they were benign, such as silly messages and the like, but soon after more malicious intents were translated into computer code. A program called “Elk Cloner” is credited with being the first computer virus to appear “in the wild” — that is, outside the single computer or lab where it was created. Written in 1982 by Rich Skrenta, it attached itself to the Apple DOS 3.3 operating system and spread by floppy disk.
The first PC virus was a boot sector virus called (c)Brain, created in 1986 by two brothers, Basit and Amjad Farooq Alvi, operating out of Lahore, Pakistan. The brothers reportedly created the virus to deter pirated copies of software they had written. However, analysts have claimed that the Ashar virus, a variant of Brain, possibly predated it based on code within the virus. As computers became more commonplace, more viruses were written. As computers evolved, so did viruses.
What can I do to protect myself?
In order to guard yourself against evil minded folks and the casual bored hacker, you need to educate yourself more about how and why these exploits happen. However, since computer security, much like legalese, has quite a bit of slang, jargon and geek-speak, it is difficult for the average person to understand just what is going on. I hope to explain these meanings to you in non-geek, but since I come from a computer science background, I hope you bear with my attempts.
Get a decent anti-virus. Much like getting inoculated, a decent anti-virus package will help protect and clean your computer system should it get infected. Many, many anti-virus companies are out there selling some great products.
There are a lot more anti-virus programs suggested by Microsoft.
However, if you want a free antivirus software package, try Freebyte’s listings of antivirus programs.
Get a decent firewall. What is a firewall? A firewall is a piece of hardware and/or software which functions in a networked environment to prevent some communications forbidden by the security policy, analogous to the function of firewalls in building construction. A firewall has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the internet (a zone with no trust) and an internal network (a zone with high trust, i.e. LAN). The ultimate goal is to provide controlled connectivity between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle.
There are many commercial and free firewall programs out there. Check out Freebyte for a list of free firewalls.
(Note: If you use file sharing programs such as bittorrent, you need to have the firewall allow access to its ports. For bittorrent, these are ports usually 6881-6889. Check your firewall’s manual on how to open ports for these programs. However, try not to open too many ports as that will leave a welcome mat for hackers. Check out PortForward for more information.)
I personally use Zone Alarm Pro on überparanoid settings in addition to the firewall provided by my school and my home network.
Get a decent anti-malware program. I cannot stress this enough. Many websites have evil things lurking in their seemingly docile code that can install programs on your computer without you knowing it. Even programs that look harmless, such as those smileys, weather forecasts, etc., potentially might be malware. Check out PCWorld’s favorite selection.
These are the basic steps I would suggest you Microsoft Windows users follow. You Linux and Mac guys should be careful too, especially since Linux/Mac attacks are on the rise.
Get a decent web browser. Nicholas posted previously on excellent web browsers that are free to boot. I personally use Firefox 1.5.0.2 with the following extensions: NoScript, AdBlock, AdBlock Filterset.G, and Flashblock.
Beyond the basics
For those who are computer savvy and would like extra protection, I will lead you. (Linux and Windows users only, I don’t have a Mac so I can’t write about it. Since Mac OS X is based on FreeBSD, I would suggest you read up on FreeBSD security implementation and optimization.)
Windows
For the über paranoid (me) or those who have something to hide or protect, I would suggest implementing NIST Computer Securing Templates. The Small Business/Personal templates with some modifications should suit your needs. This also involves using separate accounts (Administrator for installing and management, User for daily use) thus reducing the likelihood of installing crap or being infected. I would also suggest before full implementation to use a virtualization program such as VMWare, etc., to play around with these templates until you get the hang of it.
Linux
I have used Gentoo Linux, but I assume it’s the same on all distros. Implement the SELinux (hardened Linux) policies and kernel and using separate accounts, as mentioned above. Before full implementation, use virtualization and sandbox to test, test, test!
Windows, Linux, Mac
Edit your HOSTS file to reduce crap from loading on your computer. I suggest HpHOSTS hosts file. Over 40,000 web pages blocked for your convenience. I would suggest, however, finding which sites you visit and searching through this file to see if they are blocked, as some legitimate sites may link to these (very rare though). The installation is quite simple, and the forum is also quite helpful.
All in all, this was a rather short article, but I hope I have pointed out a few things to help you guys out. If you have any questions, post them on the forum and my fellow computer nerds or myself will answer them.