Call It Adware Or Call It Malware - It Is All Just Scumware

Monday 3rd November 2008

After viruses and trojans, scumware represents the most serious threat to responsible users of the Internet.

Scumware is sometimes euphemistically referred to as "Adware" or "Malware", presumably on the grounds that "it does not do anyone any real harm".  What absolute rubbish - especially as the boundary between malware and viruses is very blurred.  No application which installs itself without the user's explicit permission and/or transmits information about that user to a third party without his knowledge, has any place in decent society.  At the one extreme, "adware" consumes system resources, while at the other extreme "malware" is effectively a virus in all but name and is used to facilitate identity theft.

Home users, in particular, may complain that their PC "not running as fast as it used to" and that "annoying windows keep popping up all over the place".  It is well-known that buying a new PC will always make the old one run more slowly - or at least, appear to do so.  What is really happening, of course, is that the old PC is merely suffering from an unfair comparison with the new, much faster model.  However, if a new PC is not to blame, it is likely that scumware is the villain, quietly stealing CPU cycles and RAM for its own nefarious purposes.     

There really is no reason for users to allow scumware to spoil their Internet experiences, especially as two of the best products are available for free download.  One is "Spybot - Search & Destroy" (http://www.spybot.info/index2.html) and the other is Ad-Aware 2008 (http://www.lavasoft.com).  Optimum results are obtained by using both products together for regular sweeps of the PC.  The effectiveness of these products is shown by the existence of a large number of similarly-named but non-genuine products and websites, which will actually attempt to install even more scumware on the unwary user's PC.  The only genuine downloads are those reached from the exact websites given above.  Links appearing on other websites and, especially, links in emails are almost certainly not genuine and should be avoided at all costs.

Viruses And Trojan Horses

Monday 27th October 2008

What are these curses of our modern online society and how may we protect ourselves against them?

A computer "virus" is generally agreed to comprise a software program which is able to propagate itself and infect other computers, usually for malicious purposes.  Rather like their biological counterparts, they will spread rapidly if left unchecked and are often able to mutate into apparently different forms, rendering their detection and elimination more difficult.

A "Trojan Horse", often abbreviated to "Trojan", derives its name from the technique used by the Greeks in Classical times to capture the seemingly impregnable city of Troy.  In Book IV of his "Aeneid", Virgil records how, even after a 10-year siege, the besieging Greeks were still no nearer victory.  They finally succeeded by building a massive hollow wooden horse, which they filled with heavily-armed soldiers and left outside the city walls.  Next, they withdrew to their ships and appeared to sail away.  The hapless Trojans, mistaking the horse for an offering to their gods, went out and took it into the city.  That night, when the Trojans were engaged in a drunken celebration of what they thought was the Greeks' defeat, the soldiers crept out of the horse and opened the city gates.  By this time, the Greeks had returned, so they were able to enter the city and sack it.  The computer "Trojan" operates in a similar manner.  Although it is not itself a virus, it attempts to "open the gates" in order to allow entry by "true" viruses, with potentially devastating consequences.

The early computer viruses were relatively harmless - one, for example, would make all the letters fall down to the bottom of the screen.  This could be quite alarming in the days when all screens were text-based.  Others would sound a razzberry at random intervals, or perhaps display messages of varying degrees of obscenity.  Quite soon, however, they became evermore destructive and dangerous.  Once applications which support scripting, such as the Microsoft Office suite, became common, the virus writers were also able to exploit this new avenue for distributing their unwelcome wares.

At first, viruses were spread mainly by infected floppy disks and dial-up bulletin boards.  This tended to limit their usefulness for criminal activities.  Even when the Internet became popular, access was mainly by way of a dial-up modem.  This incurred time-based connection and access charges, as well as being relatively slow.  The opportunities available to the criminal fraternity were therefore still somewhat restricted, although less so than previously.  Nowadays, about 80% of households in the UK have "always-on" broadband access.  This is certainly very convenient for email, but it also presents the perfect environment in which viruses may propagate themselves.

Although properly configured routers, standalone firewall appliances and software firewalls can all be used to help to reduce the risk of virus infestation, an effective and regularly-updated anti-virus application must also be deployed.  As with software firewalls, there are many such applications available.  Some form part of an "Internet Security" suite, while otheres are standalone.  Their costs, both in terms of purchase price and impact on machine resources, can vary widely.  One product, which is free for personal use and has good reviews, is "AVG Anti-Virus Free", by AVG (http://www.avg.com).  AVG offer a paid-for as well as a free product:  the free one is available for download from http://free.avg.com.  There are, of course, a number of other such products and the final choice must be made only after thorough consideration of the particular situation in which it is to be deployed.

Internet Security And Safety - Routers And Firewalls

Monday 20th October 2008

Is the Internet really as dangerous a place as it is sometimes claimed to be?

People have been stealing from each other for as long as there have been people on the planet.  Even in the Stone Age, groups of cave-men would go out and raid other settlements, in order to steal food and other supplies.  More recently, the Romans built Hadrian's Wall to keep out the raiding Celts from the North, while the Great Wall of China protected the country from the invading Mongol hordes.  In modern times, newspaper reports of robbery, burglary, embezzlement and frauds are all too common. 

As the availability of easy-to-setup, inexpensive and fast Internet access has expanded, so have the opportunities available to criminals.  We now live in a "connected society", where almost every computer is, in theory at least, linked to every other computer.  In addition, portable storage devices such as USB Memory Sticks provide a ready means of access to a computer and are easily concealed about the person.  There is only one way to be absolutely certain that no access can be obtained to a given a computer - it must be left in the unopened, sealed cardboard box in which the manufacturer delivered it and the whole package kept in a securely locked room at all times.  This, of course, rather defeats the purpose of buying it in the first place.

How then can a computer be used on the Internet without an unacceptable degree of risk to the valuable data it contains?  Consider the layered techniques used by the Banks to protect their physical security.  Such institutions must keep substantial amounts of cash readily available over the counter, as well as the considerably larger amounts in the vaults.  They might therefore appear to offer a tempting target to armed robbers.  However, the cashiers' area in the banking hall is protected by armoured glass screens and locked doors.  The only access to the vaults is by first going through this area and the vaults themselves are in turn protected by massive, locked doors. 

Similarly, a properly-configured router or standalone firewall appliance will provide the "first line of defence" and protect the network as a whole.  In the same way as a Bank does not rely solely on the armoured glass protecting the cashiers' area, but also has massive, locked doors at the entrance to the vaults, each individual computer on the network should have its own, properly-configured software firewall. 

Unauthorised inbound access is only part of the picture, however.  Contrary to the popular misconception, it is not the sole purpose of a security strategy to prevent unauthorised inbound access.  It is equally important for it to prevent unauthorised outbound access.  Typically, this situation arises when a malicious application attempts to transmit confidential, sensitive or other valuable data to an external host.

Once again, the layered approach is strongly recommended.  This time, the software firewall on the computer acts as the "first line of defence", with the router or standalone firewall appliance providing the second line. 

Many bidirectional software firewalls are available, either "standalone" or as part of an "Internet Security Suite".  Their costs, both in terms of purchase price and impact on machine resources, can vary widely.  One product, which is free for personal use and has good reviews, is "ZoneAlarm" by ZoneLabs (http://www.zonelabs.com).  There are, of course, a number of other such products and the final choice must be made only after thorough consideration of the particular situation in which it is to be deployed.

Virtualisation - The Next Big Thing?

Monday 13th October 2008

Actually, no - virtualisation is already here, working and proven.

 1980, Clive (later Sir Clive) Sinclair invented the ZX80 home computer.  Not for the last time, he caused a massive stir.  Previously, computers had been expensive behemoths and were known as "mainframes".  They typically rewuired large cabinets, complete with whirring magnetic or punched paper tape drives and flashing lights,large rooms with false floors and powerful cooling plant to deal with the kilowatts of heat they produced.  Communication with them was mostly via a dumb terminal or "VDU" and was performed on the users' behalf by skilled "VDU operators".  The ZX80 changed all that for ever.  By contrast, it was only about the size of a sheet of A3 paper, it ran off a normal domestic electricity supply and  it cost "only" £99.95p, equivalent to about £600 in today's money.  Instead of a green VDU screen, it displayed its output on an ordinary television set.  Best of all, it ran a dialect of the BASIC programming lanquage.  This was what really excited so many people.  At last, ordinary people could write their own computer programs, although it took a while before anyone other than their author could see much value in them. Further information, including an excellent picture, may be found at http://en.wikipedia.org/wiki/Sinclair_ZX80

When IBM released their Personal Computer, it was a serious, business-class machine, quite unlike the "hobbyist" ZX80.  Eventually, the clone makers took the market over from IBM, who finally disposed of their "Personal Computer" business to Lenovo.  In the meantime, the mainframe had been under increasing threat as more and more users attempted to wrest control of their computing environment from the centralised Computing Departments.  They had discovered that by being able to process data locally, often with the new "Visicalc" spreadsheet, they could achieve more in less time than previously.  All the time, the power of the PC was increasing rapidly. "Moore's Law" was in full swing, as it had been since it was first proposed in 1965 by Gordon E Moore, co-founder of Intel. In essence, this states that computing power doubles about every two years.

Some years ago, it became clear that PC's had become so powerful that only gamers and high-end applications such as CAD were making any serious demands on them.  Most office applications were already running at least as fast as the humans could interact with them, so the "surplus" power was wasted.  For a while, this was a classic case of "a solution looking for a problem".  Virtualisation, which uses software to emulate hardware, represents just such a problem.  Since it runs one operating system, the "guest", on top of another, the "host", it requires sufficient resources to run both operating systems concurrently, as well as the emulation layer which makes it all possible.  It makes this possible by storing the "quest" as a hard disk file.

At the end-user level, virtualisation allows developers, trainers and others to mete out potentially fatal treatment to the "virtual" PC, without having regard to the consequences.  If the "virtual" PC becomes corrupted or otherwise rendered useless, it is simply deleted and a fresh copy made from the master disk file.  There is no need to reload an image in the traditional way.  In addition, the "virtual" PC can be kept running in a window and even exchange files with the "real" PC on which it is being hosted.  Because the emulation layer isolates the "virtual" PC from the "real" PC, such virtual PC's can be moved around with little regard for the actual hardware on which they are running.

In a similar way, server operating systems can host "virtual" server guests.  This enables the consolidation of a number of physical servers into a single, more efficient modern one running them as "virtual" servers.  This is especially popular in datacentre-like environments, where space and power are at a premium.

Virtualisation is also used where it is essential to continue running a particular application which unfortunately requires a long-obsolete operating system and hardware.  By virtualising the complete machine, its useful life may be extended more or less indefinitely.     

Much virtualisation software is available for free download.  VMWare  (http://www.vmware.com) provides a range of PC and server virtualisation products.  For PC virtualisation, an excellent open-source alternative is VirtualBox (http://www.virtualbox.org).  More recently, Microsoft (http://www.microsoft.com/virtualization/default.mspx).has become active in both areas, although occasionally its products may not be quite as polished as the others.