Hacking 101.7 - Anti-Virus Programs

From the July 2001 Newsletter

by Dean Moor

I am again grateful to Dean Moor for this next article in his series on hacking and security. To many it is a fascinating topic. It really would be a good idea for those interested but new to computers or the net to read over Dean's articles in previous newsletters. -Editor

Hi Folks, over the last couple of months we have been discussing what you can to to keep the "Bad Guys" of the Internet out of your machine. This month we'll continue with this theme.

Viri, virus's (whatever spelling or pronunciation you choose) - everyone has been or will be affected by one sooner or later.  "How?" you ask. "I am protected. I have my AntiVirus Product installed." That may well be the case, but my question is, "Are you using your product properly, or to its full potential?"

Your Anti Virus Protection is perhaps the single most important component in your defense strategy on the Internet, and perhaps the most overlooked. The reason I say this is that the overwhelming majority of "Hackers" still use Trojan Viri to take control of your machine, to spy on you, or just to annoy you.

Now, firstly, lets cover the basics of what a virus is. My definition of a virus is:

A small program, application or segment of code that executes (runs) on your machine with out your knowledge or consent and is designed to reduce or remove security, data, or destroy hardware. A virus can either be just annoying, or can cause downtime due to incorrect operation of your computer or damage to either data or hardware.

I am talking here about programs such as the NetBus Trojan, or code segments such as the Kak Worm Virus. I have briefly discussed the NetBus and other Trojans in a previous article, and the Kak Worm virus is a script that can easily be incorporated into almost any web page (Also briefly talked about here.)

Some viri will simply display web pages, documents, or open your CD-Rom tray, while others will send out your possibly confidential documents to any one in your address book. Take for example the recent Homepage virus. One company I know of was virtually crippled due to this virus with hundreds of copies of the virus constantly circulating through their entire network. Another example is the Magistr virus that seems to be making the rounds recently. This virus will infect programs and some versions could destroy your Hard Drive FATS or Flash (wipe) your BIOS (Basic Input Output System). Without your BIOS, your Processor doesn't know how to "talk" to your Hard Drive or Ram, and you are effectively left a brand new multi-thousand-dollar paperweight until you replace your motherboard.)

Sound scary? It shouldn't if you have your AntiVirus Product correctly installed, and running. You also NEED to update your product's virus definitions on a regular basis, and I recommend AT LEAST once a week. So how does it all work?

Well, think of your AntiVirus Program and a policeman. Now, we all know that the police have a list of known offenders, and should one be discovered the arrest is made. This list of offenders is exactly like your virus definitions, a book of thumbprints if you will. Now each file has a thumb print as well, determined by several factors such as size, type and CRC. So, when you install your brand new "policeman", with his list of thumbprints, you are protected from all past and present viri. Some programs do have a limited ability to detect new viri. however, I recommend that you do not rely on this feature.

Now, if you do not update your list of thumbprints, or don't let your policeman patrol the neighbourhood, you are wasting your time even having him there, and you will fall victim to another virus. I have seen this all to often in my business, people who do not update, or in some cases who fail to use their anti virus product to its full potential. They always end up with a virus.

So, to sum up, your Anti Virus Product is the single most important part of your defense online, and you need to be fully aware of how it works, and what needs to be done to ensure that your protection remains at the highest possible level. Think of it this way, if every one was to have an up-to-date program, and definition list, it would become extremely difficult for viri to spread, and you could have been responsible for saving money and hassle for yourself, someone else, or for your company.

If you're not sure about how to update your anti-virus program, open it up. You'll probably find its little icon down by your clock to the bottom right of your screen (double-click). Look under the various menus for live update functions. If you have no joy, try the Help menu. Anti-virus software writers usually provide help files with step-by-step instructions that are written for novices. They will help you understand how to set your program to update itself (by connecting to the company's website and downloading information about the very latest viruses).

Next month I will cover the last line of defense in our battle against the Cyber Attacker, and follow up with a recap. Please understand that there is just so much to explain, and I may lose some of you from time to time, but if you bear with me, you will get the general idea, and hopefully avoid becoming a victim of the next Cyber Punk surfing past you on the Internet.

Until Next time, safe browsing and good luck. Most of all have fun! Just remember- don't click anything attached to your e-mail that you're not absolutely sure of.

Dean Moor
StarTech.
www.startech.co.nz