Tag Archives: Symantec Corporation

About 2453 days ago Computer Security

When Hackers Go Mobile

A newly-created Trojan virus, Comm Warrior, had been charging mobile phone users $5 to send a message they didn’t request, before the virus was identified by mobile security product firm F-Secure, based in Helsinki. The program was originally a lighthearted “proof-of-concept attack” sent by the company’s engineers to test a system’s capabilities, but in the end, became retooled by hackers to rip off mobile phone users. “The Trojan gets your phone to send an SMS to a premium-rate number and then sends an authority (code) that they can charge you without you knowing about it,” says F-Secure manager Richard Hales. F-Secure says that those using Bluetooth software, which allows phones and other devices to automatically interact, are open to attack whenever they use unsecured Bluetooth connections. Mobile viruses are still in their infancy, but as more mobile devices flood the market — the ubiquitous BlackBerry being perhaps the most prominent — hackers are expected to turn their attention in this direction. To date, the most famous mobile virus is Cabir. This virus originated in the Philippines in 2004 and has infected Bluetooth-enabled mobile phones and some other devices running the Symbian operating system, common in many cell phones. Cabir replicates itself over Bluetooth connections and arrives to a phone messaging inbox as a file named caribe.sis, which contains the virus. When a user clicks on caribe.sis and chooses to install the Caribe.sis file, the virus activates and starts looking for new devices to infect over Bluetooth. When Cabir finds another Bluetooth device, it starts sending infected SIS files to it, too. Mikko Hypponen, director of anti-virus research for F-Secure, has been tracking the spread of Cabir in some 30 countries worldwide, including the United States. “We’ve now seen the first medium-scale internal infection of a company that was caused by a mobile virus,” he says. “We were working on a case where a single company had a serious run-in with the Commwarrior.B virus. Several dozen employees of the company received Bluetooth or MMS transmission of the virus during the day-long outbreak, and over 20 of them actually opened the message on their phones and got infected with it.” Such an incident can affect the operation of any company by causing mobile users to lose connectivity, thereby impacting productivity, especially for workers in the field or on the road. Such incidents highlight the importance of writing clear guidelines on Bluetooth and MMS operation for corporate use, so that devices are not constantly open to threats. Bluetooth recommends that mobile users who discover that their phones are vulnerable to hackers gaining access to data or commends should contact the phone’s manufacturer to see about a software patch. In addition, the company recommends that wireless users turn their device to the non-discoverable mode when not using Bluetooth or when in unfamiliar areas. The company also discourages “pairing” with unknown devices. Other ways mobile devices can be infected outside of Bluetooth use are through use of a memory card with a virus, a download via a custom ring tone or game, or via a Multimedia Message Service (MMS) virus such as Commwarrior. Unlike the Bluetooth-based Cabir, which requires victims to be within range (usually measured in feet), you don’t have to be near a smart phone to be infected by Commwarrior. An infected phone can send it to anyone in the world. F-Secure, McAfee, and Symantec have partnered with Nokia and other smart-phone manufacturers to provide pre-installed protection. However, the rule of thumb is that someone should never open an attachment sent by a stranger over your Bluetooth, no matter how many times it requests such action. If a phone becomes infected, it should be turned off your phone and the virus killed using software available from most cell phone providers.

About 2453 days ago Computer Security

The Basics: What is a Firewall?

Almost any novel or movie involving computer hackers these days typically uses the term “firewall” as an obstacle that must be overcome to gain control of a computer. It is touted to be an impregnable computerized defense, but is it? In reality, a firewall is just a basic program or simple piece of hardware that any business with computer users, especially those with high-speed Internet connections, should have running at all times. “A firewall is important for computer users to have because it provides secure access to the Internet,” says Vincent Weafter, senior director of Symantec Security Response, the research division of the Cupertino, Calif. security software company. “The firewall allows safe traffic into and out of your computer or private network and automatically blocks intruders and hides your computer from hackers.” Small and medium-sized businesses consider viruses, worms, spyware and spam to be there most dangerous security threats today, according to a survey last year of technology decision-makers at nearly 800 firms by Forrester Research, of Cambridge, Mass.. In the survey, 59 percent of respondents said they were likely to invest in network firewalls. Firewall as the First Line of Defense If a business’ computers are connected to the Internet via a high-speed connection, then they have an Internet Protocol signature, or IP address. Other online users can access that IP address, and this is why a firewall becomes so important. “It (can) detect Internet attacks from worms and viruses, and monitors and regulates all incoming and outgoing Internet traffic,” says Weafter. Firewalls also give a company’s technology manager the power to decide which programs connect to the Internet, while also shielding the company from being attacked through security holes in unpatched software. “Some firewalls can prevent confidential information from being sent without your permission and block banner ads and popup windows, so you can surf faster,” Weafter says. A firewall essentially creates a “walled city” that provides businesses a level of control over their network resources. “Otherwise people can easily come into the network and look around, take things, add things, like bots and you will probably never know,” says Charles Kolodgy, an analyst with IDC, the Framingham, Mass. research firm. “With a firewall you can block all ports you don’t need, otherwise people can use any port to do whatever they like.” Kolodgy adds that the issue shouldn’t be just about cost trade-off between a firewall and a hack. “There are so many things attackers can do if they get into your network,” he says. “It is best to think about having control of your network. Also many of your partners, especially larger companies will require some level of security prior to dealing with you.” The cost of a SMB firewall actually isn’t that great, either and many of these products include virtual private networks (VPN), intrusion prevention, anti-malware, and URL filtering. Best of all, says Kolodgy, “These are generally plug and play, very easy to use. Leading vendors are Astaro, Fortinet, Secure Computing, SonicWALL, and WatchGuard.” Hardware Firewalls Firewalls are available as a hardware appliance that could be built into your network router, or just as often available as a desktop-based software application. The first line of defense can actually be at a network router, and this works by a technique called packet filtering. This process examines the header of a packet, determines its source and destination address, and this information is compared to a set of predefined or user-created rules that determine whether the packet is to be forwarded or dropped. An advanced system called Stateful Packet Inspection (SPI) looks for other characteristics, including the origin and whether incoming traffic is actually a response to outgoing connections, such as a Web page request. The downside of hardware firewalls is that they can treat any local network traffic as safe, which certainly won’t halt the spread of viruses or other threats if even one computer on the network is contaminated. “We see hardware firewall as a great way to protect the network,” says Pat Bitton, vice president of marketing, North America for Agnitum, a supplier of software firewalls, “but it has some serious limitations for client protection.” Bitton believes that the disadvantage of hardware firewalls is that these protect only the entry point, and data can easily escape the network via an unprotected PC. He says that hardware firewalls “can only verify traffic according to general conditions.” Software Firewalls The alternative to having the router or modem protect your PC is to have a software program that screens the data as it arrives. The Windows XP operating system has a built-in firewall, which was greatly improved with the “service pack 2″ patch. And no matter which version is in place, all information passes through the firewall, and those that do not meet a specified security criteria are blocked. There are several types of methods that firewalls use to block unauthorized connections to the computer: These include a packet filter that looks at each packet of data that enters or leaves the network, accepting or rejecting it based on the user-defined rules. It is effective, but susceptible to spoof IP addresses – that is where the sender’s IP address has been changed to appear to be an allowed address. A proxy server can intercept all data entering and leaving the network, and it effectively hides the true IP addresses, but this adds difficultly in allowing an authorized outside computer to access the protected computer. Gateways can also be set up that allow specific connections, with approved access for specific programs – such as games – or from authorized outside IP addresses. Users should determine their firewall needs based on how they use their computers. The biggest downside to software firewalls is that these only protect the one machine that the application is installed on, so networks with multiple computers need to buy, install and configure the software firewalls for each machine. And each machine needs to be configured to allow the sharing of data, which can be a lot to manage. If this isn’t properly configured, the computers could block one another, and make the sharing of any data almost impossible, negating the reason for setting up a network in the first place. Firewalls and Mobile Users Give the growing number of entrepreneurs and employees using laptop computers and other portable devices in the work place, firewalls also need to be considered for mobile users. The greatest benefit of a software firewall on a laptop is that you don’t have to be worry about being protected when you take the machine on the go. “Your desktop firewall continues to protect when you connect your laptop to a different network,” says Weafter. This is important if you do take your laptop with you to different branch offices, home or on the road.

About 2453 days ago Computer Security

What are Denial of Service Attacks?

To fully understand denial of service (DoS) attacks and their danger to your business, think back to high school, and the havoc that a few pranksters could wreak by overflowing a few toilets at the same time. Leaving behind commodes, digital hooligans have learned to cripple corporate networks and — more often — Web connected servers, using a modern form of the “everyone flush together” strategy. A DoS attack simply floods the target machine or network with an unusual, and unmanageable, amount of traffic. Distributed denial of service (DDoS) attacks are even more potent as they involve the perpetrators commandeering hundreds and even thousands of machines on the Internet for the purpose of launching the crippling attack against your company. “Denial of Service attacks are purposeful actions intended to disrupt authorized use of some service, such as Web services, network bandwidth, etc.,” explains Dave Dittrich, a researcher at the University of Washington’s Information School and co-author of “Internet Denial of Service: Attack and Defense Mechanisms.” “Distributed Denial of Service is a more advanced form of DoS attack where an attacker first takes control of a large number of Internet accessible systems (for example, home computers on DSL or broadband lines) and uses them all in concert to increase the effectiveness of the DoS attack.” The bad news is that such attacks are on the rise. The average number of DoS attacks detected every day increased by 51 percent between the first half of 2005 and the last half, according to Symantec, the global security software maker, which has been tracking the various types of computer attacks for years. The swift rise in the number of attacks “may indicate that an entrenched and well-organized community of attackers is beginning to utilize their resources to carry out more coordinated attacks,” says Symantec’s Internet Security Threat Report. DDoS attacks remain difficult for network security administrators to thwart because of their simplicity and ubiquity. If you’ve ever tried to surf to CNN.com during an important breaking news story, you understand how too much network traffic can simply make a site unusable. In the worst case, the demand on the target becomes so great that machine crashes, or allows malicious code to stream through buffer overloads. At that point, you’ve been hacked. “Years ago, these attacks were done mostly for fun and bragging rights within a small community of mostly teenagers trying to prove how skilled they were,” explains Dittrich. A 15-year-old Montreal boy calling himself Mafiaboy brought DDoS into the common lexicon of security threats in 2000 when he used DDoS techniques to temporarily cripple sites including Yahoo, Amazon, and eBay. Unfortunately, DDoS has evolved from a teenage prank or revenge by one computer nerd against another into something more malevolent. Today, a much larger percentage of attacks are done by organized criminals in order to seek financial gains. Here are some of the techniques they use: Delivery of spam e-mail Extortion (an electronic version of the old protection racket) Stealing competitive information Stealing sensitive information such as login credentials, credit card and CVV2 numbers (the three digit number on the back of your credit card) Or defrauding ad referral services that pay someone for directing Web readers to click on an ad link. Preventing and dealing with DDoS remains a tricky business. A comprehensive list of how businesses can prevent a DoS attack is on the website of CERT, the federally funded Internet security research and development center at Carnegie Mellon University. Dittrich advises administrators that the most important preparation remains the basics of securing and hardening servers, ensuring level of service agreements with upstream network providers and regularly scanning client machines so that they don’t become a part of a DDoS attack bot army. Be aware that sometimes DoS attacks are not what they seem. “On more than one occasion, I have been contacted by sites who believe they are under a DDoS attack, swear they know who is responsible (a disgruntled ex-employee) and want my help in tracking down the person responsible,” Dittrich says. But after working with these companies he sometimes finds that “the problem was really a bug in their browser application that was causing excessive connections to their Web server by legitimate users.”

About 2453 days ago Data Security

The Basics: What is Encryption?

The Internet has changed the way companies do business, allowing a growing number of small and medium-sized firms to pay bills, conduct financial transactions with partners and sell goods and services to customers online. But the Internet has also made it more possible for sensitive company information and private customer information to be tracked and gathered and stolen online, including credit card numbers, social security numbers, bank account data, and other sensitive information that could be exploited if it ends up in the wrong hands. The total cost of Internet-related fraud complaints from consumers rose from $206 million in 2003 to $336 million in 2005, according to the U.S. Federal Trade Commission. Internet-related complains accounted for 46 percent of all fraud complaints to the agency. For businesses with Internet related transactions, or other forms of ecommerce, encrypting sensitive data about a business or customers is essential these days. “SMB systems may hold data that companies want to protect, such as business critical or personal information,” says Dave Cole, Internet Security Expert at Symantec, the Cupertino, Calif. security software maker. “Encryption increases the security of data transmissions, reducing the risk of third-party observers being privy to content (for example, the password to your online banking services). Encryption can also be used for stored data. Encryption can help protect your Web site or e-business information assets from unauthorized access.” Basics of Encryption To combat the threat from fraud and hackers, most major Web sites use some form of digital encryption to protect sensitive data. Encryption is the process of scrambling data in order to make it unreadable without special knowledge of steps that can lead to unscrambling the code. While in computer terms, encryption is performed today with the use of algorithms, the concept of encryption has been around for many centuries in the form of ciphers and codes. In fact, in the decades following World War II, encryption in a digital form was primarily used only by government agencies and major corporations. Until the advent of the automatic teller machine, most banking customers didn’t even have a personal identification number (PIN), and a signature was all that was required for most transactions when payment was made with a check or credit card. How Encryption is Used With increased online use, business is conducted where the various parties have practically no contact either face-to-face or even over the phone. Orders on a Web site can be processed with a few clicks of the mouse. The buyer often never communicates with a seller, except to enter a form, and the seller just simply processes orders much as it was done in the past via mail order. Likewise, credit card or banking information can be accessed via a Web site, and businesses can transfer funds, make payments and even send money electronically through services like PayPal. It is because of this that encryption has become crucial, and for that reason, businesses should operate Web sites that offer a secure (i.e., encrypted) order forms in order to reassure customers that the business is a trustworthy one. Layers of Encryption Sites such as PayPal use some of the industry’s leading encryption to keep customer information and company data highly secure, says Amanda Pires, spokesperson for PayPal. “The PayPal system was built by one of the most highly regarded cryptographers in the industry, Max Levchin. Max built PayPal’s financial system from the ground up using high-level encryption.” Historically, encryptions in the form of ciphers were codes using transposition or substitution of characters. This made deciphering the information slow and tedious. But even that method could be defeated with enough time and resources. With computers, encryption and decryption can be done extremely fast, and in many ways, the encryption from most Web sites is far more advanced than any used by governments only a few decades ago. Today, in fact, there are symmetric key algorithms that are basically private-key cryptography, where two users must share the same software to read each other’s messages or information. This is used by businesses and government agencies to keep outsides from reading any of the data. Each party needs to have the common key.  But if the key is compromised, a new key can be provided for future transmission of information. Asymmetric Keys The other type of encryption, one that most small businesses will likely deploy, is asymmetric key algorithm, which uses both public-key and private-key cryptography. With this method, a user can send data via the public-key that is then encrypted, while the receiver, who is only one who can decrypt the information, uses the private-key. This is how credit card information is protected when a customer orders online from your Web site. The downside to this type of key is that if a site is successfully hacked, then the user’s information is compromised. However, when you consider that credit cards regularly pass through the mail, charge slips can be lost with vital information clearly printed and cards are often stolen, encryption is actually pretty secure. It should make customers feel more secure in using your company’s Web site to buy goods or services.

About 2788 days ago Computer Security

How to Avoid Scammers, Spammer and the Rest of the Bad E-guys

The first e-mail message was sent sometime in the early 1970s by Ray Tomlinson, an English computer engineer working for the Defense Department’s Advanced Research Projects Agency. Nobody remembers what it said: possibly “testing” or “QWERTY.” Tomlinson wasn’t thinking about history; he was just trying to create a quick, informal way for a closed universe of research scientists to communicate with one another. Ease of use was the point, not security. Defense scientists 30 years ago, after all, did not have to worry about armies of malicious nerds with laptops and cable modems. The openness of e-mail, though, the thing that makes it so revolutionary, is also what makes it so vulnerable to viruses, worms, ID theft, denial-of-service attacks, and a host of other threats. Scammers are constantly cooking up new ways to use your e-mail system against you. Phishing attacks, for instance. Your employees or customers get an official-looking e-mail saying there is a problem with, say, their credit card account. Would they please click on the link below, then type in their account or Social Security number? MessageLabs, a security firm that tracks phishing attacks, says the number of phishing e-mails grew to 4.5 million in November 2004 from 337,050 that January. Then there’s spam. The Radicati Group estimates that 45% of all e-mail is spam; other experts think it may be as much as 80%. According to Ferris Research, an e-mail and communications consulting firm, the worldwide cost in lost productivity and resources devoted to fighting spam will be $50 billion in 2005, more than a third of that coming from U.S. companies. It’s not all bad news, though. Anti-spam laws have started to show some teeth. In April, Jeremy Jaynes, who was reportedly sending out 10 million junk e-mails a day, was convicted of felony charges in Virginia and sentenced to nine years in prison. Couldn’t have happened to a nicer guy. As you may have noticed, though, spam, viruses, and the rest haven’t gone away. You still have to protect yourself. Which defense is best for you is a function of how big your business is and how much control you want over your security. Many fixes can help not only with keeping your system safe but also with archiving messages and making sure your system complies with your policies and the law. One solution may not be enough. “You cannot expect to buy a single layer of security protection and sleep at night,” says Sara Radicati, of the Radicati Group. Your choices fall into three main categories. Managed Services Letting somebody else do it is an attractive option if you have a modest (or nonexistent) IT staff. The tradeoff is loss of control: You’re trusting an outsider with a key part of your business. Managed providers offer a range of security services that include spam filtering, virus protection, encryption, mail monitoring for compliance with regulations or company policy, and even archiving. Fees are typically per user, per month or year, and the price generally drops the more licenses you buy. Most vendors offer 30-day free trials. Postini’s Perimeter Manager Small Business Edition (starts at $25 per user per year) includes protection from spam, phishing, and viruses. It also provides defense against directory harvest attacks, in which cyber miscreants try to get your employees’ e-mail addresses by bombarding your server with messages sent to every possible address–jfried@inc.com, johnfried@inc.com, etc.–and seeing which ones bounce back. Perimeter Manager handles only inbound e-mail, however. If you need to keep tabs on internal or outbound mail, too, you can upgrade to Postini’s enterprise edition (starts at $33 per user). SingleFin’s Global Gateway Service includes e-mail, Web, and instant messaging content filtering, as well as archiving ($12 a month, or free for businesses with fewer than 10 users). A light version of the suite, which simply marks spam and forwards it along to you and also filters viruses out, is free for any number of users. MessageLabs offers anti-virus, anti-spam, content, and policy control services. Pricing is based on company size. A business with 250 to 499 employees, for instance, pays a monthly $3.83 per feature per user. Other big players worth checking out in managed services are Frontbridge, Symantec, and McAfee. Appliances Not refrigerators or microwave ovens. These are security hardware systems–literally boxes that contain e-mail watchdog and filtering systems. They are the fastest-growing segment of the security industry, according to the Radicati Group. They are generally easy to install and customize and they leave your own tech people in charge. Appliances are, however, not cheap. IronPort’s C-series comes in four sizes, depending on the number of people in your business. The midline C10 (around $9,000) is designed for companies with up to 1,000 employees and features anti-spam and virus protection, as well as content filtering for policy enforcement and monitoring. CipherTrust’s IronMail appliance (starts at $5,995 for the S-10 model, which is designed for companies with 100 or fewer users) has strong compliance tools. Other companies that make security hardware include Borderware, Barracuda Networks, Mirapoint, and Alladin. Software Security software is plentiful and comparatively cheap. Most security experts, though, say this stuff is most effective when used in combination with an appliance or a managed service. They also warn that given the constant evolution of viruses and other threats you (or your IT staff) may be constantly managing patches and updates. WebRoot’s Spy Sweeper Enterprise ($300 for a one-year subscription with 10 licenses) and PepiMK Software’s SpyBot Search & Destroy (free) will keep your business computers clean of spyware programs, which can steal your data or even turn your computers into spam-generating “zombies.” Symantec’s Norton AntiSpam 2005 ($320 for a 10-user pack) will clean your computer of junk mail; Computer Associates’ Server Protection Suite ($1,055 for five users) offers a range of security tools, including anti-virus, anti-spam, and spyware protection; Clearswift’s MIMEsweeper ($2,628 for 100 licenses) series has a variety of monitoring software solutions; Sophos’ PureMessage Small Business Edition ($2,850 for 100 users) offers protection from viruses and spam; TrendMicro’s NeatSuite for Small and Medium Businesses ($59.34 per user for 25 to 100 users) has anti-virus, anti-spam, and content security.

About 3336 days ago Computer Security

Safe in Cyberspace

Malevolent hackers. Psychotic e-mailers. Vengeful ex-employees. What do these folks have in common? Your computers. Day and night they’re relentlessly probing your defenses, looking for trade secrets, customer credit card numbers or simply the adrenaline rush of wiping out a loaded hard drive. It may be only a matter of time before they pay dirt. Doing business in the Internet age is a little like Frodo Baggins’ Lord of the Rings journey to Mount Doom — moments of triumph interspersed with sudden vicious attacks from out the blue. In 2001, a hacker penetrated Conshohocken, Pennsylvania’s Webcertificate.com and demanded a cash payment to keep him from exposing the personal information of 350,000 customers. Early this year a massive assault by a virus-like worm called Mydoom took down the Web servers of SCO Group, a software company in Lindon, Utah. Danger lurks in every Web interaction. “Malware,” a new-fangled term for viruses, worms, Trojan horses and other electronic microbes, cost companies $55 billion last year, according to Trend Micro, a developer of antivirus software. Data theft and targeted denial-of-service attacks are even more expensive. The problem has become so bad that Bill Gates recently advised Microsoft customers that “security is as big and important a challenge as any our industry has ever tackled” and pledged to make it the company’s top priority. Don’t take comfort in the fact that your business isn’t an obvious target like the Pentagon or American Express. Viruses are equal-opportunity assassins. Cyber-predators look for easy prey, and small-to-midsize companies often fit that bill. The good news — yes, there is some! — is that you can protect your data without spending a small fortune. Inexpensive antivirus software from Trend Micro, Symantec, Network Associates, Panda and more than dozen other companies zap bugs on sight. Firewalls built into Microsoft’s Windows XP and Apple’s OS X deter hack attacks by making your company’s computers invisible on the Web. Third-party firewall programs from Tiny Software, Zone Labs, BlackIce and other vendors go even further, keeping virus-like Trojan horse programs from surreptitiously sending your confidential data through hidden back doors. Hardware firewalls, often built into network routers made by Cisco, Asante, Linksys, SMC and other vendors, add yet another layer of protection. Many also let you create encrypted “virtual private networks” on the Internet, securely linking field offices and telecommuters. Companies with especially sensitive data and deep pockets can install ultra-sensitive intrusion detection systems that continuously sniff inbound and outbound traffic for signs of trouble, such as unusual server activity at 2 a.m. But technology alone won’t do it. You also need a smart game plan. Most experts say a truly effective defense strategy needs to address these issues: Software configuration. Make sure antivirus programs are on every machine, no exceptions, and that they are set to scan every downloaded file and incoming and outgoing email. They should also thoroughly inspect hard disks on a daily or weekly schedule. Adjust each computer’s firewall to the highest level possible without impeding the ability of the user to function productively. Password protect those settings to prevent intentional or unintentional changes. Software updates. Let antivirus software install the latest virus definitions as soon as they become available. Promptly apply operating system security patches to eliminate newly-discovered vulnerabilities. Windows XP can do so automatically. Be on the lookout for upcoming “service packs” for Windows XP and Windows Server 2003, which will include a number of security enhancements. File access. Protect your company’s intellectual property and other sensitive data by restricting access to certain files. If you are running Windows XP Professional and Microsoft Small Business Server 2003, use built-in controls to set individual user permissions. Back ups. Make copies of all files nightly to minimize damage if a hard drive is trashed by a virus or malfunction. A RAID system that simultaneously writes data to two disks provides continuous protection against drive crashes, but a virus that destroys one drive will probably get the other, too. Put important stuff onto a removable medium, such as a tape or rewritable CD or DVD where a virus can’t get it, and store it off premise so it’s protected from theft or fire. Laptop protection. Require users to take special precautions, such as using a startup password and encrypting data so a thief can’t access the information. Avoid sending highly sensitive materials over public Wi-Fi networks, where it may be easily intercepted, and subject each machine to a virus scan before it is reconnected to the company network. Education. Teach employees Internet security procedures, stressing the potential threats to company and their livelihood. Make it clear what kinds of Web sites are to be avoided and instruct them to delete unexpected (and possibly virus-infested) email attachments without opening them. There are no guarantees here. But a well-conceived strategy, backed up by good technology and common sense can make you an intimidating target, and feel a little bit safer.

About 3336 days ago Antivirus Software

Safe in Cyberspace

Malevolent hackers. Psychotic e-mailers. Vengeful ex-employees. What do these folks have in common? Your computers. Day and night they’re relentlessly probing your defenses, looking for trade secrets, customer credit card numbers or simply the adrenaline rush of wiping out a loaded hard drive. It may be only a matter of time before they pay dirt. Doing business in the Internet age is a little like Frodo Baggins’ Lord of the Rings journey to Mount Doom — moments of triumph interspersed with sudden vicious attacks from out the blue. In 2001, a hacker penetrated Conshohocken, Pennsylvania’s Webcertificate.com and demanded a cash payment to keep him from exposing the personal information of 350,000 customers. Early this year a massive assault by a virus-like worm called Mydoom took down the Web servers of SCO Group, a software company in Lindon, Utah. Danger lurks in every Web interaction. “Malware,” a new-fangled term for viruses, worms, Trojan horses and other electronic microbes, cost companies $55 billion last year, according to Trend Micro, a developer of antivirus software. Data theft and targeted denial-of-service attacks are even more expensive. The problem has become so bad that Bill Gates recently advised Microsoft customers that “security is as big and important a challenge as any our industry has ever tackled” and pledged to make it the company’s top priority. Don’t take comfort in the fact that your business isn’t an obvious target like the Pentagon or American Express. Viruses are equal-opportunity assassins. Cyber-predators look for easy prey, and small-to-midsize companies often fit that bill. The good news — yes, there is some! — is that you can protect your data without spending a small fortune. Inexpensive antivirus software from Trend Micro, Symantec, Network Associates, Panda and more than dozen other companies zap bugs on sight. Firewalls built into Microsoft’s Windows XP and Apple’s OS X deter hack attacks by making your company’s computers invisible on the Web. Third-party firewall programs from Tiny Software, Zone Labs, BlackIce and other vendors go even further, keeping virus-like Trojan horse programs from surreptitiously sending your confidential data through hidden back doors. Hardware firewalls, often built into network routers made by Cisco, Asante, Linksys, SMC and other vendors, add yet another layer of protection. Many also let you create encrypted “virtual private networks” on the Internet, securely linking field offices and telecommuters. Companies with especially sensitive data and deep pockets can install ultra-sensitive intrusion detection systems that continuously sniff inbound and outbound traffic for signs of trouble, such as unusual server activity at 2 a.m. But technology alone won’t do it. You also need a smart game plan. Most experts say a truly effective defense strategy needs to address these issues: Software configuration. Make sure antivirus programs are on every machine, no exceptions, and that they are set to scan every downloaded file and incoming and outgoing email. They should also thoroughly inspect hard disks on a daily or weekly schedule. Adjust each computer’s firewall to the highest level possible without impeding the ability of the user to function productively. Password protect those settings to prevent intentional or unintentional changes. Software updates. Let antivirus software install the latest virus definitions as soon as they become available. Promptly apply operating system security patches to eliminate newly-discovered vulnerabilities. Windows XP can do so automatically. Be on the lookout for upcoming “service packs” for Windows XP and Windows Server 2003, which will include a number of security enhancements. File access. Protect your company’s intellectual property and other sensitive data by restricting access to certain files. If you are running Windows XP Professional and Microsoft Small Business Server 2003, use built-in controls to set individual user permissions. Back ups. Make copies of all files nightly to minimize damage if a hard drive is trashed by a virus or malfunction. A RAID system that simultaneously writes data to two disks provides continuous protection against drive crashes, but a virus that destroys one drive will probably get the other, too. Put important stuff onto a removable medium, such as a tape or rewritable CD or DVD where a virus can’t get it, and store it off premise so it’s protected from theft or fire. Laptop protection. Require users to take special precautions, such as using a startup password and encrypting data so a thief can’t access the information. Avoid sending highly sensitive materials over public Wi-Fi networks, where it may be easily intercepted, and subject each machine to a virus scan before it is reconnected to the company network. Education. Teach employees Internet security procedures, stressing the potential threats to company and their livelihood. Make it clear what kinds of Web sites are to be avoided and instruct them to delete unexpected (and possibly virus-infested) email attachments without opening them. There are no guarantees here. But a well-conceived strategy, backed up by good technology and common sense can make you an intimidating target, and feel a little bit safer.

About 3549 days ago Computer Security

System Alert: You’ve Got…Worms

As anyone who has an e-mail account knows, the past few weeks have seen unprecedented virus attacks on computers around the world. With names like Sobig, Blaster, and Welchia, these viruses are the bane of many an IT department — not to mention an “I-was-here” calling card for their nose-thumbing authors. No longer confined to e-mail attachments, the latest worms can spread through the Internet, wreaking havoc as they take advantage of vulnerabilities in exposed computers. A company’s entire network can be brought to its knees in minutes — and many recently were — as infected machines become mass-mailers that cause the virtual equivalent of clogged arteries. Was the recent spate of attacks just more of the same — or are virus writers beginning to infect computers with other gains in mind? Experts at Wharton and elsewhere weigh in on possible motives, what businesses should do to protect themselves — and which industry sectors stand to gain from the chaos. Malicious Code or Marketing Tactic? Some media reports suggest that a few of the present crop of viruses differ from those that infected computer systems in the past. One difference, they say, is that these bugs can capture e-mail addresses as well as IP addresses “that can later be used to generate massive amounts of spam.” How real is that concern? While it’s tempting to wonder whether the latest viruses are being unleashed with a profit motive — and the goal of using computers to send spam — most people agree that it’s unlikely. “The haxors [a term derived from "elite hacker"] and ‘script kiddies’ who write viruses actually hate spammers,” notes Dan Hunter, a professor of legal studies at Wharton. “It doesn’t seem likely that they would get into bed together. The recent big viruses have been e-mail viruses because it’s easy to exploit — since Microsoft Outlook is so pervasive and so buggy — and they cause huge problems. Most people run some type of mail client, as exploited by Sobig; quite a few people run SQL Server, as exploited by Slammer. This explains the pervasiveness of mail viruses better than the idea of a grand conspiracy of spammers.” What’s more, says Hunter, it’s not worth the grief: “Viruses are clearly illegal in many jurisdictions, whereas spam isn’t. Why would a spammer, or a conspiracy of spam enablers, subject herself to criminal prosecution when it’s unnecessary?” Chris Belthoff, senior security analyst in the U.S. office of Sophos, a U.K.-based anti-virus protection firm, has seen no direct evidence that new spam messages have been sent from infected machines. However, he notes, it’s not impossible. “The author of the most recent Sobig virus variant almost certainly used some heavy-duty spamming techniques to initially distribute the virus, which is the main reason it caused so many problems. While there is no hard proof that e-mail addresses are being harvested with recent viruses, it is certainly possible to do so on an infected system with some fairly simple techniques.” Due to the nature of e-mail addresses, moreover, it would be difficult to follow a money trail even if it did exist. “Since this pure information product can be gathered, sold, and used without ever taking on physical form like a CD or printout of names, it’s very difficult to track who’s profiting from it,” says David Croson, visiting professor of management science at MIT’s Sloan School of Management. Stay Current or Else While estimates of the exact economic impact of viruses vary widely, just about everyone agrees that the costs to business are substantial. So what should firms do to protect themselves from a virtual blackout? “Companies not only need to ensure virus protection is in place on every single system (especially remote and mobile systems) but that virus protection programs on these systems are kept up-to-date with automated methods,” says Belthoff. Patches — software fixes that close holes in programs — need to be applied regularly, he adds. “Security policies for all companies need to include detailed steps on identifying new vulnerabilities, quickly testing available patches, and deploying them.” A third consideration is end users: “IT departments should feel compelled to either directly lead or heavily influence end-user training for security issues, getting the end users to be more security-aware,” says Belthoff. Wharton chief information officer Gerry McCartney notes that security needs to be an organization-wide endeavor. “If all the energy is put into guarding the perimeters of the organization — but people inside don’t feel the need to be vigilant — then large-scale bad things can happen if the perimeter security is broken. Organizations need to be vigilant in terms of keeping their machines fully patched and acting quickly and decisively to remove infected machines from their network, no matter who they belong to or what they do.” Shuttering the Windows Since most viruses target Microsoft programs, the obvious question in many an IT manager’s mind is: Is it wiser to switch to another system, such as Macintosh or Linux? Hunter believes that for some firms, going the non-Windows route could make sense. “I think that some businesses will look to other platforms and factor virus costs into their IT departments. Linux and Mac — which of course uses UNIX — are inherently more stable than Windows, and the security on the applications tends to be better. They are also, because of their low user base, a much less attractive target for virus writers. As a result I’m sure there are some places that are looking at their total computing infrastructure costs and realizing that migrating to another operating system is going to be cheaper in the long run than maintaining Windows. Microsoft has been trying to push its ‘trustworthy computing’ initiative, one major component of which is resistance to viruses. Recent events haven’t helped their position.” Croson points out, however, that viruses would probably go wherever the users are. “Remember, Windows is a target of opportunity because (a) it’s popular, so the fixed cost of writing a worm to attack it can be spread over a lot of computers that it could infect, and (b) users of the Windows OS are, on average, less sophisticated than, say, Linux users. If the majority of systems — especially those run by novice users, who don’t really understand operating systems or security — were Mac, then the worms would attack Macs. Thinking about the supply-side incentives for people to produce viruses will give us more insight into how to defend against them, by learning how to automatically defend against prosaic ‘script-kiddie’ viruses and making it not worthwhile to create really clever ones.” In addition, the costs of switching are not insignificant, cautions Belthoff. “Migration to Linux or Mac from Windows may appear attractive at first glance to someone dealing with a major virus infection and cleanup tasks. However, migration costs are sometimes more than they initially appear, particularly with Linux. The cost of the operating system is only one of several cost factors. Others are initial deployment, training or hiring of proper IT personnel, maintenance, and migration of applications to the new platform.” Besides, migrating isn’t a cure-all, he adds. “It is important to note that, although Mac and Linux systems were not ‘infectable’ directly from Sobig.f, users of these platforms could suffer just as much as Windows users from all the resulting e-mail bounce backs and undeliverable returns caused by the worm. From that perspective, you couldn’t hide from Sobig by being on Mac or Linux.” Place Your Bets Not surprisingly, one firm’s infection is another’s profit opportunity, and several players are emerging to take advantage of it. “The big winners will be data security vendors,” says McCartney. “Between people’s concerns about what and how personal data is stored and available and these continuous security compromises, there is a strong argument to be made that most places are not yet doing enough to protect their data assets.” Anti-virus vendors and intrusion prevention firms aren’t the only gainers, adds Belthoff. “There is also increased interest on the part of organizations in performing some form of ‘lockdown’ on the end-user desktop, which would drive increased interest in personal firewall and content filtering vendors.” Established players like Norton and Symantec, notes Hunter, may be joined by new entrants in such niches as plug-ins for mail clients. Alternative platforms will likely tout their superiority, too: “Apple and the Linux-purveyors will probably use this as a marketing benefit. Why wouldn’t they?” All materials copyright of the Wharton School of the University of Pennsylvania.

About 3733 days ago Computer Security

There’s a Virus Going Around

Note: This is the first in a series of technology updates by former Inc. senior writer Anne Stuart. Future columns will explore topics such as “spam,” videoconferencing, cell phone messaging, and smart business use of online auctions. Slammer. Klez. Bugbear. Bubbleboy. Lirva. Those sound like names for characters in kids’ cartoons, but they’re neither funny nor harmless. They’re computer viruses. And they’re increasingly common. Over the past decade, virus-writers worldwide have created and released about 80,000 viruses, worms, Trojan horses and other “malware” programs, according to Graham Cluley, senior technology consultant for antivirus software vendor Sophos Inc. (www.sophos.com) And about 600 to 800 new variations crop up every month, although, typically, only a few cause widespread or serious headaches. What exactly is a virus? It’s tiny, malicious software program designed purely to disrupt or damage computers. What exactly do viruses do? Some simply display odd messages or images. Many — including the famous Melissa virus — perpetuate themselves by sending infected messages to everyone in a user’s e-mail address book. Others gobble memory or storage space, making systems sluggish. Some corrupt files — for instance, changing spreadsheets or chewing up text documents — or erase them entirely. Some alter Web pages. Some reformat hard drives, block user access, or cause systems to freeze. A few disable security measures or open secret “holes” into computer networks, providing hackers with easy access. Like their biological counterparts, computer viruses can spread fast, attack systems silently, and cause a great deal of pain. In January 2003, the SQL Slammer worm circled the globe in less than an hour, infecting 75,000 computers in 10 minutes. Slammer, which paralyzed computers running Microsoft SQL Server 2000, temporarily shut down South Korea’s telephone system, knocked out thousands of Bank of America automatic-teller machines, and slowed credit-card transactions worldwide. How much financial damage can viruses cause? It’s tough to find reliable numbers about the costs of virus attacks because some effects — for instance, decreased productivity and unrealized business opportunity — are tough to quantify. In addition, many companies simply won’t share information about security-related losses. Following are several ways you can prevent or minimize the impact of virus attacks in your business: Install antivirus software on every computer. That includes laptops and PCs in remote offices. Encourage employees to use antivirus programs at home as well, especially if they use their own computers to connect to your network. In addition, consider protecting e-mail gateways with software that automatically blocks all incoming messages carrying executable code — but keep in mind that those filters may also capture legitimate business communications with harmless attachments as well. Keep antivirus programs current. With new viruses popping up regularly, it’s critical to make sure you’ve got the latest protection. Most leading solutions can be set to periodically update themselves online; you can also do the job manually to respond to new threats. Launch a company-wide prevention campaign. State-of-the-art security measures won’t protect your company unless everyone uses them. A single employee can unintentionally infect the entire network by opening a booby-trapped e-mail attachment or installing contaminated software. Make sure everybody knows and follows these basic virus-prevention procedures: Always delete junk e-mail messages — ads, jokes, chain letters — without opening them. More than 85 % of viruses infect businesses via e-mail, according to the International Computer Security Association’s (www.icsa.net) annual Virus Prevalence Survey released in March 2003. Never open e-mail attachments from strangers. And even those from people you know should be scanned with software that might spot viruses forwarded unintentionally. Be selective about downloading and installing software. Know the source and scan the files before running any new program. Get knowledgeable about pranks and hoaxes. Phony virus alerts waste almost as much time as the real thing. When you get a forwarded e-mail message breathlessly proclaiming some new threat, check it out at Vmyths (www.vmyths.com) or on other virus information sites before responding. Regularly update Microsoft products. Many viruses attempt to exploit vulnerabilities in Windows, Outlook, Internet Explorer, and other products by the giant software empire. Microsoft’s security page (www.microsoft.com/security/) provides alerts, “patches,” and advice for both home and business users. Back up. Back up. Back up. At work, store files on both PC and network hard drives. At home and on the road, copy important files to CDs or floppies. Begin backing up entire systems nightly or weekly, perhaps storing an extra copy of critical information offsite. Look into Web-based storage services such as Connected Corp. (www.connected.com), Easyspace’s Easyarchive (www.easyspace.com/services/easyarchive.html), and Elephant Backup (www.elephantbackup.com). The computer-virus universe changes constantly, with, according to some estimates, about 20 new viruses surfacing every day. You can’t vaccinate your computers against all of them. But with vigilance and commonsense caution, you can strengthen your company’s electronic immune system, making it much more likely to survive an attack. Glossary Antivirus Program: Software that detects and removes viruses from computer hard drives. Such programs must be updated regularly to add profiles for the thousands of new viruses that appear every year; updating can often be handled quickly online. Trojan (or Trojan Horse): A malicious program in disguise, named for the giant wooden gift horse the Greeks used to conquer their Trojan enemies. Trojans appear benign, entertaining, or even useful, but actually conceal viruses that can harm systems. Backdoor.BO (also called Back Orifice) is among the best-known examples. Virus: A malicious software program used to deliberately infect a computer system. Typically, viruses are concealed in existing programs and activated when those programs are executed. Viruses often cause damage by replicating themselves, causing systems to crash, or by attacking or attaching themselves to other programs. Stealth viruses remain hidden or change themselves after executing so that they can’t be detected. Well-known viruses include Melissa and Bubbleboy. Worm: A type of virus that replicates itself and gobbles up computer memory but cannot attach itself to other programs. Well-known worms include Klez.H, LoveLetter (sometimes called “IloveYou”), Bugbear, and Lovgate. Further Reading The following books, all available from Amazon (www.amazon.com) and other booksellers, offer generally easy-to-understand information about computer viruses: Securing the Network from Malicious Code: A Complete Guide to Defending Against Viruses, Worms, and Trojans, by Douglas Schweitzer (John Wiley & Sons, 2002). Offers sound, practical, comprehensive advice from a security expert. Updates provided on a companion Web site. Malicious Mobile Code: Virus Protection for Windows, by Roger A. Grimes (O’Reilly & Associates, 2001). Focuses on defensive strategies. Viruses Revealed, by David Harley, Robert Slade, and Urs E. Gattiker (McGraw-Hill/ Osborne Media, 2001). Explains what viruses are, how they work, where they come from, how to prevent them, and how to deal with them. Includes case studies. Also available as a downloadable, searchable e-book. Resources The following Web sites provide comprehensive information about viruses, worms, and similar threats: About.com Antivirus Software Guide antivirus.about.com/index.htm?terms=computer+virus News, glossary, encyclopedia of hoaxes, links to vendors and other resources. CERT Coordination Center, Carnegie Mellon University www.cert.org/ A wealth of information on all aspects of computer security at work and at home. CNET Virus Alert Center www.cnet.com/software/0-7760531-8-6319437-1.html News on current threats, advice on PC protection, links to free resources, and antivirus software vendors. Computer Security Institute www.gocsi.com Major membership organization for technology-security professionals; Web site contains articles, reports, and links to additional resources about viruses and other security issues. International Computer Security Association (ICSA) Labs www.icsa.net Independent arm of security vendor TruSecure Corp. (www.trusecure.com) offers “vendor-agnostic” testing and research. Web site contains constantly updated virus alerts, white papers, studies, an annual Virus Prevalence Survey, and more. National Institutes of Standards and TechnologyComputer Security Resource Center Virus Page csrc.nist.gov/virus/ Information, links to other resources and antivirus software vendors. Sophos Inc. www.sophos.com/safecomputing Safe-computing advice for both network administrators and individual users. Virus Bulletin www.virusbtn.com Independent antivirus advice, news, profiles, and resources. Vmyths http://www.vmyths.com Supersite for information on virus myths and hoaxes. Vendors Following is a sampling of major antivirus software vendors whose offerings include products, services, and information targeted to small and growing companies: Command Software Systems Inc. www.commandsoftware.com Founded 1984; now part of Authentium Inc. Offers antivirus software for home users, large companies, and small businesses. Web site’s Virus Center includes news, alerts, a glossary, research, e-mail newsletters, and other information. Computer Associates International Inc. www.ca.com Founded 1976. Offers antivirus software for businesses. Web site’s Virus Information Center contains alerts, encyclopedia, and an extensive glossary. McAfee Security www.mcafee.com/ Founded 1989. Offers antivirus and security solutions for home users, large companies, and small and growing businesses. Network Associates Inc., McAfee’s parent company, provides free virus alerts, updates, update on hoaxes, and other information. Panda Software Inc. www.pandasoftware.com Founded 1990. Offers antivirus software for home users, large companies, and small and growing businesses. Web site includes Virus Information Center with virus encyclopedia (including “Top 5″ current threats), hoax updates, tips, and other resources. Sophos Inc. www.sophos.com Founded 1986. Offers antivirus software for companies of all sizes. Web site includes a rich collection of analyses, articles, updates on hoaxes, and alerts, including monthly “Top 10″ virus list. Symantec Corp. www.symantec.com Founded 1982. Offers firewalls, antivirus software, and other security solutions for home users, large companies, and small and growing businesses. Web site provides free virus alerts, library of virus information. Customers can download anti-virus updates from home page. Provides updates on hoaxes. Trend Micro Inc. www.trendmicro.com Founded 1988. Offers network antivirus software and other security products and services. Web site includes virus advisories, encyclopedia, prevention tips, and additional information. Also offers a free online cost-analysis calculator for determining potential financial impact of virus attacks. Send feedback, column ideas, and tech tips to annestuartinc@yahoo.com.

About 3733 days ago Antivirus Software

There’s a Virus Going Around

Note: This is the first in a series of technology updates by former Inc. senior writer Anne Stuart. Future columns will explore topics such as “spam,” videoconferencing, cell phone messaging, and smart business use of online auctions. Slammer. Klez. Bugbear. Bubbleboy. Lirva. Those sound like names for characters in kids’ cartoons, but they’re neither funny nor harmless. They’re computer viruses. And they’re increasingly common. Over the past decade, virus-writers worldwide have created and released about 80,000 viruses, worms, Trojan horses and other “malware” programs, according to Graham Cluley, senior technology consultant for antivirus software vendor Sophos Inc. (www.sophos.com) And about 600 to 800 new variations crop up every month, although, typically, only a few cause widespread or serious headaches. What exactly is a virus? It’s tiny, malicious software program designed purely to disrupt or damage computers. What exactly do viruses do? Some simply display odd messages or images. Many — including the famous Melissa virus — perpetuate themselves by sending infected messages to everyone in a user’s e-mail address book. Others gobble memory or storage space, making systems sluggish. Some corrupt files — for instance, changing spreadsheets or chewing up text documents — or erase them entirely. Some alter Web pages. Some reformat hard drives, block user access, or cause systems to freeze. A few disable security measures or open secret “holes” into computer networks, providing hackers with easy access. Like their biological counterparts, computer viruses can spread fast, attack systems silently, and cause a great deal of pain. In January 2003, the SQL Slammer worm circled the globe in less than an hour, infecting 75,000 computers in 10 minutes. Slammer, which paralyzed computers running Microsoft SQL Server 2000, temporarily shut down South Korea’s telephone system, knocked out thousands of Bank of America automatic-teller machines, and slowed credit-card transactions worldwide. How much financial damage can viruses cause? It’s tough to find reliable numbers about the costs of virus attacks because some effects — for instance, decreased productivity and unrealized business opportunity — are tough to quantify. In addition, many companies simply won’t share information about security-related losses. Following are several ways you can prevent or minimize the impact of virus attacks in your business: Install antivirus software on every computer. That includes laptops and PCs in remote offices. Encourage employees to use antivirus programs at home as well, especially if they use their own computers to connect to your network. In addition, consider protecting e-mail gateways with software that automatically blocks all incoming messages carrying executable code — but keep in mind that those filters may also capture legitimate business communications with harmless attachments as well. Keep antivirus programs current. With new viruses popping up regularly, it’s critical to make sure you’ve got the latest protection. Most leading solutions can be set to periodically update themselves online; you can also do the job manually to respond to new threats. Launch a company-wide prevention campaign. State-of-the-art security measures won’t protect your company unless everyone uses them. A single employee can unintentionally infect the entire network by opening a booby-trapped e-mail attachment or installing contaminated software. Make sure everybody knows and follows these basic virus-prevention procedures: Always delete junk e-mail messages — ads, jokes, chain letters — without opening them. More than 85 % of viruses infect businesses via e-mail, according to the International Computer Security Association’s (www.icsa.net) annual Virus Prevalence Survey released in March 2003. Never open e-mail attachments from strangers. And even those from people you know should be scanned with software that might spot viruses forwarded unintentionally. Be selective about downloading and installing software. Know the source and scan the files before running any new program. Get knowledgeable about pranks and hoaxes. Phony virus alerts waste almost as much time as the real thing. When you get a forwarded e-mail message breathlessly proclaiming some new threat, check it out at Vmyths (www.vmyths.com) or on other virus information sites before responding. Regularly update Microsoft products. Many viruses attempt to exploit vulnerabilities in Windows, Outlook, Internet Explorer, and other products by the giant software empire. Microsoft’s security page (www.microsoft.com/security/) provides alerts, “patches,” and advice for both home and business users. Back up. Back up. Back up. At work, store files on both PC and network hard drives. At home and on the road, copy important files to CDs or floppies. Begin backing up entire systems nightly or weekly, perhaps storing an extra copy of critical information offsite. Look into Web-based storage services such as Connected Corp. (www.connected.com), Easyspace’s Easyarchive (www.easyspace.com/services/easyarchive.html), and Elephant Backup (www.elephantbackup.com). The computer-virus universe changes constantly, with, according to some estimates, about 20 new viruses surfacing every day. You can’t vaccinate your computers against all of them. But with vigilance and commonsense caution, you can strengthen your company’s electronic immune system, making it much more likely to survive an attack. Glossary Antivirus Program: Software that detects and removes viruses from computer hard drives. Such programs must be updated regularly to add profiles for the thousands of new viruses that appear every year; updating can often be handled quickly online. Trojan (or Trojan Horse): A malicious program in disguise, named for the giant wooden gift horse the Greeks used to conquer their Trojan enemies. Trojans appear benign, entertaining, or even useful, but actually conceal viruses that can harm systems. Backdoor.BO (also called Back Orifice) is among the best-known examples. Virus: A malicious software program used to deliberately infect a computer system. Typically, viruses are concealed in existing programs and activated when those programs are executed. Viruses often cause damage by replicating themselves, causing systems to crash, or by attacking or attaching themselves to other programs. Stealth viruses remain hidden or change themselves after executing so that they can’t be detected. Well-known viruses include Melissa and Bubbleboy. Worm: A type of virus that replicates itself and gobbles up computer memory but cannot attach itself to other programs. Well-known worms include Klez.H, LoveLetter (sometimes called “IloveYou”), Bugbear, and Lovgate. Further Reading The following books, all available from Amazon (www.amazon.com) and other booksellers, offer generally easy-to-understand information about computer viruses: Securing the Network from Malicious Code: A Complete Guide to Defending Against Viruses, Worms, and Trojans, by Douglas Schweitzer (John Wiley & Sons, 2002). Offers sound, practical, comprehensive advice from a security expert. Updates provided on a companion Web site. Malicious Mobile Code: Virus Protection for Windows, by Roger A. Grimes (O’Reilly & Associates, 2001). Focuses on defensive strategies. Viruses Revealed, by David Harley, Robert Slade, and Urs E. Gattiker (McGraw-Hill/ Osborne Media, 2001). Explains what viruses are, how they work, where they come from, how to prevent them, and how to deal with them. Includes case studies. Also available as a downloadable, searchable e-book. Resources The following Web sites provide comprehensive information about viruses, worms, and similar threats: About.com Antivirus Software Guide antivirus.about.com/index.htm?terms=computer+virus News, glossary, encyclopedia of hoaxes, links to vendors and other resources. CERT Coordination Center, Carnegie Mellon University www.cert.org/ A wealth of information on all aspects of computer security at work and at home. CNET Virus Alert Center www.cnet.com/software/0-7760531-8-6319437-1.html News on current threats, advice on PC protection, links to free resources, and antivirus software vendors. Computer Security Institute www.gocsi.com Major membership organization for technology-security professionals; Web site contains articles, reports, and links to additional resources about viruses and other security issues. International Computer Security Association (ICSA) Labs www.icsa.net Independent arm of security vendor TruSecure Corp. (www.trusecure.com) offers “vendor-agnostic” testing and research. Web site contains constantly updated virus alerts, white papers, studies, an annual Virus Prevalence Survey, and more. National Institutes of Standards and TechnologyComputer Security Resource Center Virus Page csrc.nist.gov/virus/ Information, links to other resources and antivirus software vendors. Sophos Inc. www.sophos.com/safecomputing Safe-computing advice for both network administrators and individual users. Virus Bulletin www.virusbtn.com Independent antivirus advice, news, profiles, and resources. Vmyths http://www.vmyths.com Supersite for information on virus myths and hoaxes. Vendors Following is a sampling of major antivirus software vendors whose offerings include products, services, and information targeted to small and growing companies: Command Software Systems Inc. www.commandsoftware.com Founded 1984; now part of Authentium Inc. Offers antivirus software for home users, large companies, and small businesses. Web site’s Virus Center includes news, alerts, a glossary, research, e-mail newsletters, and other information. Computer Associates International Inc. www.ca.com Founded 1976. Offers antivirus software for businesses. Web site’s Virus Information Center contains alerts, encyclopedia, and an extensive glossary. McAfee Security www.mcafee.com/ Founded 1989. Offers antivirus and security solutions for home users, large companies, and small and growing businesses. Network Associates Inc., McAfee’s parent company, provides free virus alerts, updates, update on hoaxes, and other information. Panda Software Inc. www.pandasoftware.com Founded 1990. Offers antivirus software for home users, large companies, and small and growing businesses. Web site includes Virus Information Center with virus encyclopedia (including “Top 5″ current threats), hoax updates, tips, and other resources. Sophos Inc. www.sophos.com Founded 1986. Offers antivirus software for companies of all sizes. Web site includes a rich collection of analyses, articles, updates on hoaxes, and alerts, including monthly “Top 10″ virus list. Symantec Corp. www.symantec.com Founded 1982. Offers firewalls, antivirus software, and other security solutions for home users, large companies, and small and growing businesses. Web site provides free virus alerts, library of virus information. Customers can download anti-virus updates from home page. Provides updates on hoaxes. Trend Micro Inc. www.trendmicro.com Founded 1988. Offers network antivirus software and other security products and services. Web site includes virus advisories, encyclopedia, prevention tips, and additional information. Also offers a free online cost-analysis calculator for determining potential financial impact of virus attacks. Send feedback, column ideas, and tech tips to annestuartinc@yahoo.com.