Internet Security & Safety (How tos)

Computers are like air conditioners, they stop working properly if you open Windows.

  Man is still the most extraordinary computer of all. (John F. Kennedy)

  It's better to be safe than sorry.

» How to be safe while Online?

» How computer viruses work?

» What's a "Worm"?
» What's a "Virus"?
» History of Virus
» How the virus work in the computer?
» Why do people create viruses?
» E-mail Viruses
» An Ounce of Prevention (most important)

How to be safe while Online

• Never open e-mail attachments from strangers. Some junk e-mails may contain viruses or spyware that can harm your computer.

• Beware of phishing emails congratulating; you have win a lottery prize. These prizes are fake. They will leads you to deposit the transfer fee in the nominated bank.

• Never respond to emails inviting you to attend a conference. These are fake conferences. They will leads you to book your accommodation in the nominated hotel.

• Never respond to the emails that depicts a crafted story and portraying themselves as the only survivor in the family and that their father/husband have deposited millions of dollars to their name. They invite you to sponsor them to start a mutual business in your country.  These emails are sent usually from yahoo accounts and from African girls. They leads you to deposit transfer fee in the Bank of Africa.

• Beware of spoof email claiming to be from eBay, PayPal, or a bank or a company name you know asking for personal or sensitive information. This is called phishing. The e-mail may inform you that there is a problem with your account/password. There may be a link to click inside. Forward any of these e-mails to the company it claims to be sent from. They will confirm whether the e-mail you received was real or not.

• Never give out your bank account or credit card information unless you are shopping with a well-known or highly rated online business. Check for secure transaction info. The best companies will have many security devices in place. You may see a gold lock at the bottom of the page to indicate a secure site.

• Do not give out your name, address, or phone number to a stranger you chat with online. Only give out this information if and when you feel comfortable. Go with your instinct.

• If you do not want to receive junk mail or get put on a telemarketer list, look for a small box near the bottom of the page that asks if you want to receive information and offers from other companies. The best sites will have a statement listed that they will not sell your name to other companies. Some free sample sites require you to give all your information to get the product. Only fill in required fields that are marked with a *. If the info box does not have an asterisk, it is optional and you can leave it blank.

• If you decide to meet someone from online, go to a public place and let friends and family know your plans. Have an alternate plan if things turn out badly.

• Web services such as AOL, Yahoo, or MSN have messengers that allow you to chat with others with an instant message (IM) or private message (PM) box. Go to the preferences or options menu and carefully choose settings. It is best to turn off messages from all users and only add people to your buddy list that you know very well or someone you choose to talk to. Bad or annoying programs may invade your messenger box or chat windows, such as spam bots, boot codes, or hacker tools. These can damage your computer and record your online activities. Always set your preferences to the highest security.

• Get a good anti-virus program, spyware remover, and firewall. There are free programs available online, such as avast! antivirus, Microsoft Anti-Spyware and Spybot, and Sygate personal firewall. They will block most hacker attempts and alert you if problems are found.

• Monitor young children's activities closely and use parental controls when available. Use a password a child will not guess.

• Remember, people can lie as much as they want online, so be careful. If you think that you may be talking to someone who is a lot older than they say they are, look out for clues, which may give them away.

• Change your passwords every month or so. Try not to use the same password more than once at a time.

How computer viruses work

Computer viruses are mysterious and grab our attention. A properly engineered virus can have an amazing effect on the worldwide Internet. On the other hand, they show how sophisticated and interconnected human beings have become. For example, the "Melissa" virus -- which became a worldwide phenomenon in March of 1999 -- was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be contained. The "ILOVEYOU" virus in 2000 had a similarly devastating effect. That's pretty impressive when you consider how simple the Melissa and ILOVEYOU viruses are! When you listen to the news, you hear about many different forms of electronic infection. The most common are:

• Viruses - A virus is a small piece of software that piggy-backs on real programs. For example, a virus might attach itself to a program like a spreadsheet program. Each time the spreadsheet program runs, the virus runs too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.

• Email viruses - An email virus moves around in email messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's email address book.

• Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there as well.

• Trojan Horses - A trojan horse is simply a normal computer program. The program claims to do one thing (e.g. - it claims to be a game) but instead does damage when you run it (e.g. - it erases your hard disk). Trojan horses have no way to replicate automatically.

What's a "Worm"?

A worm is a computer program that has the ability to copy itself from machine to machine. Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. For example, the Code Red worm replicated itself over 250,000 times in approximately nine hours on July 19, 2001. Worms use up computer time and network bandwidth when they are replicating, and they often have some sort of evil intent.

What's a "Virus"?

Computer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from person to person.

At a deeper level there are similarities as well. A biological virus is not a living thing. A virus is a fragment of DNA inside a protective jacket. Unlike a cell, a virus has no way to do anything or to reproduce by itself -- it is not alive. Instead, a biological virus must inject its DNA into a cell. The viral DNA then uses the cell's existing machinery to reproduce itself. In some cases, the cell fills with new viral particles until it bursts, releasing the virus. In other cases the new virus particles bud off the cell one at a time and the cell remains alive.

A computer virus shares some of these traits. A computer virus must piggyback on top of some other program or document in order to get executed. Once it is running, it is then able to infect other programs or documents. Obviously the analogy between computer and biological viruses stretches things a bit, but there are enough similarities that the name sticks.

History of Virus

Traditional computer viruses were first widely seen in the late 1980s, and they came about because of following three factors. Viruses took advantage of these three facts to create the first self-replicating programs!

1. Spread of personal computers (IBM in 1982) and the Apple Macintosh in 1984)

2. Use of computer "bulletin boards."

3. Floppy disk.

How the virus work in the computer
Early viruses were pieces of code attached to a common program like a popular game or a popular word processor. A person might download an infected game from a bulletin board and run it. A virus like this is a small piece of code embedded in a larger, legitimate program. Any virus is designed so it runs first when the legitimate program is executed. The virus loads itself into memory and looks around to see if it can find any other programs on the disk. If it can find one, it modifies it to add the virus's code to the unsuspecting program. Then the virus launches the "real program." The user really has no way to know that the virus ever ran. Unfortunately, the virus has now reproduced itself, so two programs are infected. The next time either of those programs gets executed, they infect other programs, and the cycle continues.

If one of the infected programs is given to another person on a floppy disk, CD, USB Drive or if it is uploaded to a bulletin board, then other programs get infected. This is how the virus spreads.

The spreading part is the "infection" phase of the virus. Viruses wouldn't be so violently despised if all they did was replicate themselves. Unfortunately, most viruses also have some sort of destructive "attack" phase where they do some damage. Some sort of trigger will activate the attack phase, and the virus will then "do something" -- anything from printing a silly message on the screen to erasing all of your data. The trigger might be a specific date, or the number of times the virus has been replicated, or something similar.

As virus creators got more sophisticated, they learned new tricks. One important trick was the ability to load viruses into memory so they could keep running in the background as long as the computer remained on. This gave viruses a much more effective way to replicate themselves. Another trick was the ability to infect the boot sector on floppy disks and hard disks. The boot sector is a small program that is the first part of the operating system that the computer loads. The boot sector contains a tiny program that tells the computer how to load the rest of the operating system. By putting its code in the boot sector, a virus can guarantee it gets executed. It can load itself into memory immediately and it is able to run whenever the computer is on. Boot sector viruses can infect the boot sector of any floppy disk inserted in the machine, and on college campuses where lots of people share machines they spread like wildfire.

In general, both executable and boot sector viruses are not very threatening any more. The first reason for the decline has been the huge size of today's programs. Nearly every program you buy today comes on a compact disc. Compact discs cannot be modified, and that makes viral infection of a CD impossible. The programs are so big that the only easy way to move them around is to buy the CD. People certainly can't carry applications around on a floppy disk like they did in the 1980s, when floppies full of programs were traded like baseball cards. Boot sector viruses have also declined because operating systems now protect the boot sector.

Both boot sector viruses and executable viruses are still possible, but they are a lot harder now and they don't spread nearly as fast as they once could. Call it "shrinking habitat," if you want to use a biological analogy. The environment of floppy disks, small programs and weak operating systems made viruses possible in the 1980s, but that environmental niche has been largely eliminated by huge executables, unchangeable CDs and better operating system safeguards.

Why do people create viruses
A person has to write the code, test it to make sure it spreads properly and then release the virus. A person also designs the virus's attack phase, whether its a silly message or destruction of a hard disk.  There are probably at least three reasons:

• The first is the same psychology that drives vandals and arsonists. Why would someone want to bust the window on someone else's car, or spray paint signs on buildings or burn down a beautiful forest? For some people that seems to be a thrill. If that sort of person happens to know computer programming, then he or she may funnel energy into the creation of destructive viruses.

• The second reason has to do with the thrill of watching things blow up. Many people have a fascination with things like explosions and car wrecks. When you were a kid there was probably a boy in your neighborhood who learned how to make gunpowder and who then built bigger and bigger bombs until he either got bored or did some serious damage to himself. Creating a virus that spreads quickly is a little like that -- it creates a bomb inside a computer, and the more computers that get infected, the more "fun" the explosion.

• The third reason probably involves bragging rights, or the thrill of doing it. Sort of like Mount. Everest. The mountain is there and no one has climbed it, so someone is compelled to do it. If you are a certain type of programmer and you see a security hole that could be exploited, you might simply be compelled to exploit the hole yourself before someone else beats you to it. "Sure, I could TELL someone about the hole. But wouldn't it be better to SHOW them the hole???" That sort of logic leads to many viruses.

Of course, all of the virus creators miss the point that they cause real damage to real people with their creations. Destroying everything on a person's hard disk is real damage. Forcing the people inside a large company to waste thousands of hours cleaning up after a virus is real damage. Even a silly message is real damage because a person then has to waste the time getting rid of it. For this reason, the legal system is getting much harsher in punishing the people who create viruses.

E-mail Viruses
The latest thing is the e-mail virus, and the Melissa virus in March of 1999 was spectacular. Melissa spread in Microsoft Word documents sent via e-mail, and it worked like this. Someone created the virus as a Word document uploaded to an Internet newsgroup. Anyone who downloaded the document and opened it would trigger the virus. The virus would then send the document (and therefore itself) in an e-mail message to the first 50 people in the person's address book. The e-mail message contained a friendly note that included the person's name, so the recipient would open the document thinking it was harmless. The virus would then create 50 new messages from the recipient's machine. As a result, the Melissa virus was the fastest-spreading virus ever seen! As mentioned earlier, it forced a number of large companies to shut down their e-mail systems.

The ILOVEYOU virus, which appeared on May 4, 2000, was even simpler. It contained a piece of code as an attachment. People who double clicked on the attachment allowed the code to execute. The code sent copies of itself to everyone in the victim's address book and then started corrupting files on the victim's machine. This is as simple as a virus can get. It is really more of a trojan horse distributed by e-mail than it is a virus.

The Melissa virus took advantage of the programming language built into Microsoft Word called VBA, or Visual Basic for Applications. It is a complete programming language and it can be programmed to do things like modify files and send e-mail messages. It also has a useful but dangerous auto-execute feature. A programmer can insert a program into a document that runs instantly whenever the document is opened. This is how the Melissa virus was programmed. Anyone who opened a document infected with Melissa would immediately activate the virus. It would send the 50 e-mails, and then infect a central file called NORMAL.DOT so that any file saved later would also contain the virus! It created a huge mess.

Microsoft applications have a feature called Macro Virus Protection built in to them to prevent this sort of thing. If you turn Macro Virus Protection on, then the auto-execute feature is disabled. By default the option is ON. So when a document tries to auto-execute viral code, a dialog pops up warning the user. Unfortunately, many people don't know what macros or macro viruses are, and when they see the dialog they ignore it. So the virus runs anyway. Many other people turn off the protection mechanism. So the Melissa virus spread despite the safeguards in place to prevent it.

In the case of the ILOVEYOU virus, the whole thing was human-powered. If a person double-clicked on the program that came as an attachment, then the program ran and did its thing. What fueled this virus was the human willingness to double-click on the executable.

An Ounce of Prevention

Follow these simple steps for protecting yourself against viruses and remain virus free.

• If you are truly worried about traditional (as opposed to e-mail) viruses, you should be running a secure operating system like UNIX or Windows NT. You never hear about viruses on these operating systems because the security features keep viruses (and unwanted human visitors) away from your hard disk.

• If you are using an unsecured operating system, then buying virus protection software is a nice safeguard.

• If you simply avoid programs from unknown sources like the Internet, and instead stick with commercial software purchased on CDs, you eliminate almost all of the risk from traditional viruses. In addition, you should disable floppy disk booting -- most computers now allow you to do this, and that will eliminate the risk of a boot sector virus coming in from a floppy disk accidentally left in the drive.

• You should make sure that Macro Virus Protection is enabled in all Microsoft applications, and you should NEVER run macros in a document unless you know what they do. No normal person adds macros to a document, so avoiding all macros is a great policy. Open the Options dialog from the Tools menu in Microsoft Word and make sure that Macro Virus Protection is enabled.

• In the case of the ILOVEYOU e-mail virus, the only defense is a personal discipline. You should never double-click on an attachment that contains an executable that arrives as an e-mail attachment. Attachments that come in as Word files (.DOC), spreadsheets (.XLS), images (.GIF and .JPG), etc. are data files and they can do no damage (noting the macro virus problem above in Word and Excel documents). A file with an extension like EXE, COM or VBS is an executable, and an executable can do any sort of damage it wants. Once you run it, you have given it permission to do anything on your machine. The only defense is to never run executables that arrive via e-mail.