The Evil Three
What are the three worst evils on the net? | Trojan horses - like the famed wooden horse of old, a Trojan horse program is one that appears to be one thing (like a screensaver), but which hides something else, like spyware that monitors your internet activities or adware that stores advertisements on your computer and then feeds them to you in popup windows. Trojan horses typically require some trickery to get you to "open the gates and let them in" to your computer. | Side Point Some people confuse spyware and cookies. Cookies are small files containing little bits of information, like your log-in name and password at your favorite website, or the items in your Amazon shopping cart. They are mostly harmless, since they are very small, and can be easily deleted. They also can not be copied off your computer or accessed by any site other than the website that created them. However, some people object on principle, and delete them routinely. |
| viruses - working like biological viruses, computer viruses infect your computer, reproduce themselves, and spread to other computers. Some viruses install back doors to your computer, or security holes that allow someone else to take control of your computer and use it without your knowledge. Viruses typically do not require you to do much work to install them; simply opening a virus-infected attachment or running a virus-infected file will do it. | Side Point You may have also heard of worms. A worm is a virus that spreads by sending itself to everyone in your email address book, and, if successful, then everyone in their email address book… It falsifies the return address, making it look like it came from someone else you know, making it hard to trace the infection back to you. It thus can spread geometrically; the first version of MyDoom accounted for 30% of all email traffic in the world at one point, creating 100 million email messages within its first 36 hours. It's estimated that North American internet service providers will spend $245 million on worms in 2004. |
In the real world, we have vaccines. In the computer world, we have something similar. In addition to antivirus programs, there are people who routinely search software for security holes and develop software to patch the holes. Microsoft bundles patches for Windows security flaws into a single monthly release, so that once per month you can install all recent patches for free at:
http://v4.windowsupdate.microsoft.com/en/default.asp
Why Are These Kinds of Programs So Bad?
The second thing to understand is that while spam may seem merely annoying, spam is a kind of unsolicited marketing, and is becoming more and more tied to Trojan horses and viruses written by hackers, or people who try to break in to computer systems. While hackers create viruses for antisocial reasons -- it's a thrill to screw up others' computers or a great way get revenge on a former employer -- they also do it for money.
Side Point A company called SCO is suing to stop open-source software writers (who basically want to make software available for free) from using Linux, a free Windows alternative. SCO claims it owns some of the underlying code in Linux, and thus is entitled to money from everyone using it. Some are blaming a recent virus on open-source advocates, as computers infected with it continuously attack and shut down the SCO company's website. Thus, some would call this kind of hacking a political statement, but others would call it vandalism. | Viruses let hackers turn infected computers into zombie machines, or computers that mindlessly follow the hacker's instructions. Bill Gates recently spoke in England, and cited British security companies as estimating that there were 800,000 zombie computers in England. They all are sending out spam after spam after spam to English internet users, and the owners of those 800,000 computers don't even know what's happening. |
| Some hackers write Trojan horses that install adware. If a hacker gets a penny for every add that someone clicks on, adware programs create a payment-per-click income. Alternately, a hacker could distribute adware that serves up advertisements for a specific company's product this month for a flat-fee, and then "resell" the "advertising space" next month. Some hackers just break into email accounts to send out spam or hide their hacking. My husband uses AOL to access his employer's computer system. Someone hacked into his account by cracking his password ("red1234" is not what we call a strong password) and sent several thousand spam in one day, appearing to be from my husband, before AOL shut down the account. | Side Point Some make the distinction of white hat hackers (good guys) and black hat hackers (bad guys). For example: a hacker found a university accidentally made a lot of identifying student information available on the web on their sports department page. The university didn't correct it, so the hacker posted the information on his own web site and emailed all the listed students. Students complained and the university labeled him a black hat hacker, and immediately threatened to sue him for placing their students at risk for identity theft. He countered he was a white hat hacker, and that if the university was so concerned about identity theft then they should have first secured the sports department web page, second warned students about the security breach, and third threatened him with a lawsuit. Thus, the distinction between white and black hat hackers isn't always clear. |
Some hackers do it as part of illegal schemes. The New York Times reported that a stock broker installed a program he thought would organize stock quotes for him, but which actually installed a kind of spyware known as a key logger, which reported every key he typed (and thus his passwords and user names) to the hacker, who used them to transfer money belonging to the broker's clients into his own account.
So What Can You Do? As you can see, there are a lot of people out to make money, legally or illegally, ethically or unethically. Spam, viruses, and Trojan horses are annoying, sure, but they are also far more than that. Attending to security in your computer habits is a wise idea, sure, but it also help you avoid aiding criminals. So what do you do? | Side Point To bring this home, a case came before the British courts in which a father lost custody of his son after being arrested for trafficking in child pornography online. His (successful) defense was that he did not know his computer was sending pornography, and he was able to prove he had made numerous calls to his internet service provider complaining that his computer was doing strange things he couldn't figure out. While he and his son suffered, the child pornographer got away scot-free. |
A second option is to take basic steps to protect yourself:
| 1) Don't read and for God's sake don't reply to spam - some include "tracking bugs" in them to detect live email addresses, and so just reading them can confirm your email address and encourage a spammer. Don't click the unsubscribe link for the same reason; it just confirms that your email address is a "live" one. 2) Install a good antivirus program (like Norton Antivirus) and run it every week. Keep it up to date too! Check the Microsoft Update site every month and download the "Critical Updates." While other software and drivers are available there, only download the "Critical Updates." 3) Never open email attachments you were not expecting, or that seem to have only a generic explanatory message (like "I wish you would enjoy this" or "that document you wanted"). You might get a program emailed to you that seems to come from Microsoft urging you to run the attached file to patch your system. Never, never run these programs, as they install a virus! 4) Install a firewall (like Zone Alarm) to protect your computer from attacks. Firewalls block hackers from breaking in to your computer, as well as viruses from getting out of your computer. (CSoPP already has a firewall, but your home computer probably doesn't) 5) Download a good spyware program (like Spybot - Search & Destroy) and run it twice a month. Keep it up to date too! 6) Never click on any button in a popup add. Close the popup with the "X" button in the top right corner of the titlebar of the window, or hit Alt-F4 to close it. Clicking anything else (including the "Cancel" button) will most likely install spyware or adware, a practice called drive by downloading. The Googlebar is a neat tool that will give you instant access to the Google search engine, and block most popups as well. |
A third option is to learn about spam, spyware, viruses…. and the like.
| About Spam | How do they make spam SpamReport | Avoid Spam 1, 2, and 3 |
| About Spyware and Adware | Avoid Spyware 11 Signs of Spyware Escape Spyware | Ways to Fight Malicious Code Destroy Spyware |
| Cookies | Basic Information Cookies Manager | CookieCop from PCMagazine |
| Viruses | Free Solutions Paid Software | Step-by-Step Setup |
| Safe Downloading | Basic Tips 1 and 2 | |
| Firewalls | ZoneAlarm | Review other free software |
| A few more security issues…. | Wireless Security Safe Passwords | Shopping Online Banking Online |
Some spyware "removal" programs actually detect and delete other people's spyware, while installing and protecting their own. How do you know if a spam/spyware/antivirus program is really what it says it is? Easy! Enter the name of the program into Google and do a search. If it is bogus, chances are someone has posted a report about it and Google has their post indexed.
