Security Watch
A Call to Arms
Enlist everyone, even your relatives, in the fight against the spread of malware.
- By Roberta Bragg
- 02/02/2004
MyDoom isn't the only malware to use its victims to launch DoS attacks on Internet
sites. It's not the only malware to implant a back-door that can be used by
attackers to take over a computer, nor is it the only one to randomly generate
subject lines, spoof e-mail "from" addresses or take advantage the
average user's proclivity for clicking on an attachment. It's not the only one
to have "copy-cat" variants that go one step further (MyDoom.B attempts
to block access to anti-virus update sites.)
I know many IT folks are working hard to prevent network infections; why, then,
were so many computers infected by this particular virus? How come I got three
times as much e-mail last Wednesday as normal? I'm beginning to believe a primary
factor in the spread and continued presence of this worm and others are the
large numbers of home and small business users whose machines aren't properly
configured and protected.
It's easy to point the finger at Aunt Annie or Uncle Bob, but it's not really
fair. Some software companies and ISPs may have been slow to adopt sound security
practices, true, but the average consumer may not even be aware of the need.
And even though there's a growing awareness of the problem, the average small
business and consumer isn't going to just wake up one day and know what to do.
Even if they learn about the importance of security, most aren't equipped to
do what needs to be done.
Removing MyDoom.B, for instance, involves a lengthy and complicated set of
steps the typical consumer couldn't understand, much less perform. My dad would
be terrified, but at least he'd call me. How about yours? Even some large organizations
have trouble understanding how to manage the virus/worm threat and how to clean
infections.
Given this situation, it would appear that you and I have a great opportunity
to strike a blow for Internet security.
We can use our expertise to help those without our resources and knowledge.
To that end, I'm asking you to go visit your mom and dad, aunts, uncles, cousins
and distant relatives. Help your neighbor. Offer your services to home users
and small businesses. Find, and help, the people who don't have IT departments
and may not have any interest in this computer security thing. Volunteer to
speak to organizations where many business owners gather, like the Chamber of
Commerce. Write articles for your local newspaper. Talk to kids at schools.
Let's do what it takes to protect the average user's computer.
And you'll not only be helping your communityyou'll be helping your own
network, since every consumer computer that doesn't get infected is one less
attack zombie.
So where do you begin? Here are seven action items to get you started.
- Make sure your helpees are using the services provided by their ISPs. I've
started a survey, and here's two interesting factoids:
a) Earthlink customers can turn on or off a
virus scanning and blocking tool. This tool will scan a customer's mail at
the Earthlink server before it gets to them. However, it might not be turned
on. To turn it on or off, you'll have to access the customer's profile. Let
them enter their password to log into the service, and make sure they're using
the blocker.
b) MSN virus scans e-mail at the server as well,
but doesn't block delivery of the attachment. MSN also offers a premium service
that provides a personal firewall and virus checker. This fee-based service
is available to anyone, whether or not they're MSN customers. Since the products
are downloaded to the customer's computer, its works as you'd expect to locally
scan e-mail from any of the many accounts the customer may have with different
services.
- Make sure they're using the latest versions of their e-mail reader. Recent
versions of Outlook, for example, block access to many attachment types recognized
as executables. Other products may do likewise.
- Keep an updated copy of an antivirus tool on a floppy or CD-ROM. For example,
try Stinger.exe from McAfee, available from http://vil.nai.com/vil/stinger.
Stinger scans for and removes many common live viruses and worms, including
MyDoom.B. Keep your copy as a backup in case your buddy's computer is infected
and blocking access to the anti-virus update site.
- Teach your Windows XP friends about Windows Update and get the latest updates
from the site -- then set the service to automatic. The reason is that most
consumers and small businesses won't understand automatic updates. Instead
of investigating why it tells them they have updates every time they connect,
they simply believe it's working and think "Microsoft sure has a lot
of errors to fix." They don't realize Service Pack 1 isn't getting downloaded
in the 20 minutes they stay online. Instead, show them exactly what's going
on so they won't disconnect in the middle of the download. Once they're fully
updated, the normal automatic update service should be adequate.
- Set a reminder to yourself to check back in when SP2's released.
- Check their personal firewall status. Help them get one, or help them turn
it on. Be aware also that when dial-up customers change their ISP, it changes
their connectoid. By default, the new connection won't have the firewall turned
on.
- Check the status of their virus scanning product. Often a user will be
instructed to turn off a virus scanner in order to install software, then
forget to turn it back on.
I'd provide additional steps, but my editor Keith says I'm way, way over my
space quota for this week's Security Watch. [Editor's Note: You got that
right, Roberta!] I've also got more information on things that our ISPs
are doing to help protect the consumer, so I've made Keith promise to send out
an extra edition of Security Watch this Wednesday so I can add more.
[Editor's Note: Done.] If you'd like to add to the list of things we
need to do for consumers and small businesses, give me a holler. As usual, I
won't print your name unless you specifically OK it.
About the Author
Roberta Bragg, MCSE: Security, CISSP, Security+, and Microsoft MVP is a Redmond contributing editor and the owner of Have Computer Will Travel Inc., an independent firm specializing in information security and operating systems. She's series editor for Osborne/McGraw-Hill's Hardening series, books that instruct you on how to secure your networks before you are hacked, and author of the first book in the series, Hardening Windows Systems.