Mar
19
The Changing Face of Computer Security – Part 1
Filed Under Computers & Tech, Security on March 19, 2007 at 2:08 am
Like just about everything in IT the computer security landscape is constantly changing. As the computer industry strengthens our defenses, and as old avenues of attack are closed off, the attackers change their strategies, targets and techniques. It’s a never-ending game of cat-and-mouse and the rules are always changing. However, there is one element that remains constant, uneducated and innocent users are always the prime target. Hence, the best defense is education, if you don’t understand the attacks you haven’t a hope of defending yourself. This is the first part of a two-part series to try to give people an introduction to this complex and dynamic field. Reading these articles won’t bring you even close to being an expert but they should give you a basic overview of the computer security landscape. In this first part we’ll have a look at what the bad guys are trying to do to your computer and why, as well as some of the simple things you can do to protect yourself. In the second part we’ll look in more detail at how your computer may be attacked and how I see the attacks evolving over the next few years.
I want to start our look at computer security with a look back. In the past writing viruses was little more than cyber-vandalism. The authors were generally looking for a challenge, that or they just enjoyed causing chaos. Viruses generally had nasty payloads, destroying files and in some extreme cases even destroying computer hardware like hard disks and monitors. If you had a virus you knew about it because you were suffering! Getting a virus used to be a very bad thing, it generally meant your data was in big trouble. If you look at the viruses that have been doing the rounds in the last few years that is no longer the case. When is the last time you heard of someone loosing all their files because of a virus? The reason for this is not that it’s not possible to write such destructive viruses anymore, because it most certainly is, the reason is that the motivations of the attackers have changed. The new motivations are two-fold, money and politics, however, both sets of attackers are after the same thing, control of your computers. Modern viruses are mostly concerned with secretly taking over your computer and signing it up to a so-called bot-net. A bot-net is a collection of computers which are secretly taking orders from the author of the virus that took them over. The reason modern viruses generally don’t ruin your day is that the attackers don’t want you to notice they’re there. They want to use your computer behind your back to do their bidding. If you don’t notice you’re infected then you’ll be less likely to try to un-infect your system!
Whether you’re after money or whether you’re trying to achieve political ends a bot-net is a very powerful tool to have at your disposal. Once an attacker has control of your computer there are three basic things they can use it for. The most benign is to turn your PC into a mail server and use it to send out spam emails. Secondly your computer can be set the task of spying on you and collecting personal information, this is then returned to the controller of the bot-net. Generally the information is then used to blackmail you, or more likely, just to defraud you. Finally the attackers could use your computer (and all the others they control) to launch an attack on a web site or service, or even the very fabric of the internet itself. In the grand scheme of things the latter is the most dangerous use of a bot-net. Our modern society is totally dependent on the internet so an attack on it’s infrastructure is a very serious thing. Even to disrupt it for a few hours would be a big deal. This is not news to the various terrorists out there, and although no attack has yet succeeded, attacks have most certainly been tried. Only last week there was an attempt to take out the DNS system which the Internet relies on for translating user-friendly addresses like www.nuim.ie into the actual IP addresses of the servers running sites and services.
Of all the attacks that a bot-net can unleash the most dreaded is the so called Distributed Denial of Service Attack or DDoS (pronounced dee-dos). Every server on the internet has finite resources. The resources available to servers are generally many orders of magnitude greater than those available to home users, hence, no individual PC should be able to over-power a server. However, a bot-net of a few thousand PCs (which is not at all unusual) can easily take down a website. This is either done to make a political point, or more often to extort money from online retailers. A sustained DDoS attack can destroy an online business. Generally the attackers will launch a short sharp attack, then ring the company with demands. If the demands aren’t met another ‘demonstration’ is provided until the vendor ‘sees the light’. A DDoS attack is all but impossible to defend against because each individual packet used is totally normal harmless traffic, the damage comes from the volume. There is no way to differentiate between legitimate traffic to your site and the traffic that makes up the DDoS attack, so you can only throw more resources at your servers in the hope of over-powering the bot-net.
So, to summarize, regardless of how attackers get into your computer their aim is generally the same, either to bombard you with ads, spy on you, or use your computer to do their bidding by using it to send spam or to attack internet sites or even the very fabric of the internet. If your computer is on the internet you are a target, if you have broadband, doubly so. If you have a computer which connects to the internet you need to take steps to protect yourself and indirectly the Internet itself.
The most crucial thing you need to do is to keep your operating system and all your software as up-to-date as possible. Although it’s important to keep all software up-to-date it’s doubly important to keep all software the connects to the Internet up-to-date, by that I mean things like your web browser, your email client and your chat clients. All modern operating systems have an automated update feature as has most software, turn these on and install the updates they offer. The reason this is so important is that you’re most likely to get infected by the exploitation of a known flaw in software you run. As soon as flaws become know they’re patched, but if you don’t update your system you remain vulnerable and your machine could be totally taken over by something as simple as looking at a website.
The next most important thing to do is to run a firewall of some sort on your machines. If you use Windows XP Service Pack 2, Windows Vista, Mac OS X, or Linux you have a firewall installed, so just make sure you have it turned on. If you’re running Windows 98, Windows ME, Windows NT4 or a version of Windows XP prior or Service Pack 2 you need to upgrade your operating system to at least Windows 2000 or Windows XP Service Pack 2 NOW because you are vulnerable and updates are no longer being released for your operating system. These operating systems are not safe to use on the net, period. If you’re running Windows 2000 you need to install a firewall like Zone Alarm. Firewalls are not perfect, they are not a panacea, but connecting to the Internet without one is irresponsible to the point of recklessness.
Prevention is better than cure. Keeping your software updated and running a firewall is all about prevention. However, you also need the ability to detect any problems your machine may have, and the ability to fix them. For this you will need an Anti-Virus program and an Anti-Spyware/Adware program. Many modern security programs combine virus detection and deletion with spyware/adware detection and removal. You can choses to spend money on these things or you can opt for free alternatives like AVG and Ad-aware.
All though all the above steps will make you significantly safer they don’t provide total protection, nothing does. You still need to apply common-sense. Don’t run random files you get emailed, that you download, or that someone gives you. Only run trusted software. Also be aware of social engineering, no amount of security can protect you from attempts to trick you into divulging confidential information. If it looks suspicious, back away. Always air on the side of caution. There really is no substitute for common-sense and alertness.
So far we’ve looked at why the bad guys want your computer and some of the basic steps you can take to protect yourself. In the next part we’ll look at how the bad guys are attacking your system and the recent changes I’ve noticed in their techniques (or vectors of attack in computer speak) as well as some extra protections which will become more and more important over the next few years.