9. CAPITULO III
9.1. PEI, MODELO, ESTRATEGIA Y ENFOQUE PEDAGOGICO
9.1
Virus/Trojan/worm protection
This protection is an absolute must have, whether or not one goes online, because malicious mobile code often comes through CD-ROMs, floppy disks, and the like. There are numerous software packages available that provide this service on a low-cost yearly subscription basis. It is important is to do the following:
1. Update the virus-detection signature files at least every week. Whereas in the past it used to take days or weeks to exploit a security vulnerability, it now takes hours; as such, last week’s virus protection is often not current enough.
2. Set up the configuration so that the software checks incom- ing e-mail, especially any attachments, as they come in online. Also to do automatic scans of files on inserted floppy disks, in addition to doing periodic scans of one’s hard disk no less than, say, once per month.
3. Subscribe to a mail list service, such as the one from CERT at Carnegie Mellon University, that sends e-mail when a serious new security problem has been discovered and suggests effective fixes. To be added to that mailing list, send e-mail to [email protected] and include “SUBSCRIBE your e-mail-address” in the subject of your message.
4. Disable HTML in the e-mail client software. HTML makes some incoming e-mail look pretty, but it is also a major ave- nue for malicious code to sneak in.
At the risk of oversimplifying a complex situation, Webopedia defines a computer virus as “a program or piece of code that is loaded onto your computer without your
159
9
Contents
9.1 Virus/Trojan/worm protection
9.2 Protection from keyloggers 9.3 Protection from
commercial adware/ spyware
9.4 Protection from Web bugs: An insidious and far-reaching threat 9.5 Using encrypted
connections for content protection
9.6 Using proxy servers for anonymity
9.7 Using encrypted connections to ISPs for content protection 9.8 SSH
9.9 The failed promise of peer-to-peer clouds 9.10 Caller ID traps to avoid 9.11 Traps when connecting
online from a cellular phone
9.12 Traps when using FTP 9.13 Using instant messaging
schemes
9.14 Pitfalls of online banking 9.15 Secure Usenet usage 9.16 Ports to protect from 9.17 Sniffers
9.18 Firewalls
9.19 Software that calls home
C H A P T E R
knowledge and runs against your wishes. Viruses can also replicate them- selves. All computer viruses are manmade.”
A Trojan is a program that pretends to be or do one thing, but in reality damages your data or sniffs your system for personal data. Back Orifice and Back Orifice 2000 are among the most notorious such programs. The term comes from the huge wooden horse parked, according to Homer’sIliad, by the Greeks as a gift outside the city of Troy. At nighttime, the horse’s wooden belly was opened from the inside to let the hidden Greek soldiers out, who proceeded to attack Troy.
A worm is “a program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the com- puter’s resources and possibly shutting the system down.”
Virus detection software does a credible, but inadequate, job of detecting Trojans. Trojans are best detected with dedicated software packages, such as The Cleaner from www.moosoft/com.
9.2
Protection from keyloggers
9.2.1 Protection from keystroke-capturing software
Numerous software packages detect and eliminate many (but not all) keystroke-capturing software programs in common use. However, given the large number of these programs, such as Keykey, discussed in Section 4.4, that are openly available on the Internet, there is no one easy way to detect and eliminate all of them from one’s computer. Given the major security threat that such programs represent, however, one would be well justified in taking the time needed to weed such programs out and, better yet, to minimize the likelihood that they get into one’s computer in the first place. The latter can only be done by adhering to the following standard security measures:
◗ Do not open e-mail attachments unless you know for a fact who sent
them and why. The fact that the sender’s e-mail address is that of a friend means nothing as it can be faked. In fact, the most troublesome recent worms (Melissa and I Love You) hijacked one’s computer, looked up the list of friends’ e-mail addresses in Outlook/Outlook Express, and sent them e-mails ostensibly coming from the hijacked computer.
◗ Do not download and install assorted software from the Web from sites
with unknown or dubious agendas. Check first with a privacy-minded Usenet forum such as alt.privacy for any postings about them.
◗ Do not allow others to insert floppy disks (or CD-ROMs or USB keys or
any other media) of unknown origin into your computer.
◗ Do not allow others to use your computer in your absence.
Some antivirus and anti-Trojan software detect some (but not all) of the keystroke-capturing software. Alternately, one can manually search for
such software by simply searching the hard disk for any software running in the background that one cannot recognize. One has to do this often enough to spot what is unusual and also to have started doing so when the computer was known for a fact not to have any such software running on it.
To detect what software is running in the background, do the following:
1. Use WinPatrol from http://www.billp.com/winpatrol, which will also alert you every time a new program wants to run behind your back.
2. In WinNT/2000, type Ctrl-Shift-Esc.
9.2.2 Protection from keystroke-capturing hardware
The best (and perhaps the only) protection is to prevent it from being installed (through physical security) or at least to detect (through physical inspection) if it has been installed. Such devices cannot be detected through software schemes. It follows that if you are patronizing someone else’s com- puter (e.g., at an Internet cafe or hotel), you have zero assurance that your passwords and everything else you type are not being recorded. The same applies to hidden overhead cameras.
9.3
Protection from commercial adware/spyware
There is an obvious commercial incentive for companies to know as much about an individual as possible, so that customized advertising can be sent to him or her. Because many individuals wisely do not volunteer much infor- mation about themselves to total strangers in these days of rampant identity theft, and because personal computers nowadays contain a fairly accurate representation of their respective owners identities, many companies have taken it upon themselves to steal as much information as they can about a person from his or her computer anyway. This unauthorized stealing of information from individual PCs for marketing purposes is enabled by the fact that when their PCs are connected to the Internet, most users have no idea what information is going out. This is made possible through the following.
1. When filling out online registration forms for software, the user may think only that information manually entered by the user is going out when in fact a digest of one’s entire hard disk is often sent. Even reputable large companies have been caught red-handed engaging in this practice. Do not ever fill out online registration forms or allow software to register itself online. Never. Do not do online activation of software; if you must use such software (which, on philosophical grounds, you may not want to do at all), do the activation by talking to the vendor over the telephone.
2. Some marketing companies (such as Predictive Networks at http://www.predictivenetworks.com) engage in a business practice whereby the participating ISP provides the marketing company the individual users’ Web browsing habits. This involves not only free ISPs where this tracking has become the norm, but also regular ISPs that one pays for by the month.1
3. There is often hidden functionality in a large collection of software packages that scouts one’s hard disk, collects whatever information it feels like, and relays it on the sly and without the user’s knowledge when the unsuspecting user is online on the Internet. These are known as “adware” or “spyware.”
This threat is made particularly bothersome by an odious new law called the Uniform Computer Information Transactions Act (UCITA), which has been already passed in Maryland and Virginia. This legislation allows com- panies to spy on a consumer’s computer to make sure that all license requirements are obeyed. Companies will be able to remotely turn off the software if they feel that the terms of the license have not been abided by, without notifying the user. Finally, licensors can require that individual users not publicize flaws in their software and also that no legal action be taken by the buyer of the software except in the form of a mediation in the jurisdiction of each such company’s choice.
A typical example, according to Steve Gibson of Gibson Research Corpo- ration (http://grc.com), is Real Network’s Real Download, Netscape/AOL’s Smart Download, and NetZip’s Download Demon in their default configurations.
“Every time you use one of these utilities to download any file from any- where on the Internet, the complete URL address of the file, along with a unique ID tag that has been assigned to your machine and—in the case of Netscape’s Smart Downloadonly—your computer’s individual Internet IP address, is immediately sent to the program’s publisher. This allows a data- base of your entire personal file download history to be assembled and uniquely associated with your individual computer . . . for whatever pur- pose the program’s publisher may have today or tomorrow.”
1. According to Predictive’s privacy policy, “Predictive Networks uses digital silhouettes to match Internet content and advertising with appropriate subscriber recipients. As a result, subscribers receive information that appeals to their current needs and interests. To develop a digital silhouette, the Predictive Network analyzes URL click-stream data, such as Web pages visited, and date and time of visit.” “To optimize the format of the content delivered to subscribers, the anonymous digital silhouette may include specifications about the subscriber’s computer, such as processor type, browser plug-ins and available memory.” “Predictive Networks urges subscribers to consult their ISP before opting out, as doing so may affect their Internet service and/or their Internet service rate.” For more information, one can look at “Start-Up’s Tracking Software Sets Off Privacy Alarm,” by Jom Hu, CNET News.com, May 1, 2000.
According to Gibson,
Aureate/Radiate and Conducent Technologies [have] advertising, monitor- ing, and profiling software [that] sneaks into our machines without our knowledge or permission. Comet Cursor secretly tracks our Web browsing, GoHip hijacks our Web browser and alters our eMail signatures . . . and many other hopeful and exploitive newcomers on the horizon. When con- fronted with their actions, such companies invariably say “read the fine print, what we’re doing is spelled out there and the user agreed.”
It must be emphasized that some adware programs leave the secretly installed utility (that periodically sends out such information) even after the original software that installed this utility has been removed from one’s disk.
A long list of software programs that, according to Gibson, engage in the practice of periodically sending information about some of the user’s habit out over the Internet can be found at http://grc.com/oo/spyware.htm and includes the popular CuteFTP utility.
The best protection against such adware is provided by Ad-aware by Lavasoft (http://www.lavasoftus.com) and (not “or”) the Spybot Search and Destroy freeware by Patrick M. Kolla.
Because there is a vast sea of software available, perhaps the best protec- tion, in addition to the above, is to install and use a network packet sniffer, which observes what gets sent out from one’s computer over the Internet. This is recommended only for those who have—or are willing to invest the time to acquire—a thorough understanding of TCP/IP and IP. (See an excel- lent source of additional information in the 738 page “TCP/IP Tutorial and Technical Review” written by the IBM International Technical Support Organization; it is available freely as a 3.2-MB Adobe Acrobat file that can be downloaded, along with others, from http://grc.com/oo/packetsniff.htm.)
There are numerous packet sniffers available, such as the SpyNet Sniffer from eEye (http://www.eeye.com/html/Products/Iris/overview.html), the CommView v2.0 sniffer from Tamos Software.