Security Watch

A Call to Arms

Enlist everyone, even your relatives, in the fight against the spread of malware.

• By Roberta Bragg
• 02/02/2004

MyDoom isn't the only malware to use its victims to launch DoS attacks on Internet sites. It's not the only malware to implant a back-door that can be used by attackers to take over a computer, nor is it the only one to randomly generate subject lines, spoof e-mail "from" addresses or take advantage the average user's proclivity for clicking on an attachment. It's not the only one to have "copy-cat" variants that go one step further (MyDoom.B attempts to block access to anti-virus update sites.)

I know many IT folks are working hard to prevent network infections; why, then, were so many computers infected by this particular virus? How come I got three times as much e-mail last Wednesday as normal? I'm beginning to believe a primary factor in the spread and continued presence of this worm and others are the large numbers of home and small business users whose machines aren't properly configured and protected.

It's easy to point the finger at Aunt Annie or Uncle Bob, but it's not really fair. Some software companies and ISPs may have been slow to adopt sound security practices, true, but the average consumer may not even be aware of the need. And even though there's a growing awareness of the problem, the average small business and consumer isn't going to just wake up one day and know what to do. Even if they learn about the importance of security, most aren't equipped to do what needs to be done.

Removing MyDoom.B, for instance, involves a lengthy and complicated set of steps the typical consumer couldn't understand, much less perform. My dad would be terrified, but at least he'd call me. How about yours? Even some large organizations have trouble understanding how to manage the virus/worm threat and how to clean infections.

Given this situation, it would appear that you and I have a great opportunity to strike a blow for Internet security.

We can use our expertise to help those without our resources and knowledge. To that end, I'm asking you to go visit your mom and dad, aunts, uncles, cousins and distant relatives. Help your neighbor. Offer your services to home users and small businesses. Find, and help, the people who don't have IT departments and may not have any interest in this computer security thing. Volunteer to speak to organizations where many business owners gather, like the Chamber of Commerce. Write articles for your local newspaper. Talk to kids at schools. Let's do what it takes to protect the average user's computer.

And you'll not only be helping your community—you'll be helping your own network, since every consumer computer that doesn't get infected is one less attack zombie.

So where do you begin? Here are seven action items to get you started.

1. Make sure your helpees are using the services provided by their ISPs. I've started a survey, and here's two interesting factoids:
        a) Earthlink customers can turn on or off a virus scanning and blocking tool. This tool will scan a customer's mail at the Earthlink server before it gets to them. However, it might not be turned on. To turn it on or off, you'll have to access the customer's profile. Let them enter their password to log into the service, and make sure they're using the blocker.
        b) MSN virus scans e-mail at the server as well, but doesn't block delivery of the attachment. MSN also offers a premium service that provides a personal firewall and virus checker. This fee-based service is available to anyone, whether or not they're MSN customers. Since the products are downloaded to the customer's computer, its works as you'd expect to locally scan e-mail from any of the many accounts the customer may have with different services.
2. Make sure they're using the latest versions of their e-mail reader. Recent versions of Outlook, for example, block access to many attachment types recognized as executables. Other products may do likewise.
3. Keep an updated copy of an antivirus tool on a floppy or CD-ROM. For example, try Stinger.exe from McAfee, available from http://vil.nai.com/vil/stinger. Stinger scans for and removes many common live viruses and worms, including MyDoom.B. Keep your copy as a backup in case your buddy's computer is infected and blocking access to the anti-virus update site.
4. Teach your Windows XP friends about Windows Update and get the latest updates from the site -- then set the service to automatic. The reason is that most consumers and small businesses won't understand automatic updates. Instead of investigating why it tells them they have updates every time they connect, they simply believe it's working and think "Microsoft sure has a lot of errors to fix." They don't realize Service Pack 1 isn't getting downloaded in the 20 minutes they stay online. Instead, show them exactly what's going on so they won't disconnect in the middle of the download. Once they're fully updated, the normal automatic update service should be adequate.
5. Set a reminder to yourself to check back in when SP2's released.
6. Check their personal firewall status. Help them get one, or help them turn it on. Be aware also that when dial-up customers change their ISP, it changes their connectoid. By default, the new connection won't have the firewall turned on.
7. Check the status of their virus scanning product. Often a user will be instructed to turn off a virus scanner in order to install software, then forget to turn it back on.

I'd provide additional steps, but my editor Keith says I'm way, way over my space quota for this week's Security Watch. [Editor's Note: You got that right, Roberta!] I've also got more information on things that our ISPs are doing to help protect the consumer, so I've made Keith promise to send out an extra edition of Security Watch this Wednesday so I can add more. [Editor's Note: Done.] If you'd like to add to the list of things we need to do for consumers and small businesses, give me a holler. As usual, I won't print your name unless you specifically OK it.