Citrus County Yellow Pages

This is a number of articles that I found on the Internet some years ago. But they are still very useful in helping people to understand viruses and keeping their computers safe.

Viruses

First, let me tell you about a site I found that will check your computer to see how secure it really is. I read an article by Paul Somerson in PC Computing about this site, so I went to it and I tried it and I found out a lot of information that I didn't know before about surfing the Internet. I will be going back to it for more information. Click on Shields UP! to go check it out for yourself.

Shields UP! quickly checks the SECURITY of YOUR computer's connection to the Internet.

How to Protect Against Computer Viruses
By Shawn Connally and Bruce Stewart, ZDTV

Take into account that only about 40 percent of PC owners use anti-virus software, and that viruses can spread to your system easily from the Internet, bulletin boards, or e-mail attachments, and we're talking epidemic. Luckily, though, there are some powerful preventative measures and some equally effective antidotes once you've contracted a bug.

A computer virus is a piece of software that has been written to surreptitiously enter your computer system and "infect" your files. Some viruses are benign and won't harm your system, while others are destructive and can damage or destroy your data.

Typically a computer virus will replicate itself and try to infect as many files and systems as possible. If your system is infected, when you save a file to a disk you will probably infect the disk, and in turn whoever uses that disk will infect their system. As you can see, it's a vicious cycle, not unlike the viruses that plague us humans.

New computer viruses are being written all the time, and it's important to understand how your system can be exposed to them, and what you can do to protect your computer.

Computer viruses are categorized into four main types: boot sector, file or program, macro, and multipartite viruses.

Boot sector viruses are usually transmitted when an infected floppy disk is left in the drive and the system is rebooted. The virus is read from the infected boot sector of the floppy disk and written to the master boot record of the system's hard drive. The master boot sector is the first place your system reads from when booting up from the hard drive. Then, whenever the computer is booted up, the virus will be loaded into the system's memory.

Program or file viruses are pieces of viral code that attach themselves to executable programs. Once the infected program is run, the virus is transferred to your system's memory and may replicate itself further.

Macro viruses are currently the most commonly found viruses. They infect files run by applications that use macro languages, like Microsoft Word or Excel. The virus looks like a macro in the file, and when the file is opened, the virus can execute commands understood by the application's macro language.

Multipartite viruses have characteristics of both boot sector viruses and file viruses. They may start out in the boot sector and spread to applications, or vice versa.

Viruses can be written into almost any type of file, so it's important to be aware of this when you add software to your system. There are known instances of viruses being accidentally included in licensed, shrink-wrapped software, but generally you are safe when installing legally purchased software that you've obtained through normal channels.

The two main ways viruses enter your system are through files added to your system from floppy disks (or other removable media like Zip disks) and from downloading from the Internet or private bulletin boards. You can also get a virus through an e-mail attachment, but not from a plain text email message alone.

A common myth regarding viruses is that they can only be passed into your system through executable program files, or files that are actually programs, not just data. You'd also think, then, that infection couldn't take place unless the program holding the virus is launched. With the advent of "macro" viruses, though, this distinction is getting blurred. Macro viruses can exist inside any document whose application uses a macro language, such as the "Concept" virus passed in Microsoft Word documents. In this case, a user can have a clean version of Microsoft Word and simply open an infected Word document, which will then infect the application.

Some common symptoms that could indicate your system's been infected are:

There are several programs (called virus protection software, anti-virus software, or virus checks) that will check your system for known viruses, scan incoming files, and warn you before any infected files are let in. An important fact about these programs is that they are only as good as their database of known viruses. Since new and different viruses are being introduced all the time, anti-virus databases need to be updated often.

ICSA certifies virus protection software and maintains a list of approved software. This is a good site to check regularly, as the organization monitors the progress of computer viruses and offers a wealth of virus information.

If you have a system that is not currently running virus protection software, the first thing you should do is install one of these programs and have it scan your hard drive. It will identify any files that have been infected by any virus it recognizes and offer you the option to repair the file if it can. In some cases infected files can be "cleaned" by your virus protection software; in others, the files will have to be discarded.

Once you have determined that all the files in your system are virus-free, this would be a good time to do a complete backup of your system. If you get infected in the future, you will really appreciate having clean copies of your files.

Another method you can use to detect viruses is to monitor the byte size of the programs installed on your hard drive, particularly .exe and .com files. If you notice any unexplained change in file sizes, this is a good indication that your system has become infected. This can be a difficult and tedious method of checking your system, however, and installing anti-virus software is a better alternative.

Once you've scanned your system for viruses and determined it to be clean, it's a good idea to put in place procedures to protect your system. The number one thing to do -- be careful whenever you're installing software or downloading files.

Most anti-virus software can be set to scan all floppy disks inserted in your system and to scan files that are downloaded to your system, including email attachments. We highly recommended that you set up your software to do this. This is the most important thing you can do to protect your system. It's also extremely important to keep your antivirus software current, and you should check regularly with your chosen vendor for updates to their product. This can often be done at the vendor's Web site.

If you have installed virus protection software and it has detected a virus in your system, first try to get the software to "clean" or "disinfect" the files. If this doesn't work, you'll most likely have to delete these files from your system.

In extreme cases, it may be necessary to reformat your hard drive, destroying all of the data on it. Then you'll have to reinstall your software and data, assuming you have the original software disks and clean backups of your files. In this case, it's a good idea to install your virus protection software first on the empty hard drive, so that the integrity of your backup files and original software can be verified.

You might also want to contact all the people that you've recently (or at any time) exchanged information with -- via floppy disks, e-mail attachments, Zip disks -- and let them know your system's been infected and theirs may be infected as well. You'd want to advise them to check their system for the appropriate virus or symptoms.

Funny how these computer viruses mimic human life, huh? Be safe.

By Robert Vamosi, Help & How-To
ZD Net

A few minutes of prevention is better than several hours of frustration and lost data.

Today, a worm or virus can arrive on anyone's machine through e-mail. Before you lose a day's work to the latest malicious virus, follow these precautions.

1. Get protected. If you don't already have virus protection software on your machine, you should. If you're a home or individual user, it's as easy as downloading any of these five star programs then following the installation instructions. If you're on a network, check with your network administrator first.
2. Update your anti-virus software. Now that you have virus protection software installed, make sure it's up-to-date. Some anti-virus protection programs have a feature that will automatically link to the Internet and add new virus detection code whenever the software vendor discovers a new threat. You can also download updates from ZDNet Updates.
3. Scan your system regularly. If you're just loading anti-virus software for the first time, it's a good idea to let it scan your entire system. It's better to start your PC clean and free of virus problems. Often the anti-virus program can be set to scan each time the computer is rebooted or on a periodic schedule. Some will scan in the background while you are connected to the Internet. Make it a regular habit to scan for viruses.
4. Be suspicious of e-mail attachments. Even if the e-mail is from a known source, be careful. A few viruses take the mailing lists from an infected computer and send out new messages with its destructive payload attached. Always scan the attached files first for viruses. Unless it's a file or an image you are expecting, delete it.
5. Stay informed. Did you know that there are virus and security alerts almost every day? Keep up-to-date on breaking viruses and solutions by bookmarking our Viruses, Bugs, Security Alerts page.
   

As always, be wary of unsolicited programs you receive via the Internet -- whether they arrive via mIRC, via e-mail, or on Usenet. Be aware that Windows help files, which most people believe to be harmless data files, can also carry malicious programs such as Trojan horses and viruses. And keep your virus scanning software updated; all of the major vendors are expected to add W95.Babylonia to their databases within the next few days. You can protect your PC with the latest anti-virus programs and shareware from our Anti-Virus Downloads page.

Protect Yourself Against Internet Eavesdropping

Readers often ask whether the data on their PCs is safe while they're surfing the Internet. I wish I could say that in most cases it is and that there's no need to worry, but I can't. The truth is, when you connect to the Net, you're plugging into the largest two-way network in the world. If you're not diligent about protecting yourself, your system may well be vulnerable. It may already have been compromised, and it's probably being probed for signs of weakness even as you read this.

There are a number of ways a malevolent someone or something can find his, her, or its way into your system. For instance, it's well known that executable code downloaded to your computer during an Internet browsing session can wreak havoc if you run it. The bonus is on you to decide whether to trust such a download. The latest browsers provide mechanisms that let you decide whether to accept or reject certain types of downloadable executable code, either always or on a case-by-case basis. Because these downloadable code objects improve and often even define your online experience, choosing the most restrictive option is not ideal. Digital certificate authorities can help you decide whom to trust, but there's still some risk involved.

Even more insidious are stealth-mode tactics, the tools of today's connected criminals. In this case, the attempt to subvert your system comes in one of two forms. First, the perpetrator can take advantage of your leaving File and Print Sharing turned on in the Network section of Control Panel for your Internet connection, which is rather like leaving your door open and placing your wealth in full view a few feet inside the door. Sure, you can leave File and Print Sharing turned on and password-protect your shares if you really want to, but this is like placing a speed bump on the autobahn. It'll slow the criminals down, but it's just a matter of time before they get you.

The second way your security can be compromised is through a back-door program, such as Back Orifice or Netbus, which installs itself in Trojan horse fashion by arriving as an e-mail attachment or by posing as some useful executable program. Once run, these programs slither into place on your system and wait. When the intruder connects from his or her distant lair to the back door, he or she often has full access to your system.

These intrusions often happen innocently enough, at least from the victim's perspective. After all, turning off File and Print Sharing on your Internet connection is a fairly nerdy sort of thing to do. Recent versions of Microsoft's operating systems automatically detect this vulnerability and ask you politely if you want to turn File and Print Sharing off. This is a good thing, but I can still imagine a computer novice saying, "File and Print what?" It's a toss-up whether he'd choose yes or no.

The back-door programs prey on those of us who think an e-mail attachment named Runme.exe is innocent-looking enough. After all, it was received from Aunt Mary attached to an e-mail whose subject says "Check This Out." Later, it's discovered that the body of the message reads "...and tell me what this is." Even an attachment from Aunt Mary could have been forwarded from some who-knows-who from who-knows-where. On the Internet, everything is suspect.

So how do you protect your system? You start by turning File and Print Sharing off (see Figure 1). You frequently run your favorite vendor's most recently updated antivirus software. You tell your browser to accept only signed downloads, and you examine the digital certificates of each and every one. You never run an e-mail attachment without letting your antivirus software check it first, and then only if you know the sender and were expecting the attachment. You basically erect a wall of distrust against all incoming executable software, whether attachments or downloads. You become very, very wary.

First, run the Networks applet in Control Panel. Then, select the TCP/IP network component, choose File and Print Sharing, and uncheck both check boxes.

Turning off File and Print Sharing while you're on the Internet is particularly important. If you're using a cable modem, leaving this setting turned on could cause your computer to pop up as available when someone else on your network segment opens his or her Network Neighborhood icon. Even your most benevolent neighbor is bound to find that tempting.

But still, having an open porthole from your system into the vast unmanaged frontiers of the Internet makes you want to monitor every bit that traverses that opening. After all, if an interloper makes a subversion attempt, how else can you be sure to detect it? That's where intrusion detection, identification, and protection software comes in very handy. And that's why I started using a remarkable new product called BlackICE Defender ($39.95 direct, www.networkice.com). The product detects and informs you of attempts to hack your system. It's brought a lot of visibility to what could happen on your Internet connection, and has introduced me, albeit at a great distance, to a hacker known as Killer.

BlackICE can be thought of as a personal intrusion-detection, identification, and countermeasure system. It watches all Internet protocol transmissions to and from your PC and can block malicious intrusions. The program also collects information on these attempts. Unlike other packages of this sort, BlackICE does not require you to program sophisticated rules to tell it what to do, and you don't need any knowledge of TCP/IP ports or packet types to put it to work. The experts at Network ICE have built knowledge of over 200 intrusion techniques into the software, including all the most common ones, so that you only have to choose a level of security protection and let the program do the rest.

I put BlackICE to work for several weeks on a system using an ordinary, dial-up V.90 modem connection. During that time, BlackICE detected numerous attempts to break into the computer. Almost all of these intrusions were pings and probes sent to see whether the system had one of the required back-door programs installed (it didn't). But because BlackICE has an identification component that does backtracing on suspected intruders, a rather interesting collection of data was assembled, which I was then able to use to do some sleuthing of my own.

BlackICE collects the intruder's IP address and DNS name and identifies the attempt as a specific intrusion type. When possible, the software also tracks down the intruder's node name (machine name, Killer in this case), group name, and Netbios name, as shown in Figure 3. This information is of value to security experts in helping to identify intruders.

I started by attempting to identify Killer's ISP. First, I noted the domain name as.wcom.net, from the lon-c45-017-vty41.as.wcom.net DNS name identified by BlackICE. It was obvious to me that this was an MCI WorldCom domain, because I'm already familiar with the wcom.net suffix. When you're not sure, you can navigate online to www.networksolutions.com and do a whois search on the IP address identified by BlackICE. To search for a domain name such as as.wcom.net instead of an IP address, you enter domain as.wcom.net. When I did this, I was able to find wcom.net but not as.wcom.net, so I searched for the IP address instead.

There are a number of whois server databases containing information for the U.S., Europe, the military, and so on, so you might have to do several searches. I confirmed Killer as having come through MCI WorldCom by finding the 195.232.10.42 IP address in the European IP address allocations database. The information returned by whois identified MCI WorldCom as the hostmaster for Killer's access.

Next, I obtained help from MCI WorldCom/UUnet's security department. They took the information from Figure 3 and, with the help of the security departments of several of UUnet's ISP customers, matched it against their traffic logs. With some effort, they determined that the network access points for the attacks were actually in Spain and Italy. In each case, a hacker such as Killer obtained illegal access to a legitimate ISP account, perhaps by tricking the true account owner into revealing a password. That account then became the springboard for the pinging and probing detected by BlackICE.

In my case, each of the actual account holders whose ISP accounts were illegally co-opted was contacted and notified and the accounts had to be canceled and reestablished. In this way, Killer and the others were thrown out of their surrogate accounts and off the Internet, if only temporarily. What's fascinating—and a little disconcerting—is that I would never have been aware of Killer's attempts and many other similar attacks had I not installed BlackICE. This underlines the importance of this new class of intrusion detection and prevention software, and not just on corporate networks. Ultimately, I was unable to determine with certainty whether the intruder whose node name is Killer was a teenager playing games or a professional hacker, but I do know that I don't want just anyone to have access to my system.

Intrusion detection has become important to me. Sooner or later it probably will matter to you too.

Sal Ricciardi is a contributing editor of PC Magazine

By Bruce Stewart, Help & How-To
ZD Net

These services will report potential security problems by systematically interrogating your PC.

Are you worried about computer security? Maybe you've installed the latest virus-detection software, and scanned your hard drive for suspicious files, but are wondering if this is really enough? If you are feeling a little paranoid, or just want to make sure your computer is as secure as possible, there is more you can do.

There's a growing sector of the computer-security industry that you should know about — online security services.

Once belonging exclusively to the realm of hackers and system administrators, these advanced techniques are now becoming available for the home computer as well. By systematically interrogating your PC, these services will generate a report detailing potential problems, or areas of your system that may be open to nosy hackers.

Traditionally computers destined for network connectivity were configured for higher security than home-use PCs. Now with almost all home computers today getting connected to the Internet, it's a good idea to educate yourself on the possible vulnerabilities of your computer, and what you can do to eliminate them.

Are you really at risk from hackers in the night? To some extent the answers depend on your method for connecting to the Internet, and your surfing habits.

Cable modem and DSL users typically present a much more attractive target to hackers, especially if you leave your computer on and connected all the time. The dedicated IP numbers and persistent connections these type of users have give hackers much more opportunity to explore their systems, plus the ability to return to a hacked system, because it maintains the same IP address.

What you do on the Internet can also have an effect on the likelihood of your system getting targeted. Specifically, if you hang out on IRC chat channels or nefarious newsgroups, and especially if you tend to get into online squabbles or like to flame, your odds of attracting unwanted attention are greatly increased. If you really want to test your luck, or that new firewall you just installed, go to alt.2600 and start hurling insults around. Your security will be tested, I assure you.

The bottom line is if you are a dial-up ISP user, who connects to the Internet for short periods of time to send and receive email and browse mainstream Web sites, your odds of getting hacked are probably not that high. But if your system has open access to file sharing, or other points of entry, you will be advertising yourself to any hacker searching your neighborhood on the net, using the very same techniques as the online security services use to test your system.

In the emerging world of online security services there are several that offer free online evaluations of your Windows-based home system. Companies and sites like HackerWhacker, WebTrends, Steve Gibson's Shields Up, and Secure-Me all offer some amount of system evaluation for free.

In some cases, more robust services or products are also for sale, such as WebTrends' Security Analyzer, and specialized business offerings from HackerWhacker. Another service, E-Soft's Web Scan Network Audit is more geared toward network administrators, but also has a free desktop evaluation feature.

In all cases these services perform TCP port scans of the systems they are evaluating, as well as checking for a few well-known vulnerabilities like open file sharing access. The services range from a fairly basic 10 port scan performed by Shields Up, to a very thorough 2,000 port scan including UDP ports, Web and email vulnerabilities from HackerWhacker.

A "port" in this context is any one of 65,535 addresses that a computer running TCP/IP software has. Each address, or port number, is a potential access point to your system from the outside world. While there are no hard and fast rules, there are accepted conventions for running specific applications on specific ports. For example, port 80 is the port that Web server software uses to listen for connection requests. If you're running a Web server on your system then you will need port 80 to be open, but if you're not there is no reason for it to be open and accessible.

A port scan is essentially when a piece of software interrogates the ports of a given system, sending TCP/IP commands that will generate a response if the port is open or "listening." Commonly used by hackers to look for openings in systems connected to the Internet, the technique is becoming more popular for both network administrators and home users to use on their own systems to test their security measures.

Important Note: The online scanning services mentioned here are geared toward evaluating a home PC connected to the Internet. If you are using a PC on a corporate LAN, you had better check with your network administrator before instigating any port scans on their system (which will probably get blocked by their firewall anyway).

When you scan your system for security measures, one of the main things you will be finding out is what TCP ports on your system are open. It will then be your task to determine why a given port is open on your system, and if it can be safely closed. The documentation on all of these sites will aid you in this process. Here's a list of standard TCP port uses, which may help in your investigations.

Unfortunately there is no simple way to just close TCP ports. If a port is open it is because some software is running on your system that is keeping it open, like a Web or FTP server, IRC client, or a malicious Trojan horse. If you have open ports, you should identify which program has opened them, and whether you need it running or not.

One major security concern are Trojan horse servers, like "Back Orifice", which open their own ports to communicate with intruder scanners. The SANS Institute maintains a good list of known Trojan horses, and their associated port numbers. If you see any of these ports open for no apparent reason, you may have a Trojan horse hiding in your system, and should button this hole up right away. A good anti-virus program should be aware of most Trojan horse programs, and be able to remove them.

Another important thing these services will check for you is your file and print sharing access. This is one of the most abused security loopholes, and if you do not need to share files on a LAN over the Internet, you should definitely have these capabilities turned off. Disable them by unbinding File and Printer Sharing from TCP/IP, in your computer's Network Neighborhood.

All of the sites provide technical information and recommendations for how to deal with whatever vulnerabilities they find. Perhaps as important as the actual scans, the documentation is crucial, as understanding all the subtleties of Windows networking and TCP/IP can be quite a challenge. Shields Up stands out as providing excellent and clear explanations of all the necessary concepts, and detailed instructions for making configuration changes.

HackerWhacker is typical of online security services (except ShieldsUp), in that it requires you to register by providing an email address. It will quickly email you a password to use with its Web-based security scan. This is partly to try and insure that you are the owner of the machine you are asking to have scanned. Back at the main page, enter the password below your email address, and click the Go button. Next you must identify your machine and choose some options.

First, HackerWhacker is going to make you work a little bit, because you must tell it the IP number your computer is using for this session. If you are a cable-modem or DSL user, you probably have your own static IP number, as you have a dedicated or "persistent" connection to the Internet. But if you're a dial-up ISP customer, you most likely get assigned a different IP number every time you connect to your ISP.

In any case, you probably can't recite your IP number off the top of your head. No worries though, HackerWhacker provides detailed, easy-to-follow instructions on how to quickly determine your current IP number, based on your operating system. For Windows 95/98 users you simply type winipcfg in the Run menu and you'll get your IP number. Once you have plugged this number in the box labeled Your IP Address, there are just a few options to check and you are on your way.

HackerWhacker's free scan has options for testing for open TCP ports, open UDP ports, NetBIOS access and File Sharing, and common Web Server CGI Vulnerabilities. They all come defaulted on, and you might as well test them all. If you are running a Web server on your machine, and use a non-standard directory for cgi, or use virtual hosts, you will need to specify that here. Even if you don't think you are running a Web server, it's a good idea to still perform these tests. Sometimes MS Personal Web Server can be on and accepting connections without you even knowing it.

Clicking on the Start Scan button is all it takes from here, and a new browser window is launched that displays the results of your scan as it happens. HackerWhacker's Web site claims some of the tests can take up to 2 hours, but in all my tests the results came back in only a matter of minutes.

The results can be a little intimidating. I got back lines like:

134 OPEN tcp ingresnet INGRESNET Service More Information

Luckily, there is a lot of documentation following the report, explaining the different entries. I figured out my TCP port 134 was open, and got several links to information explaining why that might be and what to do about it.

While the information these services provide may seem complex, it is worth the effort to understand their findings. Open TCP ports represent potential access points to your system by hackers, and if you don't need them open, they shouldn't be. Open file-sharing access may grant intruders full control of your system, and must be password protected if it has to be on at all.

A brief word about passwords. Passwords are the first line of defense against most intrusions. Clearly the worst situation to be in is to have your system offering resources to the world, without requiring a password. But only slightly better, is to have these resources available, but protected by a marginal password. Be aware that there are dozens, if not hundreds, of password cracking programs readily available on the net, and if your password can be found in a dictionary, or a list of names, it is barely providing any protection at all.

Many of the vulnerabilities found by these services can be closed for free, simply by understanding how to configure Windows networking optimally. Even Secure-Me refers non-subscribers to the Shields Up site for instructions on how to tighten your security, where Steve Gibson's excellent documentation relates the important concepts and techniques in plain English and without glossing over the serious stuff.

Another interesting site that can tell you quite a bit about your browser and Web capabilities is BrowserSpy. While not a port-scanner, this site will interrogate your browser, and demonstrate all the information available to Web sites about you and your surfing environment. It may surprise you!

To find the latest patches for your favorite software programs, visit ZDNet's Updates.com

Why It's Important to Patch Your Programs
When you hear about a recall on the car you drive, you pay attention, right? And you probably make the appointment to get the part replaced or repaired as soon as possible. If you don't, you may not feel safe driving your car. Well, friends, you should be just as concerned if you hear about a "patch" that fixes a "bug" in the software you use.

For instance, a bug in an e-mail program might make your password accessible to outsiders. A buggy browser may not protect your privacy on the Internet. A bug in your spreadsheet can wreak havoc on your budgeting process. A buggy database may erase years of data entry records. And you can't call the Men In Black to get rid of those bugs. You have to patch your applications. Most of the time, patch files fix known problems with software. Some patches, however, do things like add new features or let your software work with the newest printers, scanners, or joy sticks.

Most software companies let you know when they find (and fix) a bug in one of their products. However, even experienced computer users have trouble reading a bug report. Often the description of the "error exposing the bug" is so full of when's and if's and however's that you shrug your shoulders and think, "That'll never affect what I do with the software." And you might be tempted to shrug off patching the application. Don't. And don't ignore announcements about free or cheap "interim releases" or "minor upgrades" for your software. Those are often euphemisms for "lots of bug fixes." To protect your investments in information, patch your applications and update them as often as possible.

  Viruses

[Home] [Identity Theft] [Spyware] [Viruses] [Who's Watching] [Security Videos by Microsoft] [Old Glory] [Pledge of Allegiance] [Simple Soldier] [What is a Veteran] [Soldier's Christmas] [Taps] [Federal Flag Code] [Mommy] [Personal Notes] [Come Walk With Me] [Why Can't I Come Home?]