Cyber Eruption -- Computers and Technology (The DOS and Windows realm)

This section is meant to be an overview of viri, not an exhaustive explanation.

Typical users often hear the latest scares that are attached to computing, such as the computer virus, hackers, the year 2000, hardware failures. I will list several ways to guard each of these.

• Applications - Macro Viri, common in the Microsoft Excel and Word packages several types have emerged for each that do everything from adding sheets and infecting the users PC and new files to deleting the users work. I will not go into naming the virus as much as I will tell you how to detect and remove new macro viri from a system that doesn't have a remedy yet.
• Backdoors- Emphasis will be on securing the Microsoft OS to physical attacks as well as networked attacks. Coverage of modern backdoors will occur in this section.
• Networking - Protect your network login information when login into someone else's computer. Also detect when an intruder is on your system while you are.
• Software Security, Piracy - This is very important, there is no need to steal intellectual property, when there are plenty of shareware and freeware alternatives available. This section will deal with integrity and the need for good record keeping when it comes to your purchased software.
• Physical Security - The most important way to prevent intrusions and virus attacks on your system is to practice common sense. Several good habits will be introduced in this section with regards to securing your system from people you think you can trust.

Applications

Macro Viri: ©Microsoft Office : Excel, Word, actually any package that has Visual Basic for Applications (VBA) capability are vulnerable to these type of attacks.

Trojans: Used to make an unsuspecting person run a file that appears to be something that it is not. For example you see a program on the internet with a description that entices you to download it, like this game makes Doom look like a game of solitaire, so you download it expecting to have a great game, you run it only to find that it either doesn't work or destroys your system. Trojans are becoming increasingly prevalent for the spread of backdoor programs. Trojans also have been known to have destructive properties when used to spread a virus.

The computer virus: These viri don't have to trick the user to work like a Trojan does. You have some viri that only spread if you read a disk or run a program that has been infected in that manner. These are called boot sector viruses.

Others attach themselves to programs that you might download from the internet or even on a CD that you purchase (yes this has been known to happen.) and when they get run they load themselves into memory to begin infecting other programs that you load. these are called memory resident or tsr viruses.

Backdoors

Backdoors in the simplest terms are merely ways for an intruder to gain access to a system without entering it in the normal way. There are physical backdoors and there are virtual backdoors.

Virtual backdoors rely on hidden ports or servers residing on the compromised machine, usually installed purposely but sometimes existing merely because of a software bug or administrative oversight. They can also exist in the case of firewalls that have not been installed correctly, or terminal servers that have not been secured properly.

Physical backdoors rely on the existence of unauthorized or even in the case of valid use authorized modems being connected to the compromised machine, or through terminal servers connected on a reachable network to the machine. They may also exist through the existence of unauthorized WAN equipment of any kind, or servers that are not authorized and secured by knowledgeable administrators.

Networking

Networking in terms of the Internet is accomplished throughout the suite of protocols known as TCP/IP. For a complete understanding of TCP/IP do a search for the RFC encyclopedia. With Microsoft products TCP/IP is accomplished with the Winsock library, which creates a TCP/IP stack that enables internet communication using either a Network interface card (NIC) or a dial up adapter (modem).

The internet can be viewed using a browser, that if not set up properly can compromise your machine, by allowing deviant code to be run on your machine. Always check each setting in the properties or options sections of your particular browser.

Software Security, Piracy

Software security is performed by the user when the user practices good judgement and only runs software that they know to be free from viruses and Trojans. This is done by obtaining the software legitimately. Only software that can be purchased and registered by a reputable software publisher should be used, unless you are confident that you can fix a problem that you may cause to your system.

Software security can be maintained when you set up a security policy for your machine, which should consist of password protection at the power up, login and screensaver portion of your computer. With certain Operating Systems (OS) you can even go so far as protecting individual harddrives, folders, and even files from certain users. With networking you have the ability to share your harddrives with others and vice versa, care should be taken when assigning share policies on you machine so that the people you allow access don't have the full run of your machine, or certain area's of the machine. Logs can be set up as well to let you know the activities of individuals that you give access to your machine, which should be advertised to thwart anyone from trying to do things they shouldn't. Remember, just like in the real world, locks are only their to keep the honest people honest, if a person wants to engage in deviant behavior they will. Don't use easy to remember common word passwords, try to have alpha and numeric combinations in your password.

Piracy in the simplest terms is the act (in software terms) of loading and using a copied version of software that you do not have a legal license to use, or loading the same version of software on more than one computer when you don't have a site license to do so. whether you download the software or purchase it, you should always read the licensing agreement that comes with the software. There was a case in my area of the world where people go to by software in an outdoor fleamarket type setting, copies of Windows 95 were being sold in the shrink wrap with the seal of authenticity on them. The software was counterfeit, those people involved in the sale were arrested. Who knows how many people bought this software, but I guarantee you this, if they went to register it they would probably also be held accountable for the purchase.

There are a couple of tip-offs, when you are online, to an attack.

1. If your machine becomes excruciatingly slow and you are not running any processes that would cause this, worry.

2. If your harddrive seems to be in use for a long period of time, while you are not using it, and you don't have a background virus scan in progress, worry.

3. If you cannot connect to anything on the network that you previously had access to minutes before, worry.

If you are running a Microsoft OS then you have a way to detect this, at the NETBIOS level in the case of shared drives, run the included network monitor from the accessories group. this will show connections to your computer.

If it is a backdoor program that has left you open to attack you may need to run a program that checks for these, for example there is a detection and removal program for Back Orifice called BO Detect. There are a few others remote control programs out there as well, an internet search will yield many references to the backdoor programs as well as detection and removal programs.Always beware of the sources that you obtain these programs from, you might download a program named like this, but that has a virus or the same backdoor that you were trying to remove (a Trojan).

You could also use a sniffer program to capture packets to and from your machine, one is included with the NT family. with this the packets coming to and from your machine can be used to identify the machine making the attack on yours.

Physical Security

Now this is where common sense really comes into play. Physical security is the act of making your physical hardware inaccessible to anyone but yourself. Protect your machine from physical attacks by doing the following: password protect your bios (there are programs to crack this), lock your machine up so that no one can remove it, there are physical security devices that defend against illegal use of computer hardware, don't allow your PC to begin bootup from a floppy drive (this is excessive), if a network hub is in use know what devices should be plugged into it.

Copyright Notice:

©Microsoft Office, Windows 95, NT, Excel, Word, VBA, are property of Microsoft Corporation