Rossander’s Security Reader

A firewall looks for and attempts to stop forbidden communications between two computers. Firewalls work by examining each piece of traffic entering or leaving the network and blocking those which do not meet specified criteria. If the communication is an allowed type (for example, Windows passing your user name and password to the company network during login), the message is allowed through. If the communication is unrecognized (for example, a virus attempting to impersonate Lotus Notes but really sending your password out to a hacker), the traffic can be stopped.

There are two kinds of firewalls: "personal" or software firewalls and "network" or hardware firewalls.

• Software firewalls are relatively easy to install and provide good protection. They filter traffic entering or leaving a single computer. Software firewall programs (such as ZoneAlarm, Norton or Comodo) can be downloaded from the Internet and may be available in a free version for home users. (Note: If your home computer’s operating system is Windows XP or Vista, it has a built-in software firewall but Windows has not traditionally performed well in bench comparisons. Most security experts recommend replacing or at least supplementing the Windows firewall.) For more on personal firewalls and how they work, see the first page of this article.
• Hardware firewalls require you to buy and connect a separate piece of equipment, but they provide stronger protection. They plug in between your internet connection (such as the cable-modem or DSL line) and the computer. Hardware firewalls are often built into routers, allowing multiple computers to share a single, protected connection to the internet. Hardware firewalls often also have the ability to perform network address translation (NAT) which hides the specific IP address of your computer and makes it much harder for a hacker to launch an attack against you. Hardware firewalls are available at many electronics retail stores, usually starting at $50-$75.

CERT (the Computer Emergency Readiness Team) strongly recommends the use of hardware firewalls, especially if you have a broadband or "always on" connection. See "Before You Connect a New Computer to the Internet" for more information.

Some firewalls will display a pop-up box asking if you want to allow the message. If you see one of these pop-ups, never allow the traffic unless you are sure that you know exactly what it is doing. Remember, the firewall won’t do any good if you give permission for the virus to send out your password.

Security geeks often talk about keeping your computer "patched". Here’s what we mean and why it’s so important.

In a perfect world, all the code on your computer would do exactly what it’s supposed to do and nothing more. In the real world, new code was added on top of existing code to fix a problem or to add some new feature until, over time, the code became too complicated to test for every possible scenario. Hackers found ways to exploit the holes in the code. By sending just the right command in just the right circumstances, they could make the computer do something it shouldn’t – like give the hacker permission to install software and take control of the computer.

When such a vulnerability is discovered, the developers who made the software have to figure out how to plug the hole – how to change the code just enough to stop the hacker without shutting down the new feature they added or interfering with some other application. “Patches” are the bits of code to be added to your computer to fix that hole. (Patches can also be used to add a new feature or fix something else in the program but for now we’ll stick to security patches.)

At work, your IT team should be responsible for keeping your core applications up-to-date and fully patched. For your home computer, you should set your computer to automatically update the software whenever new patches are available. That’s the safest way to be sure that you have the latest code protecting your computer. While most vulnerabilities are found in the operating system (those core instructions that the computer needs just to turn itself on), more and more vulnerabilities are being found in applications – Word, Adobe, QuickTime, RealPlayer, etc. No modern application is completely safe. In Windows, you can set the updates through the Control Panel. (Look for something like Automatic Updates or Windows Updater.) In other programs such as Quicken, you usually set the updates via Tools/Options or Preferences.

Of course, there’s no such thing as a free lunch or perfect software. Sometimes, the patch will fix the program but will also break some function that some other program needed to run. When that happens, you must either decide to wait (and hope that the developers at one of the two companies will send out yet another patch to fix the breakage) or take the risk and reverse out the last patch. Unless the patch broke something that’s absolutely mission-critical, you are almost always better off leaving it in place.

Incidentally, Microsoft has been releasing a packet of security updates on the second Tuesday of each month (so-called Patch Tuesday) for several years now. Some hackers are now exploiting that pattern and holding their latest virus until the second Wednesday so they have the most possible time before they are shut down. Even if you stay fully patched, there are no guarantees in life.

Most people think that they’re protecting their computers but few are as safe as they think they are. According to a poll conducted by the National Cyber Security Alliance (NCSA) and the anti-virus company McAfee, 87 percent of Americans say they have anti-virus software. When their computers were scanned (with their permission), 94% actually had anti-virus software but only 52% had updated it in the last month. New viruses are released daily. An out-of-date anti-virus package does you almost no good at all. Most anti-virus packages have an option to update themselves automatically. For almost all of us, that’s the right choice.

73% of those surveyed said they had a firewall. 81% had a firewall but only 64% had it activated. That’s like saying your money is protected by the steel door of the bank vault but leaving the door hanging open. Never disable your firewall.

70%t said they had anti-spyware software but only 55% actually have it.

The poll also reported that 61% believe they have anti-spam software installed but only 21% do. (In this case, the poll question may have been worded poorly. If your spam filtering is done by your ISP or your webmail provider, you may be protected from spam even though the anti-spam software is not on your specific machine.) Regardless of how you run it, the important point is to have an anti-spam solution.

Oddly, the study found that computers of older Americans tend to be more secure than those of the allegedly-more tech-savvy younger Americans.

To be properly protected, you need current anti-virus, an active firewall, up-to-date patches for your operating system and applications and at least one anti-spyware program running. If you don’t, you are taking unnecessary risks with your personal information.

Click here to read the full study results.

Many families will be getting new electronic devices over the holidays. A new computer will be found and attacked within minutes of being connected to the Internet. Make sure you get the new device configured as soon as you open it up.

New Computers:

• Almost all computers will come with at least a trial version of anti-virus software. Make sure you turn on the computer and activate the anti-virus before you connect to the internet. When you do connect, immediately update the anti-virus definitions.
  You also have to decide if you will subscribe to their anti-virus program or will install your own. Whatever choice you make, be sure to do it immediately – long before the trial runs out.
• The software that comes with the computer will inevitably be out of date by the time you get it. Be sure to immediately check for updates to the software and install all the recommended patches. If the computer has the option to automatically install updates, let it. Updates to Windows are especially important but you should also check for all the major programs on the computer. There should be a help page for each one describing that program’s process for updates and patches.
• You also need to load one or perhaps even two different anti-spyware programs to protect the computer. Some anti-virus programs now come bundled with anti-spyware capabilities but many don’t – and even the ones that do may not be sufficient to protect your computer. Anti-spyware is still not as mature as anti-virus.
• Make sure you also have a firewall running and that it is configured to tell you about anything suspicious.
• Change any default passwords that came with the device. Pick new passwords that will be easy for you to remember but hard for a hacker to break. Whole sentences work well.
• The computer will probably also come with a lot of trial-versions of other software. Delete anything that you’re unlikely to ever use. The convenience that “maybe you’ll grow into the need” has to be balanced against the risk and effort needed to protect that software from attack. Keep the programs you need and delete the rest.
• Once you have all that up and running, use the anti-virus and anti-spyware programs to re-run full scans on the computer. That’s a lot of work before you can play the first game but it’s better than having to clean out malicious software later.

Video game machines

• Most modern video game machines are really full computers. They should have some built-in protections – which is a good thing because they are often much harder to update. Again, change any passwords and disable any remote connectivity that you don’t immediately need. Follow whatever instructions came with the game machine for updating the software on it.
• Be very cautious before connecting an untrusted game machine up to your network.

Flash drives, MP3 players, cameras, PDAs, cell phones and other electronic accessories

• For the most part, there’s not much you can (or need to) do to protect these devices. They are simpler devices that are harder to attack. The main danger is that you’ll pick up some malicious software which will infect your computer when you plug it back in. If your computer is properly protected, it should find and fix the problem when you reconnect the device. The worst that can usually happen to the device is that you’ll need to reset it. Resetting will clean out any malicious software that crept in. It will also wipe any data you had on the device, so make backups regularly.
• If the device has a password, change it immediately.
• You should encrypt your flash drive (also called a thumb drive or a USB drive) so that no one can read your data when the device falls out of your pocket.

Have a happy holidays.

Viruses, worms and Trojan horses don’t get much attention anymore but they’re still out there. Do you know what to do when your computer becomes infected?

• If your anti-virus program is up and running (and there’s never any excuse for it not to be), there’s a good chance that the anti-virus program will be able to both detect and repair the damage. If you get an alert from your anti-virus program, take it seriously and act on it immediately.
  • Know what your own anti-virus program alerts look like. If you get that obnoxious pop-up when you’re browsing the Internet that says "your computer may be infected", ignore that. It’s a scam. Clicking the link will install spyware onto your computer.
• If you are at work, call IT immediately. Do not wait. The sooner they can investigate and clean the computer, the less damage there will be to your computer and to the rest of the network. Do not do anything to the computer until IT tells you to. They may need to try to track down the hacker. Anything you do could muddy the chain of evidence.
• If you are on your home computer, disconnect it from the Internet immediately. If you are infected, this will minimize the damage by preventing the hacker from sending any more commands to your computer or to stealing any more information from it.
  • If your anti-virus program detects but can not repair the damage, see if there’s an update to the virus definitions file that might fix it.
  • If your anti-virus program still can not remove the infection, you could try manual repairs. There are websites which can walk you through the technical steps of manually cleaning up the dlls, registry settings, etc. You will need to know exactly which virus you have and you need to know exactly what you’re doing or you might do even more damage to the computer. If you are uncertain, take your computer to someone who can repair it professionally.
  • In the worst case, you may need to reinstall your operating system. Look for a "system restore disk" that probably came with the computer. Reinstalling the operating system usually erases all of your other programs and data files. If you haven’t backed up your files lately, it’s incredibly stressful – but better than leaving the hacker in control of your computer.
• Once you’ve done everything else, it’s a good idea to update your anti-virus definitions (again) and run a full scan against your computer. If you haven’t checked for software patches and updates lately, you need to do that, too.
• Finally, you should assume that all your passwords were potentially compromised during the infection. This includes passwords for websites that were cached in your browser. Pick strong passwords when you change them.