The new draft - welcome to the Silent War

November 12, 7:52 PMSF Information Technology ExaminerThaddeus Howze

Previous Next

2 comments Print Email RSS Subscribe

Subscribe

Get alerts when there is a new article from the SF Information Technology Examiner. Read Examiner.com's terms of use.

Email Address   Include other special offers from Examiner.com Terms of Use

You have been drafted
You just don't realize it yet. Your papers haven't come in. Did your computer go down mysteriously this year? Has your computer slowed to a crawl? Have you found yourself unable to get to the internet? Had your identity stolen online? Tunneling through thousands of emails this week? Power go out in your town? Cell phone not working for the third time this week? Bank error, not in your favor, lose $200? These may appear to be unrelated but more and more, the effects of the Silent War are being seen in the real world.

You are a soldier in a shadow war; a war fought in your living room, in your bedroom, on your kitchen table, at your media center, in your office, in your car, at your powerstation, literally under the very ground you are walking on. Wherever the internet flows, indeed wherever information is flowing, we are at war. And like most untrained soldiers, you are ill-prepared to fight. You are not given adequate tools. You don't even realize you are at war. There is no boot camp for this war, only the techno-rebels, scholarly enclaves, cyber-guerrillas, econo-cabals, tech special-ops, and cyber-ronin, are engaged in this battle, the rest of us are just casualties of this new, hidden and Silent War.

Our computers are compromised by the econo-cabals who use our machines in their bot-networks to send spam and phishing documents to millions of people worldwide. Cyber-guerrillas wage war on foreign governments probing their infrastructures to see if they can have an effect large enough to notice, subtle enough to sit and wait like a bomb until the moment is right. Scholarly enclaves discuss and attempt to bring rationale and reason to the use of this powerful technology, much like the Geneva Convention tried to bring civility to modern warfare. Their methods are often well intended but simply too civilized, slow to implement and generally insufficient to the task.

Techno-rebels use the internet to create new ways of expressing themselves and then overburden the internet with these new communication means creating increased noise without appreciably adding to the signal of needed information. (Yes, I mean Twitter. Yes, I said it. You wanna make somethin' of it, bub?) Concerned only with their wealth, they are often unaware what new insidious uses their technology is often used for. The government's tech-special-ops deliberates and begins to learn just how much information is available and begins finding new ways to access that information, in a methodical, systematic manner, with their eventual goal to bring true organized warfare to the cyber-realm. The government often hires the Cyber-ronin, who working for the highest bidder, having no true masters but their love of the craft, carve a path through cyberspace, working for greater understanding and bringing their art, their kung-fu to whomever pays them the most or whatever ideal has the greatest meaning to them at the time.

All your media are belong to us. (not a typo)

And then there is you. Trying to make your way, using your computer at your job, at your home, playing games, reading your electronic news, watching your sports, unaware that as you are watching your computer, it is likely that some is watching you. You are not even aware that you are looking into the abyss. The abyss is looking at your data-shadow trying to learn where you shop, what you buy, what you search for, so they can gather that information and sell it to one of the econo-cabals, who will target you for new advertising, new media storms, new means of putting more advertising in front of you. Privacy is a myth, you can only be private if you don't use the internet, don't use a credit card, pay for everything in cash, and insist on being paid in $20 bills. You can't use any utilities that require you interact via a bank account, and you have to insist on using an unmarked mailbox and buying your food from a bulk retailer. Don't forget about that cabin in the mountains, the truck that runs on your home made diesel, or solar tech you cobbled together. Go for that huge shelter in the basement just for good measure. Or you can opt to learn how to fight.

Owning a computer, if you want to participate and have some say in how things turn out, obligates you to make an effort to understand what is going on in the world. And the first rule of that modern warfare is to establish a base of operations, your home or personal computer. The first line of defense is knowledge. If you choose not to know, then you can't blame anyone when your gear goes down, your information or identity is stolen, your lights go off, or a nuclear weapon gets launched because you couldn't be bothered to patch your software or buy a firewall (or know how to use one!

In that vein of thinking, I am going to give you some information about what is out there and what you can do about it. There are a variety of tools out there that you can load on your personal PC to give you a fighting chance against all the potential attack vectors in use today. But none of them can help you if you don't take the time to understand HOW the enemy attacks your systems.

These attackers go by a variety of names but the name that is most common are hackers or crackers. Hackers come in a white hat and a black hat variety. White Hats often attack systems and then help the people who they attack by telling them how they were able to penetrate the defenses of the environment. They are often hired as consultants to help secure an environment from attack. The Department of Defense, at an event called DefCon, hired 60 hackers last year and came back for more this year.

Black Hats may attack your system and leave a "flag" or file that indicates they were there. They might also relieve you of some data as proof of their ability to penetrate your defenses. They may extort you, or blackmail your or leave a virus behind, their behavior is less predictable. Crackers may attempt to penetrate your environment for malicious gain by leaving something behind, a virus, a trojan or some other software element that will allow them to gain information in the future.

These software elements have a variety of names depending on where or how they attack your system and the effects their attack may have. In the early days, these attacks were limited to pop-up windows or simple notes that occured on certain days (April Fools Day) but as time went on they became more malicious and eventually dangerous to your computer. The word virus was the generic term used in the beginning but as the type of attacks changed, soon there became distinctions in the type of viruses. Those that looked like harmless files but later exploded became "Trojan Horses" or just trojans. Files that drilled their way into your system and became impossible to remove became "worms." I am going to list the different types and a summary of simple procedures and software that can help you in your battle against the ever-growing threat of MALWARE.

1. Virus:  A computer program that can copy itself and infect a computer without permission or knowledge of the user. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive
2. Trojan horse or Trojan: is a piece of malware which appears to perform a certain action but in fact performs many different forms of codes. Therefore, a computer worm or virus may be a Trojan horse. The term is derived from the classical story of the Trojan Horse. Often these files appear innocuous until a certain event takes place, i.e. a date is reached or a certain number of activations of a program...
3. Worm:  A computer program, which replicates itself and is self-propagating. Worms, as opposed to viruses, are meant to spawn in network environments. Worms are usually designed to carry a payload, sometimes harmless, sometimes not. Often they are used to set time-bombs which after spreading quickly sit and wait until a predetermined moment. One of their most pernicious traits is that they are almost impossible to remove without sophisticated tools or software.
4. Rootkits:  a program (or combination of several programs) designed to take fundamental control (in UNIX terms "root" access, in Windows "Administrator" access) of a computer system, without authorization by the system's owners and legitimate managers. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security mechanisms. They are very hard to remove from computers often requiring the complete erasure of the drive and its contents. One of the most dangerous pieces of malware, because it loads when your computer starts up, often before any virus software that could be used to detect it is loaded. It is thus, invisible to detection.
5. Spyware and/or Adware: Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent. While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring.
   1. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited. They can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity.
   2. Spyware can cause your browser to invite more harmful viruses, or diverting advertising revenue to a third party. Spyware can even change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs.
6. Browser attacks: JavaScript is a programming and scripting language that is used to augment functionality of web pages. It has also been used to embed other programs such as adware and spyware within web pages downloaded to an office's computer. This is done through a browser that is not running any script monitoring software, or does not have security settings that prevent scripts from running. Websites whose scripts have been inhibited do not function normally and often exhibit errors without their scripts.
   1. The solution to needing scripts but not running them indiscriminately is to get a program that monitors script use and informs you what scripts are being used and whether you want to allow them. If you use the Firefox browser, a program called NoScript (www.noscript.net) is the most lauded of these script managers.
   2. Noscript is an add-on program that can be added to the Firefox browser and monitors all new scripts every time you interact with a new website. You decide what scripts you want to see activated. It takes getting used to but is very effective in blocking dangerous scripts from popular sites.
7. Masquerading: Many spyware developers prey on computer users by disguising their spyware with product names very similar to real spyware removal tools. People are taken in when they do random searches for anti-virus tools and get a piece of Spyware or adware that is closely named after a legitimate program. A common tool for removing spyware is called Spybot: Search and Destroy version 1.60. There is a piece of spyware called Spybot. The two are easily confused and the spyware is downloaded almost as often as the legitimate software. The evil twin Spybot, takes over the computer’s browser and inserts pop-up advertising all over the computer. One of the best ways to avoid this is to get the names of reputable software from your technical support person, get a subscription to a computer publication such as PC Magazine, read online publications such as CNET (www.cnet.com) or ZDNet (www.zdnet.com) as resources for what the best software is today.
8. Cross-site scripting: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. As of 2007, cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities. This can be detected by Noscript.
9. Botnet: is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. The term is often associated with malicious software but it can also refer to the network of computers using distributed computing software. While the term "botnet" can be used to refer to any group of bots, such as IRC bots, the word is generally used to refer to a collection of compromised computers (called zombie computers) running software, usually installed via worms, Trojan horses, or backdoors, under a common command-and-control infrastructure. The majority of these computers are running Microsoft Windows operating systems, but other operating systems can be affected. You should care because YOUR computer could be part of a botnet of computers surreptitiously sending spam to millions of computers around the world, and you would not even know it until the botnet software started to affect how well your computer performed. (If you are not, then your neighbor down the street might be because it is estimated that 150 million of the 600 million PCs currently in use might already be part of the two dozen superlarge botnets in existence.)
10. Spamming is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, mobile phone messaging spam, Internet forum spam and junk fax transmissions. Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Spamming is widely reviled, and has been the subject of legislation in many jurisdictions. 90%+ of all email sent in the world today is unfortunately, spam.
11. Keystroke Loggers: Keystroke logging (often called keylogging) is a method of capturing and recording user keystrokes. Keylogging can be useful to determine sources of errors in computer systems, to study how users interact and access with systems, and is sometimes used to measure employee productivity on certain clerical tasks. Such systems are also highly useful for law enforcement and espionage—for instance, providing a means to obtain passwords or encryption keys and thus bypassing other security measures. Keyloggers are widely available on the Internet. Keyloggers can be designed to monitor every keystroke you make AND take screenshots of anything you are doing, any browser window you have open, any bank transactions you might make, any letters you might write to your sweetheart in Argentina... Any computer you did not configure yourself might be using a keylogger to track your keystrokes and web browsing. Think about that the next time you spend four hours looking at Facebook. Feeling paranoid yet. Good.

Joining the Battle
My goal in this exercise is to let you know there are a wide array of forces out there working against your PC. Owning a computer and connecting it to the internet can be considered an acknowledgement of your part in a growing war being waged, invisibly all over the planet, against a faceless enemy that could be hiding in a foxhole in Afganistan, a coffee house in France, a family's basement in Montana or in a highrise in Singapore. And I did not name every type of possible enemy. There are now combinations of these technologies being created for the new media technologies and web 2.0 software being created every day. You can read about constant failures and attacks being made against Facebook, Twitter and Myspace every day. My primary tools in the battle against malware are:

• Windows Updates - people complain about Microsoft's products all the time but if they did not update them, you would really have reason to complain. They may not be as dutiful as I would like but they get the job done. My only caveat is that I tell people that are working in a networked or enterprise environment to never run the Auto-update function. Test the updates when they are coming out. Microsoft posts the pending updates on their technical support sites. Run them on a test server for a few days before you release them into your environment. There have been the occasional updates that caused networks to behave strangely once they were applied. Home users, if you set your machines to auto-update, you might also want to have the System Restore feature activated on your system, just in case. You need to use Internet Explorer if you want to use Microsofts integrated download features within the browser interface. Other browsers can only download the updates as external files.
• Software updates for programs on your computer - any programs that you use, i.e. Adobe Acrobat or Javascript for references, that might have programming aspects or offer a means to deliver information to your computer that you might not be aware of should constantly be updated to their latest versions. Security holes occur with these programs, more frequently now than ever and it pays to be sure you are up-to-date.
• AVG 8.5 Free - The free version of this program is very capable but it is only a part of a larger and more sophisticated suite of AVG malware management software. I recommend the whole suite but if you are trying out the tools, then download the free version and get a feel for the tool. It is full featured and its interface is easy to use. There is a recent update to AVG 9.0 but I cannot recommend it at this time. It may improve in the future, but I have had less than stellar performance with it. I may be forced to switch to another tool in the near future or wait until an update to 9.0 comes out.
• Spybot Search and Destroy 1.62 from Safer Networking is one of my favorite tools for recognizing spyware and keeping it off of my computer. Not as easy to use, and the interface is starting to show its age, but it has the widest array of malware detection I know and offers the ability to recognize spyware as it attempts to make an entry onto your machine. Running actively it will let you know when a program that it does not recognize or thinks might be spyware and ask you if you want to allow the program to run. You can also innoculate your machine against thousands of well known malware programs that are already out there and often forgotten because they are no longer the malware of the day. This is a staple of my anti-virus tools and I don't see replacing it any time soon.
• ZoneAlarm 8.5 by Checkpoint Software Technologies is a godsend in the strange software detection programs. Running in the background, it monitors all traffic coming and going from your computer. It will ask you if it sees anything it considers out of the ordinary, coming into or going out of your machine. Once you decide if a program is worth using, it will offer you the option to remember that in the future. If you have a hardware firewall, this program is a bit less useful, but that does not mean you cannot layer your defenses, just in case. It also comes in a free and paid version where the paid version offers a suite of other tools including browser monitoring, spyware detection and virus detection.
• Noscript by Inform Action, an Italian company, has been producing Noscript usually to the delight of the Windows community since 2004. There have been complaints on and off over the years, but personally, I think it is the finest of the Firefox add-ons on the market today. If you don't use it, you are taking unnecessary risks with your browsing experience. Browsers process so much information now, scripts, macros, programs, application data, it is hard to keep track of how many things happen when you load a single page. Once you load Noscript, it will tell you every script or macro that your browser wants to run, their names and identify them for you in the lower corner of your display. Once you decide a script is okay, you can tell Noscript to allow it and you can gain the benefit of whatever service it was offering. Once you see how many things are happening on a page you visit, you may never browse again without. It is a free program, but donate to them, they are providing a great service to the browsing community.
• AdAware Free 2009 - another general spyware, antivirus, system monitoring, spyware detection tool. I load it as a backup for my other tools since sometimes updates will occur soon on one program than the other. This offers the ability to double check and capture spyware the others could miss. It also comes in a free and paid version. As with all of these tools, the paid version is better but the free version totally rocks. Get them, pay for them and use them.

A Final Word
You did not ask to be in this war. You were drafted. But you don't have to be a victim. You can be smarter about how you participate. You can choose the territory, the time, the place and how you want to fight. You can fight to win. I have had eight computers in the last fifteen years. Only one was ever lost to malware or viruses. And even when it went down, no data was lost only the operating system. I erased the drive and rebuilt the operating system and returned to the war, wiser and meaner. None of these tools will work without you. Yes, you can set most of them to run scans automatically, but the real protection of your system starts with you. Make good decisions, think twice before you click that link, remember if you didn't ask for it by name, don't touch it. Welcome to the war, hunker down, I got more intel for ya. Stay frosty.

About the Author: Thaddeus has a WordPress technology and science commentary blog called Storm Warnings: A Matter of Scale and can be reached at