The Malware War: Defense in depth
BASH: Episode 16 (The Malware War)
Show Notes
Episode 15 of BASH raised a lot of issues but did not provide much in the way of specifics to either protect yourself from, or rid yourself of, malware.
In this article we summarize what we learned from Episode 15. The major points from Episode 15, can be separated into technical and behavioral elements.
Let’s start with the technical elements:
1. Keep your operating system patched to the latest revision.
Make sure you turn on automatic updates (we showed how in Episode 15). Apply any critical Windows updates right away. Hackers will create malicious programs taking advantage of any deficiencies with Windows within one day of Microsoft announcing a new patch. These are called zero day exploits - so make sure you patch your system the day the patches appear.
2. Use a firewall.
The best is a hardware firewall - a wireless router is a good example - this is a device that lets you share a single Internet connection amongst many computers. While they may not be advertised as firewalls - routers are excellent at preventing hackers from getting into your system.
Software firewalls are a second best solution. Microsoft's firewall, for example, is a software firewall and should be turned on even if you are running a hardware firewall.
Although we did not talk about this in the last episode:
3. Do not log in as a System Administrator.
If hackers pass your firewall their software can easily install itself if you have complete system privileges and you do if you are logged in as an Administrator. Instead, log into your computer as a limited user. XP has special problems when it comes to this due to the fact that programs written for XP never thought they would have their system privileges restricted - so some of these programs may not work well if you run as a limited user. However, if all you are doing is surfing and running Call of Duty - you should not have too much of a problem.
The next item is a behavioral element:
4. Don’t open email attachments.
Email attachments are the number one way viruses and Trojan horses spread and can get into your system. Turn off HTML email in your email browser (for example, MS's Outlook). As well, don’t click links in email. Hackers regularly spoof the real link they want you to browse. For example you may think the link says cnn.com but in reality the hacker could actually be directing you to hack.com. If you need to go to some one's link, manually copy and paste the link into your browser. If the link is spoofed you'll see the real address in your browser's address window.
The final element is to use software against malware.
5. Don't surf naked: use anti-virus and anti-spyware software.
Don’t download files from unsafe places. Filesharing software like Azureus, Kazaa, and Limewire, many times cause you to unknowingly download files that contain spyware and Trojans. Make sure you use an antivirus program on anything you have downloaded. Additionally, there are programs you can download for free to detect and prevent infestations.
Well, this is all well and good I suppose. If you use that advice, not only will the likelihood of getting malware be low, your productivity will be as well. Given the dependence we have on the Internet these days it is very important that we be able to surf freely. If you are limited to certain sub-domains because you're afraid of getting a virus, you'll be spending all of your time on either Google, Yahoo or Amazon.com.
So on behalf of all the bobs_t_shirts.com and weedwhacker.net sites out there, we need some practical solutions to these problems and hopefully, this article will provide them to you - or at least tell you where to look.
Since this freedom to surf is of primary importance to gamers who spend a considerable amount of time on the net, let's look at some practical solutions to each of these issues.
Let's look at some of the technical elements first:
1. Keep your operating system patched to the latest revision.
Although the ball is squarely in Microsoft's court to fix the holes in their operating system before hackers try to exploit deficiencies in it, you can do your part to keep your operating system up to date and the simple way to do that is to ensure your Automatic Windows Update is turned on.
Unfortunately for us, Microsoft is usually fixing these holes after the hackers have exploited them. Compounding this is that when an exploit is found, the news of this is broadcast by the media far and wide. This alerts other hackers world wide that there is an exploit to be had - and the bad guys flock to it like flies on buffalo poop. For this reason, the days immediately after such an announcement are very dangerous as every black-hat programmer in the world is training their sights on the same program flaw. Some people call these exploits "zero-day" viruses for obvious reasons.
Patches are typically issued for Microsoft programs the first Tuesday of every month: so called, patch Tuesday.
As a gamer, you usually don't have much of a choice but to stay with Windows products and thus are susceptible to these issues. If you are a regular reader of the influential planetcallofduty.com you'll know that CoD2 is available on the Mac now. So, if you are really paranoid about viruses - try the Mac which although not invulnerable is a much safer operating system than Microsoft.
An excellent example of a recent zero-day virus is something called the animated cursor exploit - you may have heard about it just a few weeks ago in the news. Animated cursors are often used on websites (a spinning hourglass is a typical example of animated cursors), well it turns out that you the surfer don't get a choice whether a website attempts to animate your cursor. Turns out that Windows had a bug in their operating system that allowed unscrupulous hackers to upload malware through files that were supposed to animate your cursor on various dodgy websites. This malware would typically be a Trojans which could compromise an infected computer and gain complete control of it. Although Microsoft just patched this but, the vulnerability existed regardless whether you were browsing in IE or in the other popular free browser, Firefox. Antivirus programs, firewall...nothing would stop this type of exploit - except to update your operating system.
2. Firewalls
A hardware firewall is a gadget that acts like a one way valve to prevent unwanted network traffic from communicating with your computer. Additionally, if you set up your system correctly, you could completely hide the computers behind that firewall from the prying pings of hackers.
Which hardware firewall should I buy? Without a doubt the most common firewall out there right now is a router, either a wired or wireless, or WiFi router. We have decided to write about a very common configuration in many gamer households, where the gamer uses a desktop PC and at least one family member uses a portable laptop. Therefore, we’ll pick a wireless router for our firewall.
Connecting your broadband modem into the wireless router will provide you with a WiFi connection anywhere in your house for your laptop users. As well, most wireless routers allow you to connect an Ethernet cable directly into them, therefore you can plug your Desktop PC into one – giving you a connection speed that is just as fast as being directly connected into your modem. Importantly, all the devices connected to it can be hidden from the prying pings of Internet hackers.
What should we look at when buying a wireless router?
Is it stable (does it need to be rebooted all the time)?
Can I prioritize the routing of certain software applications above all others?
And finally, what does it cost?
Of all the wireless routers, one of the least expensive is the Linksys WRT54G.
Linksys WRT54G
It is by far one of the most popular devices that can be used as a firewall. The 54G's became well known because they were very customizable through 3rd party modifications. Although customization has become difficult lately, the 54G remains popular because of its low price: $50 US.
The device is capable of sharing Internet connections amongst several computers via IEEE 802.3 Ethernet and 802.11b/g wireless data links.
Having said all that, we have personally found it to be somewhat lacking rock solid stability and it needs to be rebooted from time to time; however, upgrading the unit to the very latest firmware – a free download off the Linksys website, has greatly improved the situation. Did we mention it is very inexpensive? As with most routers you can decrease the effect of latency when you are gaming and two or more people are using the router by programming the unit to prioritize the packets coming from, say your Call of Duty software. This is easy to do and can be done by accessing it through a web-browser.
With it, wired devices connect to a blazing fast standard ethernet 10/100 switch and on the wireless side, you'll transfer data at 54 Mps
Now, if you are a hard core gamer, then the D-Link DGL4300 might be for you.
D-Link DGL4300
The D-Link has been a favorite amongst reviewers for sometime now. At approximately $140US you get the following features:
• It has a slightly smarter packet filtering method, a proprietary algorithm called GameFuel. It prioritizes incoming and outgoing packets going through your router. Gaming packets will have priority over other packets such as those commonly associated with FTP and web traffic, allowing you to maintain consistent latencies while playing online games.
• Enhanced wireless technology for optimal range and connectivity – up to 108Mbps
• Enables multi-tasking between other applications without degradation in game connection.
• Customizable settings to add or modify new applications or game configurations
• A Firmware upgrade notification feature.
Now, did we say that if you get in behind a router, wireless or otherwise, you are safe? Well guess what? Don't leave your credit card numbers on the hard drive just yet.
The computer magazine PCWorld found way back in November 2002 that if you leave the default password on your router (which by the way most people do) hackers can – at least on some routers - rewrite the code controlling your router and gain access to your system. Interestingly if your next door neighbor is using the same type of router and they use the default password you'll both be using each others routers without knowing it. So remember to set a different password!
Now in addition to hardware firewalls, you may have heard of software firewalls. What are these?
Well, a software firewall is simply a program that runs in the background all the time. Its basic function is to monitor all traffic trying to get into your computer and lets you decide whether you want to let it in. The software firewall then alerts you to any unwanted intrusions. As well, YOU get to choose which programs are allowed access to the Internet and thus you can prevent worms, Trojans and spyware from infecting your computer. Without one, any program you install has access to the Internet.
The downside to software firewalls is that if you do get infected by a virus, the really dangerous ones will rewrite the software firewall code itself to prevent you from knowing the virus is there. For this reason there are a lot of computer experts who do not recommend surfing the net with only a software firewall. Use both a hardware and a software firewall for maximum protection.
The other downside is that software firewalls consume CPU cycles and computer resources.
A very concise list of these programs can be found at: hackfix.org/software/configure and click on the Firewall software listed there.
Here’s the do’s and dont's of a software firewall. Like the hardware version, they:
Help block computer viruses and worms but they do NOT detect or disable them.
Software firewalls WILL ask you for your permission to block or unblock certain connection requests, but it does not stop you from opening e-mail with dangerous attachments.
Software firewalls can create security logs of the sites trying to send you requests for access but they do not block spam or unsolicited e-mail.
Some of the more sophisticated software firewalls do indeed do some of those things, but we'll keep things simple here and discuss two products that only do the basics.
Here are 2 software firewalls I can recommend:
a) The Windows Firewall.
This was previously known as Internet Connection Firewall or ICF. If you're running Windows XP Service Pack 2 (SP2), Windows Firewall is already installed and it is turned on by default. However, some computer manufacturers and network administrators might turn it off.
To turn it on:
To open Windows Firewall
1. Click Start and then click Control Panel.
2. In the control panel, click Windows Security Center.
3. Click on Windows Firewall
The Windows Firewall is a very basic program. It's fairly unobtrusive in that you'd never know it was running.
When someone on the Internet or on a network tries to connect to your computer without being requested to do so, Windows Firewall blocks the connection. If you run a program such as a multiplayer online game that needs to receive information from the Internet, the firewall asks if you want to block or unblock the connection.
If you choose to unblock the connection, Windows Firewall creates an exception so that the firewall won't bother you when that program needs to receive information in the future.
b) ZoneAlarm
There are two versions of this firewall. I want to only talk about the free version here. ZoneAlarm is hands down every one's best software firewall. The biggest difference between it and Windows Firewall is that Zonealarm is bidirectional. That is, it not only senses intrusions it also senses outbound traffic. For example, if someone hacked your computer and installed a program that will try to access the Internet, ZoneAlarm will alert you and you can then take action to shut that program down. It even has a stealth mode to hide your computer from hackers.
The downsides to ZoneAlarm are that it slows down your computer and takes up system resources.
The other big downside is that ZoneAlarm is very obtrusive and warns you about even innocuous events. For this reason, it is probably best left to power users. Remember, the goal of Zone Alarm is to sell you ZoneAlarmPro for $50 so their goal is to sufficiently frighten you into buying their pay version – so it tries to draw attention to itself as much as possible to show you that it’s working. Novice computer users could find this frightening.
Zonealarm’s website is found here: Zonealarm
Don't run ZoneAlarm with any other software firewall. So if you download it - make sure you turn off Windows Firewall.
Right now, ZoneAlarm just takes up too many system resources for me to recommend it while you are gaming. Use Windows Firewall while gaming and turn ZoneAlarm on at other times. But don’t run both simultaneously.
In the next edition of our articles on malware we discuss the details of changing your online behavior and more excitingly, we discuss what software programs you can download (most for free) to help you protect yourself against malware.
Related Articles