What is this year going to have in store for us?

2006 Security Watch

There is a lot going on in the information security space. 2006 looks to be an interesting year in these regards. Below are some things to watch for in 2006, some of them are good and, unfortunately, some aren’t.

First the good news:

• We are getting a lot more serious about our security. This has a lot of reasons behind it. For example, new privacy laws are mandating organizations to tighten their security. Look to see more consumer privacy laws passed in the coming year and more tightening of security systems.
  
  
• Authentication requirements are increasing. This is closing in large security holes. Corporations are requiring a great deal more of authentication to get into secure systems (this also is on the bad news side)
  
  
• There is a plethora of sophisticated programs to help us be more secure and they will continue to get better. Competition right now is strong in the security industry sparking a lot of innovation.
  
  
• ISPs are now taking on the responsibility to help us with our security. Take AOL's recent commercials as a good sign that others will follow the trend.

Now the bad news:

• Securing our networks is costing us. Most companies are globalizing their organizations and making them secure costs a lot of money. It will get worse before it gets better.
  
  
• Authentication requirements are increasing. This is getting claustrophobic. Corporations are requiring a great deal more authentication to get into secure systems (This is also on the good news side) Unfortunately, for the end user, it is one more thing to be unhappy about, not unlike airport security lines.
  
  
• Hackers are getting more sophisticated. For example, Botnets are becoming more complex and harder and harder to catch and stop. Do a search on botnets on the Internet. They really are causing a whole lot of problems, but it does not stop there. The number of viruses and malware out there is staggering.
  
  
• Spammers keep finding more creative ways to fill our email boxes. Don't look for this trend to stop anytime soon.

Department of Defense Crackdown on Security

The top commander of the department of Defense network operations just ordered a crackdown on security. According to a recent article by NetworkWorld on January 16,2006, Lt. General Charles Croom is quoted as saying, “The attacks are coming from everywhere and they’re getting better.” His talk was the keynote address at the Department of Defense Cyber Crime Conference held on January 9 - 14, 2005 in Clearwater, Florida. The event is sponsored by the Defense Cyber Crime Center and the Joint Task Force. Over 500 computer crime specialists from the FBI and the military attended the event.

The crackdown was related to a recent arrest of a “Computer Virus Broker” named Jeanson James Ancheta. On further investigation, a Department of Justice press release from Nov 3rd, 2005 offered the following information on this incident, “In the first prosecution of its kind in the nation, a well-known member of the “botmaster underground” has been indicted on federal charges for profiting from the use of “botnets” – armies of computers that are under the control of the botmaster and are used to launch destructive attacks or to send huge quantities of spam across the Internet.

Jeanson James Ancheta, 20, of Downey, California, was arrested this morning by special agents with the Federal Bureau of Investigation. Ancheta was indicted yesterday in two separate conspiracies, as well as substantive charges of attempting to cause damage to protected computers, causing damage to computers used by the federal government in national defense, accessing protected computers without authorization to commit fraud and money laundering.”

The press release goes on to describe more details of this scheme that clearly show why the Deparment of Defense is so concerned (for more information go to: http://www.usdoj.gov/criminal/cybercrime/anchetaArrest.htm )

“Ancheta had become an affiliate of several different advertising service companies, and those companies paid him a commission based upon the number of installations. To avoid detection by network administrators, security analysts and law enforcement, Ancheta would vary the download times and rates of the adware installations. When companies hosting Ancheta’s adware servers discovered the malicious activity, Ancheta redirected his botnet armies to a different server he controlled to pick up adware. To generate the roughly $60,000 he received in advertising affiliate proceeds, Ancheta caused the surreptitious installation of adware on approximately 400,000 compromised computers. Ancheta used the advertising affiliate proceeds he earned to pay for, among other things, the multiple servers used to conduct his schemes.

Ancheta used programs powerful enough to cause the infection of computers at the Weapons Division of the United States Naval Air Warfare Center in China Lake, as well as computers belonging to the Defense Information Systems Agency, a component of the United States Department of Defense. Both networks are used exclusively by the federal government in furtherance of national defense. After being arrested this morning at the FBI Field Office in Los Angeles, Ancheta was transported to United States District Court in Los Angeles. It is unclear if he will make his initial court appearance this afternoon or tomorrow. Ancheta is charged with two counts of conspiracy, two counts of attempted transmission of code to a protected computer, two counts of transmission of code to a government computer, five counts of accessing a protected computer to commit fraud and five counts of money laundering. Count 17 of the indictment seeks the forfeiture of more than $60,000 in cash, a BMW automobile and computer equipment that the indictment alleges are the proceeds and instrumentalities of Ancheta’s illegal activity.”

Some recent news. Ancheta pleaded guilty to charges of conspiring to violate anti-spam and computer misuse laws, and fraud and will serve from 4-6 years in prison, under the plea agreement - plus heavy fines.

Finding the Security

Before proceeding to read this article, it is important that we state something up front. It is essential for the reader to understand and appreciate that there is no such thing as a secure operating system or web browser. While the use of security suites and other complementing products can significantly reduce your risks, they are not magic wands that you can wave to eliminate 100% of your risk. Any product claiming they can do this should be viewed with great skepticism.

With that being said, let’s talk computer security and security suites. There are numerous ways in which the security of your computer can be breached. The most common threats come from worms, viruses, Trojans, phishing, hackers and crackers. Potential security breaches can come in the form of downloading unfamiliar email attachments, being monitored by spyware, maliciously attacked by malware, or probed through port scanning.

Dshield.org (www.dshield.org), a non-profit company, functions as a “dominating attach correlation engine with worldwide coverage”. In short, they work with people and companies to track, among other things, port scanning violations. Port scanning involves a person (referred to as a hacker or cracker) who attempts to break into you computer through the open ports in your system. Once an open port is located, the individual attempts to collect your personal data or install a malware program into you computer. On average, Dshield.org logs over 1.1 billion reported attempts of port scanning each month. What is even scarier is that this is just based on their program participants. You can imagine how many more incidents are occurring each month to the general population of computer users.

Dshield.org also reports on survival time. Survival time refers to how long it will take before an unpatched PC is attacked or infected. Below is a snapshot of their current operating system breakdown:

Current OS Breakdown
Category % Adjusted Survival Time
Windows 27.0000 128 min
Unix 0.5000 3648 min
Application 3.0000 1203 min
P2P 1.5000 1591 min
Backdoor 0.5000 5432 min
Source: Dshield.org – Survival Time History (11/8/05)


In short, if you have a Windows-based operating system and an unpatched PC, you will be attacked or infected in a little over 2 hours. When looked at in these terms, securing your computer becomes a mission.

Here are a few easy steps you can take to immediately protect your computer.

1. Don’t run unfamiliar programs on your computer.
It sounds like common sense, but many of the most prominent attacks have involved spyware and email attachment worms such as Bagle and Netsky. If you don’t recognize the sender, don’t download its attachments.

2. Don’t allow unrestricted physical access to your computer.
If you have sensitive or proprietary information on your computer, allowing other employees or family members to use your computer can lead to potential breaches in your computer’s security.

3. Don’t use weak passwords.
Use passwords which are difficult for someone to figure out. People frequently use the names of children, pets, anniversary dates, or birthdays. Because there seems to be a password needed for everything, it is not uncommon to see many people using the same password for everything. Big mistake! The use of only one password provides a hacker with easy access to a smorgasbord of personal information. If you have to write your passwords down, it is best not to leave them on a post-it, attached to the screen of your computer. You may chuckle at the absurdity, but it happens more than you think.

4. Don’t forget to regularly patch your operating system and other applications.
Many industry experts believe that most network security attacks would be stopped if computer users would just keep their computers updated with patches and security fixes. Too often, we forget to do this on a regular basis. Remember that every day, new viruses, worms and Trojans are being created and distributed. They are looking for the weaknesses in your computer system. Having outdated software is basically the same as holding the door open and inviting them in for a visit.

5. Don’t forget to make regular backups of important data
Always keep a copy of important files on removable media such as floppy/ZIP disks or recordable CD-ROM disks. Store the backups in a location separate from the computer.

In most cases, Windows desktop and screen-saver passwords provides adequate protection for normal security concerns. However, if you feel more comfortable taking additional security measures consider obtaining a comprehensive security suite.

Selecting a Antivirus Software
The next question is how do you pick the best product for your needs? You start by asking yourself a series of questions. Do you need password protection for individual files, your desktop, a network, or to block someone’s access to the Internet? Is your computer used only by you or do multiple users have access to the computer? How many users in total do you expect on your computer? What are your system requirements? How much do you want to spend?

Once you are able to answer these questions, you can begin to research which security suite will best meet your needs. Product reviews and user statements provide a great starting point. PCMagaine (www.pcmag.com), Zdnet.com (www.zdnet.com), and Consumer Reports (www.consumerreports.org) are just a few informative sites that offer research on various computer software products.

There are numerous security suites available on the market. Take the time to choose the one that meets your specific needs. As a starting point, we’ve listed a couple of the more popular programs:

1. Kaspersky Personal Security Suite
Description: A comprehensive protection program package designed to guard against worms, viruses, spyware, adware and other malicious programs. The program offers five pre-defined security levels and is convenient for mobile users. System requirements: Window 98/2000/XP; Internet Explore 5.0 or higher, Memory: minimum of 64 MB RAM, 100 MB free on hard drive.

2. Shield Deluxe 2005
Description: This program provides protection from viruses, adware, spyware, and privacy threats while using very low system resources. Additionally, the maker, PC Security Shield offers ongoing free technical support. System requirements: Windows 98 or higher, WinNT, WinXP, WinME; Internet Explorer 5.1 or higher, Memory: 32MB ram or higher, 65 MB free disk space.

Advancements in Antivirus Software Suites

Fighting off Viruses:

Protecting your computer from a virus is getting harder and harder each day. While it may border on the paranoid, it goes without saying that you can’t leave your guard down for one second. Even corporate giant Microsoft has found its own systems compromised on more than one occasion.

Remember the “good old days”, before the advent of the Internet and downloadable programs? Life was simple then in terms of computer viruses. With the primary way in which a virus could be transmitted being limited to floppy disks, the ability to catch and eradicate the virus was a lot easier. By today’s standards, it used to take quite a while before a virus was able to infect a computer and slow down the system. The antivirus software of that time was typically able to identify and eradicate viruses before they caused too much damage. Additionally, computer users were pretty savvy on how to protect themselves in terms of scanning all floppy disks before copying them to our desktop.

The Internet helped change all that. The Internet provided a conduit by which viruses could move from host to host with lightening speed. No longer could a computer user just worry about floppy disks as points of entry, but they now had to worry about email, email attachments, peer-to-peer file sharing, instant messaging, and software downloads. Today’s viruses can attack through multiple entry points, spread without human intervention, and take full advantage of vulnerabilities within a system or program. With technology advancing everyday, and the convergence of computers with other mobile devices, the potential of new types of threats also increase.

Protecting Your Computer

Luckily, the advancement of antivirus software has kept pace with current virus threats. Antivirus software is essential to a computer’s ability to fend off viruses and other malicious programs. These products are designed to protect against the ability of a virus to enter a computer through email, web browsers, file servers and desktops. Additionally, these programs offer a centralized control feature that handle deployment, configuration and updating.
A computer user should remain diligent and follow a few simple steps to protect against the threat of a virus:

1. Evaluate your current computer security system.
   With the threat of a new generation of viruses able to attack in a multitude of ways, the approach of having just one antivirus software version has become outdated. You need to be confident that you have protected all aspects of your computer system from the desktop to the network, and from the gateway to the server. Consider a more comprehensive security system which includes several features including antivirus, firewall, content filtering, and intrusion detection. This type of system will make it more difficult for the virus to penetrate your system.
2. Only install antivirus software created by a well-known, reputable company.
   
   Because new viruses erupt daily, it is important that you regularly update your antivirus software. Become familiar with the software’s real-time scan feature and configure it to start automatically each time you boot your computer. This will protect your system by automatically checking your computer each time it is powered up.
3. Make it a habit to always scan all new programs or files no matter from where they originate.
4. Exercise caution when opening binary, Word, or Excel documents of unknown sources especially if they were received during an online chat or as an attachment to an email.
5. Perform regular backups in case your system is corrupted. It may be the only way to recover your data if infected.

Recommended Antivirus Software.

There are numerous applications available to consumers. With a little research, you can pick the program that is right for you. Many programs provide a trial version which allows you to download the program and test its abilities. However, be aware that some anti-virus programs can be difficult to uninstall. As a precaution make sure to set up a System Restore point before installing.

Here are a few programs which typically receive high marks in terms of cost, effectiveness, ease of use, and customer service.

The Shield Pro 2005™ provides virus protection and hacker security through ongoing support and updates. When a virus breaks out, The Shield Pro 2005™ promises to provide a patch within 2-3 hours and a fix for the virus within 5 hours. You can set your computer to update viruses weekly and run a complete virus scan.

BitDefender 9 Standard provides antivirus protection, as well as Peer-2-Peer Applications protection, full email protection, and heuristics in a virtual environment. This provides a new security layer that keeps the operating system safe from unknown viruses by detecting malicious pieces of code for which signatures have not been released yet.

Kaspersky Anti-Virus Personal 5.0 program is simple to install and use. The user only needs to choose from three levels of protection. It allows updates as frequently as every hour while promising not to disrupt your computer. The program also offers a two-tier email protection feature and round-the-clock technical support.

PC-cillin Internet Security combines antivirus security and a personal firewall—for comprehensive protection against viruses, worms, Trojans, and hackers. It also detects and removes spyware and blocks spam. It even guards against identity theft by blocking phishing and pharming attacks.

AVG Anti-Virus Free Edition is a free downloadable antivirus program that has received high marks for its reliability. In the past, free downloadable antivirus programs have been viewed skeptically because of issues relating to its reliability. However, AVG from Grisoft, remains one of the best-known free anti-virus programs available. While AVG can not be installed on a server operating system and there is no technical support, it still makes a good choice for many home computer users. The best part is that since it is free, you can try it with no further obligation necessary.

Encryption and Making Your System Secure

What does encryption do for me?

Encryption and cryptographic software has been used in many different ways to make systems more secure. This article discusses only a few ways that such software can make your system more secure, including:

1) Encrypting your email

2) Encrypting your files

To programs are mentioned that will help encrypt information. There are many more programs out there that will help, but these programs are good and a good place to start as any. They have the added benefit of both being free with source code available.

Will encryption stop people from accessing my information?

Encryption simply makes it harder for people to gain access to important information, like passwords or sensitive information in a file. The first thing you should know about encryption is that the algorithm that is used to encrypt can be simple or more complex and that affects how securely what you have encrypted is protected. Encryption systems have been broken when the method of encryption is understood by hackers and is easy to break.

Why bother to encrypt my email?

It should be noted that email is far less secure than paper mail for two very good reasons: first, electronic data can be accessed easily over an Internet and secondly, electronic data is really simple to copy. There is a very good chance that someone has snooped around in your email despite your best intentions to stop it.

How do I go about encrypting my email?

There are many programs out there that can help you encrypt your email. A very popular one is PGP (Pretty Good Privacy) or its Gnu offshoot GPG.

PGP (http://www.pgpi.org/) self-describes itself this way: This "is a program that gives your electronic mail something that it otherwise doesn't have: Privacy. It does this by encrypting your mail so that nobody but the intended person can read it. When encrypted, the message looks like a meaningless jumble of random characters. PGP has proven itself quite capable of resisting even the most sophisticated forms of analysis aimed at reading the encrypted text."

Why bother to encrypt my files?

The answer to this boils down to what you store on your computer. If you have financial data with important information like social security numbers, email addresses, account numbers and passwords, then you open yourself up to losing very valuable information. Most corporate Internet security employees will attest to the widespread theft of very valuable information. As long as you are connected to the Internet you are vulnerable.

How do I go about encrypting my files?

AxCrypt File Encryption Software (http://axcrypt.sourceforge.net/) Self-described as "Free Personal Privacy and Security for Windows 98/ME/NT/2K/XP with AES-128 File Encryption, Compression and transparent Decrypt and Open in the original application."

Computer Viruses that Come a Calling

Every day new computer viruses are created to annoy us and to wreck havoc on our computer systems. Below are ten viruses currently cited as being the most prevalent in terms of being seen the most or in their ability to potentially cause damage. New viruses are created daily. This is by no means an all inclusive list. The best thing you can do is to remain vigilant, keep your anti-virus software updated, and stay aware of the current computer virus threats.

Virus: Trojan.Lodear
A Trojan horse that attempts to download remote files. It will inject a .dll file into the EXPLORER.EXE process causing system instability.

Virus: W32.Beagle.CO@mm
A mass-mailing worm that lowers security settings. It can delete security-related registry sub keys and may block access to security-related websites.

Virus: Backdoor.Zagaban
A Trojan horse that allows the compromised computer to be used as a covert proxy and which may degrade network performance.

Virus: W32/Netsky-P
A mass-mailing worm which spreads by emailing itself to addresses produced from files on the local drives.

Virus: W32/Mytob-GH
A mass-mailing worm and IRC backdoor Trojan for the Windows platform. Messages sent by this worm will have the subject chosen randomly from a list including titles such as: Notice of account limitation, Email Account Suspension, Security measures, Members Support, Important Notification.

Virus: W32/Mytob-EX
A mass-mailing worm and IRC backdoor Trojan similar in nature to W32-Mytob-GH. W32/Mytob-EX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. This virus spreads by sending itself to email attachments harvested from your email addresses.


Virus: W32/Mytob-AS, Mytob-BE, Mytob-C, and Mytob-ER
This family of worm variations possesses similar characteristics in terms of what they can do. They are mass-mailing worms with backdoor functionality that can be controlled through the Internet Relay Chat (IRC) network. Additionally, they can spread through email and through various operating system vulnerabilities such as the LSASS (MS04-011).

Virus: Zafi-D
A mass mailing worm and a peer-to-peer worm which copies itself to the Windows system folder with the filename Norton Update.exe. It can then create a number of files in the Windows system folder with filenames consisting of 8 random characters and a DLL extension. W32/Zafi-D copies itself to folders with names containing share, upload, or music as ICQ 2005a new!.exe or winamp 5.7 new!.exe. W32/Zafi-D will also display a fake error message box with the caption "CRC: 04F6Bh" and the text "Error in packed file!".

Virus: W32/Netsky-D
A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the LSASS (MS04-011) exploit.

Virus: W32/Zafi-B
A peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file. This worm will test for the presence of an internet connection by attempting to connect to www.google.com or www.microsoft.com. A bilingual, worm with an attached Hungarian political text message box which translates to “We demand that the government accommodates the homeless, tightens up the penal code and VOTES FOR THE DEATH PENALTY to cut down the increasing crime. Jun. 2004, Pécs (SNAF Team)”