Showing posts with label trojan. Show all posts
Showing posts with label trojan. Show all posts

Thursday, 23 February 2012

Abuse of power - why Windows Security Fails...

Windows has one very nasty habit, that it has kept since the first days of it's creation. It's a habit so deadly, that Windows has never really been able to ditch it (despite several attempts), and rather like a junkie always needing one last desperate fix, Windows defends it's use, and will continue to use it, until the bitter end... I am of course, referring to default administrative rights.

Back in the old days of DOS (that's the operating system before windows - some of us over 40's are quite fond of it), networks existed only in business, and one user / one computer was the norm. In those days, the ideas of multiple users was more for large scale computing, such as big business or Universities. From these hot-beds came the idea of networks, multiple users on one machine, and user rights. In short, a human needed a user account to use a computer, and that account needed access rights to use files/printers/resources - all this, controlled by an Administrator: the one person deemed trustworthy enough to organize these resources on the User's behalf.

Microsoft had already created Windows - not as an Operating System at first, but as a Window Manager - that is, a nice, graphical way to view your files, edit notes etc. Windows was not the first, but it became the most popular, and in the way that popular things do, it created demand. There was now a demand for Windows to have network access to files, printers and resources, but Windows was a single user environment.

Enter "Windows for Workgroups" - Microsoft's answer to the network problem. Windows could now access network files, share network resources, and assign user rights - right? Wrong - Windows could assign network rights to other people / computers, but it was still a single user environment, and that user had FULL Administrator access to the computer. Microsoft got it right with Windows NT however - a version of Windows DESIGNED to be a computer server. It had users, printers, rights... but the USER computers that used it's resources were still running WFW - single user, full Administrative access to their own machine. The users HAD to have Administrative access to install printers, device drivers, anything that was actually useful. This problem would continue for a VERY long time...

In 1995, Microsoft tried again, and released Windows 95. 95 was Windows For WorkGroups with a new front end, as well as some improvements to the back end engine, but it was still essentially the same Windows / DOS combination that WFW was, and it shared the same single user philosophy. Yes, you could have separate user profiles, but each user was still "the Administrator". We also now had "Windows Update" - Microsoft could keep your computers up-t0-date for you, but they could only do it if the user had full access to the machine...

Then came Windows NT4, and NT4 Workstation. These were version of Windows designed for full network use, and actually had true user accounts practice. Now, only the Administrator could make system changes to the machine, and everyone else could be user's of lesser power... except that user's expected to be able to do things the way they were used to. People now had PC's running windows at home, and the "single user" experience was what they were used to. The user's also had to keep the machine up to date with the latest patches, to stop the growing virus threat, so the average user STILL had to have administrative access. Savvy network admins locked down the machines as best they could, but those who didn't know better still allowed the standard user's full Administrator access - is it any wonder that Windows is responsible for more viruses spreading than any other operating system?

In 98, we had Windows 98, and then Windows ME, and once again, Microsoft dropped the ball, allowing the Single User ethos to continue. 2000 brought Windows 2000 / Server 2000 and for the first time, Windows on both Client AND desktop had the notion of access rights. This should have been the turning point for Microsoft - their poor record of virus spreading and compromised security should have stopped here... but it didn't. In fact, it spread like wildfire. By default, new users in the client environment were MADE administrators!!! This madness carried on, and by the time of Windows XP, was commonplace.

Windows Vista tried to do something about it, by alerting the user when administrative access was required - but all the user had to do was click a button and say "ALLOW". Give a user a button that says "ALLOW", and they'll always press it...

Windows 7 went one step in the right direction, by getting rid of the Administrator account - but not before granting the first user set up FULL ADMINISTRATOR ACCESS...

In the UNIX/Linux world, we have the ROOT account. You can do anything with the root account, but it is never used as the primary account for users. This is the primary reason why UNIX/Linux computers are inherently safer than Windows ones.

Below are two links that you may find useful at some point - the first tell you ways you can manually remove spy ware from your computer (always useful knowledge), the second, explains why running as the Administrator is such a bad idea...



http://www.codinghorror.com/blog/2007/06/how-to-clean-up-a-windows-spyware-infestation.html

http://www.codinghorror.com/blog/2007/06/the-windows-security-epidemic-dont-run-as-an-administrator.html

Running as Administrator is like Arnie armed to the teeth, walking through a Nursery class - a friendly fire incident waiting to happen...
Bookmark and Share
Posted by Hypervox at 13:30 0 comments
Labels: , , , ,

Monday, 14 February 2011

"I went on this great site last night... and now I've got a virus/trojan!"

It's late at night. Creeping downstairs (so as not to disturb the wife), you slink into the living room, intent solely on your goal - a bit of late night surfing. Time to go on those sites that you know you shouldn't - like that one that Dave in Accounts sent you the link for. Surreptitiously, you enter in the website address, and click the enter key...

... Only to find that your computer has now spawned more windows than Everest, and is intent on letting the whole world know that you went on sheepsh*ggers.com - oh, and is that the sound of your beloved's sweet footfall on the stairs on her way to investigate what the scream of "NOOOOOOH!" was all about...

OK - for our third (and final) part of this article, were going to look at what to do if you suspect you have a virus or Trojan. The first question I'm often asked is "what's the difference?". Well, a virus is a program that is intent on replicating itself to other computers without the user's knowledge, in a similar way that a real virus infects your body, and passes itself on to the next person (like the flu). A Trojan (named after the famous wooden horse of Troy) is a virus that wants to do more than just replicate - it wants control of your computer for it's author's use, and by it's definition, a Trojan is more serious.

The first thing to do is to ascertain if your computer is infected. The best way to do this is also the best way to fix it, and by that, I mean "scan your computer for viruses". If you haven't already done so, install a anti-virus solution like AVG, and run a full scan for viruses. Once the scan has finished, you'll have the option of either quarantining the viruses found, or removing them from your computer - either is an acceptable solution.

Now that you've installed / run your anti-virus solution, make sure you keep it up to date by downloading the latest virus signatures - if you don't do this on a regular basis, all the hard work you just did will be undone very quickly, so check your anti-virus's documentation on how to keep up to date.

The next thing is to search your computer for Adware - these are programs that are not technically Trojans, but are the next best things - programs that want you to buy a product, by hijacking your PC and pointing you to the authors website. Because Adware is specialized, you'll need a specialized tool to deal with it - my favourite is SpyBot S&D, because it's thorough, and it works. Install it, update it, and run a full scan, then fix any errors it finds.

9 times out of 10 the above methods should sort you out. If they don't try looking at www.pchell.com - here you'll find lot's of useful information on viruses, Trojans, and other annoying PC specific problems that may be affecting you.

Right, I'm now off to disinfect my computer - with a blow-torch. You can't be too careful you know...
Bookmark and Share
Posted by Hypervox at 13:30 0 comments
Labels: , , , ,

Thursday, 3 February 2011

Safe browsing - it's like safe sex really...


As I don my White Coat for the second part of this subject, I liken myself to a sexual health worker (the white coat has a multitude of uses), trying to prevent the spread of STDs in a sexually permissive teenage society - it doesn't matter how many times you repeat the "Safe Browsing" message - some are still going to ignore you. However, we must try, so bend over dear reader...

Safe browsing of the Internet relies on several things:
  • Keep your browser up to date
  • Keep your computer up to date
  • Consider a different browser
  • Keep your anti-virus up to date
  • Use a firewall
  • Configure your browser properly
  • Configure your computer properly
  • Show restraint
The first two are no-brainers. Always try and keep your computer up to date with the latest patches, and do the same with your browser. For Windows, this usually means running Windows Update either automatically, or frequently. I'm not kidding when I say that new flaws in Windows are being found every day - for goodness sake, Microsoft even have an official day of the month - Patch Tuesday - where they release fixes for discovered vulnerabilities.

Internet Explorer is not the only browser out there. Many years ago, when Windows (and the Internet) were young, a browser software battle was fought, and Internet Explorer was the winner - not because it was the best, but because it was bundled with Windows, and because Windows had the biggest market share of computer operating systems. The problem however, is that Microsoft, in their infinite wisdom, choose to tie in the browser with the operating system, to the point where it had a dangerously high level of access to your computer - a situation that still exists. If you want safer browsing, one of the best ways is to change your browser to another, and for that, I recommend Mozilla Firefox. Not only is it quick, it is (by definition) safer (it's not tied to the operating system), and there are add-ons that actually make it even safer - it's NoScript add on for example, lets you control which scripts are allowed to run on your browser (stopping unallowed scripts is one of the best preventative measures for safe browsing I have ever seen).

Antivirus is not an option anymore - it's a requirement for Windows, to the point where Windows itself will let you know if you have no antivirus present (look out for a red circle with a cross in your system tray - dead give away). You don't have to spend a fortune though - most new computers come with Norton or McAfee pre-installed, which does cost, but you can uninstall these and use a free antivirus solution, such as AVG or Avast.

Using a firewall is a must. For those of you who don't know, a firewall protects your computer from being attacked directly by other computers. If you use a Router to access the Internet, rather than a ADSL modem, chances are you are already behind a firewall - check your router documentation. If not, it's a good idea to use at least the built in Windows Firewall, or if not, a separate solution like ZoneAlarm

Configuring your browser properly is just a case of making sure it can't do anything you don't want it too. That means...
  • Not allowing pop-up windows
  • Not installing unnecessary browser add-ons (such as search toolbars)
  • Making sure the security options are not too lax
Most browsers these days have default settings that are quite good - again, look into the documentation for your browser for help if you think you may be at risk.

The hardest thing though to implement, is the last - showing restraint. Simply put, it means this...
  • Just because you can do something, doesn't mean you should.
This is rule of thumb #2, and it's a doozy. In short, as a user, you can go anywhere you want, install anything you want - but should you? That new file-sharing bit torrent client looks great... but do I really need it? What if it contains a virus? Ooh, Dave in accounts says that new site - "latinosheepsh*ggers.com" is fab - but what if it's a malicious website (come to think of it, what is Dave thinking about)... You get the idea. In the war against the Internet sharks, common sense is your greatest weapon.

In part 3, we'll discuss what to do if you think you have a trojan/virus. For now, I'm off for a scrub and hosedown...
Bookmark and Share
Posted by Hypervox at 01:30 0 comments
Labels: , , , ,

Tuesday, 25 January 2011

"Is the Internet safe?"


Occasionally, I don the White Coat of Hope, and go onto the masses, in my ordained role of IT Support Reverend, and perform the sacred rite of FixemUp. On many of these occasions, my brethren will impart unto me their woes, and one of the most frequent woes is spoken thus:

"Is the Internet safe?"

In computing circles, this is almost an ecclesiastical question of the highest magnitude - it's like asking "Is their a God?", or more relevently "If I go swimming, will I be bitten by a shark?" Answers to this question have started heated debates ending in blood, tears, injury and lawsuits. Actually, the "shark" analogy is probably the most accurate - let me explain further...

The Internet is huge - take my word for it, it's like the Ocean. Finding what you're looking for is like swimming in the sea looking for a shipwreck of a pirate vessel loaded with gold dubloons - without maps or directions, you'd be lost, poor and wet. Search engines like Google then, are our friends, because they provide the maps for us to navigate the Internet ocean. Most of the time (as far as we are concerned), the sea is safe, and shark free.

However, as any diver, or watcher of Shark Week or Open Water will tell you, always lurking beneath the waves are the sharks - viruses, trojans, adware, phishing sites, porn - all swimming with you, but out of sight most of the time, but all hungry for blood. It's the foolish diver who starts throwing in bloody fish guts, just before he throws himself into the water... but in computing terms, the average user is doing this same thing every day. Lets look at the evidence...
  • Most people that browse use Microsoft Windows (nothing wrong with that) - an operating system that is easy to use, but where the home user (by default) has ADMINSTRATIVE POWER - great news for the shark, as all he has to do is to trick the user into running a program that will let the shark in - tantamount to giving the shark the keys to your shark cage...
  • Windows needs to be constantly updated to keep it secure - forget, and the sharks will sense blood. Trouble is, users have a habit of turning things off - like automatic updates. Forget to update, and that shark spear gun you were carrying will shoot you in the foot...
  • Most people use Internet Explorer - the most well known, abused, insecure browser that exists - to access the Internet. Never mind giving the sharks the key to the shark cage - the shark is now on the boat, wearing life support, and carrying UZIs...
Add all these together, and you may as well be wearing a blood-soaked wet suit, with bloody, raw steak tied to your weights belt, banging a dinner gong and shouting "YOO-HOO SHARKIES - COME TO PAPA!" - Quinn would be turning in his grave I tell you...

However, you can take precautions, and swim safely - and in the next installment, we'll discuss how. I'm off to buy a bigger boat...
Bookmark and Share
Posted by Hypervox at 13:30 2 comments
Labels: , , , , , , , , , ,
Subscribe to: Posts (Atom)