Staying Safe in Cyberspace

By Lawrence R. Rogers
Senior Member of the Technical Staff
Software Engineering Institute, Carnegie Mellon University

A computer security specialist offers instruction and guidance on how to prevent intruders and infected software from getting into your home computer system.

The Internet is a great communications and research tool as well as a source of entertainment for millions of people around the world. It is also a security risk. Malicious computer programs have been used to attack computer systems hooked up to the worldwide Internet, damaging computer programs and gaining access to confidential information. News reports of these attacks have brought to the world new meanings for old words such as "virus," "worm," "infection," and "crash" - part of a frightening vocabulary that can intimidate those just beginning to use this new technology. What does it all mean and how can those less experienced Internet travelers navigate the hazards more safely?

Computer security has its similarities to the precautions most people take to secure their home, family, property, and person in an uncertain and sometimes dangerous world. Locking the doors at night, avoiding dangerous neighborhoods, and keeping an eye on one's wallet have their corollaries in sensible computer use.

The Threats

Your home computer is a popular target for intruders, because they want what you may have stored there: credit card numbers, bank account information, personal background information, and anything else they can find. With such information, intruders can take your money, even steal your identity. But it is not just money-related information they may be after. Intruders also want your computer's resources, meaning your hard disk space, your fast processor, and your Internet connection. They use these resources to attack other computers on the Internet. In fact, the more computers an intruder uses, the harder it is for law enforcement investigators to figure out where the attack is coming from. If intruders can't be found, they can't be stopped, and they can't be prosecuted.

Intruders go after home computers because typically they are easy targets. When connected to high-speed Internet connections that are always turned on, these computers are all the more easy for intruders to find and attack.

How do intruders break into your computer? In some cases, they send you e-mail with a virus. Reading that e-mail activates the virus, creating an opening that lets intruders see what is inside your computer. In other cases, they take advantage of a flaw or weakness in one of your computer's programs -- a vulnerability -- to gain access. Once inside, they often install new programs that let them continue to use your computer -- even after you have plugged the holes they used to get into your computer in the first place. These so-called backdoors are usually cleverly disguised to blend in with the other programs running on your computer.

So, think of your computer as you would your house or your apartment. For example, you know that if you have a loud conversation, someone next door can probably hear you. You probably routinely lock the doors and close the windows when you leave, and you don't give the keys to just anyone. If a stranger shows up at the door, you don't invite him inside until you have made some discriminating judgments about his intentions. If you're approached by a salesperson, you don't start handing him money until you've decided whether he's legitimate and his product or service is reliable and desirable. These are the same kinds of judgments that you must make when browsing the World Wide Web on the Internet and deciding whether the information you encounter and the messages you receive are helpful or harmful.

E-mail Security

Electronic mail - e-mail for short - is one of the biggest threats to your home computer. By understanding how e-mail works, and by taking precautions in how you go about reading and writing messages, you can reduce this security threat. When you exchange e-mail with someone, the messages sent between you and that person pass through several computers before they reach their destinations. Think of this conversation as taking place in an Internet "room," a very, very big room. Anyone, or, more accurately, any program, along the conversation path can probably understand what is being said, because most Internet conversations are not concealed or hidden in any way. Consequently, others may be listening in, capturing what you send, and using it for their own benefit.

E-mail-borne viruses and worms often arrive in attractive, enticing packages, much like the printed advertisements we receive via traditional mail designed to sell us something. By all appearances, an infected e-mail message appears to be something we want to read from someone we know, not a malicious virus or worm poised to destroy our data, exploit our hard drive, and hijack our computer's processing power.

There are steps you can take to help you decide what to do with every e-mail message with an attachment that you receive. You should only read a message that passes all of these tests:

1. The Know test: Is the e-mail from someone that you know?

2. The Received test: Have you received e-mail from this sender before?

3. The Expect test: Were you expecting e-mail with an attachment from this sender?

4. The Sense test: Do the subject line describing the contents of the e-mail message and the name of the attachment both make sense? For example, would you expect the sender -- let's say your mother -- to send you an e-mail message with the curious, possibly mystifying subject line "Here you have, ;o)" that contains a message with an attachment -- let's say "AnnaKournikova.jpg.vbs?" A message like that probably wouldn't make sense. You know your mother doesn't follow world tennis, and probably doesn't know who Kournikova is. In fact, it could be an instance of the so-called Anna Kournikova worm that began infecting computers around the world with malicious code in February 2001, and reading it would damage your system.

5. The Virus test: Is this e-mail infected? To determine this, you need to install and run an anti-virus program.

Preventing Viruses

It's helpful to think about viruses in the same way that you think about that stranger who has come knocking at the door. It is your responsibility to profile or evaluate anyone who enters your living space. Anti-virus programs do much the same thing. These programs look at the contents of each file, searching for specific patterns that match a profile -- called a virus signature -- of something known to be harmful. For each file that matches a signature, the anti-virus program typically provides several options on how to respond, such as removing the offending patterns or destroying the file.

Viruses can reach your computer in many ways -- through floppy disks, CD-ROMs, e-mail, Web sites, and downloaded files. All need to be checked for viruses each time you use them. In other words, when you insert a floppy disk into the drive, check it for viruses. When you receive e-mail, check it for viruses using the tests described above. When you download a file from the Internet, check it for viruses before using it. Your anti-virus program may let you specify all of these as sources to check each time you encounter or use them. Your anti-virus program may also do this automatically.

You often have the chance to react to viruses when they've been discovered on your home computer. Depending upon the specific characteristics of the virus, you might be able to clean the infected file. Or you might be forced to destroy the file and load a new copy from your backups or original distribution media. Your options depend upon your choice of anti-virus program and the virus that's been detected.

Patching

Sometimes a would-be intruder may attempt to enter your home through a broken window. Software programs that you run on your computer can also have "broken windows," and cyberspace intruders are constantly searching to exploit such openings.

Just as you would repair the broken window to secure your home, you must fix the vulnerabilities in programs running on your computer. Most vendors provide patches, sometimes free of charge on their Web sites, for this purpose. When you purchase programs, it's a good idea to see if and how the vendor supplies patches. Just as appliance vendors often sell extended warranties for their products, some software vendors may also sell support for theirs. Vendors send notices to product owners when a safety-related problem has been discovered. Registering your purchase through the warranty card or online gives the vendor the information they need to contact you if there is a recall or a software fix.

Program vendors also provide a service allowing you to receive patch notices via e-mail. Through this type of service, you can learn about problems with your computer before intruders have the chance to exploit them. Consult the vendor's Web site to see how to get e-mail notices about patches. Some programs include features that automatically contact the vendor's Web sites to look for patches. These automatic updates tell you when patches are available, and they download and even install them.

While the patching process is getting easier, even to the point of automation, it is not yet foolproof. In some cases, installing a patch can cause another seemingly unrelated program to break. The challenge is to do as much homework as you can to learn what a patch is supposed to do and what problems it might cause once you've installed it.

Conclusion

Today's Internet evolved from a 1960s project that was designed to allow scientists and researchers to share ideas and resources via computer technology. The element of trust was key to the endeavor, shaping many of the practices, procedures, and technologies that are still in place today. As the Internet has become a global forum for communications and commerce, relying principally on trust has proven to be inadequate. Today's users must treat the Internet with the same wariness and caution they would carry into any unknown environment. While the Internet superhighway still has many potholes, sharp bends, and occasional accidents, today's users can safely journey through those hazards when they apply the types of cautions they already know and use in everyday life.

The Software Engineering Institute is a federally funded research and development center and the home of the CERT® Coordination Center, a center of Internet security expertise. A more detailed explanation of all the issues discussed here is available at http://www.cert.org/homeusers/

A CERT representative describes the global damage done by viruses this year in the Additional Resources section of this publication.

©2003 Carnegie Mellon University

The opinions expressed in this article are those of the author and do not necessarily reflect the views or policies of the U.S. government.

Back to top | Global Issues, November 2003 | IIP E-Journals | IIP Homepage