Federal Agency of Education
« Siberian State Aerospace University named after M.F. Reshetnev»
A virus is a self-replicating program that spreads by inserting copies of itself into programs or documents that already exist on a computer. The name comes from an analogy with biological viruses. These cannot reproduce by themselves but make use of the functions of infected cells to spread. Similarly, a computer virus makes use of the executable code in legitimate programs to carry out its purposes. A virus may be designed to be destructive to a system or to be a prank. In either case, the virus will rapidly reproduce itself until the system may be overwhelmed. Viruses spread to other systems when infected programs are copied to another machine. Documents with executable code like Word macros can also be vectors of infection. A very common method of spreading viruses is by attachments to email . Today a variant of a virus known as a worm is more often used.
Viruses and worms are often lumped together in the single category of virus but there is technical distinction. A worm differs from a virus in that it contains all the code it needs to carry out its purposes and does not depend on using other programs. Most recent instances of malware have been worms, spread primarily by email. Worms are designed to replicate rapidly and to use the Internet or other networks to spread with great facility. They may contain code to damage or erase files or may carry other malicious payloads. On a number of occasions, large numbers of computer systems have been brought down by worms. In addition to the damage from whatever payload they carry, the sheer number of worm copies can bring systems to a halt.
A very common method of spreading is by use of any email addresses on an infected computer. The worm searches address books, temporary Internet caches and other possible sources of email addresses. The worm then mails out random infected fake messages. It may use the addresses it finds not only as recipients but also may spoof mail to show them as senders. It may also combine random pieces of addresses into new fake addresses. All the messages will contain an attachment that is infected. None of this activity may be known by the owner of the infected machine and may go on for weeks or months. A single infected machine can send out thousands of worm-carrying messages.
Most people know that anti-virus software is a necessity and most computers come with some form of anti-virus program already installed. (Note that anti-virus is a catchall term that refers to a variety of malware.) All the major programs check email as well as scanning your system. However, new viruses appear every day and anti-virus programs are only as good as their database or definitions of viruses. A program can't recognize a new virus unless it has been kept up to date. Anti-virus programs contain update features and these are automatic in the newer major programs. However, the big vendors like Symantec and McAfee no longer give unlimited free updates but start to charge after some initial period ranging from 3 months to 1 year. Very often people do not subscribe to the new updates and let their protection lapse. This leaves the computer open to any new virus that comes along. Actually, it may be better to periodically buy a whole new version of whatever anti-virus program you use. I have often found rebate offers that make the new program cheaper than the update subscription.
Personally, I find both the Norton and McAfee programs to be very heavy users of system resources. An alternative is one of the free programs like Grisoft AVG. In the past, Symantec's Norton has always seemed to get much better reviews for efficacy against infection than the freebies but a recent review by the magazine PC World indicates that there are several free programs that now provide acceptable levels of protection. Tech Support Alert gives a critique of the various free programs and describes an effective computer defense that uses free programs.
The term Trojan horse is applied to malware that masquerades as a legitimate program but is in reality a malicious application. It may simply pretend to be a useful program or it may actually contain a useful function as cover for a destructive one. Screen savers are often used as a carrier. Trojan horses do not replicate themselves as do viruses and worms. However, a Trojan horse can be part of the payload of a worm and can be spread to many machines as part of a worm infestation. Many Trojan horses have been sent out as email attachments.
One favorite use of Trojan horses is to allow a malicious hacker ( more properly called a "cracker") to use systems of unsuspecting owners for attacking other machines or as zombies. Another use is for relaying spam or pornography. Yet another use is to steal account passwords and then relay them back to someone for fraudulent use. Trojans can also be destructive and wipe out files or create other damage. Recently, phishing scams have been making use of Trojans.
Many Trojans are recognized by the major anti-virus programs. However, not all Trojans have characteristics that trigger anti-virus programs so additional software is recommended. The spyware programs discussed on the next page should be considered as well as the references in the sidebar.
It is essential in the present conditions to have a firewall. The Internet is a two-way street. Unless your computer is properly protected, it is all too easy for unwanted visitors to gain access to your computer while you are on-line. Once into your system, a cracker can plant a Trojan or worm or do other harm. Good firewall software can make your computer invisible to all except the most determined cracker. Further, most firewalls will warn you if programs on your computer try to connect to the Internet without telling you. That will help to warn you if you get an infection. Note, however, that some Trojans may hide by piggybacking on essential services like your email client.
Unless they had a broadband Internet connection, I used to tell people that they probably did not need a firewall. However, hacking has reached the point where everyone, even those with dial-up connections, needs a firewall. My firewall keeps a log of the attempts that are made to probe my computer and once in a while I check it out of curiosity. The attempts are unceasing and come from all over the world. (I know because I look up some of the IPs.) Even my wife's dial-up AOL account is probed all the time. Many of these probes are not malicious but I see no reason to take chances on the good will of all these strangers.
The present version of Windows XP has half a firewall built in. Unfortunately, it monitors only incoming traffic and therefore is of no help in warning about programs on your computer that call up Internet sites without telling you. Also, note that that you have to specifically enable it. (Service Pack 2 turns it on by default.). I recommend a more robust program. If you want to, you can go for one of the commercial suites that include a firewall together with a variety of other programs. However, there are several very good free programs. The sidebar contains references.
Spyware, adware and their variations are programs or applets that get installed on your computer by a download from the Internet. (You could also get them on a disk from somebody but that is less common.). There are basically three scenarios where problems arise:
1. You knowingly download and install something but do not understand all the functions of the program.
2. You download and install one thing but other things are installed along with it that you do not know about.
3. Something is downloaded and installed without your knowledge.
There are many software downloads available on the Internet that call themselves freeware. Quite a few of these are, in fact, free and come without strings. In the end, however, the cost of any software has to paid for by somebody, somehow. One way to support the cost of software is through advertising that is downloaded and displayed on the user’s computer along with the software. Many useful and reputable programs are now distributed this way. Often they come both in a version that is “free” (but with ads) and in a version that has no ads but has to be paid for. As long as the user is told up-front about the ads and about any tracking that might be going on, this form of adware has a perfectly legitimate role. For example, I use the adware version of the Opera browser. I do not use the browser very often and I wouldn’t pay for it but I am willing to have small ads running when I do use it. Actually, they are unobtrusive and I pay them no attention.
Note that I said that I was willing for ads to run while I was using the program. Less scrupulous software distributors may have pop-up windows showing ads whether you are using their program or not. Even worse offenders graduate to “spyware” and contain a component running all the time in the background to track your viewing habits on the Internet (and possibly other things). Your preferences are relayed to advertisers so that ads may be targeted specifically to what is perceived to be your interests. For example, if you visit a lot of sports sites on the Web, you may find ads for athletic equipment showing up on your computer.
Legitimate programs are straightforward in alerting you that advertising banners or pages will be downloaded to your computer and shown to you whenever you try to use that program. Others are less up front and bury the notice about ads and other actions in the EULA (End User License Agreement). Having seen this type of turgid legalese innumerable times when using Microsoft applications, most of us just click the “I agree” button without reading the stuff. If you do read the EULA thoroughly, you may find that you have signed away all your rights to privacy. How legally binding this really is, I am not competent to say, but personally I find the implications disconcerting. Still other software packages do not even bother with hiding details in the legalese but simply carry out surreptitious actions on your system without notifying you beforehand.
Not content to entice you into using their spyware by providing some useful function, some firms download stuff to your computer whether you want it or not. Many Web sites have ad banners that contain download links. If you accidentally click on the ad, you may initiate a download. Some of these ads contain messages that your system "may" be infected with a virus or otherwise impaired in order to lure you into clicking on something. Depending on your browser security settings, you may then receive some unwanted software automatically or get the standard Windows pop-up message asking, "Do you accept this download?" If you click "Yes," spyware is installed. Note that the presence of a security certificate is no guarantee that something is not spyware. An example of a download window for a well-known problem program is shown in the figure below.
Lists of these types of spyware are available at the spyware database references given in the sidebar. Unless you are sure about a program, check it out on these lists before installing.
One issue is to how much of your privacy is invaded by the ad tracking. To some degree, it is the nature of an individual’s personal psychology that decides what is private. Some people are unconcerned while others react violently to the notion of being tracked. Privacy is a large subject and beyond the scope of this article but several references are given in the sidebar.
However you may feel about the privacy issues, the practical matter is that spyware uses your computer resources and bandwidth and often causes sluggish behavior or even crashes. Some spyware like the very popular file-sharing program Kazaa may even use your idle CPU time for whatever computational purposes they see fit. Many PC users have suffered significant degradation or worse for their system from the presence of spyware.
Because of the proliferation of spyware, many programs are now available for detecting spyware and cleaning it out. Anti-virus programs do not detect most spyware because the programs do not have the characteristics of a virus. Thus a separate application is needed that specifically targets spyware. Links to two free programs, "AdAware" and "SpyBot Search & Destroy" are given in the sidebar along with references for others. Unlike ant-virus programs, where installing more than one program is not recommended, it is a good idea to clean your system with consecutive application of two or more spyware removers. According to PC Magazine , the commercial programs Spy Sweeper and Spyware Doctor are the two best anti-spyware programs. PC World also chooses Spy Sweeper as its top ranked program.
Firewalls that monitor programs on your system that attempt to connect to the Internet will give you warning of the presence of spyware. The Windows XP firewall does not have this capability so one of the firewalls mentioned in the references in the sidebar is recommended. If another firewall is installed, turn off the Windows XP version. The update SP2 automatically enables the Windows XP firewall.
It's a good idea to check what programs run automatically at startup. Windows 98/Me systems can use MSConfig and Windows XP systems can use the services console to see what is running in the background. Unwanted programs can be detected and disabled. Any spyware can then be removed.
Avoiding spyware in the first place is the best defense. Use common sense in installing software. Check out any potential download with the spyware databases given in the references in the sidebar. Exercise caution when visiting strange Web sites.
Some references recommend disabling ActiveX entirely. While this will prevent many unwanted controls from installing, it will also break useful applications. Using the Firefox or other non-Microsoft browser is another recommendation for those who wish to avoid ActiveX problems. However, any commonly used browser is still susceptible to other types of script and the security settings for scripting should be consulted.
"Phishing" is a form of identity theft that used to be done over the telephone. Now, however, the crooks have gone high-tech and are using the Internet for their con games. Most commonly this consists of sending out emails purporting to be from a legitimate source such as a financial institution. Under some false pretense, such as the claim that your account needs verifying, an email will ask that you go to a Web site by clicking on a link in the email. When you go to the Web site, you are asked to "update" or "confirm" personal information such as account numbers and passwords. The Web sites may look just like a legitimate page but they are bogus sites designed to steal from your accounts. The link in the email may read like it leads to an authentic site but actually takes you to a fake page.
The first large-scale example of "phishing" was several years ago when many AOL users were tricked into divulging their passwords. Their accounts were then used for the scammer's purposes. Since then, many other institutions have been attacked. For example, in 2003 many people received emails supposedly from eBay claiming that the user’s account was about to be suspended unless they clicked on the provided link and updated their credit card information. The scammers use mass-mailing methods and many of the recipients did not even have an eBay account. However, all it takes is 1 or 2 per cent responses for the con to result in a nice haul.
Recently, banks have been a favorite target of "phishing". ISPs, banks, etc. do not ask for passwords and the like to be entered by email. Be suspicious of any email message that asks for personal information. Don't ever follow a link in an email that asks you to update or verify sensitive information. If you want to contact a company, go to their Web site by using a link from your records or telephone them.
The origin of using the name of the Hormel Company canned meat product for junk email is attributed to various sources, including Monty Python. Whatever the origin of the name, spam is a truly major email nuisance. The ease with which large electronic mailing lists can be set up and the essentially cost-free (to the mailer) process of email means that almost anyone can send out huge quantities of advertising or other messages. Around half of all email is estimated to be spam.
In theory the best defense against spam is stay off the mailing lists. So how do we get there in the first place? Unfortunately, it is almost impossible to keep your email address hidden from determined marketers. Once on a list for any reason, your address may be sold and resold many times until it is on dozens of lists. CDs with millions of email addresses are readily available for a few dollars. Any action that you take that might expose your email address on the Internet can end you up on spammer’s lists. Participation in chat rooms, newsgroup discussions, investment forums are all ways to get on lists. In a practice called “harvesting,” spammers use software called “spiders” to regularly comb the Internet for addresses. Also, many ISPs offer the option of being listed in a directory and these are fair game for advertisers.
Shopping on the Internet, signing up for newsletters, entering contests, registering to download software, or other activity requiring that you provide your email address can also get your name on lists. Although reputable merchants, newsletter writers, shareware sites, etc. will respect your privacy, some sites may feel free to sell your name to others. Always look for a statement of the policy on privacy before signing up for something.
Another method used by spammers is the “dictionary” attack. By combining all common words and names (with variations like joe1, joe2, joe3, etc.) with all the common providers such as AOL, Hotmail, MSN, Earthlink, computer programs can generate millions of possible email addresses. Many of these will be legitimate and the spammer doesn’t care about the ones that bounce. The cost of mailing to a lot of incorrect addresses is too small to be any deterrent. Thus some people advise using uncommon combinations of symbols for your email address.
Everyone should have several disposable junk email address that they use where public exposure is likely. One of the free services like Hotmail or My Yahoo serves admirably for this purpose. If an address starts to attract spam, it can just be discarded.
You can also “munge” your address in places like Newsgroups. To “Munge” is to add easily recognized extra characters to your address along with the accompanying phrase “remove xyz to obtain address”. Thus myname@myISP.com becomes myname@mynospamISP.com. The only trouble is that address harvesting software can be programmed to strip out obvious strings like nospam although many times they don't bother.
One method of dealing with spam is to block or filter mail from known spammers or that contain particular subjects or key words. This can be done either on your email program or with special software. The common email programs like Outlook Express allow for setting up rules that apply to categories like senders, subjects, and textual content. Check your particular email client for the details. For example, in Outlook Express go to the menu under Tools-Message Rules . The problem is that spammers keep changing or faking their ostensible names and addresses as well as using phony subjects. Personally, I have found that rules and filtering within my email program may keep out some spam but that it is only a partial answer to the problem. You can also install some extra software. There are a slew of utilities devoted to stopping spam. The best types of programs use a statistical technique known as Bayesian filtering. These programs set up filtering rules based on actual experience and "learn" how to improve filters from the email that you receive. See the sidebar for references on this technique and on various software programs.
Businesses and those who are big users of email will need some heavy-duty methods of filtering spam but average PC users who receive only a few emails each day can use a program like MailWasher Pro. Also, ISPs are getting better at filtering and may also provide some way for individual users to create filtering rules.
There are also services that will filter your mail. By collecting large databases of known spammers and using their client’s emails to keep up with the latest tricks and twists of the spammers, these services can be better at stopping spam than software located on your own computer. These services naturally slow down the processing of your mail since it has to go through their server. Several are listed in the sidebar.
Note that no matter whether you filter mail with software on your own computer or use an external service, some spam will get through and some legitimate mail will get blocked.
Although there are many ways to try to block spam from arriving in your mailbox by using software or filtering services, my experience is that spam has reached the point where one of the best defenses is to have more than one email address. You can reserve one address for friends and relatives and have a second throwaway address that is changed fairly regularly. This second address would be the one that is used whenever it might be subject to public exposure. Many ISPs allow for an account to have multiple mailboxes and one can be set aside for junk. If the volume builds up, the box can be discarded and replaced by a new one. Another route is to use one of the free Internet email services like Yahoo or Hotmail. Yet another approach is to use one of the services that provide email addresses with a limited lifetime. For example, SpamGourmet will give you addresses good for a certain number of uses only.
The last and perhaps best defense is common sense and the “delete” key. Don’t open obvious spam messages and be very careful about responding to “Remove me from this list” type of addresses. That may very well just get you on more lists. Also note that formatted spam may contain Web Bugs that tell the spammer if you have opened that mail.
2. http:// www.pctools.com