Posted Saturday, July 10, 2004
I remember when the term "hacker" referred to a computer geek who could transform a mundane electronic device, with a few modifications, into something completely different from what the manufacturer and designer had envisioned for it. In some cases, these were cool improvements and more than one of these hackers made a fortune selling the rights to them. In other cases, the transformation just made you wonder if the guy's horn-rimmed glasses were a little too tight.
Nowadays, the term "hacker" is used to denote a nefarious individual who, for one reason or another, causes havoc or harm to computer systems. The old "hacker ethic" - sort of a code of honor, like the Samurai Bushido code for computer geeks - is apparently no more. The new "hackers" of the old school are now "open source" participants ("coder" is a popular term for them). A "hacker" is now someone who breaks into systems, proliferates viruses, sneaks in via a trojan horse, or otherwise causes problems with other's computing.
The Spread of Attack
Currently, the variations of the Klez virus are reported to be the most prolific online spread of malicious code. Luckily, all it really does is find your Outlook address book and perpetuate itself with your contact list. The news media is always quick to pick up on the latest "hacker attack" or "computer virus infiltration" and make sure it's a top story for the day.
With all of these perceived and realized attacks, how do you, Mr. and Mrs. Internet User, keep yourself and your data safe?
Most of us are aware of the need for "firewalls," "anti-virus software," and such. Hopefully, most of us are using these tools to protect ourselves. Beyond that, however, there is more you need to know. First, we'll cover what the attacks are.
Know Thy Enemy
There are five major forms of attack commonly used against personal computers and networks. Some are more common in attacking one while others are for the other.
DDoS (Distributed Denial of Service) Attack - usually aimed at networks, this type of attack focuses on open ports and connections in the network or system to flood them with requests and "pings" in order to overwhelm it. This is akin to the Mongolian Hordes descending suddenly upon a city before the citizens had time to react and defend themselves. Usually the attacks are made by third-party systems that are probably unaware that they are part of a network of attackers - compromised systems or systems with little or no security are usually the unwitting accomplices of the hacker.
A DDoS Attack can seriously undermine a network by causing one or more systems and their resources to shut down or crash, removing them from use. An example of this type of attack would be the recent attempt to close down the majority of the American Internet backbone in October.
The good news is that the majority of the major systems, as witnessed last October, while temporarily hampered by these attacks, recover completely and easily from them. Most networks are now self-monitored by software that "roves" the network, watching for outages or unusual occurrences. Most server software now includes "flags" that watch for unusual activity and suddenly pop up to let the network monitor know that something may be amiss.
Trojan Horse - this is the electronic version of the downfall of Troy. Basically, software disguised as something else (sometimes something useful) makes it way to your system by your own hand - you wanted the software, right? This software usually contains a "back door," a "trigger," or something similar. A "back door" allows someone to enter your system while you're using the software and do what they wish. The more common "trigger" method waits for a certain trigger (a date, a time, a series of events, etc.) and then sets itself off like a bomb. The results can be any number of things from system shut down to the sudden launch of an attack using your computer and its network or Internet connection. It's not uncommon for a trojan horse to be spread around as the part of a DDoS attack - triggered to all go off at the same time.
A perhaps less malicious, but no less worrysome, version of this type of software would be the SpyWare available on the Internet. This is software that performs a neat function - like Gator filling commonly-used form fields for you - while also collecting information about you to send to advertisers and marketing companies.
These are by far the hardest things to find. Until someone notices what they are, they won't be reported to be cared for by any anti-virus software companies or "spyware" lists. By downloading shareware and freeware, you are taking the risk of installing one of these onto your system. For myself, this is a risk that I have to take as there is way too much great software out there for me to limit myself to only what I can find on the shelf at the store. It pays to read the terms and conditions carefully and to note where you are getting the software from. If it's from a source you don't know well (this includes eBooks and the like!), you may want to reconsider whether you really NEED to download that software or whether it's available from a more reliable source.
Virus - this term is fairly commonly used by people, both online and off. Everyone has heard of a computer virus at one time or another. They are the most common and usually the most sensational of the five major attacks. A computer virus functions in the same way a biological virus does. It's primary concern is usually reproduction. If you think of each computer connected to the Internet as a cell in your body and the network connections (email, data, etc.) as blood vessels transporting lifeblood (information) from one computer to the next; it's easy to see how a computer virus (usually spread via email) can reproduce itself (make copies) and spread from one system to another quickly. Most viruses focus on this point above all others - many times doing nothing more than spreading themselves. Others spread themselves and then destroy or attempt an attack on the host system (the system it is currently on).
A good example of the virus, as already mentioned, is the current Klez epidemic spreading from computer to computer around the 'Net.
The two best defenses against this virus are, luckily, generally included with most new computers: anti-virus software and a network firewall. If you keep your virus definitions up-to-date, scan your system regularly for viruses, and make sure that a functional firewall is in place, you will avoid most virus attacks. I, myself, get about a dozen flags from my anti-virus software every day as viruses are sent to me by various people online.
If you are using the latest versions of your browser or limit your use of Internet technologies, you are in little danger from these attacks. Usually, once the security hole is found, patches and fixes are quickly available before anyone can take advantage of the holes to any large extent. If you are running a newer version of your browser of choice and have the latest patches and updates for the various plugins you may be using, you should be relatively safe from this type of attack.
Worm - finally we come to the last of the big five. The worm is much like a virus, but usually serves a different purpose. A worm is kind of like a tapeworm in your belly. It consumes and consumes resources until finally it's too large for you to host or you die from its thievery. On some levels, a worm is a combination of a DDoS and a virus attack. Worms usually reproduce as often as possible (growing) to spread as widely as they can. However, a worm's primary function is to suck resources. In most cases, the worm is built for a certain type of system (a PC running Windows 98, a Linux server running Apache, an Apple computer running OS X, etc.) and is benign to all others. Once it finds it's intended target, however, it begins sucking resources - usually quietly - until the system finally becomes overloaded and ceases to function.
The Klez virus has been deemed a "worm" by some, though instances of it taking over resources are not common. Worms are most commonly aimed at larger systems (mainframes, corporate networks, etc.) and some are built to "consume" data and filter it back out to someone who shouldn't have it (corporate spies, for instance).
For the average Internet user, a worm is of little consequence and is usually covered by the same software that protects you from viruses. It must be said, however, that worms are sometimes undetected for quite some time as, like a trojan horse, it usually has to do something before it is noticed.
Gearing Up For Battle
Now that you know what you're up against, you should understand what it is that you'll need to combat the beasts.
Most of the items you need are probably included on your computer already - many are free to download as well!
The recommendations I'm making are my personal preference. There are other versions of these same types of software (some of which I'll mention) and no one can really tell you which is better for you. Most of the software mentioned is available for both PC and Mac.
I prefer Norton Anti-Virus (I use it as a part of Norton Systemworks) for virus protection. I find it easy to use, easy to buy, and well-made. The updates are frequent and do not take long to download (they average 100-300 kilobytes per download, with releases about once a week).
Another anti-virus software with a solid reputation is McAffee. Most new computers come with one or the other pre-installed. You can buy either from Amazon.com or at your local software store.
A firewall is the term used for software (or hardware) that functions like a firewall in building construction: it completely blocks the path of a fire - delaying or halting its progress. Firewalls on a computer block network traffic coming to and leaving a system, giving permission to transmit and receive only to those pieces of software authorized by the user.
My favorite firewall software is ZoneAlarm. Available for free for individual users and at a nominal fee for professionals and businesses, this simple-to-use software takes care of everything most users will need. It alerts you when unauthorized software is attempting to send or receive (thereby letting you authorize it or find the culprit) and the Zone Alarm site has a large database of known software so that if you aren't sure what's trying to access, you can click on the warning box and a web page will open with an explanation of what that software is (if it's in their database).
I'm not aware of any comparable software firewalls available. There are a lot of hardware options, though, especially if you connect via broadband. Most cable and DSL modems are now equipped with built-in firewalls for protection.
You The User
By far the best tool for defense against attack of any kind is you and what you know. If you know what you're up against and ways of combating it, you are less likely to be a victim. The uninformed user is more likely to stumble into or unwittingly be the progenitor of an attack. If you are in the know, keep your software updated, regularly update your virus definitions, read informed articles such as this one (*wink*), and watch for sudden changes in your computer's activity - you'll be better able to defend against attack.
We will probably never be able to keep all attackers and attacks from causing harm. But at least we can minimize their effects or reach. As J. Edgar Hoover once said, "for every thousand honest men, there's one hoodlum trying to steal from them."
About the Author
Aaron Turpen is the proprietor of Aaronz WebWorkz, a web services company providing web design, development, traffic, and more. (www.AaronzWebWorkz.com)