Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.
We use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Although you may not consider your communications "top secret," you probably do not want strangers reading your email, using your computer to attack other systems, sending forged email from your computer, or examining personal information stored on your computer (such as financial statements).
Intruders (also referred to as hackers, attackers or crackers) may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems.
Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have a computer connected to the Internet only to play the latest games or to send email to friends and family, your computer may be a target.
Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data.
Unfortunately, intruders are always discovering new vulnerabilities (informally called "holes") to exploit in computer software. The complexity of software makes it increasingly difficult to thoroughly test the security of computer systems.
When holes are discovered, computer vendors will usually develop patches to address the problem(s). However, it is up to you, the user, to obtain and install the patches, or correctly configure the software to operate more securely. Most of the incident reports of computer break-ins received at WorldLink could have been prevented if system administrators and users kept their computers up-to-date with patches and security fixes.
Also, some software applications have default settings that allow other users to access your computer unless you change the settings to be more secure. Examples include chat programs that let outsiders execute commands on your computer or web browsers that could allow someone to place harmful programs on your computer that run when you click on them.
i) Email Spoofing: Email “spoofing” is when an email message appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).
Spoofed email can range from harmless pranks to social engineering ploys. Examples of the latter include:
- email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not comply
- email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information
ii) Email-borne Viruses: Viruses and other types of malicious code are often spread as attachments to email messages. Before opening any attachments, be sure you know the source of the attachment. It is not enough that the mail originated from an address you recognize. The Melissa virus (see References) spread precisely because it originated from a familiar address. Also, malicious code might be distributed in amusing or enticing programs.
Never run a program unless you know it to be authored by a person or company that you trust. Also, don't send programs of unknown origin to your friends or coworkers simply because they are amusing -- they might contain a Trojan horse program.
iii) Hidden file Extensions: Windows operating systems contain an option to "Hide file extensions for known file types". The option is enabled by default, but a user may choose to disable this option in order to have file extensions displayed by Windows. Multiple email-borne viruses are known to exploit hidden file extensions. The first major attack that took advantage of a hidden file extension was the VBS/LoveLetter worm which contained an email attachment named "LOVE-LETTER-FOR-YOU.TXT.vbs". Other malicious programs have since incorporated similar naming schemes. Examples include:
- Downloader (MySis.avi.exe or QuickFlick.mpg.exe)
- VBS/Timofonica (TIMOFONICA.TXT.vbs)
- VBS/CoolNote (COOL_NOTEPAD_DEMO.TXT.vbs)
- VBS/OnTheFly (AnnaKournikova.jpg.vbs)
The files attached to the email messages sent by these viruses may appear to be harmless text (.txt), MPEG (.mpg), AVI (.avi) or other file types when in fact the file is a malicious script or executable (.vbs or .exe, for example).
iv) Unprotected Windows Shares: Unprotected Windows networking shares can be exploited by intruders in an automated way to place tools on large numbers of Windows-based computers attached to the Internet. Because site security on the Internet is interdependent, a compromised computer not only creates problems for the computer's owner, but it is also a threat to other sites on the Internet. The greater immediate risk to the Internet community is the potentially large number of computers attached to the Internet with unprotected Windows networking shares combined with distributed attack tools.
Another threat includes malicious and destructive code, such as viruses or worms, which leverage unprotected Windows networking shares to propagate. There is great potential for the emergence of other intruder tools that leverage unprotected Windows networking shares on a widespread basis.
v) Denial of Service: Another form of attack is called a denial-of-service (DoS) attack. This type of attack causes your computer to crash or to become so busy processing data that you are unable to use it. In most cases, the latest patches will prevent the attack. It is important to note that in addition to being the target of a DoS attack, it is possible for your computer to be used as a participant in a denial-of-service attack on another system.
vi) Chat Clients: Internet chat applications, such as instant messaging applications and Internet Relay Chat (IRC) networks, provide a mechanism for information to be transmitted bi-directionally between computers on the Internet. Chat clients provide groups of individuals with the means to exchange dialog, web URLs, and in many cases, files of any type.
Because many chat clients allow for the exchange of executable code, they present risks similar to those of email clients. As with email clients, care should be taken to limit the chat client’s ability to execute downloaded files. As always, you should be wary of exchanging files with unknown parties.
i) Use virus protection software: We recommend the use of anti-virus software on all Internet-connected computers. Be sure to keep your anti-virus software up-to-date. Many anti-virus packages support automatic updates of virus definitions. We recommend the use of these automatic updates when available.
ii) Use a firewall: We strongly recommend the use of some type of firewall product, such as a network appliance or a personal firewall software package. Intruders are constantly scanning home user systems for known vulnerabilities. Network firewalls (whether software or hardware-based) can provide some degree of protection against these attacks. However, no firewall can detect or stop all attacks, so it’s not sufficient to install a firewall and then ignore all other security measures.
iii) Don’t open unknown email attachments: Before opening any email attachments, be sure you know the source of the attachment. It is not enough that the mail originated from an address you recognize. The Melissa virus spread precisely because it originated from a familiar address. Malicious code might be distributed in amusing or enticing programs.
If you must open an attachment before you can verify the source, we suggest the following procedure:
- make sure your virus definitions are up-to-date (see "Use virus protection software" above)
- save the file to your hard disk
- scan the file using your antivirus software
- open the file
For additional protection, you can disconnect your computer's network connection before opening the file. Following these steps will reduce, but not wholly eliminate, the chance that any malicious code contained in the attachment might spread from your computer to others.
iv) Don’t run programs of unknown origin: Never run a program unless you know it to be authored by a person or company that you trust. Also, don't send programs of unknown origin to your friends or coworkers simply because they are amusing -- they might contain a Trojan horse program.
v) Keep all applications (including your operating system) patched: Vendors will usually release patches for their software when a vulnerability has been discovered. Most product documentation offers a method to get updates and patches. You should be able to obtain updates from the vendor's web site. Read the manuals or browse the vendor's web site for more information.
Some applications will automatically check for available updates, and many vendors offer automatic notification of updates via a mailing list. Look on your vendor's web site for information about automatic notification. If no mailing list or other automated notification mechanism is offered you may need to check periodically for updates.
vi) Make regular backups of critical data: Keep a copy of important files on removable media such as ZIP disks or recordable CD-ROM disks (CD-R or CD-RW disks). Use software backup tools if available, and store the backup disks somewhere away from the computer.
viii) Turn off your computer or disconnect from the network when not in use: Turn off your computer or disconnect its Ethernet interface when you are not using it. An intruder cannot attack your computer if it is powered off or otherwise completely disconnected from the network.
What is a Computer Virus?
A computer virus is a self-multiplying computer program that spreads by inserting copies of itself into other executable code or documents through legitimate programs. A computer virus acts in a way parallel to a natural virus, which spreads by inserting itself into living cells. Broadening the similarity, the insertion of a virus into the program is known as an "infection", and the infected file, or executable code that is not part of a file, is called a "host". Viruses are one of the numerous types of malicious software or malware. In common jargon, the term virus often goes on to refer to ‘worms’, ‘trojan horses’ and other sorts of malware.
What is a Trojan Horse program?
A Trojan horse is a simple but malicious computer program that is camoflagued as or snagged inside a authentic software. The term comes from the classical myth of the ‘Trojan Horse’. They may look useful or interesting (or at the very least harmless. For eg. It might claim to be a game) to an unsuspecting user, but are actually harmful when carried out, it might go as far as erasing your whole hard drive. Often the program is simply known as ‘trojan’.
What is a Computer Worm?
A worm is a small piece of software that uses computer networks and security holes to duplicate itself. A copy of the worm searches within the network for another machine that has a particular security hole. It copies itself on to the new machine using the security hole, and then starts copying itself from there to other systems and it does so without any interference. In general, worms damage the network and consume bandwidth, while viruses infect or corrupt files on a targeted computer. Viruses generally do not affect network performance, as their activities are mostly confined within the target computer itself.
General tips on avoiding Virus Infections
The following are some good ways of stopping your computer from getting a computer virus infection:
Turn off the feature that allows automatic opening of email attachments, never open attachments from unidentified sources or attachments you are not expecting.
- Always scan diskettes, CD's and any other removable media before using them.
- Always scan files downloaded from the Internet before using them
- Do not install any unapproved software on your computer.
- Make sure that your virus pattern files are updated.
- Make sure that your computer is patched with the latest security updates.
- Scan your computer on a habitual basis
Dealing with Virus Infections
Always keep in mind that just because your computer is acting strangely or one of your programs doesn't work right, this does NOT mean that your computer has a virus.
Extreme measures such as formatting your hard drive should be avoided. They usually don't fix a virus infection, and may end up doing more harm than good, unless you're very knowledgeable about the effects of the particular virus you're dealing with.
If you haven't already installed a reliable anti-virus program on your computer, do that first. Many problems which are thought to have occurred due to a virus infection are actually caused by software configuration blunders or other problems that have nothing to do with a virus.
If you do get a virus in your machine, follow the directions in your anti-virus program to clean it. If you have a backup of the corrupted files, use those to restore the files. Check the backups before you re-install them to make sure they aren’t infected as well.
For further assistance, check the web site and support services of your anti-virus program.
Please follow the links below for more information about Latest Virus Threats, Security Advises, Virus Definitions and Removal Tools :
- Norton Antivirus (Intelligent Updater, Mar 31, 2010)
- AVG Scanner (Priority Update, Mar 31, 2010)
- McAfee Antivirus (Dat file, Mar 31, 2010)
- McAfee Antivirus (EXE file, Mar 31, 2010)
- Avira Antivirus (ZIP file, Mar 31, 2010)