[Previous entry: ""] [Main Index] [Next entry: "DMCA"]

12/02/2003 Archived Entry: "Paranoid? Moi?"

Conventional wisdom says that, if you connect to the Internet for as little as 20 minutes, your computer is likely to be probed by a malicious program. That was then, and this is now: during an idle period last week I watched the traffic coming in to our firewall, and it was being probed, on average, every 20 seconds.

Most of these probes were coming from other subscribers to our ISP. These are people with home computers and no knowledge of how to secure them, who have fallen victim to worms or Trojans, and are now playing host to some nasty little viruses.

Viruses mutate, in the computer world as well as the biological. When a virus wipes your hard drive, it (a) stops itself from spreading, and (b) alerts you forcefully to the problem. Viruses that kill their hosts tend not to spread. Computer virus writers are now creating parasites that don't interfere with your normal activities, but just quietly use your computer for their own nefarious purposes....like probing other computers for weaknesses, or relaying spam email. Since a single spam email can earn the spammer $22,000, there's a strong financial incentive for the writer of such a virus.

In other words, it's going to get worse...and it's time to install a firewall.

My friend Paul Rogers points out that, if you're technically inclined, you can build a secure firewall with an old '486 computer (available free from anyone who still has one). It doesn't even need a hard drive: he offers links to two firewall programs that run from a write-protected floppy disk. The advantage: even if the firewall machine is successfully invaded, there is absolutely no way to corrupt the system software -- a push of the reset button kills the invader.

Paranoid? You're not paranoid if they are out to get you. I've seen the evidence, every 20 seconds.

On a related note, Scott M. writes, "I can recommend SpyBot Search & Destroy by Patrick Kolla as an excellent free program for spyware eradication. Removing the commercial variety of spyware is important (I recently ran SpyBot on the laptop of an employee who is a prolific Web browser, and it discovered 247 infections!), but the adoption of spyware/spamming techniques by virus authors makes this an essential adjunct to AV software. SpyBot also does a reasonably good job of blocking most pop-up pages and can serve as a rudimentary IP address blocklist if the appropriate options are configured. For Windows only, I'm afraid: http://www.safer-networking.org/" (Thanks, Scott!)

I've said it before: no one else is going to protect you. You have to do this yourself. To paraphrase Ted Nelson, author of Computer Lib: You can and must understand computer security NOW.

brad

Powered By Greymatter