Virus attacks more lethal than ever

Before Root Group Inc. came aboard, Colorado’s High School Activities Association was merely plodding along with its information technology network, utilizing some outdated methods of scanning for viruses.

“There tended to be a lot of down time in the old days because we had to deal with security problems and viruses,´ said CHSAA Assistant Commissioner Paul Angelico.

Then, five years ago, CHSAA hired the network security and IT consulting services of the Root Group. “We budget about $10,000 a year,” Angelico said, projecting costs for CHSAA’s network security. For an office that supports only 15 employees, he said, “We could never put someone on staff to what they are doing. So, it’s a bargain for us, as far as I’m concerned.”

Companies big and small are finding that they must plan ahead for the unexpected. Today’s viruses and hackers are as lethal as ever. “Ideally, you want to try to avoid getting viruses to begin with,´ said Mark Wood, an IT manager for Ontrack Data International Inc., a virus software development and recovery company with an office in Boulder.

“What we’ve seen over the years is viruses are evolutionary, not revolutionary,” Wood said. That means computer users will continue to see viruses similar to those that have caused damage in the past, including new ones mutated in ways that deliver different kinds of damage.

A lot of virus writers actually share code through Web sites, newsletters and newsgroups. “Basically, any high-tech method you can use to communicate, they are using,”

Wood said.

The only reason the government cannot crack down on hacker and virus portals and publications is because they are protected by disclaimers stating that the site or newsletter is for education purposes. Furthermore, they have a hard time catching virus perpetrators and hackers,

Wood said, because, “it’s very easy to move from one Web site to another.”

One of the biggest issues concerning computer viruses is the diverse ways programmers are finding to use them. Enterprise users, for instance, all have something called scripting engines or desktop management interfaces (DMI), which e-mail bombs are finding ways to hide in. It doesn’t matter if the script engine is built from Perl or Java. “The Trojan Horse will sit there and install files into the system, then send out passwords and compromise your security,´ said John Lorimer, Root Group’s principal architect. Lorimer said such intrusions can’t be handled by a corporate firewall, creating the need for virus scanners on all workstations.

Home businesses, on the other hand, don’t need firewalls, just updated virus scanners like McAfee’s VirusScan, Symantec’s Norton AntiVirus Scanner, or Trend Micro’s PC-cillin. Dependable desktop anti-virus packages cost around $100.

In the past, all virus detection was done at the desktop level. With the evolution of hackers and viruses, the point of detection or the virus “gateway” has moved to the Internet and network servers. And, of course, throngs of anti-virus software developers now have firewall

suites specialized for servers that provide everything from encrypted remote administration to alarm and reporting interfacing to virtual private network capabilities.

Many firewall suites are scalable to suit nearly any hardware configuration. Trend Micro develops the VirusWall, BorderWare builds the Firewall Server, there is Nokia’s Firewall, and Cisco Systems has the Secure PIX Firewall.

Firewalls are not cheap. Substandard appliance firewalls range around $500 to $600; decent firewall security for networks start around $2,000; and security systems combining hardware and software begin at $8,000.

For those who think their problem is beyond the pale or feel they lost data, Ontrack develops EasyRecovery for Windows 95, 98 ($89) and a Professional Edition for NT customers ($489).

For companies with more than 150 active workstations that only have enough for one defense, the experts agree that a firewall should be put up first. Of course, that leaves desktops vulnerable, and all it would take is one corrupt diskette to begin infecting the network from inside. “In this day and age, I think people have to have a healthy sense of paranoia,” Wood said.

Typically, businesses should have both stages of defense for network security. First, they should have firewalls for every operating server. Secondly, all desktops should be fitted with virus scanning software. “Heavy users of MicroSoft’s Outlook or Internet Explorer’s e-mail packages should frequently update their virus software,” Wood noted. In many cases, the update can be as simple as visiting the manufacturer’s Web site and clicking on the latest update.

Additionally, for complete protection, every desktop should have the latest version of update diskettes, even if it requires downloading the updates from a “clean” machine and then booting an infected system with the clean diskettes. “This process will find (viruses) and remove them if it can,” Wood said.

Basically, if a machine is set up to share files, printers or download e-mails, it is at risk of being struck by any one of the lethal macro viruses that have been doing damage since the fall of 1999. Some of the most recent viruses inducted into the Hall of Flame include the “I Love You” virus, a.k.a. the “Love Bug,” which needs no explanation; “Kris,” which unloaded its payload on

Christmas; “Kakworm,” which clobbered Outlook and I.E. e-mail browsers; and “Thus,” or the Thursday virus, which struck Dec. 13.

“It’s like not having a backup,´ said Robert Garelick, vice president of network integrators at Broomfield-based Aardvark, of not having virus protection. The majority of computer viruses now come via e-mail, Garelick explained. “And it always comes at the wrong time.”

Far too often, Garelick said, small companies don’t know what network security defense they need. “Some companies don’t even invest to update, and that is an issue,´ said Brad

Beaber, an Aardvark service manager.

Whether it’s a workstation, Web and e-mail, or file servers, Aardvark’s workers firmly believe every machine in the network needs security protection. “It’s a moving target because you never know what you’ll get,” Garelick said. “We’re always in fire-fighting mode.”

Some of the leading virus scanners for NT machines on the market include Carmel Software Engineering’s Carmel Anti-Virus, S&S Software International’s Dr Solomon’s Anti-Virus Toolkit, Cheyenne Software’s InocuLAN, Symantec’s Norton AntiVirus Scanner, Sophos’s SWEEP product, Trend Micro’s OfficeScan and PC-cillin products, and McAfee’s VirusScan with NetShield.

“It’s hard to keep track of what is the worst virus out there, but it helps to subscribe to Trend Micro’s or NAI’s e-newsletter,´ said Lorimer. “Probably the most important thing to remember when installing (virus scanners) is to set it up so that it is scheduled to update anytime there is a software update.”

Tim Hall, security practice manager at Root Group, said today’s viruses are dangerous for two reasons: The payload can do anything. including wiping out anything on a hard drive, and it can replicate itself out of control, which can shut down mail servers that try to send it.

Unfortunately, Hall envisions a new breed of hackers and virus programmers that will try to sabotage individual Web sites by planting lots of viruses that will be triggered to go off at the same time everywhere. “If you’ve got hundreds of thousands of machines attacking Yahoo, it

would fall to its knees in no time,” he said.

For the time being, Hall said most of the attention of hacking and virus warfare has been centered on political sabotage. “India and Pakistan hackers are attacking each other everyday over there,” he said. “I hope someday we’ll get to the point where the computer culture doesn’t

have this subculture, because I don’t think they understand the impact it has on individuals,” Wood added.

on Facebook on LinkedIn