Stay in touch…

Blog

Read the latest Bitstream

RSS Feed

LinkedIn

Look for us at LinkedIn

Twitter

Follow us on Twitter

Mix Magazine

This installment of The Bitstream column appeared in the February 2005 issue of Mix Magazine.

The Bitstream

This column discusses computer security…

Mal Contents

For those of you who run a Win OS computer, you know that W2k was the first modern, fully reliable version of Windows. However, until now, the default settings and factory functionality wasn’t, shall we say, the most secure.

This month, I’m going to discuss the slightly arcane world (always!) of malware, those lovely little bits of code that slither, sneak, snoop and spy on your actions and, if you’re not so lucky, may even hand control of your box over to some for–hire script kiddy who’ll proceed to make some money off you without your knowledge. Spyware, adware, browser hijackers, background dialers, every day there’s more threats but, will wonders never cease, the Boys and Girls in Redmond have come to our rescue…

First, let’s talk about what malware is and isn’t. Viruses, worms and trojan horses, though all denizens of the computing underworld, aren’t generally considered malware. Here’s a quick run down of what is:

Adware —
Adware is usually thought of as simply displaying marketing messages via popups or other annoyances. Make no mistake, pop–up ads are more effective than banners in both “click through” and “conversion.” This high ROI or return on investment means that, even if only 2% of viewers are stupid enough to click, so called “click through,” and then drop some dough, the “conversion” part, the advertiser is guaranteed to make some tidy profit. Because of adware’s success, it is often co–opted as an enabler for covert installation of other malware and to forward key bits of information to opportunistic marketeers specifically for further intrusion.

Another variant of a popup is a pop–under. Just what the name implies, pop–unders spawn one or more browser windows that attempt to “hide” themselves behind existing windows.

Spyware & Friends —
Spyware comes in several forms but, all versions have one thing in common. They keep track of what you do while at your computer. Those actions may be relatively benign, such as simply reporting which web sites you visit or search terms you enter to an interested party. More disturbing is spyware that scours your local disks for e-mail addresses, phone numbers and credit card accounts.

An interesting and dangerous spyware example are keystroke loggers, pernicious critters sometimes found in public environments like internet cafés, invisibly recording all keystrokes, including passwords and bank accounts, to a file. Keystroke logger sessions can be sent via public networks to a third party or may be stored on covertly installed, unobtrusive removable media, such as a USB thumb drive, for later retrieval.

File Sharers, like iMesh, are another spyware conduit. They often carry malware baggage, adware or, spyware that tracks user metrics and forwards that information to opportunistic marketeers…Kazaa anyone?

Dialers —
Dialers are great if you own a 900 number service since a dialer will configure a modem to dial your 900 number and you get boatloads of money while the clueless sap at the other end of the modem gets socked with a hefty bill.

How, you may ask, did we all get saddled with this crap? In the past, the product managers at Microsoft have exercised rather poor judgment when it comes to “could” versus “should.” If you’ve ever channeled your inner geek, you know that engineers come up with really dumb ideas simply because some new technology arrived on the scene. For a programmer, the beauty of ActiveX is that it can do spiffy things under their, rather than the end user’s, control. Spiffy? Yes. A wise choice without sensible safeguards? Ah, no, and the safeguards simply haven’t been in place by default.

Years ago, Microsoft started babbling about security and, after some laughable stumbles, the corporate culture may actually be changing. Unlike the second and third place desktop operating systems, Linux and Mac OS respectively, Windows used to ship in such a vulnerable state that it was waiting, literally with open arms, for some creep to sneak up and take advantage of it.

So enough already with the tongue lashing, let’s talk about the good thing that Microsoft has done concerning security. It’s called Windows XP Service Pack 2 “with advanced security technologies.” Why it’s taken this long for so little is a whole ’nother article but, suffice it to say that, if you’ve survived the XP SP2 update, then your computing experience will be improved.

For those of you who can’t move to XP, either because of licensing costs or compatibility issues, then take heart. There are several things you can do…One is to toss out that stupid Microsoft browser. Not literally, since Windows Update won’t run without it but, for day–to–day work, you can ignore it in favor of products designed by more thoughtful engineers. This will not only make your day better but, it’ll have a positive peripheral effect in that, as fewer people use IE, the web sites will move from IE–specific frameworks to ones based on open standards, which is good for everyone.

Now, in the enterprise world, some companies are locked into using Internet Explorer because of exactly the mechanism that makes it such a high security risk; ActiveX. Yeah, build in the capability to remotely control my computer without my knowledge. I’d call that a really desirable feature! If you’re running XP, you’ll eventually get a new, locked down version but for those of us running W2k and earlier, all you can do is patch ’till your eyeballs roll up, manually improve security settings — more on that in a future column — and, substitute with 3rd party products. Most of you out there aren’t so constrained to using IE and can switch a less vulnerable, more configurable and stable alternative, like the most current versions of Mozilla, Firefox or Opera. All excellent choices and, the first two are free. I stress the most recent version because, even as I was trying to finish this piece, I read that old school pop–up blockers are no longer effective. The latest versions of Opera, Safari, Firefox and IE for XP SP2 all handle the new scam. Once you’ve downloaded the current version of your favorite, check its preferences for a “Block All Pop–ups” setting.

OK, enough of browser madness, on to specific utilities for malware mitigation. I can recommend three, Spyware Doctor <www.pctools.com>, SpyBot-S&D <www.safer-networking.org> and, best of all, AdAware SE Personal <www.lavasoft.com>. These kids play quite well together, the latter two on my W2k system anyway, and all three score light hits on your wallet.

AdAware is a standout, especially since it’s free. The UI is nothing to write home about but, like a good little soldier, it fights the good fight. As to Spybot, a nice thing about it and some of its anti–malware brethren is the option to perform a backup of your registry, in case something steps on that holy of holies later on. Which ever ones you choose to use, and I suggest you use several as they all catch different beasties, be sure to keep them up to date as the rules change from day to day.

Most malware, at least the browser–based stuff I’m discussing this time, is user installed. Yup, you can only blame yourself for most malware infections. Don’t visit websites because they may be “interesting,” especially if they offer some mass market commodity such as pictures, music, a utility or other software downloads. Don’t agree to a software license unless you are either very sure of the vendor’s credentials or, you’re willing to clean up a real mess after the fact.

Why do people make this stuff? Basically, either self aggrandizement or money. Mostly money. Adware are marketing engines and often, the author receives remuneration from each instance that the mechanism succeeds. Don’t let them succeed with your computer; surf smart.

Sidebar
Logging Ban

I’m not talkin’ responsible forest management, I’m talkin’ keystroke loggers. Want to keep removable storage media out of the picture on your machines? The folks at SmartLine <www.smartlineinc.com> provide DeviceLock to reduce data “migration” through portable devices hangin’ off of FireWire or USB ports. According to SmartLine, “Using DeviceLock®, network administrators can lock out unauthorized users from USB and FireWire devices, WiFi and Bluetooth adapters, CD-ROM and floppy drives, serial and parallel ports and many other plug-and-play devices.” Admins can define access privileges based on date, time, user and, individual devices. No more mixes walking out the door on someone’s iPod without your permission!

Bio

OMas directs brand and product development at Sonic Studio. He’s pleased to see that the synth on which he learned additive synthesis so long ago is now in version 2, at least in the virtual sense. Arturia’s Moog Modular may look like my original wood and metal teaching aid but it sure ain’t as finicky!