I've been doing computer and network tech support for over 20 years. As you can imagine, things have changed quite a bit over 2 decades. Back in the 80's, computer security for PC based systems consisted of good old Norton Antivirus. Yes, there were viruses back in those days usually spread by infected floppy disks. My favorite one was the "stoned virus". Upon booting your computer the message would come up "Your computer is now stoned!". Considering the fact that a "big hair" rock band may have been playing on the boom box at the time of receiving this message, it was totally apropos.
Fast forward to 2007 and every business owner must be aware of the security risks inherent to participating on the Internet. Even the most novice hacker can gain access to tools that make it embarrassingly easy to mess with your computers if Internet best practices are not followed. The term "security" entails many aspects of your computing environment including Anti-virus and Anti-malware, email SPAM control, Firewalls, and operating system patch management. In this post, I will deal with attacks that come in through the Internet into one or more of your business computers.
The latest buzz in the security world is all about "botnets". There are literally millions of computers all over the globe that have been breeched by these bots. Once the bot establishes a home on your computer, it begins to use it for a variety of dirty deeds (done dirt cheap). These include sending spam email from your computer or even worse logging your keystrokes to get credit card numbers, bank passwords etc. Since your computer is on the Internet, the bot then "phones home" and sends this information to the nerdowell scumbags who want your money. The worse thing about all of this is that you can easily be infected and not even know it. You may notice a slight slowdown of your machine, but this can be chalked up to many things.
OK, now you are saying "OK Walt, what do I do to make sure I am not a bot harborer?". First we have to make sure your computers are not currently compromised and then we have to put safeguards in place to make sure that these bots are denied access to your computer.
It can be tricky to tell if your computer is infected or not. One quick check is to see what connections to the Internet are open on your computer. If your computer is either being accessed by a hacker or is publishing information to a parent site, it will have a connection on a specific "port" open on your computer. Think of a port as a possible door into your system. A tool that you can download to test this is TCPVIEW. This program will show all active ports on your system along with which ones are listening for a connection and which connections are already present. Once this program is run, it will usually list several open connections. Keep in mind however, that many or all of these might be totally legit. There are many programs installed on your system that try to auto update over the Internet which will show up as established connections. If you see many that cannot be linked to legitimate programs, it is definitely worth investigating further.
It is also a good idea to run a few malware scanning programs such as Adaware and Spybot Search and Destroy. These programs will scour your hard drive and memory for nasty bits of code that may be in use on a compromised system. Be sure to use the software's updating process before you run the scans to make sure that the software is fully aware of the newer infections that are floating about the Internet. If these scans indicate a high level of malware on your hard drive, in most cases it is easier to reload your computer from scratch rather than try to scrub off the nasties. The malware gets it's hooks way too far into the internals of the system software to effectively scrub the system and be confident that you got everything.
While it may be impossible to make any Internet connected computer 100% secure, there are precautions that should be implemented to minimize your risk:
Make sure you have up to date Antivirus software installed. It is important to make sure that the software is set to update itself with the signatures of known viruses. In addition, it is important to not let your antivirus software get too out of date. A version of Norton Antivirus from 2003 for example, will not do a great job of protecting your systems in 2007 even if it is still getting the virus definition updates regularly.
In addition to anti-virus protection, it is also a good idea to have anti-spyware software as well. Some vendors bundle these two functions into one product while others offer a distinct product to handle the Anti-spyware function. The version and update recommendation for anti-virus programs also apply to their anti-spyware counterparts.
Even if you only have one computer connected to your cable or DSL modem, it should be behind a NAT router. NAT stands for network address translation and is a way of hiding your computer's IP address from the Internet. If your computer's IP address cannot be accessed from the Internet, it makes it more difficult for hackers to find it. Most NAT routers have rudimentary firewalls built in which offers still another layer of security. If you in a situational that requires higher security, more robust firewalls can be deployed. These are separate pieces of hardware that tightly monitor traffic coming into and out of your network.
It is also a good idea to at least keep the Windows XP firewall enabled. Most Internet Security Suites offer their own firewalls which are more feature rich than the standard Windows version. If you choose to implement a third party firewall on your computer, make sure that the Windows one is disabled.
Finally, it is VERY iportant to make sure that updates are regularly applied to your computer. Microsoft comes out with critical Windows updates every second Tuesday of the month. Windows XP will allow you to set up the update process to occur automatically every day at a specified time. I would prefer however, that you let Windows download the updates and then give you control as to when they get applied. These options can be found in Control Panel / Automatic Updates. Along with Windows, it is important to keep other programs on your system updated as well. Microsoft Office and Adobe Acrobat for example, have been exploited in the past to allow bots to gain control of computers.
Vint Cerf, known as the father of the Internet (sorry Al Gore), has stated that up to 25% of all computers are currently infected by botnets. Other experts have estimated this number to be much higher. Follow the suggestions above to help ensure that your computers do not become "owned" by these Internet preditors.
Please feel free to contact me at quandtster@gmail.com if you have any comments and or questions. My company, Enterprise Micro Solutions, has been assisting businesses with IT management for 10 years.
Thanks for reading!
Saturday, February 10, 2007
Subscribe to:
Posts (Atom)